CRED System Design Interview: Bill Payments and Rewards at Scale
CRED processes about a third of India's credit-card bill payments by value, and reported moving 4.4 lakh crore rupees through the platform in a year. You can only join if your credit score clears a bar, and behind the app sits an event-driven order management system that treats each order's state machine as the source of truth across every product CRED runs.
Designing CRED is a fintech problem with three distinctive parts. First, membership is gated: a user can only join if their credit score clears a threshold, which is checked at onboarding against credit bureaus, so access control is part of the design rather than an afterthought. Second, the core action is paying a credit-card bill, which is an orchestrated money movement that CRED runs through a central order management system built on state machines and events. Third, the load is cyclical, concentrated around monthly billing due dates. This walkthrough centers on the order management system that CRED has published, the gated onboarding, and how the platform handles the monthly spike, and is honest about which payment and reconciliation details are the standard fintech pattern rather than CRED-published.
Asked at: Commonly asked at CRED, other fintech companies, and teams that run payments, rewards, or membership products, and the general forms, meaning design a bill-payment system, a rewards platform, or a gated-membership system, show up at most product companies for SDE2 and SDE3 rounds. CRED is a good question because it combines an orchestrated money flow, an access-control model, and a real-time rewards experience in one product.
Why this question is asked
CRED packs several distinct design problems into one app. The membership gate is a real access-control question: how do you verify eligibility against an external credit bureau at signup and enforce it cleanly. The bill payment is an orchestration question: paying a card issuer on a member's behalf is a multi-step money movement that can fail partway and must be tracked and reconciled, never left ambiguous. The rewards and status updates are a real-time question: members expect instant feedback, which pushes you away from polling. And the load is a capacity question, because credit-card bills cluster around due dates, so traffic spikes on a monthly rhythm. Interviewers use CRED to see whether you can design an order lifecycle as a state machine, reason about event-driven orchestration across several products, and handle a predictable cyclical spike, while being honest about what is standard payment plumbing.
Requirements
Always clarify these in the first 5 minutes of the interview. Do not start drawing boxes until both lists are agreed.
Functional requirements
- A prospective member signs up and is admitted only if their credit score meets the threshold, checked against a credit bureau
- Member adds and manages their credit cards, and sees bill amounts and due dates
- Member pays a credit-card bill, and the payment is orchestrated to the card issuer and tracked to completion
- Member earns rewards for paying on time, and sees rewards and status update in real time
- Order and payment status is always visible and accurate, including for a payment that is still in progress
- The platform supports several products beyond bill payment, such as payments, lending, and vehicle management, on shared infrastructure
- Statements, receipts, and a history of every order and its state changes
Non-functional requirements
- Money movement must be correct and auditable: a bill payment is either completed or clearly resolved, never left in an unknown state
- Eligibility must be enforced reliably at onboarding, and the check against the external bureau must be handled gracefully when it is slow or fails
- Real-time updates for order status and rewards, without the member polling
- Absorb the monthly spike around credit-card billing due dates, when payments concentrate
- High availability on the payment path, since a stuck bill payment erodes trust in a premium product
- One order platform that many products can reuse, so new products do not each rebuild order handling
- Full history of every order's state transitions for support, disputes, and audit
Back-of-envelope scale estimates
Show your math. Pulling numbers from thin air signals you have not thought about the load.
Total payment value
~4.4 lakh crore rupees/year (FY23)
CRED reported total payment value of about 4.4 lakh crore rupees in FY23, up sharply year on year. This is the money moving through the platform and the anchor for the payment design.
Share of India card-bill payments
~1/3 by value
CRED has stated it handles about a third of India's credit-card bill payments by value. It concentrates a specific, high-value slice of payments rather than general retail volume.
Membership gate
Credit score threshold at onboarding
CRED admits members only above a credit-score bar, verified at signup against bureaus such as CIBIL, Experian, and CRIF. The gate is a design requirement, not a marketing detail, and it shapes onboarding.
