As everyone in the fincyber world knows, payments are to thieves like bees to honey. Protecting the payment gateways is key to protecting against cyber theft. But payments aren’t just interesting to miscreants, they are interesting in their own right; the payments world is rich with history, intrigue, contradictions and tensions. What is more, the payments world is changing fast. As we write, technology is dismantling payment barriers and governments are erecting them; cash is on the way out, and crypto, central banks and BigTech are trying to muscle their way in. It’s all change in payments – or is it?

Basic Plumbing

Payments are everywhere. Every adult makes at least one payment every single day, according to the law of averages. But much like the plumbing supporting our everyday lives, the payments pipes have until recently largely been ignored – even by those working in finance.

And yet, the payments system is so fundamental that it underpins everything from trade to taxation, from stocks and savings to salaries, and from pensions to pocket money; it is a system that provides the monetary oxygen for society to breathe.

To make our payments work, bytes fly across the globe in elaborate sequences. Data pools grow every time we pay, building information-rich databases that are fought over by BigTech, banks, supranationals and spies.

Cyber Heaven

And not just them. Hackers and other cyber trespassers looking for information, for money or just to create disruption – need look no further than payments. Payment instructions carry a wealth of information: who pays who, how much and what for. Unsurprisingly, intelligence agencies are keenly interested in payments and the information they carry, sometimes resorting to cyber tools to access them. Meanwhile, those wanting to disrupt things can head for the payment pipes or, even better, for the payment infrastructures, which are critical to the functioning of modern economies. Their cyber security is absolutely crucial.

Last but not least, payments mean money. Just like the doors are the unavoidable weak spots in any building’s security, payments are the weak spot in any storage of value. Money is easiest to steal when and where it goes in and comes out.

Modern technology offers cyber thieves (sometimes with a little help from nation-states) the opportunity to steal with none of the palaver and danger involved in the armed robberies of old. All from the comfort of their sofas, so to speak. That same technology helps payment providers protect payments, including state of the art AI and modern (quantum-proof encryption), even if human factors and social engineering are as relevant as ever.

Cool, Fast, and Contentious

With the boom in fintech, the upsurge in M&A and the crypto fetish, payments are now en vogue. From the consumers’ perspective, we have more choice than ever before and from the investors’ standpoint, everyone wants ‘in’ on payments – to change or radically reinvent them and, most of all, to make money from them.

The results of all this are manifest, if at times paradoxical. Competition and choice have proliferated at the front end, but there’s increasing concentration at the back end. The move to digital, which is driving inclusion in some parts of the world, risks propelling exclusion in others. Payments have become ‘interesting’, just as they have become invisible; they have been de-personalised by the virtual world and yet ‘re-personalised’ by the likes of Venmo. Risks have risen at the same time as valuations have skyrocketed and per unit fees have fallen. Technology has been propelling progress as fast as geopolitics has been erecting barriers; national customs and conventions are still prevailing, despite all the talk of tokenisation and globalisation.

Banks that have been around for a century or so are still synonymous with payments, and yet the biggest payments operators in the world today aren’t banks and are still in their infancy. In a few short years, these arrivistes have driven such in-roads into banks’ territory that some believe that their long-term future in payments is in doubt. Big Tech is far bigger than banks and promises borderless, seamless, frictionless payments – and yet is already disproving that promise through its own actions. Such is the current volume and speed of change and innovation in the payments’ sector that the time must be ripe for more of us to ask what payments really are.

The Insight

Our book is, we believe, the first attempt to look at payments bottom up, top down, inside and out. It is about the mechanics of payments, yes, but it is also about the power, profundity and perversity of payments, and about the things that you have never even thought about: the modernity and antiquity of today’s systems; the singularity and universality of payments; the consequences – social, economic, geopolitical and otherwise – of our payment choices.

It tells of the rapid speed of change and the slow death of habit, and of the immutable hold of legacy systems, national customs and corporate incumbency. And it delves into technology and sociology; liquidity, bits and bytes; coins and crypto, cards, cash, cheques – and, yes, cyber – as well as all the myriad connections between them.

May 2021

© 2021 FS-ISAC, Inc. All rights reserved.

GIOReport-Sidebar-Article
NavigatingCyber2021_Twitter

As we've seen recently, even strong cybersecurity defenses can still be vulnerable, especially through third party suppliers. With nation-states and cyber criminals collaborating (wittingly or not), these new well-funded threats are impossible to tackle alone.

Download our latest FinCyber Report

FS-ISAC members around the world receive trusted and timely expert information that increases sector-wide knowledge of cybersecurity threats.

Learn More