Author: Chen Bin
The technical architecture of payment is a structural system designed to ensure the smooth processing of payment requests. From the perspective of the system, it includes the software, hardware, network and data of the computer system. From the perspective of participating subjects, it involves the payer, payee, payment institution, bank, card organization, and financial regulatory agency of the transaction. In order to successfully design and build the architecture of the payment system, it is necessary to have a deep understanding of the payment business ecosystem, figure out and take care of the demands of various stakeholders in the payment business ecosystem.
This chapter will discuss the role and characteristics of stakeholders in the payment business ecosystem, analyze the core demands of each stakeholder, summarize the various functions provided to meet the needs of stakeholders, and further aggregate related functions into sub- system. On this basis, by introducing the method of reference architecture and layered architecture design, the architecture of the payment system is discussed, and the overall technical architecture of the payment institution is described.
5.1 Stakeholders of payment business ecology
5.1.1 Payee and Payer
(1) Payee
Generally speaking, in the payment process, it is the payee (seller) who initiates the payment activity first. In order to sell their products or services, sellers need to display their products and persuade buyers to pay for them. Moreover, when the transaction intention of both parties is reached, the payee needs to provide the payer with the delivery list and payment request.
For the payee, the core interest requirement is to receive the agreed amount of funds paid by the buyer at the time stipulated in the contract; the obligation to be fulfilled is to deliver goods on time, with quality and quantity, and to provide invoices and deliveries information.
(2) Payer
Generally, it is the buyer in the transaction, and the core demand of the payer (buyer) is to be able to receive the goods of the agreed quantity and quality from the seller at the specified time in accordance with the contract, or receive the agreed quantity and quality of services. The obligation to be fulfilled is to complete the payment of funds corresponding to the goods or services on time and in accordance with the quantity.
For the payer, the purchase of goods or services is an occasional event, and there needs to be a way to check the logistics and payment status in a short period of time. For the payee, selling things is his business, and he needs to constantly check whether there are new orders? Has the order already received been paid? Whether the order that has been paid has been shipped, etc.
5.1.2 Banks
In addition to the buyers or payers and sellers or payees directly involved in transactions, banks are also active participants in payment activities. Because under normal circumstances, the funds of the payer and the payee are deposited in the bank. Payment will involve the transfer of funds from the buyer's bank account to the seller's bank account.
The core appeal of the bank is to be able to complete the transfer of funds on time and in accordance with the customer's payment instructions, so as to earn the bank's service fees. The bank shall reconcile with the payment institution at the agreed time to ensure that the payment requests processed by both parties can match. Banks also need to help payment institutions to complete payment activities after settlement. Figure 5-1 shows the role of banks in the payments ecosystem.
Some banks are more involved in payment, because in order to better serve the merchants who open accounts with the bank, they need to help the merchants complete the acquisition, or entrust a third-party payment company to help serve the merchants well. That is to say, banks can directly or indirectly participate in payment activities. In some complicated cases, the bank will also provide buyer's credit to the buyer, or provide financing facilities for the seller's accounts receivable, such as factoring of accounts receivable.
5.1.3 Card organization
If the payment involves a bank card, then the card association will be another player besides the bank. Usually, from the perspective of the card organization, the payer is the cardholder, and the card organization provides the underlying basic network and authorization authentication services for the cardholder through the card issuer. The payee is the merchant, and has its own contracted acquiring bank. The acquiring bank indirectly completes the exchange of payment information and the settlement of funds through the card organization and the opening bank. The core appeal of card associations is to provide bank card services efficiently and securely, thereby earning bank card payment processing fees.
5.1.4 Payment institution
The payment institution can act as an intermediary between the buyer and the seller, or accept the seller's entrustment, and act as an agent to collect the funds corresponding to the goods or services paid by the buyer. The core appeal of payment institutions is to help buyers and sellers complete the delivery of transaction funds accurately, punctually and safely. During the transaction process, the payment institution helps the seller issue payment deduction instructions to the buyer's bank. Payment institutions are responsible for managing credit card risks in the transaction process. Cooperate with financial regulators in investigating potential money laundering and terrorist financing activities.
5.1.5 Regulatory agencies
According to the specific circumstances of the payment request, the payment transaction may also involve the government or industry regulatory agencies, such as the People's Bank of China, international, national and regional anti-money laundering centers. The core appeal of financial regulators is to ensure that payment activities comply with national laws and regulations, such as foreign exchange control regulations and credit management regulations, requiring payment institutions to regularly report the payment requests they process to verify suspicious transactions.