Revenue
~2,735 crore rupees (FY25)
Dreamplug Technologies, which runs CRED, reported operating revenue of about 2,735 crore rupees in FY25, up from about 2,473 crore in FY24. Useful as a sizing signal for the business, not the traffic.
Load pattern
Monthly billing-cycle spikes
Credit-card bills cluster around due dates, so payment traffic rises and falls on a monthly rhythm rather than staying flat. The capacity plan has to target the due-date peaks, not the average.
Member count
Millions (gated, not audited)
CRED does not publish a clean, current audited member count. It reported around 5.9 million users in 2021 and has grown since, but because the number is not clearly sourced for recent years, treat member counts as approximate and describe the base as millions of gated members.
High-level architecture
Design CRED around three things: who is allowed in, how an order moves through the system, and how the platform is shared across products. The order management system is the part CRED has published in detail, so it is the center of the design, and the payment and reconciliation plumbing around it is described as the standard fintech pattern. Onboarding starts with the gate. A prospective member signs up, and the system checks their eligibility against an external credit bureau, admitting them only if their score clears the threshold. Because that bureau call is external and can be slow or fail, it is treated as an asynchronous, retryable step rather than a blocking one, and the member's state reflects whether the check is pending, passed, or failed. Once admitted, the member links their credit cards. The core action, paying a bill, runs through an order management system that CRED describes as the source of truth for an order across the whole ecosystem. Every meaningful action, a bill payment, a checkout, a payout, is an order, and the order management system owns its lifecycle. CRED built this in three generations: first a monolith that handled bill payments, checkout, instruments, and communications together; then a suite of microservices that split out payment, payout, checkout, and instrument management; and finally a centralized platform order management system that replaced the separate per-product order systems with one shared platform. The heart of it is a state machine. Different order types get different state machines, transitions are driven by events coming back from the fulfillment services that actually move money, and the full history of an order's state transitions is kept so status is always answerable. The order management system is event-driven: when an order changes state it emits events, and it stays abstracted from the concrete actions those events trigger, such as sending a notification or granting a reward, so new behavior can be added without changing the core. The member-facing experience is real-time. Rather than have the app poll for order status and rewards, CRED built and open-sourced a push platform called propeller that keeps a persistent bidirectional connection using gRPC streaming, written in Go, so updates are pushed to the app as they happen. This avoids the latency and the retry storms that polling causes at scale. The platform also has to survive its own rhythm. Credit-card bills cluster around due dates, so traffic spikes monthly. CRED open-sourced a gateway plugin that classifies requests by quality-of-service against request-rate thresholds, which is the kind of traffic shaping and protection that keeps the payment path healthy when the due-date surge hits. The commonly reported backend stack around all this includes JVM services with Kafka and gRPC and relational stores, though CRED's own posts describe the order platform in stack-agnostic terms and only its Go push platform is confirmed in the open.
In a real interview, sketch this on the whiteboard before diving into any single box.
Core components
Walk through each service. The interviewer wants to hear what each one owns, not just the names.
Membership and eligibility service
Handles signup and the credit-score gate. It calls an external credit bureau such as CIBIL, Experian, or CRIF to verify eligibility, admits the member only above the threshold, and tracks whether the check is pending, passed, or failed. Because the bureau call is external, it is treated as asynchronous and retryable rather than blocking.
Order management system (OMS)
The source of truth for every order, which CRED built as a centralized platform after evolving from a monolith to per-product microservices. It owns each order's lifecycle through a state machine, retains the full history of state transitions, and serves as the one place any product asks what state an order is in.
Order state machines
The core of the OMS. Different order types, a bill payment, a checkout, a payout, get different state machines, and transitions are driven by events that come back from the fulfillment services doing the actual work. Keeping each order type as its own explicit state machine is what makes the lifecycle correct and auditable.
