Given the sheer scale of cybercrime, which could cost the world $10.5 trillion a year by 2025, a paradigm shift in the way we secure data is long overdue. Blockchain technology may be one way to achieve this: with blockchain technology security is ‘baked in’, since the very structure of the blockchain itself and the ‘consensus’ system that underpins it are, theoretically, secure.
Blockchains are at their core a means of storing data: each ‘block’ is a single record, like a row in a spreadsheet, connected to the previous block by a cryptographic hash and timestamped to prove that the block existed when it was assigned its hash. Blockchains can be public or private – public blockchains can be viewed by anyone and anyone can connect to them, becoming part of the ‘consensus’ process in which every transaction on the blockchain is verified as legitimate. Bitcoin and Ethereum are well-known examples of this. Private blockchains are administered by a single organisation, so their ledger would be private and only authorised persons could access it. There are advantages and disadvantages to both in terms of functionality and security, but on paper both are more secure at a fundamental level than traditional forms of data storage.
If, for example, you wanted to edit a previous block to spend the same bitcoin twice (a ‘double spend’ attack) then that would create a new hash for that block, breaking the chain and causing the rest of the distributed network to reject this change. It is possible for ‘51% attacks’ to occur in which a single entity controls more than half of the computing power on a blockchain, giving it the ability to decide what is ‘true’ and perform double-spend attacks – this has happened to Bitcoin Gold three times. However, the computing power required for this is extremely high, especially in the major blockchains like those powering Bitcoin and Ethereum.
FinTech companies are embracing blockchain technology
Because of its baked-in security and flexibility, many financial technology (or ‘FinTech’) companies are turning to blockchain to power their businesses, in whole or in part.
Despite its slick veneer, in the financial services industry, many processes are based on literal paperwork and some even involve contracts being sent by fax or bike courier. Stock trading, for example, shuts down on weekends, and if you are in London and want to buy a stock listed on the New York Stock Exchange on a Friday night then you will have to wait until the exchange opens at 9am EST the following Monday. Blockchains can be adapted to systems where all participants can easily check and verify trades and execute them in real time, 24 hours a day, seven days a week.
Blockchain technology Companies like Figure are using blockchain to provide personal loans and mortgages, again with much faster reported turnaround times than have been standard in the industry for decades. They can do this because verifying identity and other information is far easier in blockchains – because blockchains are immutable and accurate there is no need for administers, trustees and others to verify paperwork, significantly cutting down on the time it takes to approve loans. Circle is a payments company that offers merchants the ability to pay via traditional payment rails or their own ‘USD Coin’ token, which are faster and more secure (in theory) than traditional payments.
Smart contracts can create use cases for blockchain technology outside of cryptocurrency. These are essentially small pieces of code running on blockchains that execute when certain conditions are met, for example – ‘If X and Y both sign this contract then 1 coin from X’s wallet will be sent to Y’. Because the contract is self-enforcing, smart contracts will significantly cut down on the ‘paperwork’ required for, for example, ensuring that loans are paid on time. This would also be particularly useful in auditing transactions and resolving disputes, as it creates a ‘single source of truth’, the contract itself, that can be referred to whenever disagreements arise.
Lastly, information stored on blockchains is far easier to audit, making it attractive for companies hampered by admin costs or those working in sectors with a heavy regulatory burden. A large part of this comes from the fact that entries on a blockchain are inherently trustworthy – there is no need to double-check their veracity, say by finding paper receipts for stock trades, because of the powerful consensus model. Or there wouldn’t be if blockchain technology didn’t exhibit some security flaws that skilled criminals could take advantage of.
Creating a secure blockchain for FinTech
Although regulations covering cryptocurrency have been created, the use cases for blockchain technology in finance are so varied that they remain covered by existing legislation – providing a loan via blockchain technology isn’t treated as any different from providing it via more traditional means. Perhaps there is a case for countries and organisations like the EU to create a framework around blockchain in finance as they did with Open Banking, but the industry isn’t mature enough yet. One of the key ways to ensure that blockchain technology reaches the level of maturity where it sheds its ‘digital wild west’ image and is embraced by both governments and the public is to ensure that it is secure.
As mentioned above, attacks on the blockchain itself are difficult and rare. More common is targeting the weak points represented by a single wallet – somebody with administrator privileges in a private blockchain could potentially do a lot of damage. Private key infrastructure (PKI) is vital here: this method of ensuring that the person who enters their username and password into a blockchain wallet is who they say they are is incredibly robust and scalable, and is already used across the entire digital ecosystem (you may have exchanged public and private keys several times today without knowing it.)
Therefore, strong cryptography provided by hardware security modules will be key for blockchain-based FinTechs; they generate, store and protect private and public keys, guaranteeing that both parties in a transaction are who they say they are. Blockchain regulations are continuously evolving, making it difficult to predict what will be compliant in the future. However, HSMs have provided the backbone of security in so many industries and applications that there is no doubt that they will continue being a vital part of securing blockchains in FinTech.