Alternative Payment Systems: balancing efficiency, resilience, privacy, and security

Alternative payments promise faster, cheaper transactions. Discover why Dr. Ruth Wandhöfer believes operational resilience and regulation will decide their future.

Alternative Payment Systems is an area of frantic development these days. This was again showcased at Money2020 Amsterdam, where innovation in this space is literally buzzing.

But what really are Alternative Payment Systems, or short APSs? And how do APSs balance the different dimensions of efficiency, security, privacy, and resilience – areas that are particularly important in our digital age?

Let’s unpack this question.

APSs are primarily defined by providing payment solutions outside of cash or traditional card networks. This suggests that there is already a whole universe of APS out there and that for quite some time.

I fondly remember the days of developing the scheme rulebooks for the Single Euro Payments Area (SEPA), which created harmonised Euro credit transfer and direct debit payments across Europe – still one of the biggest payment transformations ever undertaken. With the introduction of SEPA Instant in 2017, supported by mandatory EU Regulation applicable since 2025, the European payments market now benefits from a real-time APS that, in combination with Open Banking services such as Payment Initiation and Account Information, delivers significant benefits to citizens and businesses alike.

These days, APS are reshaping how consumers, businesses, and governments transfer value. In fact, by now more than 80 countries have rolled out Real Time Payment Systems (RTPs), delivering instant or near instant transaction capability – a far more efficient alternative to cash and cards.

Real-time payment rails, digital wallets, account-to-account payment schemes, stablecoins, central bank digital currencies (CBDCs), and blockchain-based settlement networks are expanding the range of available payment options at unprecedented speed.

The promise is compelling: faster transactions, lower costs, greater financial inclusion, and enhanced efficiency. As payment systems become increasingly digital, interconnected, and instantaneous, the challenge is no longer simply moving money faster. It is ensuring that these new infrastructures remain secure, resilient, and trusted.

The rise of alternative payment systems

Real-Time Account-to-Account Payment Systems have gained significant ground over the last decade. SEPA is an outstanding example because of the breadth of the challenge undertaken at the time to align and harmonise payment systems across the very diverse Eurozone.

Other notable examples (of the 80+ RTPSs) include Faster Payment Services (FPS) in the UK (launched as long ago as 2008), UPI in India, FAST in Singapore, and PIX in Brazil. Cross-border interoperability examples such as UPI-PayNow (FAST) are tremendously important to provide efficient remittances.

Over the last few years, however, we have also seen other forms of innovation in this space, notably stablecoin-based payment solutions for international cross-border payments, Central Bank Digital Currency (CBDC), and tokenised bank deposit initiatives.

Historically, payments have involved multiple intermediaries, lengthy settlement cycles, and significant processing costs. Alternative payment systems seek to simplify these processes through direct, immediate, and increasingly programmable transfers of value.

The result is a fundamental shift from batch-based processing towards real-time financial infrastructure.

Operational resilience in an always-on world

While efficiency often dominates discussions about payment innovation, operational resilience is equally, if not more important.

Traditional payment systems typically operated within defined processing windows. Alternative payment systems increasingly operate 24/7.

Real-time inevitably creates new expectations and new risks.

Alternative payment systems rely on highly interconnected ecosystems involving banks, payment service providers, cloud providers, telecommunications infrastructure, software vendors, and third-party service providers. A failure at any point within this chain can create cascading effects across the wider financial system.

The challenge is compounded by growing concentration risks. Many financial institutions increasingly depend on a small number of cloud service providers and technology vendors. While these providers offer scalability and efficiency benefits, they also create potential systemic points of failure. And if we just look at the ensuing debate on AI (the case of Claude Fable 5), there may be a risk that European market could be excluded from certain US services overnight.

As a result, operational resilience must be a strategic priority for payment providers, financial institutions, and regulators alike.

Recent regulatory initiatives such as the European Union's Digital Operational Resilience Act (DORA) reflect growing recognition that financial stability depends on digital resilience.

The future of payments is therefore not simply about being faster. It is about remaining available when customers need access most.

Privacy: the new trust currency

Privacy represents another critical consideration in the evolution of alternative payment systems.

Payments generate highly sensitive information about individuals, businesses, and economic activity. Every transaction can reveal behavioural patterns, purchasing preferences, relationships, and financial circumstances.

As payment systems digitise, questions about who can access this data, how it is used, and how it is protected have become more important.

Consumers are more aware of the value of their personal data and increasingly expect transparency regarding how payment information is collected and processed. CBDCs have generated a particularly intense debate. Central banks must balance legitimate requirements for anti-money laundering, financial crime prevention, and monetary oversight against concerns regarding individual privacy and surveillance.

In fact, last year I led the work on Privacy for the Digital Pound initiative, which resulted in the delivery of a comprehensive report to HM Treasury and Bank of England. Getting the balance of privacy and choice right for all citizens is not easy, but it is an essential ingredient to the successful design and uptake of CBDCs.

