OnePayment: Unifying payment processing across acquired brands at Expedia

Context

Expedia Group operated 20+ travel brands, each with its own independently built payment stack acquired through years of M&A activity. Every brand had its own checkout flow, its own vault, its own processor integrations. This fragmentation meant duplicated PCI compliance effort, inconsistent payment method support across brands, and an inability to share payment instruments across the portfolio.

I led a team of 8 engineers tasked with building a unified payment platform while remaining deeply hands-on with architecture and code. The mandate: consolidate everything into a single system without disrupting live transaction flows handling billions in GMV.

Constraints

PCI DSS compliance scope across every component. Zero-downtime migration requirements (live transactions could not be interrupted). Brand-specific payment method support that couldn’t be dropped during migration. Regulatory differences across markets, particularly European regulations like SCA (Strong Customer Authentication) that required 2-factor authentication for credit card payments. Cross-team coordination across 20+ brands with different release cadences and technical stacks.

Architecture

The OnePayment platform centered on a payment vault and tokenization layer. The vault managed 500M+ payment instruments with a token-based abstraction that decoupled brands from the underlying processor integrations. This architecture dramatically reduced PCI footprint by centralizing sensitive data handling.

We rebuilt DB-based batch systems into event-driven microservices for hotel collect invoice payments, replacing fragile scheduled jobs with reliable, auditable event streams. The cloud migration used AWS-DMS and HAProxy for on-prem to cloud migration with zero customer impact, with cloud HSM re-encryption ensuring security during the transition.

Hard Problems

Migrating live transaction flows without downtime across 20+ brands, each with different data models and conventions. Token portability across vault implementations required careful mapping and validation. Handling partial failures in distributed payment orchestration where money is involved demands extreme precision: every edge case is a potential financial discrepancy.

The SCA implementation was particularly challenging: a time-sensitive regulatory deadline requiring 2-factor authentication across European regions with different issuer behaviors, all layered on top of an active platform migration.

Outcome

Payment vault serving 500M+ payment instruments across 20+ brands. Tokenization architecture reduced PCI footprint and delivered $4M/year in infrastructure cost savings. SCA compliance achieved across key European regions before regulatory deadline. Cloud migration completed with zero customer impact.

What I’d Do Differently

I would invest more heavily in contract testing between the unified platform and each brand’s integration layer from day one. We caught most issues during migration, but a formal contract test suite would have shortened the brand-by-brand onboarding timeline significantly. Each brand had subtle assumptions baked into their payment flows that only surfaced under load or in edge-case currency/locale combinations.

The event-driven migration from batch systems was the right call architecturally, but we underestimated the operational complexity of running both systems in parallel during the transition. A more structured dual-write validation period, with automated reconciliation rather than manual spot checks, would have given the team more confidence to cut over faster.

On the SCA implementation: we treated it primarily as a technical compliance deadline. In hindsight, it was also a UX problem. We shipped compliant flows that met the regulatory bar but added friction that hurt conversion in some markets. Starting with the customer experience and working backward to the technical implementation would have produced a better outcome for both compliance and business metrics.