hello have you implemented a payment gateway design before? I'm trying to come with a design myself but I have some questions, I'd like to discuss with someone
Good high level overview overall. You missed explaning how failure scenarios are handled which are also crucial to discuss here IMO. 1. How do you ensure Database and Distributed Queue stay in sync? It can happen that database got updated but not the Distributed Queue. e.g. Payment gateway updates database and before it could write to distributed log queue, the payment gateway instance dies. 2. How do you ensure you get exactly-once semantics from the distributed queue so that you don't double process the same txn? e.g. if Payment processor processes the txn and before it could update distributed queue offset, the instance died. When the new instance of processor comes up, how will it ensure the same txn id is not processed again?
But in CAP theorem, sacrificing P doesn’t make sense as networks are unreliable. We just cannot have CA systems. They would be either CP or AP. In our case, consistency is even more important. So, it should probably be a CP system.
Your understanding of the partition tolerance in the CAP theorem is incorrect. In a distributed system, partitions can’t be avoided. So, while you can discuss a CA distributed system in theory, for all practical purposes, a CA distributed system can’t exist. So, you can't chose consistency and availability over partition tolerance. And if you prefer consistency and availability over partition tolerance, then in case a partition happen (which is normal in distributed systems), the system won't work (thus affecting availability).
Firstly glad to see your comment 🙂, really appreciate your effort and contribution to the tech world. I understand partition is required for any distributed system, may be the explanation was not clear on that part 🙂
I think we Don't need to create a separate API for each payment methods like upi,e-wallets . Payment gateway will call psp and psp will have routing engine which will route the request depending upon payment methods like cards e-wallet etc. This will help right from beginning I.e from load balancer where loads can be distributed on the basis of payment method id to dB
IMO: 1. There is no xml/json converted to ISO 8583, merchants/acquirers do generate ISO 8583 (POS machines are capable of doing that and only that). They have to onboard with Payment N/w's like visa,MC and continue to inline with spec changes. May be online wesite sends a json internally to a payment service team who converts json from online to ISO 8583. 2. that number you are referring to in card number is called BIN(6 , now first 8 digits of the card) and issuing bank has to buy it and unique globally 3. On Consistency/partition tolerant, usually most of the issuer banks/processors only use RDBMS over NOSQL and can be highly consistent and never allow parallel processing on single card 4. Its rrn/stan is used e2e for tracking but not the transaction id generated by payment gateway
the explanation is good but consistency and availability are 2 conflicting goals. most distributed systems must be designed with partition tolerance as a non-negotiable requirement. This means that during network partitions, the system must continue to operate and serve requests to the best of its ability, even if this results in temporary inconsistencies or reduced availability.
I will not repeat on P part of CAP as there are enough comments already. Other pieces that are not making sense to me are as follows: 1. If the front end fleet moves the request to a queue, the front end service hosts become asynchronous (non-blocking). But they need to reply approve/deny to the caller and that will not work if they put the message in the queue. Because the service that reads from the queue will not have caller's connection to respond back. So I believe that should be a blocking call end to end. 2. Retry logic has flaw. Consider the payment gateway calls the Merchant bank and the host at Merchant bank is super slow and along with that the connection is dropped due to a network glitch. As part of retry, payment gateway will retry with that transaction Id and it goes to another host at Merchant bank that processes it successfully. And now the slow host at Merchant bank also processes the transaction. This can be saved if Merchant bank hosts check for transaction Id and are idempotent.
Is "connecting to external system from internal" a correct design ? or do we need to add something between Payment Processor and outside for security ?
Question - Payment gateway module if i am not wrong is part of amazon itself i guess.. Which means transaction id is being generated within amazon... how do you force outside services to use that same transaction id ? I am sure issuer bank for example will also generate its transaction id, how do you map these 2 transaction ids.