The following table summarizes the roles and demands of payment-related entities:
effect |
demand |
|
payer |
Payment |
Can pay on time, quality and quantity |
payee |
collect money |
Able to collect payment on time, quality and quantity |
Issuing bank |
Provide a bank account for the payer |
Earn banking fees |
Acquiring bank |
Provide the recipient with a bank account |
Earn banking fees |
card organization |
Provide basic network and services for card payment |
Charge basic network and service fees |
payment institution |
Provide intermediate services for payers and payees |
Charge a payment processing fee |
Regulatory Authority |
Investigate anti-money laundering and countering the financing of terrorism |
Ensure that payment activities are compliant and legal |
Table 5-1 The role and appeal of payment-related entities |
||
In short, payment institutions not only need to have a strong technical framework and a sound business management and control system to ensure that payment requests can be processed efficiently, safely and smoothly to satisfy the payer and payee, but also need to be able to consider and take care of other interests Various needs of interested parties. A comprehensive and thorough understanding of these demands and functions, and the induction and extraction of related functions are the key to successfully building a payment technical architecture and business management and control system.
5.2 Functions of Payment Institutions
This section will focus on stakeholders and discuss the business functions and corresponding technical support systems that payment institutions should have from the perspective of business functions. If a typical payment institution wants to provide the core demands that can satisfy various stakeholders, it must systematically analyze and grasp the functional requirements of each stakeholder in the payment process.
5.2.1 Features provided for payers
The most basic functions provided for payers are debit cards provided by banks, and various credit cards issued by the six major card organizations through banks. On this basis, it also includes prepaid cards, white bills and buy now pay later (BNPL) Card. Many payment institutions also provide functions such as points and coupons.
In addition to these payment cards, payment institutions have also developed various electronic wallets to facilitate consumers to complete payments.
In China, it mainly includes WeChat Wallet, Jingdong Wallet, Baidu Wallet and Alipay Wallet. In addition, various commercial banks such as UnionPay, ICBC, Agricultural Bank of China, Bank of China, China Construction Bank, Bank of Communications and China Merchants Bank are also providing various wallets, and there are even many latest wallets. digital currency wallet.
In Japan, there are nearly 20 kinds of wallets including PayPay, LINEPay, DoCoMoPay, AuPAY, QuoPay and RakutenPay.
In the United States, it mainly includes PayPal, Square, Vemo, ApplePay, GooglePay, and AmazonPay wallets, as well as wallets of commercial banks such as Wells Fargo, Bank of America, Citibank, and JP Morgan Bank.
These wallets are similar in form, and the main functions basically include: online payment, scan code payment and balance payment. In China, there are still many wallets that have opened the function of digital currency payment.
5.2.2 Functions provided for payees
The payment institution needs to provide the payee, that is, the seller or merchant, with the function of acquiring the bill and the function of processing funds after the bill is completed. These functions sound simple, but in fact there are many challenges in doing so. Because its ease of use and security will affect a large number of consumers, and the availability and scalability of the system will affect the daily business of merchants. The specific description of these necessary functions is as follows:
(1) Acquiring function
The payment and acquiring function at the front end of the business. These functions usually appear in the form of hardware such as POS machines, code scanning and biometric identification devices, and may also appear in the form of software system integration. For example, traditional cash register integrated machine and cloud POS machine, etc. These hardware or software are all designed to help merchants successfully complete transactions, receive and process payment requests from consumers.
(2) Query statistics
The query statistics function at the business backend. These functions are usually common query functions of merchants, such as detailed query of payment requests, summary query of payment requests, daily transaction reconciliation, periodic settlement, payment data analysis reports, etc., which are essential for merchants in their business operations Function. Essentially, these functions belong to the merchant's backend business operation system MBOSS (Merchant Backend Operation System).
(3) Access function
In addition to acquiring and querying functions, payment institutions will also help merchants quickly access the payment request processing system. This part of the access function needs to be easy to use and have a high degree of security. Try not to allow merchants to spend too much time and energy on accessing. Because this part of the interface is used to receive the payment request from the merchant, and at the same time return the status information of the payment success or failure to the merchant, so the performance of this part of the function will directly affect the merchant's confidence in the payment institution.
(4) Data analysis
According to the acquiring request, the payment institution helps the merchant complete the data analysis of various dimensions. For example, the time series analysis of payment requests, that is, the data aggregation of payment requests at different granularities such as minute, hour, day, week, month, and year. These data can help merchants gain an in-depth understanding of their business development trends and trends. It is also possible to analyze the payment behavior of users according to the source of payment funds, for example, which wallets are popular with consumers? Which points are more popular? These conclusions have some inspiration for merchants in terms of customer acquisition and drainage in the future.
