Building a New Age Fintech Platform
Payment Gateways are used by businesses across all verticals in the modern times to collect payments for digital as well as physical products and services offered. This has given rise to the need of payment gateways which can integrate with various banks and can help collect and process payments seamlessly.
Nativebyte was approached by a budding payment gateway service to help them build next generation of payments processing service.
Our approach entailed building the application on microservices framework due to the nature of the ecosystem. There were numerous banking APIs offered by different banks which were also unreliable. Different kinds of payment methods also made the business logic even more complex.
We divided the solution space into two different platforms - one for the payment gateway and the other for the merchants. Following is an explanation of how each of these platforms worked.
- We helped our client by building an application which allows accepting payments from the customer using different payment channels including Net-banking, UPI etc. For this, a common payment interface was designed to collect and capture required information from the financial institutions. Then separate microservices were created for each bank to integrate with their APIs.
- The application stores a detailed transaction activity log for the payment during complete transaction cycle to maintain auditing ability of the application.
- Webhooks and scheduled jobs were created to read data from queues and save in a the data storage systems from different channels using webhook or schedular jobs.
- Advanced searching in transaction DB was enabled with the help of different kinds of databases including PostgreSQL and ElasticSearch.
- Each transaction is mapped with merchant unique MID which is also recognised by the banks for greater analysability of the transactions.
- A dedicated merchant dashboard was built to offer greater usability and ease of use to the merchants and help them keep a tab on the transactions statuses.
- Reconciliation of all the transactions was done and reflected on the merchant dashboard using data from various banks and sources as an when a transaction was processed. This is an async processes and depends heavily on the banking APIs.
- We used Kafka driven queuing based systems to ensure that jobs are processed using a log-based time delay approach. This gave a greater reliability to the reconciliation process and allowed for automatic delayed retries in case the banking API failed.
- Automatic settlement to the merchants was done based on their settlement cycle. An important addition here was grading the merchants into different categories and groups based on their risk profiling at the time of onboarding by the operations team. This allowed a much less riskier ecosystem for the stakeholders and end customers.
- Merchant invoices were generated automatically based on per-merchant pricing rules and were stored in a permanent storage system for the merchants to download whenever required.
- Various load-testing and audits were put in place to ensure security, stability and scalability of the platform.
Product & Toolset
- With focus on scale and security, we built this application from ground up taking care of minutest of optimisations. The tech stack is divided into multiple independent microservices and runs on highly scalable cloud based infrastructure. It can scale up and scale down as per usage, ensuring that the cost is optimised.
- Proper use of database indexes, data segmentation and sharding and clustering, caching at DB level, CDN level, code level and database level ensures that the users get smoothest possible experience without any delays or lags, even with a load of several thousand transactions per second.
Security and Reliability
- The system is PCI-DSS compliant and follows industry best practices to offer banking grade security.
- The application is well tested by external security experts ensuring that the ecosystem is safe and auditable as per the compliance requirements.
- It uses state of the art PITR recovery solution along with advanced BCP and DR to recover quickly and reliably from any inadvertent security or infrastructure issues.