Fighting payment fraud and cyber threats has become quite the daunting burden over the years. In 2015, the Federal Reserve formed a division called the Secure Payments Task Force and this year the group is looking for some collaboration because for this industry, it’s all hands on deck for protecting payments.
Since its birth, the Secure Payments Task Force has been “advancing efforts to support the strategy of reducing payment fraud and the safety, security and resiliency of the the payments system.” They’ve largely focused these efforts on:
> Payment Identify Management
> Information Sharing for the Mitigation of Payments Risk / Fraud
> Data Protection
To effectively take on these challenges, the Task Force has pulled together a plan.
After these solutions had been identified, the Task Force sought input from industry leaders on the proposed, in the form of a survey, three of which were recently made public and concluded on Tuesday, November 8.
According to the Task Force, the feedback retrieved from participants is intended to help “identify and promote actions that can be taken by payment system participants to maintain U.S. payments system security that remains very strong, with public confidence that remains high, and protections and incident response that keeps pace with the rapidly evolving threat environment.”
We asked our Chief Security Officer, Rush Taggart, to take a look at the Data Protection survey and share his thoughts on the ideas of the Secure Payments Task Force. In addition to strongly supporting the plan outlined, here’s what he had to say during the survey:
Are you aware of other alternative solutions or any opportunities to improve the solution to address the challenge identified for Data Protection?
"I think the Public-Key Infrastructure concepts provide a potential framework for payments. If the merchant can encrypt payee credentials using an issuer public key, and those credentials travel the payments rails to the issuer, who can decrypt with their private key and execute the credit or debit, we have substantially improved overall payment security. All intermediaries to the transaction only need to know their counter-party (or institution ID) as they are not concerned with payee (or merchant) account level details."
For some background, public-key infrastructure, or PKI, is a system to manage keys and certificates to establish and maintain a trustworthy networking environment. It enables the use of encryption and digital signature services across a wide variety of applications (Entrust.com).
Are you aware of any barriers to implementing the solutions?
"Of course obtaining consensus of all players is the largest challenge. There is motivation to improve, and I believe there are some models, such as the above, for a framework."
We thank Rush for his insights and hope others were also able to provide weigh-in on the direction of the task force. It’s an important time to collaborate and identify the greatest solutions for secure payments. For more information about the Federal Reserve Secure Payments Task Force, visit FedPaymentsImprovement.org.