5.2.3 Functions of Payment Institutions
In addition to meeting the demands of stakeholders in the payment business ecosystem, payment institutions also need to have a complete set of system functions for processing payment requests and related businesses. This part is the heart of the payment system. Describe these functions in the order of business development as follows:
(1) Functions before payment
This part of the function is also called KYC (Know Your Customer). The so-called KYC refers to the process by which the payment institution understands and grasps the true identity of the merchant before the payment request occurs. The main purpose of KYC is to ensure the compliance of the business. For the payment business, it is to ensure that the payment business provided will not be used for illegal activities such as money laundering and terrorist financing.
Usually, the authenticity check involved in KYC can be conducted by physically visiting merchants offline, or querying through the database of government authorities based on the application materials submitted by customers, so as to finally ensure the authenticity and compliance of merchants. Specifically, these functions include There are five parts: contract, application, review, approval and activation.
(2) Functions in payment
This part of the function mainly occurs after the merchant's payment service is opened. The merchant first needs to connect with the payment institution to transfer the payment request to the payment request processing system for processing. Secondly, these functions also include activities such as payment institutions receiving payment requests, analyzing payment requests, risk management, forming instructions, sending instructions, result notifications, accounting fees, and customer service.
These activities are the core of the entire payment activity, including not only the system of interaction between merchants and payment, but also the system of interaction between payment institutions, banks and other financial institutions. The system of the payment institution converts the merchant's payment request into a payment instruction that the bank or other financial institutions can understand and operate, and completes the delivery of funds.
(3) Function after payment
After the payment request is processed, there are still follow-up links that need to be completed. The payment institution must accurately handle the transaction money entrusted by the merchant so that the accumulated funds can be transferred to the merchant within the specified time. The functions of this part mainly include accounts, accounts, reconciliation, settlement, payment, statistics and reports. The transfer of funds completed in the payment is completed between banks or other financial institutions, and the actual transfer of funds paid by consumers to merchants is completed after payment.
Therefore, the post-payment activities mainly include checking and confirming the payment processing activities and their corresponding status during the payment, calculating the amount of the reserve fund collected by the payment institution, and then transferring the reserve fund to the bank according to the agreed time and method merchant.
5.2.4 Bank-related functions
Banks are financial institutions where consumers currently open accounts to place and store funds, and bank accounts have financial attributes. Payment institutions are non-financial institutions and cannot directly operate accounts of banks or other financial institutions. In order to efficiently process payment requests, payment institutions must have access to banks, card associations, and other financial institutions.
This access is an API docking work initiated by the payment institution. Some payment institutions abstract this part of their functions into institutional access services that can be used repeatedly. If the access part of the institution can be made flexible, not only the efficiency of access can be improved, but also the resources occupied by access can be reduced.
The functions of this part mainly include parameter parsing and translation of the payment interface of financial institutions. The payment institution and the bank are usually connected by a dedicated line and use a hardware encryption machine. In addition to access, the payment institution will also build a reconciliation subsystem with the bank, as well as the corporate online banking connection for the automation of payment.
5.2.5 Functionality provided for regulators
Payment institutions are obliged to provide regulatory agencies with information on payment request activities on a regular or irregular basis, and even access the regulatory agency's system to complete the investigation and cooperation of anti-money laundering and combating terrorist financing. The function of this part is mainly the anti-money laundering system, which is generally provided by a professional anti-money laundering institution, and then integrated into the technical system of the payment institution.
China's payment institutions are also required to complete the reserve reporting and centralization functions associated with the People's Bank of China's reserve management system in accordance with the law. In addition to the central bank's reserve filing, China's payment institutions also face challenges from the public security department, the foreign exchange administration, the anti-money laundering center of the People's Bank of China, the payment and settlement department of the People's Bank of China, and the business management departments of the People's Bank of China. .
To sum up, payment institutions must be able to provide various necessary business functions for various stakeholders in the payment ecosystem. These functions constitute the payment business system, which in turn determines how the payment technology system should be built. The figure below summarizes the core functions that payment institutions need to have.
5.3 Requirements for Payment Technology Architecture
It is different from games, text messages, live broadcasts, advertisements and e-commerce platforms. Payment business involves funds processing, which has a wide range and complex functions. The payment technology system needs to meet the four requirements of high availability, high security, high efficiency and scalability. The requirements for these four aspects are described in detail as follows.
5.3.1 High Availability
The technical architecture of the payment must be able to provide 7*24*365 uninterrupted services, and the availability of the core system must be at least 99.99%, which means that there can only be a maximum of 52.6 minutes of downtime per year, preferably 99.999 %. If the technical architecture is designed reasonably and the operation and maintenance are proper, the availability of an excellent payment technology system can even be comparable to 99.999% of the IBM mainframe system, which means that the annual downtime is 5.26 minutes.
