System Designer
Back to Practice Hub

Design a Global Payment System

Build a secure, compliant payment platform that processes millions of transactions daily while preventing fraud and ensuring reliable fund transfers globally.

System Requirements

Functional Requirements

  • Process payments (cards, bank transfers, wallets)
  • Handle multiple currencies and exchange rates
  • Support recurring payments and subscriptions
  • Process refunds, chargebacks, and disputes
  • Generate invoices and payment receipts
  • Provide merchant and customer dashboards
  • Support payment splitting and escrow
  • Implement loyalty and rewards programs

Non-Functional Requirements

  • Process 100K+ transactions per second
  • 99.999% uptime (5 minutes downtime/year)
  • PCI DSS Level 1 compliance
  • Sub-second payment authorization
  • Fraud detection rate > 99%
  • False positive rate < 0.1%
  • Support 150+ countries and 100+ currencies
  • Complete audit trail for 7+ years

Payment Processing Flows

Authorization Flow

Real-time payment authorization with fraud checks

Latency: < 500ms
SLA: 99.99%
1.Payment request validation
2.Risk assessment and fraud scoring
3.Payment method verification
4.Processor routing decision
5.Authorization request to network
6.Response handling and retry logic

Settlement Flow

Batch processing for fund transfers between accounts

Latency: 1-3 days
SLA: 99.999%
1.Transaction aggregation
2.Settlement file generation
3.Bank network submission
4.Reconciliation processing
5.Ledger updates
6.Merchant payouts

Dispute Flow

Handling chargebacks and customer disputes

Latency: 7-90 days
SLA: 100%
1.Dispute notification receipt
2.Evidence collection
3.Merchant notification
4.Response compilation
5.Network submission
6.Resolution and fund movement

System Architecture Components

Payment Gateway

  • • API rate limiting
  • • Request validation
  • • Token vault
  • • Webhook management
  • • Idempotency handling

Risk Engine

  • • ML fraud models
  • • Rule engine
  • • Velocity checks
  • • Device fingerprinting
  • • Behavioral analysis

Ledger Service

  • • Double-entry accounting
  • • Transaction journal
  • • Balance tracking
  • • Reconciliation
  • • Audit logging

Payment Processor

  • • PSP integration
  • • Network routing
  • • Retry logic
  • • Failover handling
  • • Response caching

Compliance Service

  • • PCI DSS compliance
  • • AML/KYC checks
  • • GDPR compliance
  • • Data encryption
  • • Regulatory reporting

Settlement Engine

  • • Batch processing
  • • Bank file generation
  • • Fund transfers
  • • Fee calculation
  • • Payout scheduling

Capacity Estimation

Transaction Volume & Performance

Payment Types
65%Cards
35%Digital Wallets
Transaction Status
92%Successful
8%Failed/Declined
Peak vs Average
150K TPSPeak Hour
40K TPSAverage Hour

System Metrics

Daily Transactions
Peak: 150K TPS
1B+
Authorization Latency
P99: 500ms
250ms
System Availability
5 min/year downtime
99.999%
Fraud Detection Rate
ML + Rules
99.2%
False Positive Rate
Optimized for UX
0.08%

Storage Requirements

Transaction Data
500TB+ growing 50TB/month
Audit Logs
2PB+ with 7-year retention
Risk Data
100TB feature store + models

Core Database Schema

transactions

id: UUID (PK)
idempotency_key: STRING (UNIQUE)
merchant_id: UUID (FK)
customer_id: UUID (FK)
amount: DECIMAL(19,4)
currency: CHAR(3)
status: ENUM
payment_method_id: UUID (FK)
processor_response: JSONB
risk_score: FLOAT
created_at: TIMESTAMP
INDEX: (merchant_id, created_at)
INDEX: (customer_id, created_at)

ledger_entries

id: UUID (PK)
transaction_id: UUID (FK)
account_id: UUID (FK)
entry_type: ENUM (debit/credit)
amount: DECIMAL(19,4)
balance_after: DECIMAL(19,4)
currency: CHAR(3)
description: TEXT
metadata: JSONB
created_at: TIMESTAMP
INDEX: (account_id, created_at)
CONSTRAINT: check_balance

payment_methods

id: UUID (PK)
customer_id: UUID (FK)
type: ENUM (card/bank/wallet)
token: STRING (encrypted)
last_four: CHAR(4)
expiry: DATE
billing_address: JSONB
is_default: BOOLEAN
created_at: TIMESTAMP
INDEX: (customer_id, is_default)

risk_events

id: UUID (PK)
transaction_id: UUID (FK)
event_type: ENUM
risk_score: FLOAT
model_version: STRING
features: JSONB
decision: ENUM
reason_codes: ARRAY
created_at: TIMESTAMP
INDEX: (transaction_id)
INDEX: (created_at, event_type)

Security & Compliance Design

Data Security

  • • TLS 1.3 for all APIs
  • • AES-256 encryption at rest
  • • Hardware security modules (HSM)
  • • Tokenization for sensitive data
  • • Key rotation every 90 days

PCI DSS Compliance

  • • Network segmentation
  • • Access control (RBAC)
  • • Regular security audits
  • • Vulnerability scanning
  • • Secure development lifecycle

Fraud Prevention

  • • ML-based fraud scoring
  • • Real-time velocity checks
  • • Device fingerprinting
  • • 3D Secure authentication
  • • Behavioral biometrics

Practice Questions

1

How would you ensure idempotency in payment processing? Design a system that handles duplicate requests gracefully.

2

Design a double-entry ledger system that maintains consistency even during high-volume concurrent transactions.

3

How would you handle multi-currency transactions with real-time exchange rates and minimize foreign exchange risk?

4

Design a fraud detection system that can adapt to new fraud patterns without causing excessive false positives.

5

How would you implement payment processor failover to ensure high availability during outages?