Securing real-time payments without slowing them down

In this Help Net Security interview, Arun Singh, CISO at Tyro, discusses what it takes to secure real-time payments without slowing them down. He explains how analytics, authentication, and better industry cooperation can help stay ahead of fraud. Singh also touches on how digital identity and accountability are transforming how trust is built in payments.

What cybersecurity controls or technologies have proven most effective for securing real-time payment ecosystems?

Real-time payments demand real-time protection. Combining behavioral analytics with adaptive authentication provides a balance between fraud prevention and customer experience.

By analysing transaction patterns, device details, and contextual risk signals in real time, our systems can spot unusual activity before a payment is completed. When an elevated level of risk is detected, an additional verification step, such as a biometric check or a multi-factor prompt, is triggered.

This approach helps keep genuine payments fast and frictionless, while higher-risk transactions receive extra scrutiny. It strikes an important balance between fraud prevention and customer convenience.

What role does faster settlement play in amplifying the impact of fraud or cyberattacks?

Instant settlement is both a major advancement and a challenge. While it delivers the convenience customers expect, it compresses the time to stop or recover fraud, and criminals exploit this immediacy by moving stolen funds through networks of mule accounts before intervention is possible.

This means prevention must occur before the moment of authorisation, not after. Using behavioural analytics, beneficiary risk scoring, and contextual authentication allows institutions to identify anomalies before money leaves an account. When risk levels rise, automated response mechanisms can pause or delay transactions, providing an extra layer of protection without adding visible friction or slowing down legitimate payments.

The aim is for security to be invisible, but always active, working at the same speed as the payment itself.

Real-time payments involve multiple players: banks, fintechs, clearing houses, and regulators. What are the key coordination challenges in securing this ecosystem?

Real-time payments are only as secure as the least protected participant. Coordination across such a diverse ecosystem is one of the biggest challenges. Each organisation uses different controls, standards, and systems, which can make information sharing slower and less effective.

This is an area where industry-wide collaboration must evolve further. We need to enable the secure sharing of data between organizations so that fraud patterns and compromised identities can be identified and acted on quickly. To strengthen collective defence, we need aligned data models, shared incident response playbooks, and communication protocols for collaboration across institutions. Regulatory and legal frameworks also need to enable timely, privacy-conscious information sharing across organizations.

Ultimately, keeping real-time payments safe while maintaining the seamless speed customers expect depends on the ecosystem acting as a unified network rather than a collection of isolated players.

Do current fraud liability models and reimbursement rules adequately incentivize all parties to invest in real-time payment security?

Not yet. In many markets, the rules around who bears the loss in certain types of fraud are still uneven. Often, customers or sending institutions carry most of the cost, while the receiving institution, which might hold the mule account, has less financial exposure. That imbalance reduces the incentive to stop fraud at the point where it can be most effectively blocked.

A fairer system would tie responsibility to outcomes such as fraud detection performance and response times. Reimbursement rules and greater transparency would encourage all parties to invest in stronger defences.

Shared accountability drives better outcomes. When everyone in the ecosystem has a stake in preventing fraud, the system as a whole becomes more resilient.

How do you see the intersection of digital identity, biometrics, and real-time payments evolving?

Digital identity and payments are becoming increasingly interconnected. In the near future, identity verification won’t feel like a separate step. It will be built naturally into how people make payments.

Device-based identity and biometrics will play a central role, enabling customers to confirm who they are quickly and securely without extra friction. Reusable digital credentials will let people prove who they are, or verify who they’re paying, without oversharing personal information.

These trusted signals will feed directly into fraud detection systems, improving accuracy and reducing scams. At the same time, privacy-focused technologies like on-device verification will keep sensitive data protected.

Over time, identity will move from being a protective layer around payments to the foundation of trust that powers them, making real-time payments faster, safer, and simpler for everyone.