PAYMENT INFRASTRUCTURE
Payment processing stops
A store, e-commerce platform, acquirer and card issuer may all be operating, but a shared transaction-processing platform can still prevent a sale from completing.
Original: https://www.ieee802.co.jp/articles/article-204-spof-en.php
Publisher: Kei Communication Technology Inc. (慧通信技術工業株式会社)
Source: Kei Communication Technology Inc. “ 99.99% Does Not Guarantee Business Continuity | The Invisible Single Point of Failure in Cloud, Payments and Communications ”
Summaries and partial quotations are permitted subject to conditions. Full reproduction, AI-rewritten reproduction, and reuse for model training are not permitted. AI Usage & Citation Policy
Summaries and quotations are welcome with attribution and a link to the original page.
SPOF / High Availability / Cloud / Payments / Communications / Business Continuity
Cloud, CDN, payment, identity and communications platforms can each deliver very high availability. Yet when many organisations and workflows depend on the same external platform, one failure can propagate across otherwise unrelated services at the same time.
A figure such as 99.99% describes average service availability. It does not guarantee that a customer can continue operating during the remaining 0.01%. This article examines the invisible single points of failure that have moved outside the enterprise boundary.
👁️ -- views
THE INVISIBLE SINGLE POINT OF FAILURE
99.99% Does Not Guarantee Business Continuity.
High uptime is a reliability metric. It does not prove that operations can continue when shared external infrastructure fails.
INVISIBLE SPOF
At 99.99%, failures can still arrive together.
Two Incidents, One Structural Lesson
On the morning of July 16, 2026, transaction-processing timeouts in infrastructure related to an international card network made some card payments unavailable in Japan. Later that day, a global CDN incident made several payment, publishing, blogging and streaming services difficult to reach.
The causes and operators were different. From the customer's perspective, however, the lesson was the same: an organisation can stop even when its own equipment is healthy.
PAYMENT INFRASTRUCTURE
A store, e-commerce platform, acquirer and card issuer may all be operating, but a shared transaction-processing platform can still prevent a sale from completing.
CONTENT DELIVERY INFRASTRUCTURE
Origin services may remain healthy, yet users cannot reach them when a shared delivery layer fails.
The failure point may sit outside the enterprise. That lack of control is precisely what makes the SPOF difficult to see.
Four Nines / Availability / Dependency
The figure 99.99%, widely used in telecommunications and cloud services, corresponds to approximately 52 minutes of downtime per year.
What 99.99% actually means
About 52 minutes of downtime per year
Based on a 365-day year, 99.99% availability allows approximately 52 minutes and 34 seconds of downtime. It is a strong availability target, but it is not a guarantee of uninterrupted operation.
This figure generally describes the average availability of an individual service. It does not answer the questions that determine whether an organisation can continue operating.
Why can one external service failure make the entire system unusable?
An internet-based service does not usually operate as one self-contained system. Before a user can reach a website or business application, sign in, receive content and complete a payment, several external services must work in sequence.
DNS translates a domain name such as “example.com” into the IP address of the destination system. If DNS is unavailable, users may be unable to locate the service even when the server itself is operating normally.
A content delivery network distributes web pages, images, video and application files to users. If the CDN fails, pages may become unavailable even when the origin server remains healthy.
An identity platform verifies user accounts, credentials and permissions before allowing access to a system. If it is unavailable, users may be unable to sign in even when the application itself is functioning.
A payment platform processes card data, customer authentication, transaction approval and fraud checks. A store or e-commerce site may be operating normally, yet a transaction cannot be completed if the payment platform does not respond.
Communications networks connect users, stores, offices, data centres and cloud platforms. Systems and data may be healthy, but they remain unusable when users cannot reach them.
Local power keeps ONTs, routers, switches, Wi-Fi access points and user terminals operating. A cloud platform may be fully available, but the service cannot be used when the local access equipment has no power.
A typical service path from the user's perspective
If any one of these components is unavailable, the user may experience the entire service as unavailable.
Consider a business process that requires DNS, identity and payment services to be available at the same time.
When the failure of any one component prevents the overall process from completing, the services form a serial dependency.
Three 99.99% services in a serial dependency
0.9999 × 0.9999 × 0.9999 = 0.99970003
Total system availability falls to approximately 99.97%
This corresponds to approximately 2 hours and 38 minutes of downtime per year. Each individual service may achieve 99.99% availability, but total availability declines when all of them must be operating for the business process to succeed.
