Incident: Visa Europe IT Collapse: Hardware Switch Failure Impacting Transactions.

Published Date: 2018-06-02

Postmortem Analysis
Timeline 1. The software failure incident involving Visa occurred on Friday, June 1, 2018 [Article 72372]. 2. The incident began on the afternoon of Friday, June 1, 2018, at 2:35 pm and was not completely fixed until 12:45 am the following day [Article 72310].
System 1. Hardware switch in one of Visa's data centers [72310, 72310] 2. Backup data center designed to handle all transactions across Europe [72310]
Responsible Organization 1. Hardware switch failure at one of Visa's data centers [72310] 2. Backup data center not switching on during the incident [72310]
Impacted Organization 1. Visa cardholders in the UK and Europe were impacted by the software failure incident [72372, 72310]. 2. Banks, retailers, and customers who were unable to process transactions were also affected [72372, 72310].
Software Causes 1. Hardware switch failure in one of Visa's data centers [72310] 2. Rare partial failure of a component with a switch in the primary data center preventing the backup switch from activating [72310]
Non-software Causes 1. Hardware failure - A hardware switch in one of Visa's data centers malfunctioned, causing the incident [Article 72310]. 2. Redundant system failure - The backup data center designed to handle transactions did not switch on when the problems emerged, leading to further complications [Article 72310].
Impacts 1. Millions of people were unable to pay at shops, gas stations, and train stations across the UK and Europe, leading to long lines at gas stations and customers being forced to leave items at the register [72372]. 2. In the UK, 2.4 million transactions failed to process properly, while a further 2.8 million failed in the rest of Europe [72310]. 3. Visa had to apologize to all partners and cardholders for falling short of their goal of ensuring reliable card usage 24/7 [72372]. 4. ATMs in the UK ran out of money as customers were forced to use cash due to the failure [72372]. 5. The failure impacted people returning home from work, socializing in restaurants and pubs, and doing end-of-day shopping [72310].
Preventions 1. Implementing more robust hardware redundancy measures to ensure that backup systems can seamlessly take over in case of a primary system failure [72310]. 2. Conducting regular and thorough testing of hardware components, such as switches, to identify and address potential points of failure before they cause service disruptions [72310]. 3. Enhancing monitoring and alert systems to quickly detect and respond to hardware malfunctions or failures before they escalate into widespread service outages [72310].
Fixes 1. Implementing more robust redundancy measures in the data centers to ensure that backup systems can seamlessly take over in case of a failure [72310]. 2. Conducting a thorough review of the hardware components, such as the switches, to identify and address any potential points of failure [72310]. 3. Enhancing monitoring and alert systems to quickly detect and respond to hardware failures before they escalate into service disruptions [72310]. 4. Providing compensation to merchants and customers who suffered losses due to the incident to maintain trust and mitigate the impact of the failure [72310].
References 1. Visa spokesperson (Article 72372) 2. Visa's Europe chief executive, Charlotte Hogg (Article 72310) 3. Nicky Morgan, chair of the Treasury select committee (Article 72310)