Payment gateway will be with Amazon but payment gateway will have a payment processing module which is provided by acquiring bank. So the transaction id between Amazon and acquiring bank will be in sync based on contract between payment processing module and gateway. For issuer bank and other middle party involved like visa and MasterCard etc. It will all be standard message like ISO 8583 or other switch message, which will have some tracking field for transaction id, which can be provided by acquiring bank/ Amazon itself
If Payment Ingestion and Payment Processor services are two different microservices, shouldn't they have acess to different databases? The way you described they're using the same database, is that right?
Hey, one question, I believe there should be only one service that interacts with the DB, if you have two components writing to the DB, it will not centralise the logic in one place. So what i mean is to expose the database via apis. Let me know your thoughts on this.
Thanks for this video. I have a doubt here about card transactions. In 3D secure payment we have to deal with otp page right. Once authorization is successfull user will be redirected to otp page that redirection happens directly from issuer bank end? Once issuer verifies otp it will respond to card association and card association responds to pg?
Wouldn't creating partition on the basis of date presents problem of hot partition, considering 10M transactions/day. Can we create partitions on the basis of transactionId, as query based on date will be used in clearing service which is done in background, WDYT? Also there can be a transaction archival service which can move the past day transaction to Cassandra for reducing load on RDBMS.
Regarding archival service you are right, we can can have a service like that to move old data to some history database, type of database will depend of the purpose of archived data. If we want to run some aggregation Cassandra can be good choice. For partition, transaction Id won't be a good choice because there will be too many partitions for your table which will cause a lot of maintenance overhead. A good idea will be to have partition on date and have further subpartition of transaction type for the day or some other key which can distribute the transaction for the day
@@TheTechGranth Thanks for the reply. But wouldn't making partition on date will cause hot partition, as there will be load of around ~10M transactions/day on the single partition only. Instead that load can be distributed across multiple partitions based on transactionId, also there are no such query patterns in the system in which we need to query based on date like in IRCTC or airbnb, except the clearing service(which happens in background). In the real time we would be required to fetch the transaction by txId mostly which can easily be served. Maintainence will always be part of partitioning whatever key we choose, but mainly what drives partition key is the access pattern. Do let me know what you think?
@@uditagrawal6603 that is why is suggested a subpartition, please keep in mind that there will be lot of select query in your application, not just for clearing but also for refund, retry etc. Which happens more than you think. One thing which can be done is, since we are externally generating transaction I'd, we can create sub partition on list of transaction Id for the day. So range partition on date and list partition on transaction Id, so data will be properly distributed. Btw do like the video and subscribe and share with others 🙂
@@TheTechGranth yes but things like retry or refund would also be based on txid only, to be honest I didn't get the reason of storing based on date as I don't get which queries we would be doing based on date? Also it would be helpful ,if you could guide us on partition and sub partitioning. Another query how are we handling hot partitions? Btw series is awesome , I already liked and subscribed 😊
Glad it was helpful. Do like and subscribe and share with others 🙂. Recommendation system has a lot of variety, can you explain your problem statement please
Hi Can you also explain how the money is get credit in Merchant account. Is the the issuer bank who's doing the debit and credit both or just Debit and then Payment processor is doing the credit.?
If payment ingestion to the Payment Processor occurs through a distributed queue, what immediate response can the payment ingestion provide to the user? Users expect to see payment success instantly in most applications. Rather than displaying 'payment in progress' and then sending a notification, how can this immediate feedback be managed?
At ua-cam.com/video/NxjGFIgFCbg/v-deo.html, "Consistency and availability should be chosen over partition tolerance". The video creator is referring to the famous CAP theorem, but he understands it in the wrong way. The CAP theorem states that a system can only have 2 over 3 properties: Consistency, Availability, and Network partition tolerance. And the creator is saying that we should prioritize CA over P. In reality, network partitions in distributed system is unavoidable, making partition tolerance (P) a necessary consideration. Therefore, we can only choose either consistency or availability (CP or AP), but CA is impractical.
