Industry Explained

Why Your Online Order Disappears for 2 Minutes at Checkout

Jul 6, 2026·9 min read
"The spinner isn't loading. It's negotiating."

You are on a retail website. You have found what you want, added it to your basket, entered your card details, and clicked the button. A spinner appears. You wait. Ten seconds. Twenty. The page resolves and either shows you an order confirmation or, somewhat mysteriously, tells you the item is no longer available.

What happened during those twenty seconds is more interesting than most people realize, and more complex than most developers expect when they first encounter e-commerce engineering.

The Problem With "Buy Now"

Selling physical goods online sounds conceptually simple. Someone wants a thing. You have a thing. They pay. You send it. Four steps, clean and linear.

The engineering problem is that none of those steps are instantaneous, and between each one, the state of the world can change in ways that invalidate everything that came before. The item that was in stock when the customer loaded the product page might be sold to someone else by the time they click buy. The payment might authorise but the bank might reverse it within the hour as a fraud precaution. The fraud system might flag the transaction after the inventory has already been reserved for this customer. The delivery address might fail validation after the payment has cleared and the stock has been committed.

Checkout is not a single action processed by a single system. It is a distributed transaction, a sequence of operations across multiple systems that don't share a database, can't share a lock, and can each fail independently at any point in the chain. The spinner is not waiting for a database query. It is waiting for that distributed transaction to reach a conclusion.

What Actually Happens When You Click

The exact sequence varies by retailer and by how their systems are architected, but a representative modern checkout works roughly like this:

Step 1, Inventory soft lock. The moment you click, the system attempts to place a soft reservation on the item or items in your basket. This is a temporary hold, it doesn't reduce the number shown to other customers browsing the product page, but it flags the inventory as in-progress so that a concurrent checkout from a different customer can't claim the same units. The reservation has a timeout, usually between five and fifteen minutes. If you abandon checkout or the payment fails, the reservation expires and the stock returns to the available pool automatically.

The soft lock is one of the harder problems in e-commerce engineering because it has to be fast, consistent, and correct under concurrent load. If two customers click buy on the last unit simultaneously, exactly one of them should succeed. Getting this right under high traffic, particularly during promotional events, requires careful design of the locking mechanism and the data store that backs it.

Step 2, Order record creation. Simultaneously with or immediately after the inventory lock, an order record is created in a pending state. This is the first durable record that a specific customer intends to purchase specific items at a specific price. It has an order ID, a timestamp, the basket contents, the delivery address, and a status of something like PENDING_PAYMENT. This record is what the rest of the system operates on, if something goes wrong later, the order record is what gets examined, updated, and potentially compensated against.

Step 3, Fraud pre-screen. Before the payment attempt, most retailers at scale run a lightweight fraud assessment. This happens in parallel with other steps to avoid adding latency. The fraud system looks at signals: the customer's account age and purchase history, the delivery address and whether it matches the billing address, the device fingerprint, the IP geolocation, the order value relative to the customer's typical behaviour, and whether the combination of these factors matches patterns associated with fraudulent orders. A high-risk signal at this stage might result in the order being held for manual review, additional authentication being requested, or the payment being declined before it reaches the payment processor.

Step 4, Payment authorisation. This is where most of the latency in the spinner comes from. The payment details, usually a tokenised reference rather than the raw card number, for PCI compliance reasons, are sent to a payment gateway such as Stripe, Adyen, or Braintree. The gateway forwards the authorisation request to the card network (Visa, Mastercard, Amex), which routes it to the customer's issuing bank. The bank checks the available balance, the card status (not blocked, not expired, not flagged), its own fraud rules, and whether the transaction looks like normal behaviour for this cardholder. It responds with an approval or a decline. The response travels back through the network and the gateway to the retailer's system.

This round trip, retailer to gateway to network to issuing bank and back, is the dominant contributor to checkout latency. Under normal conditions it takes two to five seconds. Under high network load or if the bank's authorisation system is running slowly, it can take considerably longer. The customer is watching a spinner for all of this time.

Step 5, Inventory hard commit. If the payment authorises, the soft inventory reservation converts to a hard commitment. The stock is now definitively allocated to this order. The visible inventory count decrements. Other customers attempting to purchase the same item can no longer reserve these units.

Step 6, Order confirmation and fulfilment trigger. The order status transitions from PENDING_PAYMENT to CONFIRMED. An event is published, usually to a message queue, that triggers the warehouse management system to create a pick task, the notification service to send a confirmation email or SMS, and the payment system to move the authorisation to a captured state (the money actually moves at this point, not at authorisation). The customer sees the confirmation page. Behind it, the fulfilment chain has already started.