Payment and payout services
The fulfillment services that move money: charging the member and paying the card issuer on their behalf. These emit events back to the OMS as they progress. The specific integrations with banks and card networks and the reconciliation between them are the standard fintech pattern rather than a CRED-published internal.
Event backbone
The event-driven spine. When an order changes state the OMS emits an event, and downstream actions such as notifications, rewards, and analytics consume it. The OMS stays abstracted from those concrete actions, so new behavior is added by subscribing to events rather than by changing the order core.
Real-time push platform (propeller)
CRED's open-sourced push service that holds a persistent bidirectional connection to the app using gRPC streaming, written in Go, so order status and rewards update instantly without polling. It exists specifically because polling adds latency and causes retry storms at scale.
Gateway and quality-of-service control
The API gateway front door, with a CRED-open-sourced plugin that classifies requests by quality-of-service against request-rate thresholds. This traffic shaping protects the payment path during the monthly due-date spike, letting critical requests through and throttling the rest.
Rewards service
Grants rewards for actions such as paying a bill on time, driven by the events the OMS emits. Members see rewards update in real time through the push platform. CRED has not published the rewards engine's internal architecture, so it is described here at the level of how it fits the event flow.
Data model
Pick the right store per table. Justify each choice with the access pattern, not by reflex.
membersmember_id (PK)credit_score_bandeligibility_statebureau_refjoined_atstatusThe gated member. eligibility_state tracks whether the bureau check is pending, passed, or failed. The score itself is used at the gate and not necessarily stored in detail. Admission depends on clearing the threshold.
cardscard_id (PK)member_idissuermasked_numberbill_amountdue_dateA member's linked credit card, with the current bill and due date that drive both the payment and the monthly load pattern. Sensitive data is tokenized or masked.
ordersorder_id (PK)member_idtype (bill_payment|checkout|payout)amount_paisestatecreated_atThe central order record and the source of truth for any action in the system. type selects which state machine applies. state is the current position in that machine. Owned by the order management system.
order_state_transitionstransition_id (PK)order_id (FK)from_stateto_statetrigger_eventcreated_atThe full, immutable history of every state change on an order, with the event that caused it. This is what powers accurate status tracking, support, and audit, and lets the current state always be reconstructed.
paymentspayment_id (PK)order_id (FK)direction (charge|payout)amount_paisestatusidempotency_keyprovider_refThe money legs of an order: charging the member and paying the issuer. Idempotent so a retry never double-moves money. Provider references tie back to the bank or gateway. Strong consistency required.
rewardsreward_id (PK)member_idorder_idtypevaluegranted_atRewards granted for qualifying actions, driven by order events. Surfaced to the member in real time through the push platform.
Deep dives
These are the conversations the interviewer is steering you toward. Practice each one until you can talk through it without notes.
The gated membership and checking eligibility at onboarding
CRED is not open to everyone. A prospective member is admitted only if their credit score clears a threshold, verified at signup against a credit bureau such as CIBIL, Experian, or CRIF. That makes access control part of the system design. The design point is how you handle an external check that you do not control and that can be slow or fail. You do not block the whole signup synchronously on the bureau, because a slow bureau would freeze onboarding. Instead the eligibility check is an asynchronous, retryable step, and the member has an explicit eligibility state, pending, passed, or failed, that the app reflects. Admission and the features that follow are gated on that state. Framing onboarding as a small state machine driven by an external verification is the clean way to answer, and it mirrors how CRED runs its orders.
The order management system as the source of truth
CRED's central published idea is that every meaningful action is an order, and one order management system is the source of truth for it across the whole platform. This did not start centralized. CRED described three generations: a first monolith that handled bill payments, checkout, instruments, and communications together; a second stage that split these into microservices for payment, payout, checkout, and instrument management; and a third stage that replaced the separate per-product order systems with a single centralized platform order management system. The reason to centralize is that once you run many products, each maintaining its own notion of an order leads to duplicated, inconsistent lifecycle logic, so consolidating the order lifecycle into one platform that every product uses removes that duplication. The interview lesson is the progression itself: start simple, split when the monolith strains, and centralize a shared concern once several teams need the same thing.