@@alishanummer1550 choice of language for this application will be same as how we choose language for any other language. It should be scalable, testable, easily deployable, debuggable and more importantly pool of experienced engineers that an organisation have who knows that language
Hey, Thanks for the video, I didn't understood the retry logic clearly. Suppose for a transaction_id that has failed, we are pushing that id to a failed queue, but how exactly the retry service is picking that up and working on it. Can you please clarify that.
Retry service will just replay the original flow, as if this was the 1st time message was received, only difference being, this service will pick up the message that was put in failed queue
I have the same question, I'm trying to come up with a design where each one would have it's own db but I dont know how to manage the data consistency across them
Without indignity , how did you know ? That this is what really happened inside bank's. I really wanna know how digital money works? Any recommendations .. please 🥺 Can I transfer millions 🤔 to Paypal or should I do it in smaller transactions and multiple Paypal accounts with low budget ? Does Paypal accounts with 9,920 dollar , allowed and safe ? Can I trust Paypal? Can I do big really big transactions in cryptocurrency? What is the relationship between Paypal and cryptocurrency? It's your choice, To help or not 😃. You seem like you worked in this field.
Hi Sir, Can you explain credit card flow with authentication and authorization, url redirection to user for password and how many cycle it takes, is it direct to bank and user or via payment gateway
Hello could anybody help me?? I've been scammed through this portal creation? They've taken my money in pretense of paying me back but haven't. Whay can I do
Sorry for your loss but posting here will not help as we only provide tutorial on system design, please connect with the concerned organization using legal means
I have read several UA-cam videos forpayment gateway system design and this is the most detailed one I have ever seen
hello have you implemented a payment gateway design before? I'm trying to come with a design myself but I have some questions, I'd like to discuss with someone
Good high level overview overall. You missed explaning how failure scenarios are handled which are also crucial to discuss here IMO.
1. How do you ensure Database and Distributed Queue stay in sync? It can happen that database got updated but not the Distributed Queue. e.g. Payment gateway updates database and before it could write to distributed log queue, the payment gateway instance dies.
2. How do you ensure you get exactly-once semantics from the distributed queue so that you don't double process the same txn? e.g. if Payment processor processes the txn and before it could update distributed queue offset, the instance died. When the new instance of processor comes up, how will it ensure the same txn id is not processed again?
Create a video on the same.He has provided the starting point!!
kafka can handle
Explained in simple way with indepth knowledge.. only failed transaction topic couldn't understood in technical terms API and DB impact..
But in CAP theorem, sacrificing P doesn’t make sense as networks are unreliable. We just cannot have CA systems. They would be either CP or AP.
In our case, consistency is even more important. So, it should probably be a CP system.
Sacrificing P does not mean we don't have partition in our system.
Please check out this:
ua-cam.com/video/ThjBc80X_hU/v-deo.html
It should be a CP system.
You don't sacrifice P, it always and up being AP or CP, or full CAP is you want to sacrifice latency
Your understanding of the partition tolerance in the CAP theorem is incorrect. In a distributed system, partitions can’t be avoided. So, while you can discuss a CA distributed system in theory, for all practical purposes, a CA distributed system can’t exist. So, you can't chose consistency and availability over partition tolerance. And if you prefer consistency and availability over partition tolerance, then in case a partition happen (which is normal in distributed systems), the system won't work (thus affecting availability).
Firstly glad to see your comment 🙂, really appreciate your effort and contribution to the tech world. I understand partition is required for any distributed system, may be the explanation was not clear on that part 🙂
That's absolutely correct AP / CP is possible in distributed system
This is an incredibly helpful video. A million thanks!
Very clear! It helps a lot. Thank you very much.