Where It Goes Wrong

The "item no longer available" message at checkout usually means one of two things: the inventory soft lock failed because another customer completed their purchase between the time you added to basket and the time you clicked buy, or the payment declined and the soft reservation was released. Both are expected failure modes, handled gracefully, and annoying to the customer but not catastrophic to the system.

The harder failures are the ones that don't surface immediately. What happens if the payment authorises, the bank approves the charge, but the inventory system is down at the moment the hard commit is attempted, and the soft lock has expired by the time it comes back up? Now the customer has been charged for an item the system has no confirmed allocation for. What happens if the order confirmation event is published to the queue, but the warehouse system goes offline before it processes the message and the message is lost rather than retried? The customer has a confirmation email. The warehouse has no pick task. The order will never ship unless someone notices the discrepancy.

These are not theoretical edge cases that only matter in academic distributed systems discussions. At millions of orders per day, events that have a one-in-ten-thousand probability of occurring happen hundreds of times daily. The engineering response to this is a combination of idempotent operations (designed so that processing the same event twice produces the same outcome as processing it once), message queues with at-least-once delivery guarantees (the warehouse event is retried until acknowledged, not fire-and-forget), compensating transactions (formal mechanisms to undo an earlier step when a later one fails, charge the customer back if the inventory can't be allocated), and reconciliation jobs that run on a schedule to find orders that ended up in inconsistent states and either resolve them automatically or flag them for human intervention.

The Flash Sale Problem

Everything above assumes roughly normal traffic distribution. Flash sales break the model in a specific and predictable way.

When a limited-quantity item goes on sale at a publicly announced time, the arrival pattern is not a gradual ramp, it is a vertical spike. Thousands of customers attempt the inventory soft lock simultaneously, against the same pool of units. The database or cache that backs the reservation system, which is designed and scaled for concurrent access patterns typical of normal browsing, is now being asked to handle thousands of conflicting writes to the same small set of records within the same second.

The failure mode here is not the system going down. It is the system becoming a bottleneck, requests queuing, timeouts increasing, the checkout experience degrading for everyone including customers who are trying to buy items that aren't part of the flash sale. The inventory reservation system's performance affects the entire checkout flow.

Retailers who have solved this, usually after watching their previous approach fail during a major sale event, use several strategies. Queue-based purchase flows remove the real time competition, rather than attempting checkout directly, customers enter a virtual queue, and the system processes purchases from the queue at a controlled rate. Pre-allocation lotteries decide who gets access before the sale opens, eliminating the spike entirely. Dedicated inventory pools for flash sale items, backed by a purpose-built service with different concurrency characteristics than the main inventory system, isolate the high-contention workload from everything else.

The pattern of building something, watching it fail at a specific scale, rebuilding it with that failure in mind, and watching it fail at the next scale is not a failure of engineering, it is how production systems actually mature.

Why This Matters If You're a Developer

If you work in e-commerce engineering, understanding the checkout flow changes how you interpret requirements. "Add a buy button" is an integration point with at minimum four downstream systems, inventory, fraud, payment, warehouse, each of which has its own latency characteristics, failure modes, and definition of what success means. A product manager who says "make checkout faster" may be asking you to optimise the payment round trip, or to parallelize the fraud check with the inventory lock, or to reduce the database contention on the soft reservation, or all three. You can't know which without understanding the flow.

The checkout flow is also one of the cleaner real-world examples of distributed transaction patterns: two-phase commit approximations (soft lock then hard commit), compensating transactions (reverse the charge if inventory fails), idempotency requirements (the warehouse shouldn't create two pick tasks if the confirmation event is delivered twice), and the CAP theorem trade-offs that appear when you need both consistency (exactly one customer gets the last unit) and availability (the system keeps working even when parts of it are degraded).

These patterns appear across fintech, healthcare, logistics, and booking systems as well. The checkout flow is a good mental model to have because it is concrete enough to reason about and general enough to transfer.

The spinner is not a UX element indicating progress. It is a visual placeholder for a negotiation between distributed systems that don't inherently agree on anything. Most of the time, in under thirty seconds, they reach a conclusion. The fact that they do so reliably, at scale, under concurrent load, is a genuinely non-trivial engineering achievement that most people never think about because it works.

Tags

#ecommerce#distributed-systems#checkout#architecture