字幕列表 影片播放 列印英文字幕 hello everyone welcome to my youtube channel in one of my previous video which you can find the link here i designed uber while designing uber i also discussed one part of it which was a billing service however i didn't go into the the actual design of the billing service so in today's video i'm going to discuss what would be the design of a payment service or payment gateway service this is a very important topic because a payment service is involved everywhere where money is involved let me give you some examples many of us now buy stuff from amazon or ebay usually if you go to amazon.com and you create an account it also asks for your credit card information and when you provide that credit card information that information is stored in amazon servers in a secure manner and now if you buy anything from amazon on from amazon website amazon actually goes and charge your credit card if you buy something from a third-party seller on amazon.com in that case after charging your credit card the amazon also transfers the money to the third-party seller as well similarly let's take another example i think now most of us use smartphones and most of the time other people are using iphone or android if you're using iphone then you must have an account with apple app store and you must have provided your credit confirmation there in that case so that if you buy anything from apple app store or if you do any in-app purchase then the payment service at the apple app store charge your credit card the third example is uber uber provides different services like trips and ubereats if a customer uses uber to book a trip then uber deducts charges from the customer credit card that is stored securely on uber servers part of that tip charges goes to uber and the rest goes to the drivers another example is netflix when you create an account with netflix netflix also asks for payment information and when you provide your credit card information then netflix stole that information securely on netflix servers after that netflix service deducts the charges from customer credit card monthly the very first transaction in this case is customer initiated and it is called customer initiate transaction or cit then the subsequent uh transaction by the netflix are merchant initiated transactions i can give you many other examples where the payment service is involved however i'm going to just stop here right now and i will just give you one more example and this example is stripe payment gateway service stripe is a payment processing platform that can be integrated with hundreds of e-commerce websites shopping carts and other third-party applications that many businesses rely on to charge their customers for the goods and services that those businesses provide it is used by third-party sellers to integrate payment processing service in their e-commerce platform to charge their customers for example i use this stripe for charging my customers when they buy my online course similarly there are other third-party sellers as well which actually create their e-commerce website using maybe shopify and then they integrate with stripe to charge their customers for the goods and services whether they are physical goods or they are digital goods or services so in today's video we will discuss how to design a payment gateway service like stripe however before going to the design of stride payment gateway service i would like to welcome you to my youtube channel if you are watching this video first time and i would appreciate that if you haven't subscribed to my channel yet then please do subscribe to my channel and please do click the bell icon i will be uploading more videos in the future as well so before going into details of how we will design strap let's first discuss how the credit card system work a credit card system comprises of the following actors the very first actor in a credit card system is a customer or credit card holder a customer is a person who owns a credit card or a debit card and use it to buy goods or services from a seller or a merchant then a merchant is a business that sells goods and services to customers and accept credit card or debit cards for payment each merchant maintains a merchant account that enables them to accept credit card or debit card from the customers then we have issuer or issuing bank the card issuers are the financial institutions or banks that distribute credit cards to the consumer that is they are the customer's bank an issuing bank transfers money for purchases to the acquiring bank it is liable for purchases made by the customer if the customer does not pay then the fourth actor in this system is acquirer or acquiring bank an acquiring bank is a financial institution or bank that processes credit or debit card payment on behalf of a merchant the acquirer allows merchants to accept credit card payments from the card issuing banks within an association the acquiring bank is liable for charges made by the merchant if the merchant does not provide goods or services purchased then the final actor is a card network or association it is also called a scheme a card association or scheme include visa master discover american express etc the card associations set interchange rates and qualification guidelines and act as the arbiter between the issuing banks and acquiring banks among other vital functions now when a customer provides the credit card to a merchant for some transaction then that financial transaction comprises two phases the first phase is authorization phase in authorization phase a card holder begins a credit card transaction by presenting their card to a merchant as payment for goods or services the merchant uses their credit card machine software or gateway to transmit the card holder information and the details of the transaction to the acquiring bank or the bank's processor the acquiring bank or its processor captures the direction information performs some basic validation and routes it through the appropriate card network to the card holders issuing bank for approval when the card network receives the transaction information it performs basic validation and then the transaction