Modeling orders as state machines driven by events
The heart of the order management system is a state machine. Different order types get different state machines, because a bill payment, a checkout, and a payout move through different steps. Crucially, the transitions are not driven by the order service calling out and waiting; they are driven by events coming back from the fulfillment services that actually move the money. When a payment service reports progress, that event advances the order's state. The full history of transitions is retained, so the system can always answer what state an order is in and how it got there, which is exactly what a member checking a pending bill payment needs. Modeling the lifecycle explicitly as a state machine, rather than as scattered status flags updated in many places, is what keeps a money movement that spans several services correct and auditable.
Event-driven orchestration and staying decoupled
The order management system is event-driven in both directions. Inbound, events from fulfillment services drive state transitions. Outbound, when an order changes state, the system emits an event, and other parts of the platform react: a notification is sent, a reward is granted, analytics are updated. The important design choice CRED describes is that the order core stays abstracted from those concrete actions. It does not know or care that a particular transition sends a push notification or grants a reward; it just emits the event, and subscribers handle it. This decoupling is what lets CRED add new behavior, or a whole new product, by subscribing to order events rather than editing the order engine. It is the standard benefit of event-driven design, made concrete: the source of truth stays small and stable while the reactions around it grow.
Real-time updates without polling
Members expect a premium app to feel instant: a bill payment's status and a newly earned reward should appear without a refresh. The naive way to do this is to have the app poll an endpoint every few seconds, but at scale polling adds latency, wastes work when nothing has changed, and can cause retry storms that hammer the backend. CRED built and open-sourced a push platform called propeller that instead holds a persistent bidirectional connection to the app using gRPC streaming, written in Go, so the server pushes an update the moment an order event or a reward occurs. This pairs naturally with the event-driven order management system: the same events that advance an order can be pushed straight to the member. The trade is that you now maintain long-lived connections and the infrastructure to fan out to them, which is worth it for the responsiveness a premium product needs.
Surviving the monthly billing-cycle spike
CRED's load is not flat. Credit-card bills cluster around due dates, so payment traffic rises on a monthly rhythm, with heavy days around common due dates and quieter stretches between. The capacity plan therefore targets the due-date peaks, not the average. CRED open-sourced a gateway plugin that classifies incoming requests by quality-of-service against request-rate thresholds, which is exactly the kind of traffic shaping that protects a system during a surge: it can prioritize the critical payment requests and throttle or shed less important traffic when volume spikes, so the payment path stays healthy. Combined with the usual levers, scaling the stateless services ahead of known heavy days and keeping the order state in a store that handles the write load, this is how a predictable monthly spike is absorbed. The honest note is that CRED has not published a full spike-handling playbook, so describe the quality-of-service control it did open-source plus the standard scaling approach.
Trade-offs to discuss
Every senior interviewer expects you to surface at least 3 of these. Pick the decisions, state the alternatives, and justify your choice.
A centralized order platform versus per-product order systems
Letting each product own its order handling is faster to build at first and keeps teams independent, which is why CRED started that way. But once many products each maintain their own order lifecycle, the logic is duplicated and drifts out of sync, and cross-product features get hard. CRED consolidated into one centralized order management system as the source of truth. The cost is building and governing a shared platform that many teams depend on, accepted because it removes duplication and gives one consistent view of every order.
Explicit state machines versus status flags
Tracking an order with a few status fields updated wherever convenient is simple, but for a money movement that spans several services it leads to ambiguous and inconsistent states. Modeling each order type as an explicit state machine with recorded transitions makes the lifecycle correct, prevents illegal jumps, and keeps a full audit trail. The cost is the upfront design of the state machines and the discipline to drive all changes through them, accepted because payment correctness and auditability depend on it.
