AdvancedSystem-Design
45 min
Design a Payment Processing Gateway
PaymentsSecurityAPIsReliability
Advertisement
Interview Question
Design a payment gateway supporting multiple processors, 3-D Secure, refunds, settlements, and PCI concerns.
Key Points to Cover
- Tokenization service and vault; PCI isolation zones
- Processor abstraction with routing and failover
- Idempotency for charges/refunds; reconciliation jobs
- 3DS/SCA flows and webhook verification
- Dispute handling, settlement windows, ledger integrity
Evaluation Rubric
PCI isolation, tokenization, secure storage30% weight
Processor routing/failover design25% weight
Idempotent operations & webhooks25% weight
Reconciliation & ledger correctness20% weight
Hints
- 💡Prefer webhooks behind signed secrets + retries.
Common Pitfalls to Avoid
- ⚠️Failing to abstract processors, leading to tight coupling and difficulty adding new ones.
- ⚠️Storing sensitive cardholder data directly, increasing PCI scope and breach risk.
- ⚠️Lack of idempotency, resulting in accidental duplicate charges or refunds.
- ⚠️Insufficient isolation of PCI-relevant systems, leading to compliance vulnerabilities.
- ⚠️Neglecting robust error handling and failover mechanisms, causing transaction failures and downtime.
Potential Follow-up Questions
- ❓How do you design a double-entry ledger?
- ❓How to run backfills safely?
Advertisement