I think we Don't need to create a separate API for each payment methods like upi,e-wallets . Payment gateway will call psp and psp will have routing engine which will route the request depending upon payment methods like cards e-wallet etc. This will help right from beginning I.e from load balancer where loads can be distributed on the basis of payment method id to dB
8.Den I 88
8iiii
IMO:
1. There is no xml/json converted to ISO 8583, merchants/acquirers do generate ISO 8583 (POS machines are capable of doing that and only that). They have to onboard with Payment N/w's like visa,MC and continue to inline with spec changes. May be online wesite sends a json internally to a payment service team who converts json from online to ISO 8583.
2. that number you are referring to in card number is called BIN(6 , now first 8 digits of the card) and issuing bank has to buy it and unique globally
3. On Consistency/partition tolerant, usually most of the issuer banks/processors only use RDBMS over NOSQL and can be highly consistent and never allow parallel processing on single card
4. Its rrn/stan is used e2e for tracking but not the transaction id generated by payment gateway
You really do know these things. Can we be friends?
the explanation is good but consistency and availability are 2 conflicting goals.
most distributed systems must be designed with partition tolerance as a non-negotiable requirement. This means that during network partitions, the system must continue to operate and serve requests to the best of its ability, even if this results in temporary inconsistencies or reduced availability.
Thankyou. It is detailed. How the user session will be maintained in this process?
thank you very much.
Thanks for the details. Just one correction though - It would be the "Interoperability domain" and not "Interportability domain".
Amazing video! Waiting for a low level design video of the same 😍😍
Glad it was helpful and thanks for suggestion will add it to my list 🙂
Do like and subscribe and share with others 🙂
Thanks for the video. nice break down of the flow and well explained.
Glad it was helpful. Do like and subscribe and share with others 🙂
I will not repeat on P part of CAP as there are enough comments already. Other pieces that are not making sense to me are as follows:
1. If the front end fleet moves the request to a queue, the front end service hosts become asynchronous (non-blocking). But they need to reply approve/deny to the caller and that will not work if they put the message in the queue. Because the service that reads from the queue will not have caller's connection to respond back. So I believe that should be a blocking call end to end.
2. Retry logic has flaw. Consider the payment gateway calls the Merchant bank and the host at Merchant bank is super slow and along with that the connection is dropped due to a network glitch. As part of retry, payment gateway will retry with that transaction Id and it goes to another host at Merchant bank that processes it successfully. And now the slow host at Merchant bank also processes the transaction. This can be saved if Merchant bank hosts check for transaction Id and are idempotent.
Is "connecting to external system from internal" a correct design ? or do we need to add something between Payment Processor and outside for security ?
this is amazing, i am waiting for the low level design
Glad it was helpful. Do like share and subscribe 🙂
A very good overview for high level understanding . Concepts explained in simple terms.
Great video
Can anyone suggest resources to learn writing such design using python?
Question - Payment gateway module if i am not wrong is part of amazon itself i guess.. Which means transaction id is being generated within amazon... how do you force outside services to use that same transaction id ? I am sure issuer bank for example will also generate its transaction id, how do you map these 2 transaction ids.
Payment gateway will be with Amazon but payment gateway will have a payment processing module which is provided by acquiring bank. So the transaction id between Amazon and acquiring bank will be in sync based on contract between payment processing module and gateway. For issuer bank and other middle party involved like visa and MasterCard etc. It will all be standard message like ISO 8583 or other switch message, which will have some tracking field for transaction id, which can be provided by acquiring bank/ Amazon itself
You may want to correct the 3D Secure part considerably. There is no PIN exchanged in Online 3dSecure transactions.
If Payment Ingestion and Payment Processor services are two different microservices, shouldn't they have acess to different databases? The way you described they're using the same database, is that right?
Can you tell me which coding and code stack is best for NBFC/ Bank EMI transaction? And what is the future possibility like AI?
persistence to DB and message queue will not be transactional, based on the diagram shown, we will have to use outbox pattern with CDC to achieve this
Learnt a lot from the video. Thank you 😊
Informative...Thank you for the video
Hey, one question, I believe there should be only one service that interacts with the DB, if you have two components writing to the DB, it will not centralise the logic in one place. So what i mean is to expose the database via apis. Let me know your thoughts on this.
