Payment orchestration platforms

1) What is POP and why is it needed in iGaming

• Increases AR and reduces DR through smart routing/cascades (BIN/GEO/method/price/health).
• Reduces cost (IC + +/markup/fixed/FX-slippage) through smart-routing and A/B provider selection.
• Increases stability: failover, circuit-breaker, health tests, degradation to safe modes.
• Accelerates go-to-market: single API/SDK, adapter catalog, policy management without releases.
• Ensures compliance: KYC/AML/sanctions, geo-blocks, same-method, MoR/sub-measures.
• Simplifies reporting: status normalization, settlement files, ND/GGR/NGR/fees/taxes.

2) Build vs Buy: How to choose

Buy (external POP): faster start, ready-made adapters/dashboards/SLA; cons - provider margin, limited customization depth, vendor lock-in.
Build (in-house): full control over rules/data/price; cons - CAPEX/competencies/SOC2 processes.
Hybrid: critical markets/methods - in-house, "long tail" - through external POP.

Criteria: GEO/method coverage, latency, price transparency, raw data and webhooks access, network tokens/3DS2 support, payout orchestration, sandbox, API version, SLA/penalty.

3) Targeted POP architecture (layers)

1. API-Gateway & Auth — rate-limit, OAuth/JWT, mTLS, schema-validation, idempotency-keys.
2. Rules-Engine - declarative policies (GEO/BIN/method/amount/risk/price/SLA/sanctions).
3. Router/Cascader — выбор `(PSP, MID, require_3DS, retry_window, max_attempts)`; sticky BIN/GEO.
4. Provider Adapters - unified interface (authorize/capture/refund/void/payout/tokenize).
5. 3DS & Risk Orchestration - TRA/whitelisting, challenge/funnel, delegated authentication.
6. Reconciliation - import of settlement files, code mapping, fees/reserve posting.
7. Payout Orchestration - corridor selection, same-method/return-to-source, cut-off/T + N, checks.
8. Treasury/FX - multicurrency books, EOD-reval, realized/unrealized FX, liquidity forecast.
9. Data Platform - event bus (Kafka/PubSub), outbox, DWH/lags, ND/GGR/NGR/fees/tax showcases.
10. Observability - logs/metrics/trails, SLO/SLI, alerts, playbooks of incidents.
11. Admin/UI - management of rules, AB tests, payment corridors, limits, keys.

4) Routing and rules: input signals

Карта: BIN/IIN, brand, debit/credit, commercial/premium, issuer country.
Geo/compliance: IP/GPS/SIM/KYC country, sledge lists, licenses, market class (A-D).
Transaction: amount/currency/channel, velocity, fraud risk rate, 3DS status.
Suppliers: AR/DR, soft-decline%, 3DS pass, latency/errors, SLA health.
Cost: IC + +/markup/fixed, FX-quality, reserve%, funding T + N.
Restrictions: PSP limits, maintenance, incidents, local bans.

• `Score = 0. 45AR_live − 0. 25Cost_bps + 0. 15SLA_health + 0. 10FX_quality + 0. 05Reserve_score`

Retray policy: soft-decline only; idempotency-key common for the entire cascade; budget 15-30 sec.

5) 3DS и liability shift

Strategies: frictionless→challenge escalation, forced 3DS on risk-GEO/BIN, delegated auth.
Store the result (liability_shift=true/false) ACS/DS codes for disputes.
A/B 3DS policy: AR vs liability balance.

6) Tokenization

Network tokens (Visa/MC/DC): AR stability, less lifecycle errors.
Vault tokens: single safe → multi-PSP; mapping PSP-specific tokens.
PAN/expiry rotation, COF/COFT updates, card-on-file indicators, DS registration.

7) Reconciliation and cost

Status normalization (authorize/capture/refund/chargeback/representation).
Import settlement files: Interchange/Scheme/Markup/Fixed/FX/Reserve decomposition.
Calculation of effective take-rate and FX slippage by PSP/method/MID/GEO.
Variance reports: 'Tx → File → Funding' (delta> threshold → ticket).

