Skip to main contentSkip to user menuSkip to navigation
System Designer
Back to Practice Hub

Design a Global Payment System

Build a secure, compliant payment platform processing millions of transactions daily with real-time fraud detection and global multi-currency support.

❓ Clarifying Questions & Requirements

Q: What's the expected transaction volume and peak load?
A: 100K+ transactions per second at peak, 1 billion transactions daily, with Black Friday peaks reaching 150K TPS for sustained periods.
💡 Implications: This scale requires distributed microservices architecture with horizontal scaling capabilities. Consider using sharded databases, message queues for async processing, and CDN-based static content delivery.
Q: Which payment methods and geographic regions need support?
A: Global support for 150+ countries, 100+ currencies. Payment methods include credit/debit cards, bank transfers, digital wallets (PayPal, Apple Pay, Google Pay), cryptocurrency, and region-specific methods (Alipay, WeChat Pay).
💡 Implications: Multi-currency support requires FX rate management, currency-specific settlement accounts, and compliance with regional regulations (PSD2, PCI DSS, local banking laws).
Q: What are the compliance and security requirements?
A: PCI DSS Level 1 compliance mandatory. Must comply with SOX for financial reporting, GDPR for EU users, PSD2 for European payments, KYC/AML regulations globally, and maintain 7+ year audit trails.
💡 Implications: Requires end-to-end encryption, tokenization, network segmentation, HSM for key management, regular security audits, and immutable audit logging with proper data retention policies.
Q: What fraud detection and prevention capabilities are needed?
A: Fraud detection rate > 99% with false positive rate < 0.1%. Real-time scoring with <100ms latency. Support for ML models, rule engines, velocity checks, device fingerprinting, and behavioral analysis.
💡 Implications: Implement hybrid fraud detection: ML models for pattern recognition combined with business rules for explainable decisions. Include real-time feature engineering, model versioning, and A/B testing capabilities.
Q: What are the availability and disaster recovery requirements?
A: 99.999% uptime (5 minutes downtime per year), sub-second payment authorization latency, multi-region deployment with automatic failover, and RTO/RPO < 1 hour for disaster recovery.
💡 Implications: Requires active-active multi-region setup, circuit breakers, bulkhead patterns, graceful degradation, and comprehensive monitoring with real-time alerting.