AIM:

To design and implement Paygate, a secure, robust, and scalable payment

gateway system using the MERN stack, to facilitate seamless, traceable, and
veri able nancial transactions between customers, merchants, and banks.

OBJECTIVE:
• To build a secure user registration system featuring mandatory Know
Your Customer (KYC) veri cation using PAN and Aadhaar APIs.
• To implement an admin approval work ow for new user activations and
transaction settlements to mitigate fraud.
• To develop a comprehensive user dashboard for managing personal
information, linked bank accounts, and viewing detailed transaction
history.
• To enable multi-bank support, allowing users to link multiple accounts,
each generating a unique UPI ID for payments.
• To create a secure and easy-to-integrate merchant API for initiating
payment requests from external applications.
• To secure all sensitive data transfers using industry-standard encryption
algorithms: ES256 and HS512 for KYC veri cation and AES−256−GCM
for bank communications.
• To implement multi-factor payment authorization using a secure, time-
sensitive One-Time Password (OTP) veri cation service.
• To provide a powerful admin dashboard for system monitoring, user
management, and transaction control.
DESCRIPTION
Paygate is a MERN-based secure payment gateway enabling merchants to
integrate seamless, traceable transactions with strict KYC veri cation, admin-
controlled settlements, and multi-level security. It routes payments through a
central admin account for veri cation before settlement, ensuring fraud
prevention. All sensitive communications, including bank API interactions, are
protected using AES−256−GCM encryption for data integrity and
con dentiality.
fi
fi
fi
fi
fi
fl
fi
fi
fi
SERVICES PROVIDED & USED
Services Provided (Internal)
These are the core functional components provided by the Paygate backend:
• User Onboarding Service: Handles the entire user registration ow, from
capturing details to coordinating KYC checks.
• KYC Veri cation Service: Manages identity veri cation by securely
interfacing with the PAN and Aadhaar modules.
• Transaction Processing Service: Processes all payment requests, ensuring
data is encrypted and results are logged securely.
• Bank Account Management Service: Allows users to add and manage
their bank accounts, including validation and UPI ID generation.
• Authentication & Dashboard Service: Manages user sessions and serves
the appropriate data for the User and Admin Dashboards.
Services Used (External)
• Bank API: Used for account validation, balance checks, and executing
fund transfers.
• PAN API: Used for real-time veri cation of user Permanent Account
Numbers.
• Aadhaar API: Used for OTP-based veri cation of user Aadhaar details.
• SMS Service: Used to dispatch One-Time Passwords (OTPs) to users for
transaction authorization.

Core Features & Payment Flow – Key Points

User Onboarding & KYC
• Sign-up collects personal and KYC details (PAN, Aadhaar).
• PAN veri ed via HS512 JWT-secured API.
• Aadhaar veri ed via OTP with ES256 JWT.
• Accounts remain pending until admin approval.
User Dashboard
• View analytics (revenue, transactions, success/failure rates).
fi
fi
fi
fi
fi
fi
fl
 • Manage KYC and personal pro le.
• Add multiple bank accounts (validated via encrypted bank API).
• Generate unique UPI IDs per account.
• Access detailed transaction history.
Merchant Integration
• Payments initiated using customer email/UPI or merchant API.
• Paygate veri es accounts and balance.
• OTP sent to customer for authorization.
• Funds transferred to admin’s central account.
Admin Dashboard
• Manage users, merchants, and transactions.
• View analytics and transaction logs.
• Approve/reject transactions individually or in bulk.
• Process settlements or refunds.
Payment Flow
1. Customer → Admin: Funds moved to central account after OTP
veri cation.
2. Admin Review: Approve for settlement or reject for refund.
3. Settlement: Approved → transfer to merchant; Rejected → refund
to customer.

Architecture
Service-Oriented Architecture (SOA): Modular design for scalability,
maintainability, and clear separation of concerns.
Client Side:
• Customer Web/App: Manage accounts and initiate transactions.
• Merchant App: Integrate Paygate and track payments.
• All communication secured via HTTPS.
fi
fi
fi
Network Edge:
• MAC Address Filter / Firewall: Filters and blocks unauthorized
requests.
Paygate Backend:
• Control & Onboarding Services: Sign-Up & KYC service for PAN/
Aadhaar veri cation.
• Core Transactional Services: Transaction handling and bank
account management with AES−256−GCM encryption.
• Veri cation Modules:
• PAN veri cation via HS512 JWT.
• Aadhaar OTP veri cation via ES256 JWT.
• User Interface Services: Backend for User & Admin dashboards.
Data Layer:
• MongoDB: Stores user pro les, KYC data, transactions, and
settlements.
External Services:
• Bank API: Validate accounts, check balances, transfer funds.
• PAN & Aadhaar APIs: Real-time KYC veri cation.
• SMS Service: Send OTPs for transactions.
Security Implementations
• MAC Address Filtering: Whitelists trusted client devices to block
unauthorized local access.
• Aadhaar Veri cation: Secured in ES256-signed JWT, ensuring
integrity and authenticity.
• PAN Veri cation: Secured in HS512-signed JWT, making data
tamper-proof.
• Bank Communication: AES−256−GCM encryption for all sensitive
bank API data.
• OTP Service: Mandatory OTP authorization for all nancial
transactions.
fi
fi
fi
fi
fi
fi
fi
fi
fi
Conclusion
Paygate is a secure, compliant, and integration-friendly payment gateway
with multi-level veri cation, encrypted communications, and admin-controlled
settlements, ensuring both high security and a smooth user experience.
FURTHER ENHANCEMENTS

• UPI-to-UPI direct payments for faster fund transfers.

• Forgot password recovery via OTP or email veri cation.
• In-app customer support chat for resolving queries directly inside
Paygate.
• Export transaction data and send to merchant via email.
• Dark/Light theme toggle for better user experience.
fi
fi