Great work bro! Thank you
Thanks for this video. I have a doubt here about card transactions. In 3D secure payment we have to deal with otp page right. Once authorization is successfull user will be redirected to otp page that redirection happens directly from issuer bank end? Once issuer verifies otp it will respond to card association and card association responds to pg?
Wouldn't creating partition on the basis of date presents problem of hot partition, considering 10M transactions/day.
Can we create partitions on the basis of transactionId, as query based on date will be used in clearing service which is done in background, WDYT?
Also there can be a transaction archival service which can move the past day transaction to Cassandra for reducing load on RDBMS.
Regarding archival service you are right, we can can have a service like that to move old data to some history database, type of database will depend of the purpose of archived data. If we want to run some aggregation Cassandra can be good choice.
For partition, transaction Id won't be a good choice because there will be too many partitions for your table which will cause a lot of maintenance overhead. A good idea will be to have partition on date and have further subpartition of transaction type for the day or some other key which can distribute the transaction for the day
@@TheTechGranth Thanks for the reply.
But wouldn't making partition on date will cause hot partition, as there will be load of around ~10M transactions/day on the single partition only.
Instead that load can be distributed across multiple partitions based on transactionId, also there are no such query patterns in the system in which we need to query based on date like in IRCTC or airbnb, except the clearing service(which happens in background).
In the real time we would be required to fetch the transaction by txId mostly which can easily be served.
Maintainence will always be part of partitioning whatever key we choose, but mainly what drives partition key is the access pattern.
Do let me know what you think?
@@uditagrawal6603 that is why is suggested a subpartition, please keep in mind that there will be lot of select query in your application, not just for clearing but also for refund, retry etc. Which happens more than you think. One thing which can be done is, since we are externally generating transaction I'd, we can create sub partition on list of transaction Id for the day. So range partition on date and list partition on transaction Id, so data will be properly distributed. Btw do like the video and subscribe and share with others 🙂
@@TheTechGranth yes but things like retry or refund would also be based on txid only, to be honest I didn't get the reason of storing based on date as I don't get which queries we would be doing based on date?
Also it would be helpful ,if you could guide us on partition and sub partitioning.
Another query how are we handling hot partitions?
Btw series is awesome , I already liked and subscribed 😊
one thing PG only makes a card txn not net banking and e-wallets. and other Card networks they issue 6-digit BIN to issuing banks
Well explained :)...Keep it up Sir...and help us!
great explanation.
Hey, thanks for the video. It helped a lot
Can you make system design video of recommendation system? It is asked a lot nowdays
Glad it was helpful. Do like and subscribe and share with others 🙂.
Recommendation system has a lot of variety, can you explain your problem statement please
BTW you might want to read about Collaborative Filtering
Hi Can you also explain how the money is get credit in Merchant account. Is the the issuer bank who's doing the debit and credit both or just Debit and then Payment processor is doing the credit.?
the Video is 1 year about, but there still SSL in communication. Should I continue to watch it?
Can you explain on the Payment Aggregator Hub asked by banks
Is it the only video you have for payment processor, do you have part 1, 2, 3 ...n of this video?
Thanks for the video.
Can redis be used and replace rdbms and distributed queue?
hey, thanks for the video. In your Card Payment work diagram, where and how would PSP (payment service providers) fit in?
Technically, we are the PSP. payment gateway + payment processor. It is what paypal or stripe does
why ssl no tls? seems ssl has been deprecated.
Need to include OTP service and update the diagrams.
PLease explain How to use the MAP setup.
How payment clearing service works in UPI payments?
If payment ingestion to the Payment Processor occurs through a distributed queue, what immediate response can the payment ingestion provide to the user? Users expect to see payment success instantly in most applications. Rather than displaying 'payment in progress' and then sending a notification, how can this immediate feedback be managed?
