Mike Lynch, InAuth: Blockchain is not the silver bullet against fraud that many expect it to be

Mike Lynch, InAuth: Blockchain is not the silver bullet against fraud that many expect it to be

Anyone that picks up any business publication has no doubt read about blockchain. Conceptualised around the same time as the financial crisis in 2008, blockchain as originally conceived served as a digital ledger to publicly record cryptocurrency transactions and execute contracts.

Alex Tapscott, co-author of the book Blockchain Revolution, has compared it to the emergence of the internet in the early 1990s, and explains it as “a vast, globally distributed ledger where anyone, anywhere can move, store and manage any kind of asset, from money and securities to intellectual property and votes”.

The technology has generated a good amount of buzz with claims running the gamut from it being the biggest technological breakthrough since the internet, to those who dismiss the technology altogether as overhyped and a fad.

Regardless of where you fall on the spectrum, blockchain is getting a lot of people talking in the payments industry and continues to gain traction, particularly in the financial sector. According to a researcher at PwC, approximately $1.4 billion was invested globally in blockchain start-ups in the first nine months of 2016 and the investment is only expected to continue.

One of the reasons for the growth is the expectation that blockchain will help combat fraud and provide a far more secure means to guard our globally connected financial systems. Some say it will eliminate fraud as we know it.

Granted, blockchain has a strong reputation for offering a new approach in mitigating fraud for a host of reasons, ranging from the fact that the makeup of the technology is completely decentralised, so no one entity “owns” the data (like a bank), to the fact that once a transaction is made, it is part of an immutable record.

Given this, the technology does hold some promise in eliminating certain types of fraud. However, there is still one issue that must be addressed in the fight against fraud – authentication.

For a transaction to be trusted – whether the person is accessing the blockchain to make a transaction in the ledger, or going online to Overstock.com to buy a new TV using Bitcoins – there needs to be a strong understanding that the person involved in the transaction is the person authorised to perform it. There also must be validation that the device itself is “clean” and doesn’t contain malware or crimeware, and it isn’t being spoofed or potentially used as part of a velocity attack.

To do this requires sophisticated device intelligence technology that has the ability to facilitate a multi-factor authentication strategy to determine whether to interact with this device and this person, and what the risk is if you do.

Multi-factor authentication leverages various identifying elements to prove that the person doing the transaction is who they claim to be. These forms of proof can be something the person knows (for example, a PIN number), something the person possesses (e.g. an ATM card), or is intrinsic to them (e.g. a biometric fingerprint). Combining at least two or more of these elements is considered a multi-factor authentication strategy, but the more factors that can be validated the lower the risk of fraud.

Without multi-factor authentication in place, blockchain may not necessarily prevent someone from gaining access through fraudulent means to the ledger, fooling the system into believing they are someone else.

Therefore, for any digital transaction, the access point at which a person is using a device (mobile phone, PC, tablet, etc) to enter into the blockchain to conduct legitimate business – or to try and commit a nefarious act – still remains pivotal to the fraud-prevention, cybersecurity equation.

So will blockchain end fraud as we know it? That has yet to be determined. Security professionals are hopeful that it will play a significant role toward this end.

In the meantime, organisations should be looking to implement advanced device intelligence and authentication solutions to better protect their customers and their organisations right now, so they are positioned as leaders in their space when and if blockchain becomes the new global financial paradigm.

By Michael Lynch, chief strategy officer, InAuth

@banking
techno