Anti-fraud and 3DS2 orchestration for online payments on an Australian travel platform
Payment solution and an admin panel for a travel platform.
This project was developed under NDA, so all brand and product names have been anonymized.
Client
Our client is a mid‑sized company from Australia that runs an online ticketing and travel marketplace.
They sell concert and sports tickets, giftable experiences, and a paid membership for frequent buyers. Because most purchases are online card payments and sales spike during big on‑sale moments, they were losing money to bank declines and disputed payments.
Project idea
They came to us to make checkout smarter and safer: add adaptive 3D Secure 2 verification, use device fingerprinting to spot risky behavior, and offer PayTo/PayID as a fallback when cards fail.
They also needed to stay compliant with Australian privacy rules and keep PCI burden low, so the setup had to keep full card data with the payment provider, not on their servers.
Key project objectives
Make more card payments go through successfully
Stop payment fraud and reduce chargebacks
Keep the checkout fast and easy for users
Offer PayTo/PayID if cards fail
Follow all Australian privacy and payment security regulations
Give the client clear tools to monitor payments and stop fraud
Services we delivered
To reach these goals, we needed to:
Design a convenient checkout form without breaking the platform’s UX
Develop a secure custom web checkout and integrate it into the platform
Develop an admin dashboard for payment reports, risk rules, and fraud alerts
UI/UX design
We made the checkout fast and simple. Users see the best way to pay first — Apple Pay or Google Pay, then card, and PayTo/PayID as a local option.
The card form is short and easy, with instant error checks. We never store full card numbers; everything goes through the payment provider for safety. We aligned the visual style with the platform’s design.
The 3DS2 verification runs in the background if possible. When the user needs to do something, we show clear steps and keep their cart saved. If payment fails, users can easily try again or switch to PayTo/PayID. The whole flow feels quick and familiar, while helping prevent fraud.
User flow
Development
Development
The client’s platform is a web application built with Next.js + Node.js. We used the same technologies for the checkout, to make the integration smooth. We use PostgreSQL, a reliable database, to safely store all important data. For fast tasks like blocking too many payment attempts from the same user we use Redis.
This setup helps prevent fraud and keeps the checkout running smoothly, even during busy times. We used RTK Query and WebSockets to make sure the app always shows the latest information to users. When a user pays, they instantly see if it worked or not, without refreshing the page.
Payments
We use Stripe for payments, as they handle the full 3DS2 flow, which means banks can check if a user is really the cardholder, in real time. They also have strong anti-fraud tools and global compliance, which is needed for Australia. All sensitive card information stays only with the payment provider for PCI DSS compliance.
Alternative payments: PayTo/PayID
If a card payment fails, we trigger “soft retries” or offer the user a local bank option. For this, we connect to leading Australian providers: Zepto, Zai, and Azupay. These plug seamlessly into our checkout flow without making users leave the platform.
Fraud prevention and security
We set up anti-fraud checks to spot and stop risky payments. These rules check what’s being sold, purchase amount, user location, time of day, device risk score, and fast repeat attempts. We also generate fraud reports and alerts, and handle disputes or chargebacks using secure webhooks from Stripe.
We added device fingerprinting with FingerprintJS Pro and combined it with behavioral signals to produce a simple risk score. If something looks wrong, we may ask the user for extra verification or slow down possible fraud attempts. If a payment is disputed or charged back, the system gets notified right away. We collect all the details, keep a log for tracking, and alert the team so they can handle issues faster and reduce losses.
Compliance
For privacy, we align with the Privacy Act. We only collect the minimum data needed, use pseudonyms where possible, and always avoid storing card numbers ourselves. For money laundering checks, we monitor unusual payment actions and can report suspicious activity if needed.
Admin panel
We built a simple admin panel where our client can control fraud settings and payment rules on their own, without waiting for developers. The dashboard gives clear, real-time reports on important numbers, like how many payments are approved, how often users need extra verification, how fast payments are processed, and how many fraud or chargeback cases happen.
If anything unusual happens — like a sudden spike in fraud or problems with payment systems — the system sends alerts right away. Every action in the panel is securely recorded, so the client always has a trustworthy audit trail for compliance.
Results
The new checkout launched smoothly and started with a gradual rollout for real users. At first, the update was active for a small group, allowing us to monitor live transactions and fix any issues fast. Once everything worked well, all users could use the new payment process.
After launch, the client saw a noticeable boost: more card payments went through on the first try, users spent less time on the checkout, and fraud dropped. PayTo/PayID fallback helped catch extra sales that would have been lost if a card didn’t work. The solution has passed required security checks and keeps the platform fully compliant with Australian laws for payment processing and data privacy.
Frontend developer
Backend developer
DevOps engineer
UI/UX designer
Project manager
Weeks from kickoff to launch