I have the same question, have you tried implementing something like this?
Hey, can you make system design video on aadhar system or any web link pls?
Thanks and i like your videos ❤
Really glad to hear this. Kindly like subscribe and share with others 🙂
Can you please elaborate on the requirement of Aadhar system?
At ua-cam.com/video/NxjGFIgFCbg/v-deo.html, "Consistency and availability should be chosen over partition tolerance". The video creator is referring to the famous CAP theorem, but he understands it in the wrong way. The CAP theorem states that a system can only have 2 over 3 properties: Consistency, Availability, and Network partition tolerance. And the creator is saying that we should prioritize CA over P. In reality, network partitions in distributed system is unavoidable, making partition tolerance (P) a necessary consideration. Therefore, we can only choose either consistency or availability (CP or AP), but CA is impractical.
SSL is deprecated, use and teach TLS
How to choose which backend server to use for payment gateways development
You mean hardware?
@@TheTechGranth backend languages like
php, java, nodejs
@@alishanummer1550 choice of language for this application will be same as how we choose language for any other language. It should be scalable, testable, easily deployable, debuggable and more importantly pool of experienced engineers that an organisation have who knows that language
how do you covert from json to ISO 8583
Hey,
Thanks for the video, I didn't understood the retry logic clearly. Suppose for a transaction_id that has failed, we are pushing that id to a failed queue, but how exactly the retry service is picking that up and working on it. Can you please clarify that.
Retry service will just replay the original flow, as if this was the 1st time message was received, only difference being, this service will pick up the message that was put in failed queue
@@TheTechGranth what if retry service fails?
How the identify weather the trasaction is on -us ,off-us and Remote -on us
How to the identify weather the trasaction is on -us ,off-us and Remote -on us
ur awesome
What is SSL?
very good job can i have the presentation please ?
Which SDLC model are you for Qr code payment?
VIsa, Mastercard are not Banks ..why are referring them as a bank?
Assuming this is Microservice based design, why Payment Ingestion and Payment processor talking to same RDBMS ?
I have the same question, I'm trying to come up with a design where each one would have it's own db but I dont know how to manage the data consistency across them
Issuer bank represents the customer.
Without indignity , how did you know ? That this is what really happened inside bank's.
I really wanna know how digital money works?
Any recommendations .. please 🥺
Can I transfer millions 🤔 to Paypal or should I do it in smaller transactions and multiple Paypal accounts with low budget ?
Does Paypal accounts with 9,920 dollar , allowed and safe ?
Can I trust Paypal?
Can I do big really big transactions in cryptocurrency?
What is the relationship between Paypal and cryptocurrency?
It's your choice,
To help or not 😃.
You seem like you worked in this field.
Hi Sir, Can you explain credit card flow with authentication and authorization, url redirection to user for password and how many cycle it takes, is it direct to bank and user or via payment gateway
Have never heard of a system not being partition tolerant.
Hello could anybody help me?? I've been scammed through this portal creation? They've taken my money in pretense of paying me back but haven't. Whay can I do
Sorry for your loss but posting here will not help as we only provide tutorial on system design, please connect with the concerned organization using legal means
Sir how to integrate in desktop based application??
FAILURE: Invalid request parameters or checksum mismatch orderId: txnAmount: checksum: false expectedChecksum: WiUeqDfCTopDs+YruikFxgA/KBasNUdaHm4GfQHyqo7Y2YYwmEnySf0spR0yLB8GIy90Mx6hvRQ7PWo3MtL5QSBGf/vX8BqDmc/0n8Ko9JA=
how much will it cost me if you create for me?
Beware of Stripe processing they randomly debited my bank account $1400
Too many ads
1
looks like this video was made for a social study class. No single line of code. poor content
How seller will be informed about transaction status? ua-cam.com/video/NxjGFIgFCbg/v-deo.html
SSL full form please @techgranth