Helen Keller once said, “Security is mostly a superstition. It does not exist in nature.… Avoiding danger is no safer in the long run than outright exposure.” It is unlikely that Ms. Keller was considering real-time payments when she offered this perspective, but this post will.

As part of its broad effort to chart a future for payments, the Federal Reserve conducted a Payment Security Landscape Study. It was no surprise that the study highlights “persistent and ever-changing threats” as a given within payment systems. The study suggested several improvement or focus areas:

  • Improve industry coordination to increase the timely adoption and implementation of technology, standards and protocols.
  • Improve the protection of sensitive data that can be used to perpetrate fraud, including devaluing or eliminating such data from the payments process.
  • Strengthen authorization and authentication of parties and devices across all payment methods and channels and adapt approaches as the payment system evolves.
  • Improve the collection and reporting of aggregate data on fraud losses and avoidance.
  • Broaden access to actionable security and fraud threat information to payments system participants, including less technologically sophisticated participants and end users.

Applying Ms. Keller’s risk perspective to payments systems would suggest that work to prevent security breaches, fraud, or theft is futile. Fortunately, using the foregoing list as evidence, it’s clear that those considering the future of payments haven’t adopted this perspective. The most critical elements for optimizing the security of payments are all there, though some could surmise that detection or prevention measures have a disproportionate emphasis, with response measures perhaps rating as secondary. It is important to make sure that risk management is optimized across all three broad areas—prevention and detection, yes, but also response. In particular, in the context of response, the enforcement landscape will need to be ordered such that consequences for perpetrators are both timely and proportionate to the harm a given incident may cause. User protections will need to evolve as well.

If one agrees that advancing faster payments offers rewards and that holding back doesn’t promise freedom from harm, it’s encouraging to observe industry direction. Indeed, it seems reasonable to conclude that faster payments scheme architects will heed the notion that real-time payments will require real-time security. Particularly encouraging is that the discussion on payment security is at the center of industry dialogue and likely to remain so as the work to advance faster payments continues.

By Julius Weyman, vice president, Retail Payments Risk Forum at the Atlanta Fed