Tolerating full cloud outages with Monzo Stand-in
44 comments
·February 13, 2025QuinnyPig
abritishguy
It's a very good question. The stand-in system itself has been built to have basically no external dependencies itself.
So, the question you are really asking is "to what extent are the other parties involved in the processing of payments resilient to AWS failure" – e.g. Stripe probably isn't and that's probably a decent chunk of e-commerce.
I definitely don't think this would be anything close to smooth sailing if AWS was to fully go down, but we do have the benefit that underlying payment infra is still dominated by on-prem with leased lines etc. My best guess of the actual behaviour would be that bank transfers would keep working, the card networks themselves would keep working but the average e-commerce website would not.
Naturally, we can only control for what we can control for – and for us the primary benefit of stand-in is what it gives us in the much more likely scenario of an incident in our platform.
sleepgou
From what I understand of payment systems this is so that payments through card machines, contactless payments for public transport, cash withdrawals from ATMs, etc. all continue to work. A lot of those systems are surprisingly insulated from AWS simply by virtue of being extremely archaic
fujinghg
I wouldn’t assume that is the case. The failure modes are different that is all.
I saw a whole corp POS platform a couple of decades ago that was hanging off a TFTP server on a machine that no one dared turn off in case the world ended. One day the DC UPS failed, it didn’t come back up and they had no retail operations for several hours while they sent a bunch of cash to a guy who had left to help them fix it.
There’s stuff like that everywhere lurking in the archaic.
I know of a modem in a DC which is used to talk to a branch office running AS400 hardware that is so old they have to buy spares off eBay.
chrisldgk
To add to this, I remember a story my father told me. This is off the top of my head and a few years ago so it might not be fully accurate.
My father worked as a banker for most of his life and when he was in his late twenties he got a position to oversee a smaller investment bank. This is sometime in the late 90s. When he started, he took a general look around, checked with everyone how things are going and happened to meet on of the few IT people working in the building. When the IT guy realized that he was speaking to a new person who might be able to change things around there, he was elated and told him that there was an issue the previous boss never took too urgently, even though it was quite critical. Apparently the servers that were running pretty much all of the transactions of that investment bank were located in the basement of that building and have literally never been migrated, upgraded or anything else. The servers that were left over from that time was literally one running machine and another machine that had died a few years prior that was now only used for spares in case anything on the singular still working machine broke. Since the hardware was so old, there apparently weren’t many replacement parts left and the ones that were left were incredibly expensive due to many bank depending on those specific servers.
Anyway, my father heard that story and immediately got the guy the funding he needed to migrate to a newer and better system. Sometimes I think about this kind of stuff, we think banks are really resilient (and they try to be), but I wouldn’t be surprised if setup like these still exist somewhere because people are too scared to touch them.
Koffiepoeder
Unrelated tangent: I was reading the article and suddenly realised that I could not identify the font. After a quick search:
> Our functional typeface is Monzo Sans, a custom cut of Universal Sans, meaning it’s unique to Monzo. We chose it for maximum readability, with generous dots and curled ends.
Intersting choice, but I dig it :)
noodlesUK
This seems especially relevant given the massive outage that Barclays, another major UK bank just suffered. Barclays was down for around two days with customers unable to spend money at all.
I suppose had they implemented a similar system, they would have degraded into a minimum viable banking system rather than the total outage that impacted so many brits.
mmikeff
On the last day that tax payments were due
tikkabhuna
These blog posts are why I continue to support Monzo. Their openness is really appreciated.
theginger
A decent setup which allows you to prove you are not dependent on 1 cloud provider will probably pay for itself when it's time to negotiate discounts.
paulbjensen
My only conclusion is that Monzo would rather embrace the apocalypse than rely on Microsoft Azure to provide a tertiary fallback.
matt-p
Who can blame them. Me too.
4ndrewl
Really interesting. Would love to understand how they came to the decision to build this,and whether there's any precedent for it.
matt-p
Part of being a regulated bank in the UK is proving infrastructure resiliency.
Monzo were the first bank here to run entirely on the cloud, so I imagine the regulators were extra strict with them.
I'm not saying this level of resilience is due to that alone, but perhaps it started them on the path?
quesera
Payment card networks have delegated authorization plans, where if a major processor goes down, they will still route transactions and use a simplified secondary network for making approval decisions.
It's called "stand-in processing", and I assume it's the inspiration here.
4ndrewl
The Monzo example feels different though, as they're explicitly not looking to replicate all functionality, just something minimal to get by whilst they fix the primary cloud services.
joshstrange
Completely unrelated to this blog post but I really dislike Fintech saying "Get paid early" in their promos.
It's clearly marketing at someone too stupid to be able to see right through how utterly useless that is. If you are celebrating getting your paycheck 1 day earlier (every time) then your financial literally and financial health are probably in the toilet. They _must_ know they are preying on people with statements like that.
Then again, 90% of Fintech seems to be just a heavy layer of lipstick over an archaic system. Often with very little care of if any of the tools actually help people and more of a focus on how flashy or how much people think they are being helped.
jkingsman
Though, in some cases (like when it's your bank saying it), it's usually just them frontrunning reliable (coming from a payroll provider) and predictable (getting paid the same time each month) ACH transactions with a near-zero likelihood of not settling, then crediting you the money before the ACH is totally settled, so not ALL cases are fintech gimmicks.
But most are, and unfortunately, as the proliferation of payday loans shows us, there is no shortage of desperate people and organizations willing to take advantage of that.
quesera
Right, some banks will not post a deposit to your account until after a holding period. I deal with a lot of ACH payments, and despite a very strict schedule in the network, the retail customer-facing side is surprisingly unpredictable.
So the "post credit early" promise is not a gimmick, but the whole idea of being paid early is a gimmick. The next pay period is still a full period away, so any benefit to being credited early is literally a one-time, and probably just one-day thing.
andrewaylett
Remember that Monzo is a UK institution -- ACH isn't relevant, and they can see the payment in flight if it's using BACS.
https://monzo.com/blog/2019/08/20/monzo-now-lets-you-get-pai...
blibble
as a banker, when I first heard about that I did I wonder if they've modeled that risk correctly
it's the sort of thing that could probably wipe out their capital completely in a black swan event
quesera
There's an ocean of historical data to predict reversal or settlement failure of ACH transactions.
I would guess that payroll credits are the second most-reliable category in the ocean of ACH transactions, right after US Treasury payments.
How black would this swan need to be to blow up this stability?
simonvc
It's a risk that was very much understood and it's fully covered.
joshstrange
> not ALL cases are fintech gimmicks.
Fair and that's all well and good. I'm just saying if 1-3 days delay of getting your paycheck is going to have a big impact on one's life then I encourage one to reexamine their decisions, something else is the problem.
null
null
fujinghg
[flagged]
grey-area
I’ve been using it for years and have experienced none of what you describe.
orf
I’ve been using it since they where in beta and I’ve never experienced this.
I had one issue with closing an investment account, and they reached out to me to let me know there was an issue and proactively rebated me.
fujinghg
I work in the sector. There are lucky people and unlucky people. Welcome to lucky land. So far.
What I wonder is “have they isolated third party dependencies?” If AWS is hard down, those may well be impacted—in some cases, by their own third party dependencies. You can test turning off your AWS environment, but you can’t really test turning off S3 for everyone…