information is routed between issuing and acquiring banks through credit card network the credit card issuer receives the collection information from the acquiring bank or its processor through card network and response by approving or declining the direction after checking to ensure among other things that the transaction information is valid the cardholder has sufficient balance to make the purchase and that the account is in good standing in case of transaction approval the issuer holds the amount of money that is needed for the transaction the card issuer sends a response code back to the appropriate network to the acquiring bank or its processor in case of transaction approval the successful authorization code is sent the response code reaches the merge joints terminal software or gateway and stored their awaiting settlement in case of successful authorization code the merchant releases the good or services to the customer that is the card holder now at the end of the business day the clearing and settlement phase once in this process all the approved authorization codes along with their transaction details for the whole day are returned to a batch file by the merchant or the payment gateway at merchant's end and is sent to the acquiring bank via secured file transfer protocol the acquiring bank reconciles and forwards it to the card network via secure file transfer protocol the card network reads all the authorization codes along with their transaction details from the merchant provided batch file and then write them into a separate batch files targeting different issuers and then pass those batch files to each issuer via secure file transfer protocol the issue when received the batch file release the money that it held for the approved transactions to the card network which then transfers the money to the acquiring banks the acquiring bank submit the money in the merchant bank account now i have a question for you let me know in the comments below that why the acquirer and the scheme and the issue are still using secure file transfer protocol for the settlement and clearance process in general pci compliance is required by the credit card companies to make online transactions secure and protect them against identity theft any merchant that wants to process store or transfer credit card information is required to be pci compliant according to the pci compliance security standard console getting all the compliance is not impossible but yet it is very cumbersome to achieve for small third party sellers like me for example now more than 80 percent of online businesses are selling internationally this brings all sort of issues that the businesses need to worry about for example how do you address the diverse customer preference of a global audience during the checkout experience also the way customers prefer to pay for google services online varies drastically from region to region different geography may have different compliance requirements this is where stripe comes into the picture stripe make it very easy for any type of business anywhere in the world to discover and accept popular payment methods with a single integration the stripe works as a master merchant and payment facilitator for the third party sellers thus the stripe registers a master merchant account with the acquirer or acquiring bank and provides virtual merchant account to the third party sellers now the online sellers or merchants create a virtual merchant account with stripe and integrate their website checkout workflow with stripe checkout now let's see how the stripe charge a customer on behalf of a merchant a card holder begins a credit card transaction by presenting their card to stripe checkout on an e-commerce website as payment for goods or services the e-commerce website has a virtual mature account with stripe stripe check out forward the transaction request along with merchant id to the stripe which behave as a master merchant and payment facilitator for the e-commerce website the master merchant that is stripe performs some basic validation and then uses the software gateway to transmit the cardholder's information and the details of the transaction to its acquiring bank or the bank processor the acquiring bank or its processor captures the transaction information performs some basic validation and routes it through the appropriate card network to the card holders issuing bank for approval when the card network receives the transaction information it performs basic validation and then the transaction information is routed between issuing and acquiring banks through credit card network the credit card issuer receives the transaction information from the acquiring bank or its processor through card network and responds by approving or declining the transaction after checking to ensure among other things that the transaction formation is valid the card holder has sufficient balance to make the purchase and that the account is in good standing in case of transaction approval the issuer holds the amount of money that is needed for transaction the card issuer sends a response code back to the appropriate network to the acquiring bank or its processor in case of transaction approval the successful authorization code is sent the response code which is the master merchandise type through the acquiring bank this type updates the transaction details in its local database and inform the merchant about transaction status in case of successful authorization code the merchant releases the good or services to the customer card holder now at the end of the day there are workflows that run in stripe which actually takes all the authorization code and pass them to the issuer for final settlement and clearance now let's discuss some functional and non-functional requirements for stripe it is very important to understand that coming up with a right set of functional non-functional requirements is very important most of the time the candidates fail the interview because they are unable to actually collect the right set of requirements and that is why you should give new importance to the requirement collection so the very first requirement for strive