Event-driven transitions versus synchronous orchestration
The order service could call each fulfillment step synchronously and wait, which is easier to trace, but it couples the order core to every downstream service and blocks on the slowest. Driving transitions from events that fulfillment services emit keeps the order core decoupled and resilient to slow or temporarily failing steps. The cost is the harder reasoning that comes with asynchronous, eventually-arriving events, which is managed by the recorded state history and idempotent handling.
Real-time push versus polling
Polling is trivial to implement, but it adds latency, wastes requests when nothing changed, and can cause retry storms at scale. A persistent push connection, as in CRED's propeller, delivers updates instantly and cuts wasted traffic. The cost is maintaining many long-lived connections and the fan-out infrastructure, accepted because a premium product needs the responsiveness and because the event-driven core already produces the updates to push.
Asynchronous eligibility check versus blocking signup on the bureau
Blocking the whole signup until the external credit-bureau call returns is simplest, but a slow or failing bureau would freeze onboarding for everyone. Treating the eligibility check as an asynchronous, retryable step with an explicit member eligibility state keeps signup responsive and degrades gracefully when the bureau is slow. The cost is handling the pending state in the app and the retries, accepted because the check depends on a third party that cannot be allowed to block the funnel.
How CRED actually does it
The order management system is documented directly by CRED on its engineering blog, and the real-time push platform and the gateway quality-of-service control are visible in CRED's open-source repositories, while the specific payment integrations and reconciliation are the standard fintech pattern rather than CRED-published. CRED stated that its order management system is the source of truth for an order across the ecosystem, that it evolved from a monolith to a suite of microservices for payment, payout, checkout, and instrument management, and then to a centralized platform order management system, and that it models different order types as different state machines whose transitions are driven by events from fulfillment services, retaining the full history of state transitions and emitting events on state changes while staying abstracted from the concrete actions. CRED open-sourced propeller, a real-time bidirectional push platform using gRPC streaming, written in Go, to replace polling, and a Kong gateway plugin that classifies requests by quality-of-service against request-rate thresholds, along with its NeoPOP design system. On scale, CRED reported total payment value of about 4.4 lakh crore rupees in FY23 and has stated it handles about a third of India's credit-card bill payments by value, and Dreamplug Technologies reported operating revenue of about 2,735 crore rupees in FY25. Membership is gated on a credit score, verified at onboarding against bureaus such as CIBIL, Experian, and CRIF. Three accuracy notes for the interview. First, CRED does not publish a clean current member count; a 2021 figure of about 5.9 million exists, so treat member numbers as approximate. Second, the broader backend stack often attributed to CRED, such as JVM services with Kafka and gRPC and relational databases, is commonly reported rather than confirmed in CRED's own posts, and only the Go push platform is confirmed in the open, so present the rest as likely. Third, the bank and card-network integrations and reconciliation are the standard payment pattern, not a CRED-published internal.
Sources
- CRED Engineering, Evolution of the Order Management System at CRED: the source-of-truth OMS, monolith to microservices to centralized platform, state machines, and event-driven transitions
- CRED open-source organization on GitHub
- propeller (CRED open source): the real-time bidirectional gRPC-streaming push platform in Go
- neopop-web (CRED open source): the NeoPOP design system components
- YourStory, CRED FY23 results: 1,484 crore rupees revenue and 4.4 lakh crore rupees total payment value
- Inc42, CRED financials: FY23 and FY24 revenue and net-loss figures
- CRED, membership eligibility: credit-score gate verified against CIBIL, Experian, and CRIF
Lessons to study before this interview
If any of these topics are fuzzy, the interviewer will catch it. Each lesson is 15 to 60 minutes with diagrams, code, and a quiz.
Idempotency
foundation / core fundamentals
Message Queues
intermediate / messaging event systems
WebSockets
intermediate / messaging event systems
Design a Payment System
capstone / capstone
Rate Limiting for Resilience
advanced / reliability resilience
Cache-Aside Pattern
foundation / caching strategies
High Availability
advanced / reliability resilience