Context

You’re joining a fintech team that maintains a Python payment SDK used by thousands of merchants and indirectly serves millions of daily checkout sessions. The SDK supports multiple payment methods (card, ACH, wallets), must meet PCI-style security expectations, and is frequently extended by partner teams. A small design mistake (e.g., leaking sensitive fields or making extensions brittle) can cause outages, security incidents, or slow down feature delivery.

Core Question

Explain your experience with object-oriented programming principles—encapsulation, inheritance, and polymorphism—using the payment SDK scenario.

In your answer, cover:

1. Encapsulation: How would you design classes so sensitive data (e.g., PAN-like tokens, secrets) is protected and invariants are enforced? What should be public vs private, and how do you prevent misuse?
2. Inheritance: When is inheritance appropriate for modeling payment methods or request/response types? When does it become harmful (fragile base class, deep hierarchies), and what alternatives would you use?
3. Polymorphism: How would you enable adding a new payment method without changing core checkout logic? Describe runtime polymorphism (interfaces/ABCs) vs ad-hoc polymorphism (duck typing) in Python.

Scope Guidance

Assume the interviewer expects Staff-level depth: discuss trade-offs, how these principles affect testability, API stability, and security, and include at least one small code sketch showing how you’d structure the SDK for extensibility without exposing internals.