This is a simplified calculation that assumes each failure is independent and that all three services must be available for operations to continue.
In practice, DNS, CDN, identity and payment services may share the same cloud, communications network, power infrastructure or management plane. In that case, several components may fail at the same time, and the risk cannot be represented by a simple multiplication alone.
High uptime does not eliminate a single point of failure when dependencies remain concentrated in the same external platform.
In many cases, the SPOF has simply moved from visible on-premises servers, routers, circuits and power supplies to less visible and less controllable external infrastructure such as cloud platforms, payment processors, identity providers, CDNs and DNS services.
99.99% indicates that a service is available most of the time.
It does not guarantee that the customer can continue operating when it is unavailable.
The SPOF Has Moved
Traditional single points of failure were easy to see: one server, one circuit, one router, one power feed or one indispensable employee.
Cloud services and outsourcing have made many of these components more resilient. They have not removed dependency itself. The failure point may now sit in a CDN, DNS provider, identity platform, payment gateway, API, cloud region, carrier or local power path.
If the delivery layer fails, users may not reach a healthy origin.
Without name resolution, users cannot locate the service.
One identity platform can block access to multiple SaaS applications at once.
Shared processing, authentication or fraud controls can stop sales.
One external API can interrupt orders, inventory, delivery and billing.
Multiple systems may share one region or management plane.
Separate contracts may still share ducts, exchanges or upstream networks.
A healthy cloud is unusable when the local ONT, router, switch or terminal has no power.
Redundancy Is Not Independence
Two contracts may appear redundant while sharing the same cloud region, CDN, identity provider, telecommunications carrier, payment network or privileged administration account. Real resilience depends on independent failure domains.
Apparent redundancy
Meaningful distribution
Count failure domains, not contracts. Independence must be verified across cloud, identity, communications, power and administration.
Controllability / Isolation
Selecting highly available services remains essential. But an organisation cannot eliminate every outage in infrastructure it does not control. Business continuity must therefore assume that an external platform can become unavailable.
Isolate
Separate a failed or compromised domain from the rest of the operation.
Operate locally
Keep minimum functions running without central cloud, identity or communications.
Recover in stages
Restore verified functions in dependency order rather than reconnecting everything at once.
Alternative payments, emergency identity, local control, manual processing and uninterrupted local power are all parts of continuity architecture, not merely IT features.
Stop / Test / Restore
An organisation that focuses only on never stopping loses the operational experience required to isolate, switch, operate independently and restore safely. A real incident is the worst time to discover those dependencies.
1. Stop a defined dependency
Temporarily isolate selected communications, identity, payment or cloud functions.
2. Observe what remains
Verify local operations, data, manual procedures, communications and power.
3. Record dependencies
Document unexpected APIs, accounts, people, power paths and network links.
4. Restore safely
Reconnect in a defined order with verification, ownership and rollback criteria.
A system that cannot be stopped deliberately may not be stoppable safely in an emergency. A system that has never been restored may not return safely when it matters.
Distributed Architecture
Central platforms and cloud services do not need to be abandoned. The objective is to retain their efficiency while ensuring that critical functions survive their absence.
| Design area | What to verify |
|---|---|
| Business | Critical functions, tolerated downtime and minimum processing capacity |
| Cloud | Shared regions, management planes, CDN, DNS and API dependencies |
| Identity | Emergency access, local authentication and privilege control |
| Communications | Physical routes, exchanges, carriers, VPN and DNS independence |
| Payments | Alternative methods, offline processing, deferred settlement and local authority |
| Power | Uninterrupted and extended power for ONTs, routers, switches, terminals and monitoring |
| Recovery | Verification, recovery priority, partial reconnection and rollback |
Move from measuring availability to controlling dependency.
Do not merely trust the 99.99%. Design what happens during the remaining 0.01%.
FAQ
It is a strong availability target, but it does not describe outage timing, blast radius, shared dependency, fallback capability or customer loss.
Not necessarily. The failure point may move to a cloud region, CDN, DNS provider, identity platform, payment gateway or API.
Only when their failure domains are independent. Separate brands may still share the same cloud, carrier, identity or payment infrastructure.
Identify critical functions, tolerated downtime, external dependencies, fallback routes, local operation, manual procedures, power and recovery order.
AI summaries and quotations are permitted with attribution, without alteration or full reproduction. Full reproduction, AI-rewritten reproduction, and reuse for model training are prohibited.