Saturday, November 2, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Security TrendMicro 

What financial service providers should know about blockchain: Opportunities and threats

admin , , , ,

Credit to Author: Trend Micro| Date: Wed, 25 Jul 2018 15:30:51 +0000

It seems that every few years, an advanced and innovative new technology emerges and becomes the next big thing for organizations across different industries. Take the cloud and big data, for example – during their buzzword stage, these concepts were being attached to just about everything in the tech space.

Currently, it appears that blockchain has filled this space, popping up in discussions and initiatives within all types of businesses. For financial services in particular, though, it’s very imperative to not only understand the basics of blockchain, but also examine the kinds of threats and opportunities this concept will bring.

Where to start: The basics

First and foremost, financial service providers must understand what blockchain actually is. In the current industry, this can be difficult, as there are an array of different definitions available. But the main points common across expert explanations include:

  • Blockchain is the underlying technology that makes cryptocurrencies like Bitcoin possible.
  • Blockchain is a digital ledger wherein the information associated with cryptocurrency transactions is checked and verified.
  • Cryptocurrency miners doing this verification must also leverage powerful computer systems in order to resolve hash functions in order to add verified transactions to the blockchain.
  • Once a transaction is verified and the associated hash algorithm is resolved, the transaction is included in the next block of the blockchain, which is then unchangeable and part of the overall digital ledger.
  • Cryptocurrency miners receive a small digital currency profit for their efforts.

Without this system, there would be no way to verify or track the transactions taking place with digital currencies. And as new cryptocurrencies emerge, additional blockchains are established to underpin the value of the currency.

Blockchain offers certain use cases for financial service organizations.

How will blockchain impact financial services?: Opportunistic use cases

As a public ledger supporting cryptocurrency, blockchain appears to be right up financial services’ alley. At the same time, though, because anyone can review and add to a public blockchain, making it a system without a central, financial service authority, where do opportunities lie for businesses in this industry?

As Deloitte explained, there is absolutely room within this growing sector for financial service organizations to take advantage of the benefits of blockchain. A few use cases to consider include:

  • Supporting international transactions: Because blockchain enables a cryptocurrency value that is consistent across the globe, blockchain could be just the thing to enable faster and more streamlined cross-border transactions. This has traditionally been a slow and costly process, but blockchain could potentially considerably reduce the complexity involved.
  • Enabling share trading: Blockchain and cryptocurrency could also be leveraged within the stock market to allow for streamlined share trading while providing additional advantages like boosted accuracy and faster settlement.
  • Enhancing identity management: A blockchain-style system could also potentially be applied to online identity management, where users register themselves on the blockchain and can then choose who will be privy to their identity.
  • Improving loyalty rewards: Deloitte noted that banks could also utilize blockchain as a way to better trace transactions, and provide improved rewards for customer loyalty programs.

Issues to be aware of: Cryptojacking

Despite the opportunities that blockchain can provide – including impactful use cases outside of just cryptocurrency mining – there are also a few issues that financial service providers should be aware of.

First is the malicious activity that has emerged with the rising popularity of mining. As noted, in order for the blockchain to work, users must verify the information of cryptocurrency transactions, resolve a hash function and then add the transaction to the next block in the chain. Once this is performed, the cryptocurrency miner supporting this process receives a small reward for verifying and enabling the next set of transactions in the blockchain.

Unsurprisingly, cybercriminals have taken note and are now taking over victims’ systems for this purpose, an attack style now known as cryptojacking. As Trend Micro reported, cryptojacking is on the rise: Late last year, hackers enabled a campaign that impacted almost 1,500 websites, thanks to embedded cryptocurrency mining code within a live assistance widget.

Immutable nature of the blockchain

Another important aspect to understand about blockchain is the fact that transactions added to blocks in the chain are uneditable and unchangeable once verified and included in the digital ledger. This is the way the system was designed, as changing one part of a block could impact all the subsequent blocks added afterwards – similar to a long math problem, wherein a mistake early on affects all calculations that followed.

“Each block has a hash based on its contents, and carries the has of its predecessor,” Trend Micro CISA VP of Infrastructure Strategies William Malik wrote. “So when you look at a block on a blockchain, you can trace the block back through its predecessors to the founding block. Changing the contents of a block changes the block’s hash. If a block’s hash changes, the successor blocks will no longer reference it. Rebuilding the chain with with the replacement block means the has for each successive block will have to be recalculated, which is an enormous computational task.”

And, as Malik pointed out, this part of the blockchain process could have considerable repercussions, particularly in the face of new industry regulations like the European Union’s General Data Protection Regulation (GDPR).

Blockchain and GDPR

GDPR includes several key data protection rules for EU data subjects, but is a global standard that impacts every organization that in any way does business or supports the needs of EU citizens – including U.S.-based institutions.

One rule included in the standard is the Right to be Forgotten, which states that EU citizens can request that organizations using their personal data remove this information from the record. However, as Malik noted, this could be potentially disastrous for institutions that take part in the blockchain, including financial service providers.

“Under GDPR, an organization that constructs a blockchain may have to remove a block or modify some data to comply with a request to forget someone,” Malik wrote. “GDPR does not prohibit blockchain, but it does put some procedural requirements around blockchain’s use in commercial enterprises.”

As Malik explained, one of the only ways to ensure compliance with GDPR while maintaining the integrity and accuracy of the blockchain would be to create a system that enable the dissociation of a particularly identity with the relevant information included in the blockchain. In this way, data subjects can be protected and the unchangeable blockchain can persist.

Overall, blockchain is still a complex and immature, emerging technology. However, it does provide certain opportunities for financial service providers who are willing to also consider and balance these benefits with associated risks.

To find out more about blockchain and its use in financial services, connect with the experts at Trend Micro today.

The post What financial service providers should know about blockchain: Opportunities and threats appeared first on .

http://feeds.trendmicro.com/TrendMicroSimplySecurity