Risk management in payment system architectures

摘要

Summary form only given. Payment systems have been a constantly evolving as they negotiate social and infrastructural changes to build a greater sense of trust. Two major features that these systems have come to rely on are trusted third parties and encryption. Starting at the earliest implementation of credit cards provides an opportunity to observe the ways in which flaws were discovered and in turn addressed by technical and infrastructural changes that provided for more secure transmission and storage of data as well as the development of greater trust for intermediary parties. Payment networks are generally structured in two ways. Closed-loop systems require direct interaction between all entities and the payment system allowing for easier regulation but slow growth due to higher costs. An open-loop system is a federated network of intermediaries that is coordinated through the implementation of a standard payment protocol and clearing system that is governed by the payment system allowing for faster growth at the expense of regulatory expedience. Online payment service providers, like PayPal, have structured themselves as hybrid closed-loop systems that operate as an overlay on top of other open-loop or closed-loop systems. The closed-loop architecture of these systems allows for isolating payments and processing them immediately without aggregating payments in intermediary systems and settling transactions in batches, thus exposing the data to increased risk while they are held in storage. Current payment systems rely on centralization to mitigate risk but in turn create vulnerable points of failure. Even tokenization, used by Google and Apple, is susceptible to a centralized authority breach. Alternative architectures provide strong guarantees of security and fraud prevention but are decentralized, such as those based on the blockchain. These architectures are driven by a different set of politics that rely on a distributed trust system and mitigate risk by quickly isolating and expunging misbehaving nodes.