Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
October 11, 2016
Taking a Quantum Leap into Payment Security
It was 1969, and the only thing hotter than muscle cars was space exploration. Several of my elementary school books found ways to talk about space, astronauts, NASA, or all of them, and more than one almost guardedly indicated that someday man may even reach the moon. Those of you who recall black-and-white TV might remember watching the moon landing live in the summer of '69.
Despite all that was speculated and wondered about at the time—from extraterrestrials to moon colonies—the space race had been "won." There followed a decline in related interests and, ultimately, a moderating of investment in basic scientific research. One of those sciences, quantum research, is of particular note in regards to potential commercialization for computing and communications. And we're behind like we were in the space race in the early 1960s.
NASA research and development (R&D) appropriations in 1959 were about $200 million. By 1966, R&D totaled almost $5 billion, according to the NASA Historical Data Book for 1958–1968. U.S. federal funding for quantum research each year is just barely what space R&D totaled in 1959. Those numbers offer their own stark contrast, but I'll add one other point of comparison—between what we're spending in this area versus China—one of only three countries to ever soft land on the moon, and now the first to launch a quantum communications satellite. Their annual funding has been conservatively estimated at over $10 billion, according to the Wall Street Journal.
To explain why a payment blogger cares about all this, I'll ask a couple of questions. What would it be worth to have a payment scheme based on "unhackable" communication? Impossible? Maybe not.
Quantum communication is secure against computing because its encryption relies on physics, not math. Josh Chin's August 16 article in the Wall Street Journal explained it this way:
Quantum encryption is secure…because information encoded in a quantum particle is destroyed as soon as it is measured. Gregoir Ribordy…likened it to sending a message written on a soap bubble. "If someone tries to intercept it when it's being transmitted, by touching it, they make it burst," he said.
There are critics. U.S. security experts have questioned whether intricacies of quantum communication can be simplified enough for practical, broad use. Others have stipulated that it's possible for hackers to trick incautious recipients. Indeed, this blogger has espoused the idea that nothing is infallible against a determined criminal. But it's hard to argue the advance wouldn't change the game. One might speculate that quantum communication could yield results similar to those described in the etiological tale of the Tower of Babel where languages were confused. Mischief wasn't halted for all time, but altering communication put some pacing on misbehavior. Changing the game, wholesale, is worth considering as the evidence is overwhelming that we're losing in payment security by making changes at the margin to current schemes, methods, and processes.
I'll close with this. Substantial sums of federal money were spent on infrastructure, R&D, policing, and defense owing to the space race. I think most will agree we got our money's worth, especially considering that aside from stated objectives, investing in the space race gave us everything from microchips to satellite navigation—and let us not forget CorningWare. Investing in quantum research holds similar promise, and payment security might benefit from some catch-up.
By Julius Weyman, vice president, Retail Payments Risk Forum at the Atlanta Fed
- Merchant Surcharging: Winners and Losers
- Fintech for Financial Wellness
- Advice to Fintechs: Focus on Privacy and Security from Day 1
- Convenience Always Wins, In One Form or Another
- Mobile Banking and Payments' Weakest Link: Me
- Webinars Discuss Mobile Banking and Payments Survey Results
- Webinar to Explore Faster Settlement and Funds Availability
- Explosive News Regarding ATMs
- Best Practices for Data Privacy Policies
- If the Password Is Dying, Is the PIN Far Behind?
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- account takeovers
- ATM fraud
- bank supervision
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud