'Retry on Error' Is Not a Payment Spec — Write the Failure Matrix Instead

Five failure categories, a retry rule for each, idempotency scoped to the attempt, and a dunning state machine. The payment spec structure that prevents 2am incidents.

martedì 16 giugno 2026 New tab

1,292 words~6 min read

Most payment specs I've reviewed describe the happy path in three pages and the failure behavior in one sentence: "retry on error."

That sentence is where 80% of the production incidents come from.

A payment workflow spec earns its keep by naming — category by category — exactly what the system does when the card network, the issuer, or the customer refuses to cooperate. Here's the structure I use.

Start with a failure taxonomy, not a flowchart

Before drawing a single box, force the spec to answer one question: what are the categories of failure this workflow can produce? I insist on five, because collapsing them into "error" is what creates the mess:

'Retry on Error' Is Not a Payment Spec — Write the Failure Matrix Instead

'Retry on Error' Is Not a Payment Spec — Write the Failure Matrix Instead

Related reading

Building Correct Payment Infrastructure: Webhooks, Reconciliation, and Records

Every Stripe decline code, what it actually means, and whether retrying will…

Building a Resilient Checkout in NestJS: Retry, Idempotency, and a System That…

Error budgets when downtime costs money: reliability engineering for…

Retry logic, Kafka consumer lag, and the hidden failure pattern that Kubernetes…

Five Ways to Fail a Transport

Related reading

Building Correct Payment Infrastructure: Webhooks, Reconciliation, and Records

Every Stripe decline code, what it actually means, and whether retrying will…

Building a Resilient Checkout in NestJS: Retry, Idempotency, and a System That…

Error budgets when downtime costs money: reliability engineering for…

Retry logic, Kafka consumer lag, and the hidden failure pattern that Kubernetes…

Five Ways to Fail a Transport