System requirements


Functional:

  1. User Registration:
  2. Users should be able to create an account by providing basic information such as name, email address, and password.
  3. The system should validate the uniqueness of email addresses to ensure each user has a unique identifier.
  4. Users should receive a confirmation email to verify their email address and activate their account.
  5. Account Management:
  6. Users should be able to log in securely using their email address and password.
  7. Once logged in, users should be able to view their account balance, transaction history, and personal information.
  8. Users should have the option to update their personal information such as email address, password, and contact details.
  9. Fund Transfer:
  10. Users should be able to transfer funds securely to other users or external accounts.
  11. The system should support different transfer methods such as bank transfers, credit/debit card transfers, and peer-to-peer transfers.
  12. Users should have the option to set up recurring transfers or schedule future transfers.
  13. Payment Processing:
  14. Users should be able to make payments to merchants for goods and services.
  15. The system should support various payment methods including credit/debit cards, bank transfers, and digital wallets.
  16. Payments should be processed securely using encryption and tokenization to protect sensitive information.
  17. Fraud Detection:
  18. Implement algorithms to detect and prevent fraudulent transactions in real-time.
  19. The system should analyze transaction patterns, user behavior, and other relevant data to identify suspicious activities.
  20. Users should be notified promptly if any potentially fraudulent activity is detected on their account.
  21. Buyer and Seller Protection:
  22. Provide mechanisms to resolve disputes between buyers and sellers, ensuring fair and secure transactions.
  23. Implement policies and procedures for handling chargebacks, refunds, and disputes in accordance with industry standards.
  24. Multi-currency Support:
  25. Support transactions in multiple currencies to accommodate international payments.
  26. Users should be able to view prices and perform transactions in their preferred currency.
  27. The system should use up-to-date exchange rates for currency conversion and display.


Non-Functional:

  1. Security:
  2. The system should comply with industry standards for data security and privacy, including PCI DSS and GDPR.
  3. All sensitive data should be encrypted during transmission and storage.
  4. Implement strong authentication measures such as two-factor authentication to prevent unauthorized access.
  5. Performance:
  6. The system should be highly available, with minimal downtime for maintenance and upgrades.
  7. Transactions should be processed promptly, with low latency to provide a seamless user experience.
  8. The system should be able to handle a large number of concurrent users and transactions without performance degradation.
  9. Scalability:
  10. The system should be scalable to accommodate growing user base and transaction volume.
  11. Infrastructure should be designed to scale horizontally and vertically based on demand.
  12. Reliability:
  13. Ensure high reliability of the system with robust failover and disaster recovery mechanisms.
  14. Implement regular backups of data to prevent data loss in case of system failures.
  15. Usability:
  16. The user interface should be intuitive and easy to use, catering to users of all technical levels.
  17. Provide clear and concise instructions for performing various actions such as fund transfers and payments.
  18. Support multiple languages and accessibility features to ensure inclusivity.
  19. Compliance:
  20. Ensure compliance with regulatory requirements in all jurisdictions where the service operates.
  21. Keep abreast of changes in regulations related to online payments and update the system accordingly.
  22. Monitoring and Logging:
  23. Implement comprehensive logging of all system activities and transactions for audit and troubleshooting purposes.
  24. Set up monitoring tools to track system performance, security incidents, and potential issues in real-time.



Capacity estimation


Transactions per Second (TPS):

Let us assume we have to handle 10 Million transactions per day. To calculate the transactions per second, we'll divide the total number of transactions per day by the number of seconds in a day.

Total transactions per day = 10,000,000

Number of seconds in a day = 86,400

Transactions per second = Total transactions per day / Number of seconds in a day

Transactions per second = 10,000,000 / 86,400

Transactions per second ≈ 115.74 transactions per second

So, the system needs to process approximately 115.74 transactions per second.


Number of Servers:

Given that 1 server can handle 1000 concurrent requests, we'll need to calculate the number of servers required to handle the total load.

However, for high availability scenarios, we need to consider redundancy and failover. Let's assume a redundancy factor of 2 for high availability.

We can roughly estimate 200 servers will be required to support our scale.


