Project Overview

The platform issues cards that users rely on for everyday purchases, but online payment authorization lived entirely outside our product. When a user made an online payment, they'd receive an SMS with a one-time code through the partner bank - and that was it. We had no visibility into what happened next: no tracking, no metrics, no ability to improve the experience. Declined transactions from failed authorization were high, fraud was a real and growing cost, and we had no levers to pull.

I owned design end-to-end on this project, working alongside the PM and staying in near-constant communication with engineering given the technical complexity - the solution had to work within the partner bank's API constraints and documentation. My first move was extensive benchmarking across products like Wise, Revolut, N26, and Payhawk, combined with a deep dive into our own declined-transaction data.

From there, I built a system flow diagram that mapped the entire authorization lifecycle and surfaced critical dependencies we hadn't fully accounted for - most importantly, that the solution would fail silently for the ~30% of users with push notifications disabled.

That insight shaped the broader design strategy. Beyond the core in-app authorization flow (with native iOS notification actions for quick approve/deny), I designed contextual prompts injected at specific moments in the user journey to drive notification and biometric enablement - not generic banners, but targeted nudges timed to feel relevant.

I also designed flows for edge cases: a path for users to report a compromised card directly from an unrecognized authorization request, and an SMS fallback for cases where push delivery failed. The verification pattern we built ended up becoming reusable - it was extended to secure Apple Pay tokenization and other sensitive actions across the platform.