Tuesday , September 18, 2018

Security Notes: Payment in an AI Ecosystem

Payment should be efficient, secure, and convenient. Alas, these three objectives pull in different directions. Efficiency and convenience tend to undermine security; convenience pulls towards versatility, which in turn harms efficiency. A balance is called for, and the most daring ideas call for a dynamic rather than a static balance.

As payment migrated into cyber space, humanity found itself in a global financial village where everyone can pay and get paid by anyone else. Over 2 billion traders can send money to each other. The system can handle it. However, the reality is that each of us trades primarily with a small set of trading partners, and only rarely with an odd trader on the other side of cyberspace. We trade in clusters, and this fact is meaningful: Cluster-sharing traders experience mutual familiarity and mutual trust.

This fact can be exploited by leaning towards efficiency and convenience, scrubbing certain security burdens. The majority of our payments are in small denominations, where convenience and minimum attention are prime factors. Here, both efficiency and security are second-order priorities.

On the other end, we have few high-volume payments where security trumps both efficiency and convenience. This variance suggests a dynamic procedure.

A payer and a payee are about to execute a transaction. In today’s reality, this transaction will be carried out according to some rigid protocol, whether this protocol is optimal or not. What we would rather have is a dynamic situation. In this situation, an intelligent agent would weigh a host of factors, like the amount of the transaction, its urgency; the attributes of the traders (merchants, shoppers, friends, investors), the relationship between the traders, the load on the various parts of the trading systems, and so on. Considering all these factors, this intelligent agent would map out a payment protocol tailored for this transaction, an optimized approach. The parties would be prompted accordingly.

Upon a deeper examination, it becomes clear that security is the culprit that accounts for payment complexity in cyberspace. Consider for a moment a trading reality in heaven, where all traders are honest and trustworthy. One could then request that all traders simply keep a log of all the money they committed and all the money they are owed over some period of time, say a week. By the end of this week, all those who logged a net payout would pass this sum to a common cash register, and all those who logged a net in-flow would invoice the cash register with that amount. The cash register would distribute the money with perfect reconciliation. After all, it’s heaven.

What is instructive about this depiction is the fact that no pay-as-you-go activity takes place. Instead, the sums are reconciled once every so often. This means that pay-as-you-go is the fastest possible flow—as fast as the time it takes to log the transaction—without the friction of actually moving money.

We may take this model as a reference, and define “heaven islands”—payment ecosystems where traders may be mutually regarded as perfectly honest. This happens upon intimate mutual familiarity, and upon enough reserves and mutual dependence, such that any fraud or dishonesty can be readily rectified. Such heaven islands would allow for a simple passing of digital money strings, with no security and no verification or elaboration.

Now imagine the full-scale ecosystem as a mosaic of such heaven islands accounting for the majority of the traders’ activity—only that the described trading clusters are inherently dynamic. People move to a different state, and thereby change the cluster of people who pay them and to whom they pay. People change lifestyle, grow up, get old, and so on. The clusters of payments will be dynamically defined, and people will move between them like phone users pass between cell phone towers.

The actual payment algorithms will be dynamic as well. The main asset of cyber fraudsters today is the stability and standardization of today’s payment procedures. They last long enough for fraudsters to engineer a way to crack them. But let these procedures undergo dynamic change, and they become a fast-moving target that is hard to crack. Even once cracked, the triumph is useful for only a short time.

Artificial Intelligence is the technology that can deliver this dynamic optimization of efficiency, security, and convenience. This is the promising future, which my company BitMint, like other digital-money creators, is planning for.

—Gideon Samid • Gideon@BitMint.com

Check Also

Ensuring Electronic Payment Security for Specialty Merchants

  Most merchants are in business because of their passion about a product or service, …