Storage Requirements:

If each transaction contains 100 KB of data, we can calculate the total data generated per year and then estimate the storage required for 5 years.

Data per transaction = 100 KB

Total transactions per year = 10,000,000 * 365 ≈ 3,650,000,000


Total data generated per year = Data per transaction * Total transactions per year

Total data generated per year = 100 KB * 3,650,000,000 ≈ 365,000,000,000 KB


Total data generated for 5 years = Total data generated per year * 5

Total data generated for 5 years ≈ 365,000,000,000 KB * 5

Total data generated for 5 years ≈ 1,825,000,000,000 KB

Total data generated for 5 years ≈ 1.825 petabytes (PB)

So, approximately 1.825 petabytes of storage will be required for 5 years.


Performance Requirements:

  • Response time: Ensure that transactions are processed within an acceptable response time (e.g., milliseconds).
  • Throughput: Maintain a high throughput to handle the expected transaction volume.
  • Scalability: Ensure the system can scale horizontally and vertically to accommodate increased load.
  • Availability: Maintain high availability to ensure the system is accessible to users at all times.
  • Reliability: Minimize downtime and ensure the system can recover from failures quickly.
  • Resource utilization: Optimize resource utilization (CPU, memory, network) to maximize efficiency and minimize costs.
  • Error rates: Keep error rates low to ensure accurate and reliable transaction processing.





API design

For designing payment systems, multiple APIs will be required, below is a list of few essential APIs.


  1. User Authentication API:
  2. This API is essential for handling user authentication during the registration and login processes.
  3. It would provide endpoints for user registration, login, logout, and password reset functionalities.
  4. Technologies such as OAuth 2.0 or JWT (JSON Web Tokens) could be used for authentication.
  5. Payment Processing APIs:
  6. Payment Gateway API: This API facilitates communication between the payment service and financial institutions (banks, credit card networks) to authorize and process transactions.
  7. Payment Method APIs: APIs for handling different payment methods such as credit/debit cards, bank transfers, digital wallets (e.g., Apple Pay, Google Pay), and cryptocurrency payments.
  8. Subscription Billing API: If the service offers subscription-based billing, an API for managing subscription plans, recurring payments, and subscription lifecycle events would be necessary.
  9. Account Management APIs:
  10. User Account API: This API allows users to view their account balance, transaction history, and manage personal information.
  11. Funds Transfer API: Enables users to transfer funds between their accounts, to other users, or external accounts securely.
  12. Currency Exchange API: If multi-currency support is required, an API for currency conversion would be necessary.
  13. Notification APIs:
  14. Email/SMS Notification API: Allows sending notifications to users about transaction statuses, account updates, security alerts, and other important events.
  15. Push Notification API: For sending real-time notifications to users' mobile devices, enhancing user engagement and providing timely updates.
  16. Integration APIs:
  17. Merchant Integration API: For merchants to integrate their websites or applications with the payment service, enabling them to accept payments.
  18. Third-Party Service Integration APIs: APIs for integrating with third-party services such as e-commerce platforms, invoicing systems, and accounting software to streamline payment processing and data synchronization.
  19. Compliance APIs:
  20. Compliance Check API: Integrates with regulatory compliance services to verify user identities, perform Know Your Customer (KYC) checks, and ensure compliance with anti-money laundering (AML) regulations.
  21. Support APIs:
  22. Customer Support API: Provides support ticket management, chat support integration, and access to knowledge base articles for assisting users with inquiries and issues.


Database design

For the tables required in this design, refer to the class diagram, the list of classes is not exhaustive but this is a good number of tables to start with.


