For most of the card era, the question merchants asked their payment provider was simple: Are you compliant? PCI, EMV, the scheme rules — tick the boxes and trade.
That question hasn't gone away. But a second one now sits beside it, and it is becoming just as important: When something breaks — a network outage, a connectivity drop, an acquirer or scheme disruption — does the checkout keep working?
In-store digital payments have quietly become critical infrastructure. When the terminal stops, the queue stops, the sale is lost, and the customer remembers it. Westpay processes more than 500 million transactions a year, equivalent to around SEK 150 billion in payment volume, on behalf of merchants and partners across the Nordics. At that scale, resilience is not a marketing word. It is engineering, operations and discipline — and it is what we build for.
Here is how we think about it, and what it means for the businesses that rely on us.
Westpay terminals are built to keep the lane open. When connectivity to the payment platform is interrupted, the terminal automatically shifts into a controlled offline mode within seconds — no manual intervention, no closed register. Transactions are accepted under clearly defined risk controls (floor limits set per merchant), captured securely on the device, and settled automatically once the connection is restored. Each terminal can hold thousands of offline transactions, with encrypted local storage and a separate, reconciled upload process so nothing is lost and nothing is double-charged.
The point is not that outages never happen. The point is that, when they do, the merchant keeps selling and the cardholder barely notices.
Behind the terminal, the same principle is engineered into the platform itself.
Westpay operates its core payment processing across dual Swedish data centres in an active-active configuration with automatic failover — if one site is disrupted, transactions continue to flow through the other without the merchant lifting a finger. Connectivity is being hardened in the same spirit, with resilience patterns such as multi-carrier cellular redundancy and dedicated connectivity options for the most critical payment functions, so that a single severed link is an inconvenience rather than an outage.
The result is measurable: during the past 24 months, the Westpay PSP platform has sustained average availability of more than 99.95% — with a majority of months at a full 100%. These are figures that reflect how the architecture performs in live operation, not a number on a roadmap. This is what high availability actually requires: not one strong link, but no single point of failure across the whole chain — store, connectivity, processing and beyond.
A resilience story that stops at your own four walls is incomplete. Some of the most consequential disruptions originate further down the chain — at the acquirer or processor.
Westpay's gateway is acquirer-independent by architecture. It connects to multiple acquirers and processors, routes transactions by scheme and currency, and can fail over automatically to an alternative acquirer for the same scheme — within the same authorisation attempt, with no action required at the till. New acquirers can be added, and existing ones replaced, without swapping out a single terminal.
For merchants and partners, that independence is worth as much commercially as it is operationally. It means continuity if one provider has a bad day — and it means never being locked in to a single relationship on someone else's terms.
Resilience and sovereignty increasingly travel together. Core processing and authorisation are operated within controlled Swedish environments, with a deliberate hybrid model: the most critical functions stay close to home, while less critical services can take advantage of cloud platforms where it makes sense. Data residency stays within Sweden and the EU.
This is the same direction European regulators are moving — toward explicit operational-resilience expectations for the firms that underpin financial activity (the spirit of the EU's DORA framework). The platform is maintained under PCI DSS v4.0.1 and EMV certification, and Westpay's Phoenix fleet-management system keeps the entire estate current — pushing security updates, configuration and compliance changes across thousands of terminals centrally, without sending a technician to a store or closing a lane.
A more software-driven, centrally managed stack doesn't just improve uptime. It is what lets resilience be operated — consistently, at scale, and as a service.
None of the above works as a one-time build. It works because it is run — monitored continuously, tested against real-world stress, and supported by a layered recovery model and round-the-clock incident response, so that detection and recovery happen in minutes, not in the next business day.
"Resilience is not a slogan — it's engineering, operations and discipline. We have delivered the key building blocks, and we are now scaling this work together with merchants and partners, so that payments keep working when conditions are not ideal." — Tomas Nilsson, CTO, Westpay AB
For the businesses we serve, the promise is simple. When the unexpected happens — and at this scale, eventually it always does — the checkout keeps running, the revenue keeps flowing, and the trust customers place in a payment keeps holding.
Secure. Swedish. Ready.
Want to understand what payment resilience could mean for your operation? [Talk to the Westpay team.]
You can always contact us by our form, email or phone.
Form: Click here>>
Email: info@westpay.se
Phone: +46 8 506 684 00