8) Payout orchestration and tregerie

Corridors: provider selection by GEO/currency/bank, return-rate/ETA/SLA.
Policies: same-method/return-to-source, SoF/KYC levels, deferred payments (T + N + K).
FX: source currency selection, EOD-reval balances, realized FX at funding/payout.
Reserves: rolling/reserve-ledger and release calendar.

9) Safety and compliance

SANCTIONS/PEP/AML: centralized screening, kill-switch by GEO/counterparties.
PCI DSS: mTLS, PAN-scope segmentation, prohibited logging of sensitive fields, P2PE/SDK.
GDPR/Privacy: DPA, Controller/Processor roles, DSR/DSAR, retention periods.
iGaming regulation: geoblocks, licenses, RG/self-exclusion, regulatory reporting formats.

10) Observability, SLO and incidents

SLI/SLO: AR, 3DS pass, p95 latency, error-rate, funding T+N hit-rate, payout ETA.
Алерты: routing degradation, soft-decline surge, 3DS anomaly, take-rate spike, health down.

Playbooks: failover PSP/ACS, reroute GEO/BIN, disable problematic rule, degrade to "white methods only."

Post-incidents: RCA, change in weights/thresholds, test-regressions.

11) Data & BI layer

Event-driven: outbox → Kafka/PubSub → consumers (router, 3DS, antifraud, DWH).
Exactly-once: outbox pattern, idempotent consumers, key deduplication.
Витрины: `transactions_flat`, `provider_fees`, `fx_settlement`, `ggr_rollup`, `vat_ledger`, `payout_corridors`, `reserve_ledger`.
AB-тесты: bandits/splits, guardrails (min-AR, max-take-rate).

12) Reference data model (simplified)

sql
-- Providers/MID/ref methods. providers(provider PK, pricing_model, fx_policy, reserve_pct, meta)
ref. mids(mid PK, provider FK, country, method, descriptor, enabled, meta)

-- Profiles/routing rules ref. routing_profiles(profile_id PK, name, version, enabled, meta)
ref. routing_rules(
rule_id PK, profile_id FK, iso2, bin_from, bin_to, method,
provider, mid, require_3ds, priority, retry_soft JSONB,
max_attempts, ttl_seconds, enabled, meta)

-- Online provider metrics (sliding window)
live. provider_stats_15m(
provider, method, iso2, bin6, approvals, declines, soft_declines,
three_ds_pass, avg_latency_ms, updated_at)

-- Transactions/attempts with payments idempotency. auth_attempts(
attempt_id PK, idempotency_key, step, provider, mid, require_3ds,
status, decline_code, amount_minor, currency, bin, iso2,
started_at, finished_at, meta)

-- Settlement/fees/reserve finance. settlement_fees(
batch_id, provider, mid, period_start_at, period_end_at, currency,
interchange_amt, scheme_amt, markup_amt, auth_amt, refund_amt,
cb_amt, gateway_amt, fx_spread_amt, reserve_delta, total_fees)

treasury. reserve_ledger(
id PK, provider, mid, hold_date, release_due_date,
hold_amount, released_amount, cb_consumed, fines_consumed, status, meta)

-- Payout corridors. corridors(
corridor_id PK, from_iso2, to_iso2, method, provider,
success_rate_7d, return_rate_7d, avg_eta_hours, status, updated_at)

13) Rule and Query Examples

13. 1. Pseudo-DSL routing rules

yaml rule: "cards_eu_low_risk_v2"
when:
iso2 in [DE, NL, AT, FI] AND method == "CARD"
AND bin. issuer_country == iso2 score:
AR_live: 0. 45
Cost_bps: -0. 25
SLA_health: 0. 15
FX_quality: 0. 10
Reserve_score: 0. 05 routes:
- psp: "Acq_A" mid: "A_DE_01" require_3ds: false max_attempts: 1
- psp: "Acq_B" mid: "B_EU_02" require_3ds: true max_attempts: 1 retry_on_soft: [TIMEOUT, ISSUER_UNAVAILABLE, SOFT_DECLINE]
budget_ms: 20000