It's a very challenging job with very high standards. After all, it cannot be compared with IBM's mainframe system in terms of resource redundancy and high reliability design. High availability is not only a technical architecture design issue, but also requires the strong cooperation of best technical management practices. This book will be devoted to analysis and discussion in subsequent chapters.
5.3.2 High Security
Payment involves bank account or bank card-related information (PCI), data and applications are related to funds, so its value is extremely high, it is very attractive to the outside world, and has attracted the attention of hackers. At the same time, in the payment process, the legal person information of the merchant and the personally identifiable data (PII) of the consumer will also be involved.
If these data leaks, it will also bring many potential problems. Therefore, the technical architecture of payment must handle information security well, and high security is the key to the success or failure of payment business. Regarding the protection of payment card data (PCI) and personally identifiable data (PII), this book will discuss in detail in "Chapter 12 Payment Information Security".
Measuring the security of the payment system mainly depends on the following two aspects:
First, whether the system has obtained the necessary security certification. For payment institutions, the most important thing is PCI-DSS certification.
Second, whether the system has obtained the "Information Security Level Protection" certification from the public security department.
Third, whether the system has passed regular vulnerability security checks, and there are no medium or high-level security vulnerabilities.
5.3.3 High Efficiency
The payment revenue model is to earn a part of the payment request processing fee, so the payment technical system processes each payment request. The cost should be low enough. The payment processing fee is generally charged according to a certain percentage of the transaction amount, such as 1%, which means that a transaction of 100 yuan may only receive a payment processing fee of 1 yuan at most. It's hard to make money if you can't scale and automate payments with very efficient technical means. The formula for calculating the cost of a single transaction is as follows:
Operation and maintenance cost: including the cost of IDC or cloud service infrastructure, as well as the personnel cost of maintaining the technology platform.
Total number of payments: the number of all payment requests that occurred in the payment system, including refunds and cancellations.
Generally speaking, the technical operation and maintenance cost of a single payment has no absolute meaning. It is more of a self-comparison within the payment technology system based on the time axis. The purpose is to ensure that the payment technology system can be continuously optimized, thereby improving efficiency and reducing costs. The figure below shows the change of a single transaction cost of a payment institution.
5.3.4 Scalability
The so-called scalability is an architectural term, which means that the architecture of the payment system can meet external requests by increasing system resources without modifying the application program in the case of increasing external payment requests.
In real life, various commercial activities supported by payment institutions often have a large number of high-concurrency requests brought about by promotions, popular products, discounts, etc. This massive high-level development will have a huge impact on the computing, network and storage resources of the payment system in an instant, and may even be paralyzed and cause the service interruption of the payment system.
I've been through a few serious failures of payment systems. In 2015, I was working in China's PayPal. At that time, an e-commerce platform cooperated with a smartphone manufacturer to carry out discount promotions. The event started online at 10:00 am, and within a few minutes of the start, the monitoring department (NOC: Network Operations Center) found that the response of the payment system was very slow, and it was getting slower and slower, with requests queuing and blocking. At the same time, the e-commerce platform was full of curses, and customer service calls were exploded.
Soon, the technical operation and maintenance team found that tens of thousands of payment requests flocked in less than 10 seconds. Because each payment request needs to lock the data in the application system to update the merchant's account, the result is that the database cannot respond in time, until the system is completely paralyzed. The event, of course, also ended in failure.
It can be seen that the technical architecture of the payment system must have good horizontal scalability in order to withstand the test of strong winds and waves. The so-called good horizontal scalability means that when external requests increase, capacity expansion can be achieved by continuously adding devices, and there is no obstacle to this expansion. So, how can we design and develop a payment technology architecture with high availability, high security, high efficiency and scalability?
"Understanding Payment with a Book" is especially recommended, about the past and future lives of payment.
The first 3 likes in the comment area will get a new book. (Statistics at 00:00 on the third day after the article is published)
Let you be the first group of people who fully understand payment! A landmark book in the field of payment, summarizing the 30-year experience of payment leaders in China, the United States, and Japan, etc., highly recommended by the executive vice president of China UnionPay, with a 360° interpretation of payment.
Link to book discount (35% off) Click to read the original text
You can join the reader group of technical trivia, please reply in the background: reader group
Past recommendations:
technical trivia
Based on distributed design, architecture, and system thinking, it also discusses bits and pieces related to R&D, not limited to code, quality system, and R&D management.