Applied Patterns
The recurring production patterns Payments PMs actually use day-to-day. Each one shows up by name in interview design rounds — recognize them and you'll out-frame most candidates.
A/B testing a new rail in a single region
Scenario: Brazil deposits today are 80% card, 20% PIX. You want to push PIX to the front of the UI and prove it lifts conversion net.
Design
- Unit of randomization: customer (not session). Same customer must see the same variant.
- Segments: new customers vs returning; first deposit vs repeat. Pre-register the segment cuts.
- Treatment: PIX rendered first; card collapsible below.
- Control: card rendered first; PIX below.
- Primary metric: completed-deposit conversion per intent.
- Guardrail metrics: net-revenue per cohort (PIX is cheaper but tipping may shift to lower-value buyers); fraud rate; support contacts.
- Powering: detect a 1% absolute conversion lift at p<.05 with 80% power → estimate sample size from baseline variance.
- Run window: at least 2 full weekly cycles to capture day-of-week effects.
Traps
- PIX has no chargebacks — your fraud-loss metric will look better artificially; don't credit PIX for that.
- If you only look at conversion, you'll miss cost: PIX is much cheaper. Combine into cost-adjusted revenue.
- Power skew — PIX adoption can cannibalize card; ensure you're measuring the correct counterfactual.
Smart-routing rules in production
You don't write the model; you own the rules. Common rule shapes:
| Rule shape | Example |
|---|---|
| BIN affinity | "If issuer country = BR and BIN range in [Itaú list], prefer Stone over Adyen." |
| Time-of-day | "During Adyen scheduled maintenance window (Sat 02:00-04:00 CET), shift 100% to Worldpay." |
| Amount-banded | "For amounts > $1000, prefer the acquirer with higher historical AAR on high-value." |
| Currency-locked | "GBP txns must route via FCA-licensed acquirer." |
| Risk-tiered | "If fraud-score > 70, force 3DS step-up regardless of exemption eligibility." |
Govern the rules — every rule must have an owner, a hypothesis, an expiry date. Stale routing rules accumulate and silently tank AAR.
3DS step-up policy
3DS is a knob, not a binary. The policy you ship is per-segment:
| Segment | Default 3DS posture | Why |
|---|---|---|
| EU consumer card txn | SCA mandatory; attempt frictionless first | PSD2 requirement |
| EU low-value (<€30) repeat | Attempt SCA exemption (LVE) | Reduces drop-off |
| EU TRA exemption-eligible | Attempt TRA exemption if acquirer fraud rate qualifies | Lifts AAR; preserves liability with acquirer |
| UK consumer | Similar SCA logic under UK rules | Aligned to PSD2 |
| US consumer | 3DS only when fraud-score elevated | 3DS adds friction; US issuers vary on support |
| High-risk (e.g. new device + high amount) | Force 3DS regardless | Prevent first-party fraud |
The PM lever: tune exemption logic. A move from "3DS always" to "3DS smart" can lift conversion 2-5pp in EU.
Retry-after-soft-decline
Soft decline doesn't mean "no" forever. Common patterns:
- Hold & immediate retry — for transient network/timeout codes. Same PSP. Same auth.
- Cascade — try alternate PSP/acquirer. Use network token if you have one to preserve issuer trust.
- Step-up retry — if soft decline suggests risk, retry with 3DS challenge. Liability shifts to issuer on success.
- Delayed retry — common for "insufficient funds" — try again in N hours; e-comm world calls this "smart retry."
- Rail switch — if card keeps declining, prompt user to try Open Banking / PIX / UPI instead.
Visa and Mastercard limit the number of retries on certain decline codes (e.g. R-codes, do-not-honor) before assessing fees. Your retry policy must encode these limits per scheme.
BIN-aware UX
The BIN tells you the issuer, country, card type (debit/credit/prepaid), and sometimes commercial vs consumer. Once you have it (often after the first 6-8 digits typed), you can:
- Hide unsupported acceptance (e.g. don't show "Pay with card" if BIN known to block crypto MCC).
- Pre-warn the user: "Your bank may require a 3DS confirmation."
- Pre-route to the acquirer most likely to approve this BIN.
- Localize: detect IN issuer → show INR pricing, NPCI compliance notices.
- Suggest a rail switch: "PIX usually approves faster for your bank."
Network tokens — issued by Visa/MC tied to a real PAN — give you lifecycle-managed credentials. Lift AAR ~1-3pp and reduce reissuance friction. Treat as default for any card-on-file flow.
Vault & network token strategy
Two layers:
- Vault (PCI tokenization) — replaces raw PAN with an internal token; reduces PCI scope. Vendor (VGS, Basis Theory) or self-hosted.
- Network tokens — scheme-issued tokens (VTS / MDES) that the issuer recognizes natively. Get lifecycle updates when the underlying card is reissued.
Use both. Vault for storage and PSP-agnostic routing; network tokens for actual auth. The combo lifts AAR, lowers PCI burden, and survives card-reissuance.
Recurring-payment mandate UX
You need recurring debits for any subscription-style flow (Krak savings, dollar-cost-average crypto buys, etc.). Each rail has its own mandate model:
| Rail | Mandate construct |
|---|---|
| Card | Card-on-file with stored credential indicator + COF agreement |
| SEPA | SEPA Direct Debit mandate; B2C vs B2B different |
| UPI | UPI AutoPay mandate, PIN-confirmed, with explicit cap |
| PIX | PIX Automático (rolling out 2025+) — pre-authorized recurring |
| Bacs Direct Debit (UK) | Bacs scheme mandate |
UX rule: show the user the mandate cap and the cancellation path on the same screen they consent. Regulator audits get into this.
Dispute workflow — productizing the response
Disputes touch payments, fraud, customer support, finance. PM ownership often unclear; make it clear.
- Issuer files dispute → notification ingested via PSP webhook.
- Auto-classify: friendly fraud vs true fraud vs merchant-error.
- Auto-assemble evidence pack — KYC artifacts, txn metadata, device fingerprint, login session, network token, 3DS result.
- Decision: defend (if evidence supports) or accept (if loss is cheaper than fight).
- Submit representment via PSP / acquirer.
- Track ratio; manage to scheme thresholds (VDMP <0.9%).
Automating evidence-pack assembly is a high-ROI PM project. Even partial automation cuts dispute-team headcount needs by 30-50%.
Cross-border FX UX
Customer in Brazil deposits BRL → The company needs USD-equivalent crypto. Where does FX happen?
- At PSP — partner does the FX, you receive USD. Spreads usually fat (1-3%).
- At your bank — receive BRL on Brazilian rails, convert via FX partner.
- At settlement layer — via stablecoin (USDC) intermediating.
UX requirements:
- Quote-then-lock — show a quote with a locked window (typically 30s-2min); honor it.
- Total-cost disclosure — fee + FX spread, plainly stated, before user confirms.
- Receipt — what they paid, what they got, what spread was applied.
Regulator scrutiny on FX transparency is growing (EU, UK). Bake transparency in early.