Sunday , November 10, 2024

Security Notes: The Tyranny of Critical Mass

Gideon Samid • Gideon@AGSgo.com

A timely article in the May issue of this magazine, “Why Payments Startups Fail,” points out that the hurdle of critical mass has doomed many novel payment systems. The article argues that critical mass is necessary for success, but the downside is that it can lead to unhealthy concentration, which fundamentally is a security concern.

A map of payments internetworking in the U.S. today shows a growing cluster of critical fault points, which upon failure would almost paralyze the payment dynamics in the country. Many unrelated banks rely on the same service providers. We see a similar reliance on the same server farms. And, across the board, there’s deployment of the very same ciphersystems. In a recent survey of homeland-security vulnerabilities, this critical-mass syndrome became a serious concern.

In the payment realm, there is no built-in need for critical mass. We do have issues of habit and trust, but both can be overcome. Habit can be handled by shielding merchants from payment-system variability, and trust can be handled through a risk hierarchy.

The pressure for payments variety comes not only from smart and novel software and from better networking, but also, even mainly, from the dire need for a low-risk credit market. When my bank agreed to extend me a line of credit, it did so based on some generic data on my credit report without even making sure that I am a real person and not merely a computer record. Indeed, many such non-persons circulate in the system, building up a “good” credit record.

On the other hand, when I was one of tens of thousands of employees at Exxon, I was a low-risk prospective credit customer for my employer, had it been so inclined, because Exxon wrote my monthly paycheck. They would not have to go far to collect. Similarly for my county of residence. They can put a lien on my house or shut down my water, so I would be a low-risk credit customer for them were they able to compete in the credit market.

There are many similar natural credit providers that are ready to offer public credit, so critical to moving society forward. But they can’t. The critical-mass factor restricts this business to the participating members of the major-brand networks.

Earlier this century, some very smart and innovative financial minds concocted a powerful scheme in which one could receive high interest on high-risk loans while keeping risk exposure low. They were buying insurance from some deep pockets like AIG. We all know that this brilliant idea contributed to the financial debacle of 2008—not because the idea was bad, but because it was over-exploited.

In similar fashion, efforts I am involved with now hope to create “payment-insurance” agents, allowing merchants to accept payments from a large variety of novel, and yet untrusted, sources. Paid-on-demand digital currency is one such optional mechanism. A customer will present digital credit coins. The merchant will authenticate the coin through its mint, which in turn will pay the merchant from a revolving account opened by the credit provider, which will have to collect from the customer.

In this scheme, the merchant is paid in cash (no chargebacks), the coin issuer (the digital mint) assumes no risk, and the credit provider is left to collect from the customer. If that credit provider has good leverage, like writing the customer’s paycheck, then the risk is low. This is clearly a mechanism for allowing anyone in a natural position to extend credit to actually do so without having to negotiate the hurdle of critical mass. Here, innovation is vying to do to the credit business what Google did to the advertising business: reduce the threshold for entry.

If you spread your money around in different vaults, you greatly alleviate the risk of being robbed clean. It’s the same at the macro level. The more payment systems there are, the less the risk that a clever, singular cyber-heist would siphon out the public’s wealth. Since 89% of all money transactions are virtual, letting them all, or almost all, be handled through a few powerhouses is a growing and arguably unacceptable risk.

This concentration increases with increased vertical reliance on cloud services. Since catastrophic jolts come without warning, such vertical risk is best handled via horizontal variety. Sustained, fierce competition among a large number of payment systems will keep many innovative minds busy and ensure a renewable supply of productive innovation.

Check Also

Toast Revenue up 24% and other Digital Transactions News briefs from 11/8/24

Dining-payments specialist Toast Inc. reported gross payment volume grew 24% in its September quarter compared to the …

Leave a Reply

Digital Transactions