Fighting Cybercrime: How Blockchain Can Make Banking More Secure
In May 2017, a cryptoworm called WannaCry held about 2,00,000 computer systems in 104 countries to ransom. This was followed by another attack in June by NotPetya. These are the latest in a string of deadly cybercrimes in the past few years, coming on top of the 2013 Yahoo account hacking, the 2014 cyber-attack on 47,000 Sony employees, and the theft of several thousand Tesco Bank accounts last year. Safe to say these are not the last ones.
A security incident can not only seriously impact an enterprise’s operations and financials, it can deal a death blow to its reputation. For banks, under constant attack from malware and other antagonists and under constant obligation to protect customers, security is clearly a massive priority. No surprise, banks are expected to be among the leading spenders on cyber-security through 2020.
Some of that spending will undoubtedly go into blockchain.
In its few years of existence, distributed ledger technology (DLT), of which blockchain is a prime example, has excited banks with its potential to reduce transaction cost, speed up settlement, provide transparency and eliminate the intermediary chain. It also promises to provide near impenetrable security to banking transactions and data.
Blockchain has three inherent qualities, which make it secure by nature.
Although the distributed ledger underlying bitcoin transactions is public, and therefore accessible to all members of its network, there is also a permission-driven version of blockchain that is well suited to the needs of banks. In permission-driven blockchain, banks can specify who among the network may view, modify and validate a transaction. This automatically creates a layer of protection for customer data and privacy.
A few years ago, eBay asked its 150 million users to reset their passwords when hackers gained access to customers’ personal data. Identity theft is a huge concern in the digital age.
Blockchain provides extra protection to identity and other personal information by recording it in a 256-key encrypted Secure Hash Algorithm (SHA) format, which is virtually impossible to hack. In addition, the blockchain algorithm requires that the digital identity a bank creates for its customer is further validated through consensus. What this means is that a customer’s digital identity is subject to the scrutiny of a minimum number of banks, before it is deemed acceptable.
For banks bound by consumer protection laws, or worse, a “no questions asked” remediation policy, repudiation is a serious concern. With blockchain, there is no such fear, because the ledger is inherently immutable.
Before a transaction can be “hashed” – put on a block and formed into a chain – it must be validated by the network (which could run into millions) through consensus. This process is so rigorous that it is impossible for a fake transaction to go through. The corollary is that once a transaction is approved, it cannot be denied.
Generally speaking, any data security framework must assure confidentiality, availability and integrity. This is particularly relevant to banks, who are under obligation to consumers, regulators and partners to safeguard transaction data and ensure customer information remains confidential.
How does blockchain measure up to these expectations?
Confidentiality: Permission-driven blockchain restricts access to a trusted circle; the SHA algorithm provides rock solid defence of identity and privacy.
Availability: A huge benefit of blockchain is that it eliminates intermediaries, which not only cuts transaction cost, but also improves availability by crashing lead-time to near zero. Also, because the ledger is replicated across multiple nodes (running into several thousands, even millions), it is always up and running.
Integrity: Every transaction in the ledger is visible from end to end. As we saw earlier, it is impossible to fake a transaction on blockchain or deny one after it is done.
No two ways about it, blockchain checks all the boxes. I expect it will shift the security goalpost not only in banking, but every other applicable context in the years to come.
(The author is Associate Vice President & Head – Finacle Product Strategy, Infosys. This is a personal blog and the views expressed above are the author's own. The Quint neither endorses, nor is responsible for the same.)
(We all love to express ourselves, but how often do we do it in our mother tongue? Here's your chance! This Independence Day, khul ke bol with BOL – Love your Bhasha. Sing, write, perform, spew poetry – whatever you like – in your mother tongue. Send us your BOL email@example.com or WhatsApp it to 9910181818.)