Database Choices

  1. User Information and Transactional Data:
  2. Database Type: SQL (e.g., PostgreSQL)
  3. Reasoning: SQL databases offer ACID transactions and strong consistency, making them suitable for storing critical data such as user information, account balances, and transaction records.
  4. CAP Theorem Focus: Consistency Focused. SQL databases prioritize strong consistency over availability and partition tolerance.
  5. Session Management and Caching:
  6. Database Type: Key-Value Store (e.g., Redis)
  7. Reasoning: Key-value stores are optimized for high-speed access and low latency, making them ideal for caching frequently accessed data such as user sessions, authentication tokens, and temporary data.
  8. CAP Theorem Focus: Availability Focused. Key-value stores prioritize high availability and partition tolerance over strong consistency.
  9. Notification and Preference Data:
  10. Database Type: Document Store (e.g., MongoDB)
  11. Reasoning: Document stores provide flexible schema and horizontal scalability, making them suitable for storing semi-structured data such as notifications, user preferences, and transaction details.
  12. CAP Theorem Focus: Balanced. Document stores aim to achieve a balance between availability, consistency, and partition tolerance.
  13. Transaction Logs and Audit Trails:
  14. Database Type: Wide-Column Store (e.g., Cassandra)
  15. Reasoning: Wide-column stores are designed for time-series data and offer linear scalability and fault tolerance, making them suitable for storing transaction logs, fraud detection records, and audit trails.
  16. CAP Theorem Focus: Partition Tolerance Focused. Wide-column stores prioritize partition tolerance to ensure fault tolerance and scalability in distributed systems.
  17. Historical Data and Bookkeeping:
  18. Database Type: Data Warehouse (e.g., Amazon Redshift, Google BigQuery)
  19. Reasoning: Data warehouses are optimized for storing and analyzing large volumes of historical data efficiently, making them suitable for bookkeeping, analytics, and reporting purposes.
  20. CAP Theorem Focus: Balanced. Data warehouses prioritize consistency and availability for analytical queries, often sacrificing real-time updates and transactional capabilities in favor of scalability and performance.


Data Partitioning


For the given problem of designing an online payment system, the best partitioning strategy would likely involve a combination of regional or geographical partitioning and functional partitioning.

  • Regional or Geographical Partitioning:
  • Since online payment systems often need to comply with regional regulations and cater to users in different geographic locations, partitioning data based on regions can help optimize data access and ensure compliance.
  • Tables such as User, Merchant, and Transaction could be partitioned based on the geographic regions they belong to, ensuring data locality and reducing latency for users in specific areas.
  • Functional Partitioning:
  • Functional partitioning involves dividing data based on the functionality or usage patterns of the application.
  • For example, separating transactional data (e.g., transactions, payment methods) from non-transactional data (e.g., user preferences, notifications) can help optimize data access and scalability.
  • This approach allows for better resource allocation and optimization of database performance based on the specific needs of different parts of the system.


Partitioning Algorithm:

When it comes to implementing partitioning for the system, a common algorithm used is consistent hashing.

  • Consistent hashing ensures a uniform distribution of data across partitions while minimizing the need for data migration when the number of partitions changes.
  • It provides a balanced approach to distributing data across partitions, ensuring efficient data access and scalability as the system grows.


Scaling Strategy:

Horizontal scaling would be the best strategy for scaling the databases in this scenario. It allows for adding more servers to the existing infrastructure, enabling better performance and higher availability without significant changes to the application architecture. With the growing user base and transaction volume, horizontal scaling ensures seamless expansion by distributing the workload across multiple nodes.


Read/Write Separation:

Implementing Read/Write Separation could be beneficial to optimize the system's performance and scalability. By directing read operations to read replicas or caches, the system can handle a larger volume of read requests without impacting write operations. This separation improves overall system responsiveness and user experience, especially during peak usage periods.


High-level design

You should identify enough components that are needed to solve the actual problem from end to end. Also remember to draw a block diagram using the diagramming tool to augment your design...







Request flows

Explain how the request flows from end to end in your high level design. Also you could draw a sequence diagram using the diagramming tool to enhance your explanation...






Detailed component design

Dig deeper into 2-3 components and explain in detail how they work. For example, how well does each component scale? Any relevant algorithm or data structure you like to use for a component? Also you could draw a diagram using the diagramming tool to enhance your design...








Trade offs/Tech choices

Explain any trade offs you have made and why you made certain tech choices...






Failure scenarios/bottlenecks

Try to discuss as many failure scenarios/bottlenecks as possible.






Future improvements

What are some future improvements you would make? How would you mitigate the failure scenario(s) you described above?