payment gateway service is that the stripes should enable the third-party sellers or merchants to charge their customers without being pci dass compliant according to pci dss any entity that is involved in either storing or transferring credit card information it needs to be pci dss compliant but now if you go and check my website when you buy my course and do the checkout this is a page that is donated directly by stripe and you enter your credit card information into that page which transfers that information directly to strike so my website is not even involved in the checkout process let me know in the comment below how stripe does this for the merchants the second requirement is of course in order to use the stripe the merchants need to create account with a stripe the third requirement is the merchants should be able to charge their customers and also they should be able to perform refund whenever needed the fourth functional requirement is the merchant should be able to see all the different types of transactions that have happened in their account the transaction details should include the transaction type that is whether it's a purchase or the refund or the bank transfer etc it status the order associated with the transaction and the date and time and other such important information the fifth functional requirement is the merchant should be able to create two different types of transactions one type of transaction is a one-time payment for example if you buy my course then you get unlimited access there's no monthly or yearly subscription for my course right now then the second type of transaction is periodic purchases for example there are other online courses for system design that actually have a yearly subscription model where they charge you daily or sometimes even monthly now the sixth important functional requirement is that the payment gateway service should be able to store the credit card information of the customers securely for the case where the credit card needs to be charged periodically for example monthly or yearly then there are some other extended requirements for example the staff should be able to generate invoices for the purchases another requirement is the merchant should be able to generate a report for some period of time like how many different types of transactions happen during that period how many difference will happen how many like purchases happened etc etc another extra requirement is that stripes should allow different modes of payment for example not just credit card but debit card or maybe even cash transaction as well another extended requirement is that the strap should allow audit support now let's discuss some non-functional requirements the very first non-functional requirement is the service needs to be highly available think about what would happen if a customer is trying to purchase a product from a merchant website and is unable to pay for the product due to payment gateway being unavailable this will be a very bad customer experience both for the merchant and its customer the second important non-social requirement is the stripe payment gateway service should be highly reliable and this is a very important requirement for any type of financial service for example if strap should avoid charging customers twice or multiple times for a single purchase similarly strive should not incorrectly inform the merchant about a transaction being successful if it is not what it means is that its type should provide mechanism for error detection prevention and recovery for situations such as lack of payment duplicate payments incorrect currency convergence incorrect payment and dangling authorization etc the third non-functional requirement is that this type service needs to be highly scalable due to a large number of its customers that is merchants and then their customers and the rate of transactions that are happening all over the world another non-social requirement is the style service needs to be highly disabled we cannot tolerate loss of customer data such as transaction details at the same time style service needs to be strongly consistent this is a very important requirement because we cannot tolerate eventual consistency in the financial system because that could result in decreasing the reliability of the overall system for example think about duplicate payments and dangling authorization these would be hard to avoid in a service using eventual consistency the system will charge a customer but then due to eventual consistency we'll still see a missing charge and thus will try to charge the customer again this could also result in dangling authorization another important non-social requirement is that this tribe service needs to be highly secure service this is another important requirement for the financial service it involves the service to provide or enforce correct authorization authentication and access control mechanisms to protect its customers data this drive service should provide apis and generate checkout pages that must use secure communication mechanisms such as https so that all the communication is encrypted also stripe should store all the customer information securely on its servers so i have added a chapter on a payment gateway service design in my course by the way i would like to show you here now an email that i received from one of my buyers of the course you can find more details about how a payment gateway service is designed in my course where i have discussed all the apis and also i have discussed in detail what would be the high level architecture of a stripe payment gateway service and i've also discussed individual microservices also in detail that how they will be communicating with each other if you sign up for my course there are two chapters which are available for free preview so i'm going to stop the video here here again i would really appreciate that if you haven't subscribed to this channel then please do subscribe and click the bell icon thank you and take care you
B1 中級 設計付款系統:Stripe(Introduction to Payment Gateway System Design | Design Payment System | Stripe Product Design) 26 2 meowu 發佈於 2023 年 10 月 17 日 更多分享 分享 收藏 回報 影片單字