Whether it is the Federal Information Processing Standard (FIPS) 202 that banks in the US have been mandated to implement, or the unified data access provision being introduced by the RBI in India, regulatory and industry bodies are implementing permanent controls to avoid having to take retaliatory actions in the face of rising threats.
Technological development has been percussive with instances of malice. Whether it is the Federal Information Processing Standard (FIPS) 202 that banks in the US have been mandated to implement, or the unified data access provision being introduced by the RBI in India, regulatory and industry bodies are implementing permanent controls to avoid having to take retaliatory actions in the face of rising threats.
Knowledge as Commons, Creative Commons, and even the Tragedy of Commons are concepts that have gathered critical mass across spheres. Now, the concept of commons driven by consensus is a solution that is capturing the interest of banks and industry bodies to effectively combat data security threats.
Consider this, a mechanism that requires approval from a minimum of 51% (or an agreed number) of members in a network to even hack into that network.
Distributed Ledger Technology (DLT) is a technology that lends itself to a critical infrastructure for collaborative consensus-driven transactions. What this means is that a set of users have access to the same ledger that gets updated in real-time upon transaction approval from the designated number of users in a network.
In a blockchain based system, an invoice once presented is added as a block to the blockchain, thus preventing a user from financing the same invoice again. It warrants repeating that the authenticity of transactions on blockchain is validated through consensus, and the ledger is updated for all participants alike. Thus a potential perpetrator of duplicate financing is not the only one privy to his / her records.
And to succeed at committing the fraud, the perpetrator has to refute claim to a transaction that all participants in the network have access to, and that got added to the blockchain only after approval from the network.
In a bid to outpace cyber-crime, banks have gone all-in with their security efforts and investments, a few of which include inducting ethical hackers, installing sophisticated software, and implementing AML solutions. Banks are now increasingly betting on blockchain’s manifold benefits of transparency, automated trust, single source of truth, immutability, and consensus-driven and real-time transactions to tackle financial fraud. Banks can thus also bolster the overall security of their network and infrastructure by channeling their financial resources more effectively. For instance, the security of a transaction even on a blockchain could be at risk if a user accesses it on a compromised browser or data transmission layer. By strengthening their network and physical security banks hedge the larger network against vulnerabilities.
Lastly, blockchain’s variants offer the flexibility of deployment according to the purpose or level of security required. These variants include – permissionless public distribution ledger, permissioned public distribution ledger, permissionless private distribution ledger and permissioned private distribution ledger. In a permission-less public DL such as bitcoin, any user can read, write, edit and commit to a transaction. This is the reason why most countries are skeptical of bitcoin exchange.
Permissioned public DL is a tad controlled as it allows all users to read but only authorised ones to write and commit on a blockchain. While public distribution ledger is hosted on a public server, private distributed ledger is hosted on a private server and consists of higher controls. A permissionless private DL allows only authorised participants to read, write, edit and commit. Its more restrictive peer, the permissioned private DL, allows only the network operator to write and commit a block on the blockchain but allows read and write permissions to the ledger’s authorised participants. For banks a permissioned private DL is the most preferred option. Clearly, with blockchain, banking seems to be advancing towards a secure future.
-The writer is vice president and global head – business consulting & product strategy, Infosys Finacle