13. 2. Online provider rating

sql
SELECT provider, method, iso2,
SUM(approvals) appr, SUM(declines) decl,
ROUND(100. 0 SUM(approvals) / NULLIF(SUM(approvals+declines),0),2) AS ar_pct,
ROUND(100. 0 SUM(soft_declines) / NULLIF(SUM(declines),0),2) AS soft_share_pct
FROM live. provider_stats_15m
WHERE updated_at > now() - INTERVAL '20 minutes'
GROUP BY 1,2,3
ORDER BY ar_pct DESC, soft_share_pct DESC;

13. 3. Cost by provider (all-in take-rate)

sql
SELECT provider,
SUM(total_fees) / NULLIF(SUM(t. amount_reporting),0) 100 AS take_rate_pct
FROM finance. settlement_fees f
JOIN dw. transactions_flat t ON t. provider=f. provider
WHERE f. period_start_at>=:from AND f. period_end_at<:to
GROUP BY 1
ORDER BY take_rate_pct;

13. 4. Step-conversion effect

sql
WITH s AS (
SELECT idempotency_key, MAX(step) steps, BOOL_OR(status='APPROVED') approved
FROM payments. auth_attempts
WHERE started_at BETWEEN:from AND:to
GROUP BY 1
)
SELECT steps, COUNT() orders,
100. 0 SUM(approved::int) / NULLIF(COUNT(),0) AS conv_pct
FROM s GROUP BY 1 ORDER BY 1;

14) KPI and dashboards

AR/DR by PSP/MID/GEO/BIN/method (15/60-min window + DTD).
Step-conversion (1st/2nd/3rd branch).
Take-Rate% and FX-slippage by provider/method.
3DS pass-rate и liability shift.
Health/SLA: latency, timeouts, error-rate, incidents.
Reserve & Funding: reserve% и T+N hit-rate.
Payout Corridors Health: success/returns/ETA.
Policy Coverage - percentage of events with the current profile version.

15) Alerts and thresholds

Routing Degradation: AR> Y bps drop in 10-30 min.
Soft-Decline Surge: the share of soft-decline is growing → include an additional branch/step-up 3DS.
3DS Anomaly: pass-rate drop> X% at BIN/issuer/PSP.
Take-Rate Spike: all-in value growth> threshold.
Health Down: SLA breach (latency/error) — авто-failover.
Policy Drift - attempts without profile idempotency_key/bez - P1.
Settlement Delay: T + N or missed reserve-release violation.

16) Best practices (short)

1. Idempotence and retreats only by soft-decline, a common key to the cascade.
2. Live telemetry AR/3DS/latency/health and auto-failover.
3. Route price function (AR vs Cost vs SLA vs FX) + sticky BIN/GEO.
4. Network tokens + single vault; COF/COFT shall be correctly stamped.
5. Cut-off-aware: do not produce partial-capture at the end of the day.
6. Reconciliation: own fees/FX calculation, variance reports.
7. Payout orchestration with same-method and corridor control.
8. Rule versioning and A/B tests with guardrails.
9. Layer separation: router ≠ antifraud ≠ policy engine; general reference books.
10. Docking of sanctions/licenses/policies, kill-switch by GEO.

17) Implementation checklist

• Model selection (build/buy/hybrid), GEO/Method/PSP/MID map.
• API schema, idempotency, outbox, event bus, DWH.
• Rules-engine + UI: profiles, weights, soft-codes, 3DS policies.
• Adapters: normalize API/codes, sandbox test kits.
• Telemetry/alerts/SLO, health-feed providers.
• Reconciliation: import files, fee/reserve/FX allocation.
• Payout-orchestration: corridors, same-method, SoF/KYC.
• Security: PCI/GDPR/sanctions, secrets/rotation, access.
• Documentation and playbooks of incidents; regression tests.

Summary

POP is not just a "proxy to PSP," but a central operating payment bus: smart routing and cascades, 3DS/risk orchestration, reconciliation and payouts, trader/FX, observability and compliance. By building a platform with idempotency, live telemetry, transparent cost and rules, you raise AR, lower all-in take-rate, protect P&L from disruption and accelerate entry into new markets without rewriting the product.