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization (a) In the incident involving Visa's service disruption in Europe, it was reported that a similar incident had happened before within the same organization. Visa admitted that 5.2 million transactions failed during the IT collapse in June due to a hardware switch failure in one of Visa's data centers [72310]. This incident was not associated with any unauthorized access or malicious event but was a result of a hardware malfunction [72372]. (b) The incident involving Visa's service disruption in Europe was not reported to have happened at other organizations. The failure was specific to Visa's systems and data centers, leading to transaction processing issues across Europe [72310, 72372].
Phase (Design/Operation) design, operation (a) The software failure incident related to the design phase: - The incident was caused by the failure of a switch in one of Visa's data centers, which was identified as a hardware malfunction [Article 72310]. - Visa maintains redundant data centers for handling transactions, but in this instance, the backup system failed to activate due to a partial hardware failure in the primary data center [Article 72310]. (b) The software failure incident related to the operation phase: - The failure led to queues at petrol stations and customers being unable to pay at supermarkets due to transaction processing failures [Article 72310]. - Visa's Europe chief executive mentioned that most transactions were processed during the incident, but some cardholders had to try several times, indicating operational challenges [Article 72310].
Boundary (Internal/External) within_system (a) within_system: The software failure incident with Visa was primarily due to a hardware failure within the system. Visa's Europe chief executive mentioned that the incident was caused by the failure of a switch in one of Visa's data centers, which was a very rare partial failure [72310]. Additionally, Visa stated that the issue was not associated with any unauthorized access or malicious event, indicating an internal system failure [72372]. (b) outside_system: There is no specific mention in the articles about the software failure incident being caused by contributing factors originating from outside the system.
Nature (Human/Non-human) non-human_actions (a) The software failure incident occurring due to non-human actions: - The incident was caused by the failure of a switch in one of Visa's data centers, specifically a hardware switch malfunction [Article 72310]. - Visa maintains redundant data centers designed to handle all transactions, but in this instance, the backup system failed to activate due to a partial hardware failure in the primary data center [Article 72310]. (b) The software failure incident occurring due to human actions: - Visa's Europe chief executive mentioned that they do not yet understand precisely why the switch failed at the time it did, indicating a lack of understanding regarding the human actions leading to the failure [Article 72310]. - Visa has hired consultants to produce an independent review into the failure, suggesting a need to investigate potential human factors contributing to the incident [Article 72310].
Dimension (Hardware/Software) hardware (a) The software failure incident related to hardware: - The incident was caused by the failure of a switch in one of Visa's data centers, which was a hardware malfunction [72310]. - Visa maintains redundant data centers, but in this instance, the backup system failed to activate due to a partial hardware failure in the primary data center [72310]. (b) The software failure incident related to software: - The software failure incident was not attributed to a software issue but rather to a hardware failure in the switch at one of Visa's data centers [72310]. - Visa's Europe chief executive mentioned that the core of the problem was a hardware switch failure, not a cyber attack or catastrophic software failure [72310].
Objective (Malicious/Non-malicious) non-malicious (a) The software failure incident related to the Visa transactions was non-malicious. According to Article 72372, Visa announced that the issue was due to a hardware failure and they had no reason to believe it was associated with any unauthorized access or malicious event. Additionally, in Article 72310, Visa's Europe chief executive mentioned that the core of the problem was a hardware switch failure, rather than a cyber attack or catastrophic software failure. Visa also hired consultants to produce an independent review into the failure and promised compensation to affected parties. (b) The software failure incident was non-malicious as mentioned above. There is no indication in the articles that the failure was caused by any malicious intent or actions.
Intent (Poor/Accidental Decisions) accidental_decisions [a72372] The software failure incident related to Visa's service disruption was primarily attributed to a hardware failure rather than any unauthorized access or malicious event. This indicates that the incident was more of an accidental decision caused by a rare partial failure in a hardware switch at one of Visa's data centers. Additionally, Visa mentioned that they operate redundant data centers with synchronized systems, but the backup switch failed to activate due to the primary data center's switch malfunctioning. This points towards an accidental decision leading to the failure rather than poor decisions.
Capability (Incompetence/Accidental) accidental (a) The software failure incident occurring due to development incompetence: - The incident was caused by the failure of a switch in one of Visa's data centers, which was described as a very rare partial failure [Article 72310]. - Visa maintains redundant data centers, but in this instance, the failsafe backup system failed to activate due to a hardware switch malfunction [Article 72310]. (b) The software failure incident occurring accidentally: - The core of the problem was identified as a hardware switch failure rather than a cyber attack or catastrophic software failure [Article 72310]. - Visa's Europe chief executive mentioned that they do not yet understand precisely why the switch failed at the time it did, indicating an accidental nature of the failure [Article 72310].
Duration temporary The software failure incident reported in the articles was temporary. The incident lasted from the afternoon of Friday, June 1, at 2:35 p.m. until 12:45 a.m. the following day, which totals to approximately 10 hours [Article 72310]. During this time, there were two periods of peak disruption, with the first lasting for 10 minutes just after 3 p.m. and the second lasting for 50 minutes between 5:40 p.m. and 6:30 p.m. [Article 72310]. The incident was eventually resolved, and Visa's European systems were fully functional by the evening of the same day [Article 72372].
Behaviour crash, omission, value, other (a) crash: The software failure incident can be categorized as a crash as it resulted in a system losing state and not performing its intended functions. The incident caused millions of transactions to fail, leading to queues at petrol stations and supermarkets as customers were unable to pay [72310]. (b) omission: The software failure incident can also be categorized as an omission as the system omitted to perform its intended functions at instances. Specifically, 5.2 million transactions failed to process properly during the IT collapse, causing significant disruptions for customers in the UK and Europe [72310]. (c) timing: The software failure incident does not align with a timing failure, where the system performs its intended functions but at the wrong time. Instead, the issue was related to the system's failure to process transactions effectively, leading to delays and failures in payment processing [72310]. (d) value: The software failure incident can be associated with a value failure as the system performed its intended functions incorrectly. This is evident from the fact that millions of transactions failed to process properly, causing inconvenience to customers and disruptions in payment processing [72310]. (e) byzantine: The software failure incident does not exhibit characteristics of a byzantine failure, where the system behaves erroneously with inconsistent responses and interactions. The incident was primarily attributed to a hardware switch failure in one of Visa's data centers, leading to transaction processing issues [72310]. (f) other: The software failure incident can be further described as a hardware failure rather than a software-specific issue. The core problem was identified as the failure of a switch in one of Visa's data centers, which caused the system to malfunction and led to transaction processing failures [72310].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property (a) death: People lost their lives due to the software failure (b) harm: People were physically harmed due to the software failure (c) basic: People's access to food or shelter was impacted because of the software failure (d) property: People's material goods, money, or data was impacted due to the software failure (e) delay: People had to postpone an activity due to the software failure (f) non-human: Non-human entities were impacted due to the software failure (g) no_consequence: There were no real observed consequences of the software failure (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? The articles do not mention any consequences related to death, harm, basic needs, or non-human entities resulting from the software failure incident involving Visa. The main consequences discussed were related to the impact on transactions, financial losses, inconvenience to customers, and disruptions in payment processing [72372, 72310].
Domain transportation, finance The failed system in the incident was related to the finance industry. The Visa system failure incident impacted millions of transactions across Europe, causing disruptions in payments at shops, gas stations, train stations, and ATMs [Article 72372]. Visa's Europe chief executive mentioned that the incident was not due to a cyber attack but was caused by a hardware switch failure in one of Visa's data centers [Article 72310]. The system failure affected consumers during their daily activities like returning home from work, socializing, and shopping, highlighting the critical role of the payment infrastructure in the finance industry [Article 72310].

Sources

Back to List