Digital Wallet - Problem Statement

Reading Time: 20 minutes

Business Context

A digital wallet is a secure electronic payment system that stores payment methods, enables contactless transactions, and provides transaction history. Systems like Apple Pay, Google Pay, and Samsung Pay have transformed how consumers make payments by combining convenience with security.

Core Problem

Design a digital wallet system that:

Stores multiple payment methods securely
Enables contactless (NFC) and online payments
Provides real-time transaction history
Supports peer-to-peer (P2P) transfers
Integrates with merchant point-of-sale systems
Ensures PCI DSS compliance and strong security

Functional Requirements

1. Payment Method Management

Add Payment Methods: Credit/debit cards, bank accounts
Tokenization: Secure storage using payment tokens
Verification: CVV verification, micro-deposits for bank accounts
Default Payment: Set preferred payment method
Expiry Management: Handle expired cards, renewal notifications

2. Transaction Processing

Contactless Payments: NFC-based in-store payments
Online Payments: E-commerce checkout integration
P2P Transfers: Send money to other wallet users
QR Code Payments: Scan-to-pay functionality
Transaction Limits: Daily/per-transaction limits

3. Transaction History

Real-time Updates: Instant transaction notifications
Search and Filter: By date, merchant, amount, category
Receipt Storage: Digital receipts and invoices
Export: Download statements in PDF/CSV
Dispute Management: Report fraudulent transactions

4. Security Features

Biometric Authentication: Fingerprint, Face ID
Device Binding: Tie wallet to specific devices
Transaction Verification: 2FA for high-value transactions
Fraud Detection: Real-time risk assessment
Remote Wipe: Disable wallet on lost/stolen device

5. Loyalty and Rewards

Cashback Programs: Earn rewards on transactions
Loyalty Cards: Store merchant loyalty cards
Offers and Coupons: Apply discounts at checkout
Points Redemption: Use rewards for payments

Non-Functional Requirements

1. Performance

Transaction Speed: < 2 seconds for payment authorization
NFC Response: < 300ms for contactless tap
History Load: < 1 second for recent transactions
Concurrent Users: Support millions of active wallets

2. Security

PCI DSS Level 1: Highest compliance standard
Tokenization: No raw card data storage
Encryption: AES-256 for data at rest, TLS 1.3 in transit
Secure Element: Hardware-based key storage
Zero Trust: Verify every transaction

3. Availability

Uptime: 99.99% availability (52 minutes downtime/year)
Offline Mode: Cache for limited offline transactions
Disaster Recovery: < 1 hour RTO, < 5 minutes RPO
Multi-Region: Active-active deployment

4. Compliance

PCI DSS: Payment Card Industry Data Security Standard
PSD2: Strong Customer Authentication (SCA) in EU
KYC/AML: Know Your Customer, Anti-Money Laundering
GDPR: Data privacy and right to be forgotten
Regional Regulations: Country-specific financial laws

Key Challenges

1. Security vs Convenience

Challenge: Balance strong security with frictionless user experience

Considerations:

Biometric authentication for quick access
Risk-based authentication (low-risk = no 2FA)
Secure Element for cryptographic operations
Device attestation to prevent rooted/jailbroken devices

2. Tokenization and Key Management

Challenge: Secure token generation and lifecycle management

Considerations:

EMV tokenization standards
Token vault with HSM (Hardware Security Module)
Token provisioning and de-provisioning
Key rotation without service disruption

3. Offline Transaction Support

Challenge: Enable payments when network is unavailable

Considerations:

Limited offline transaction cache
Cryptographic verification without server
Sync when connection restored
Fraud risk management for offline mode

4. Multi-Platform Consistency

Challenge: Consistent experience across iOS, Android, wearables

Considerations:

Platform-specific security features (Secure Enclave, TEE)
Unified backend API
Device-specific optimizations
Cross-device synchronization

5. Merchant Integration

Challenge: Seamless integration with diverse POS systems

Considerations:

NFC protocol compatibility
QR code standards
Online checkout SDKs
Webhook notifications for merchants

Success Metrics

Business Metrics

Active Users: Monthly active wallet users
Transaction Volume: Total payment value processed
Adoption Rate: New users per month
Transaction Success Rate: % of successful payments
Average Transaction Value: Revenue per transaction

Technical Metrics

Authorization Latency: P95 < 2 seconds
NFC Response Time: P99 < 500ms
API Availability: 99.99% uptime
Fraud Detection Rate: > 99% accuracy
False Positive Rate: < 1% legitimate transactions blocked

Security Metrics

Fraud Loss Rate: < 0.1% of transaction volume
Token Compromise: Zero token breaches
PCI Compliance: 100% audit pass rate
Incident Response Time: < 15 minutes detection
Vulnerability Remediation: < 24 hours for critical

User Personas

1. Everyday Consumer

Needs: Quick payments, transaction tracking, rewards
Pain Points: Carrying physical cards, slow checkout
Usage: Daily purchases, bill payments, P2P transfers

2. Tech-Savvy Early Adopter

Needs: Latest features, multiple payment methods, integrations
Pain Points: Limited merchant acceptance, feature gaps
Usage: Contactless everywhere, online shopping, crypto

3. Security-Conscious User

Needs: Strong authentication, fraud protection, privacy
Pain Points: Security breaches, unauthorized transactions
Usage: Selective usage, high-value transactions, monitoring

4. Business User

Needs: Expense tracking, receipt management, reporting
Pain Points: Manual expense reports, lost receipts
Usage: Business expenses, vendor payments, reimbursements

Scope Boundaries

In Scope

Payment method storage and tokenization
Contactless and online payment processing
P2P money transfers
Transaction history and notifications
Fraud detection and security
Loyalty program integration

Out of Scope

Cryptocurrency wallet (separate system)
Investment/trading features
Loan/credit services
Insurance products
Physical card issuance
Merchant acquiring services

Interview Discussion Points

Clarifying Questions to Ask

Scale and Geography:
- How many users and transactions per day?
- Which countries/regions to support?
- Multi-currency requirements?
Payment Methods:
- Which card networks (Visa, Mastercard, Amex)?
- Bank account support (ACH, SEPA)?
- Alternative methods (PayPal, Venmo)?
Security Requirements:
- Compliance standards (PCI DSS level)?
- Biometric authentication mandatory?
- Fraud detection sophistication?
Platform Support:
- Mobile platforms (iOS, Android)?
- Wearables (Apple Watch, Wear OS)?
- Web interface needed?
Transaction Types:
- In-store contactless priority?
- Online checkout integration?
- P2P transfer limits and fees?

Key Points to Emphasize

Security First: Tokenization, encryption, secure element
Compliance: PCI DSS, PSD2, regional regulations
User Experience: Fast, frictionless, reliable
Fraud Prevention: Real-time detection, risk scoring
Scalability: Handle millions of users and transactions

Real-World Examples

Apple Pay

Strengths: Secure Element, biometric auth, seamless UX
Architecture: Device-based tokenization, NFC payments
Scale: 500M+ users, billions in transaction volume

Google Pay

Strengths: Cross-platform, loyalty integration, P2P
Architecture: Cloud-based tokens, HCE (Host Card Emulation)
Scale: 150M+ users, global merchant network

PayPal

Strengths: P2P transfers, buyer protection, merchant tools
Architecture: Account-based, email-linked payments
Scale: 400M+ accounts, $1.3T+ annual volume

Next Steps

After understanding the problem:

Define scale and constraints (02-scale-constraints.md)
Design high-level architecture (03-architecture.md)
Model database schema (04-database-design.md)
Design APIs (05-api-design.md)

Estimated Reading Time: 20 minutes