Code Room
System designMedium
Question
Design the velocity-rules engine that runs inline in card authorization and blocks patterns like 'this card was tried >5 times in 60s', 'this device touched >10 cards in 1h', 'this BIN spiked 50x above baseline'. ~25,000 auths/sec, decision budget <15ms, and the counts must be accurate enough that a real fraud burst is caught within seconds, while a legitimate retail spike doesn't false-positive everyone. How do you maintain millions of sliding-window counters at this rate and latency?
What a strong answer looks like
Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.
Learn the concepts
Loading whiteboard…
Run or narrate your approach, then ask the coach.