Different alternative payment models approach privacy in different ways. Open Banking frameworks emphasise customer consent and controlled data sharing. Digital wallet providers often aggregate large volumes of transaction data within broader ecosystems. Blockchain-based systems offer varying levels of transparency and anonymity depending on their design.

Finding the right balance remains one of the defining policy challenges of the digital payments era.

Quantum computing: the next payment disruptor

Whatever payment system or solution we are looking at, there is one technological shift that will fundamentally impact payments in the next few years: quantum computing.

While fully fault-tolerant quantum computers remain several years away, governments and private investors have already committed more than USD 75 billion globally to quantum research and development. Increasingly, quantum is being viewed not simply as a scientific breakthrough, but as a strategic capability with profound implications for national security, economic competitiveness, and financial infrastructure.

For the payments industry, quantum presents both extraordinary opportunities and significant risks.

On the opportunity side, quantum computing could dramatically enhance optimisation and simulation capabilities. Payment networks process billions of transactions every day across highly complex ecosystems involving banks, merchants, acquirers, schemes, and clearing infrastructures. Quantum algorithms could eventually support more efficient liquidity management, fraud detection, route optimisation, and real-time settlement across increasingly interconnected networks.

The more immediate concern, however, lies in cybersecurity.

Much of today's digital infrastructure relies on cryptographic standards such as RSA and elliptic curve cryptography. These systems secure everything from online banking and payment authentication to digital identities and secure communications. Their security depends on mathematical problems that are extremely difficult for classical computers to solve, but not for quantum computers. If in the wrong hands, money in our accounts could disappear in front of our eyes. And we know that adversaries have already been collecting encrypted data for some time with the expectation that future quantum computers will eventually allow them to decrypt it.

For payment providers and system operators, the message is clear. Quantum readiness with the implementation of Post-Quantum Cryptography (PQC) is rapidly becoming part of broader operational and cyber resilience strategies.

The institutions that begin preparing today will be far better positioned to navigate the next major technological transition tomorrow.

Cybersecurity: the growing battleground

If operational resilience is the foundation of payment infrastructure, cybersecurity is its frontline defence.

The digitisation of payments has dramatically expanded the attack surface available to cybercriminals.

Financial institutions face sophisticated threats including, ransomware, supply chain attacks, credential theft, social engineering campaigns, and nation-state cyber activity.

At the same time, AI is transforming the threat landscape. AI-powered attackers can automate reconnaissance, identify vulnerabilities more rapidly, and develop highly targeted attack campaigns at unprecedented scale.

The challenge is particularly acute for alternative payment systems because of their speed and level of digitisation.

Traditional fraud controls often relied on time. Delayed settlement created opportunities to identify suspicious activity before funds left the system. Real-time payments significantly compress these intervention windows.

Fraud detection must therefore operate in milliseconds rather than hours.

As a result, payment providers are investing heavily in behavioural analytics, machine learning, real-time transaction monitoring, and advanced threat intelligence capabilities – and preferably Direct Threat Intelligence (DTI) that can prevent attacks before they hit systems and organisations.

Cyber resilience is no longer merely a technical issue. It has become a business, regulatory, and reputational imperative. And as Agentic AI gains more ground, fraud detection solutions will need to adapt to this challenge as well, i.e., behavioural analytics will also need to be in tune with the behaviour of AI bots, rather than only humans.

The future: convergence and trust

Looking ahead, questions surrounding data ownership, cybersecurity standards, operational resilience requirements, and cross-border interoperability will become increasingly important.
Alternative payment systems promise faster transactions, lower costs, and improved customer experiences. Yet speed alone is not enough.

The future success of alternative payment systems will depend on their ability to deliver operational resilience, protect privacy, withstand increasingly sophisticated cyber threats, and bridge innovation with regulatory certainty. On that path, policy will also need to evolve much faster, for example, if we look at the digital asset and stablecoin ecosystems.

The winners will not simply be the fastest payment providers. They will be the institutions that combine efficiency, resilience, privacy, security, and trust into a foundation for the next generation of global payments and into a future where quantum computing will take a firm place in our digital economies. 

For more information, please also see my Online Fintech& AI Master Class: https://akademie.m2bc.de/course/nextgen-fintech-and-ai-masterclass

About author

Dr. Ruth Wandhöfer

Adviser | Author | Speaker | Board Director | Professor

Dr. Ruth is a leading authority at the crossroads of finance, technology, cybersecurity, and regulation.
A former senior Citi executive, Ruth combines roles as an independent Non-Executive Director, Head of European Markets at Blackwired Cybersecurity, Author, Adviser, and Investor. 
She also runs her own business, Leximar Advisory, which supports financial institutions, tech, and fintech/cyber security businesses. She is a global keynote speaker, strategist, and Visiting Professor at Bayes Business School.