Design and Implementation of a Payment Fund Account System

A fund account system is a very common system in internet and financial businesses, especially essential in e-commerce and payment operations. While the core architecture of a fund account system is not particularly complex, its extremely high requirements for fund security and availability make building a robust system challenging. This article explores the problems encountered in designing and implementing a fund account system, along with corresponding solutions.

1. What is an Account

An account is a data carrier used to record the balance and balance change details of a specific subject's specific type of funds. From a business perspective, an account records the balance of funds for a particular entity and the detailed records of fund movements. Key elements include: account balance (the amount of funds in the account), account transactions (detailed records of fund inflows and outflows), and transaction vouchers (information recording the transaction process).

2. What is a Fund Account System

A fund account system is essentially a passbook ledger, where every fund change is reflected in the ledger. Third-party payment platforms, as neutral third parties, interrupt the capital flow between users and merchants. Funds first transfer from the user account to the third-party payment platform account, and after confirmation from both parties, transfer from the payment platform account to the merchant account.

3. Implementation - Key Principles

The fundamental principle is: for every debit, there must be a corresponding credit, and debits and credits must be equal. This follows the double-entry bookkeeping method. For third-party payment businesses, bank accounts correspond to reserve funds (assets), while merchant and user accounts are internal accounts of the payment platform (liabilities).

3.1 Important Principles

The accounting theory basis is double-entry bookkeeping (复式记账法), and the记账规则 can be summarized as: every debit must have a corresponding credit, and debits must equal credits.

3.2 Design and Implementation

The system uses TDSQL (Tencent's distributed database) as the underlying storage, with account ID as the sharding key for automatic horizontal splitting. The architecture consists of Fund Service and Account Service as core services, two databases, and several Daemon programs.

3.3 Key Challenges

The main challenges are fund security and high availability. The goal is to ensure absolute fund security and maximum availability.

3.4 Fund Security Construction

Fund security is analyzed using the STRIDE model, covering: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. Key measures include permission control (ticket verification and module authentication), anti-tampering (MAC values using HMAC-SHA256), key leak prevention (KMS), idempotency design, balance-transaction consistency (pessimistic vs. optimistic locking), distributed transactions (2PC), comprehensive reconciliation and auditing, accounting system, and R&D process specifications.

3.5 Availability Construction

Availability addresses three aspects: program/node availability (via TKE), service availability (rate limiting, hot key issues solved through multi-account and merged posting), and storage availability (TDSQL's high availability features).

4. Summary

Building a fund account system requires careful consideration of security, availability, and consistency. The system must handle high concurrency scenarios while maintaining fund integrity and transaction accuracy.