It seems that every few years, an advanced and innovative new technology emerges and becomes the next big thing for organizations across different industries. Take the cloud and big data, for example – during their buzzword stage, these concepts were being attached to just about everything in the tech space.
Currently, it appears that blockchain has filled this space, popping up in discussions and initiatives within all types of businesses. For financial services in particular, though, it’s very imperative to not only understand the basics of blockchain, but also examine the kinds of threats and opportunities this concept will bring.
Where to start: The basics
First and foremost, financial service providers must understand what blockchain actually is. In the current industry, this can be difficult, as there are an array of different definitions available. But the main points common across expert explanations include:
Without this system, there would be no way to verify or track the transactions taking place with digital currencies. And as new cryptocurrencies emerge, additional blockchains are established to underpin the value of the currency.
Blockchain offers certain use cases for financial service organizations.
How will blockchain impact financial services?: Opportunistic use cases
As a public ledger supporting cryptocurrency, blockchain appears to be right up financial services’ alley. At the same time, though, because anyone can review and add to a public blockchain, making it a system without a central, financial service authority, where do opportunities lie for businesses in this industry?
As Deloitte explained, there is absolutely room within this growing sector for financial service organizations to take advantage of the benefits of blockchain. A few use cases to consider include:
Issues to be aware of: Cryptojacking
Despite the opportunities that blockchain can provide – including impactful use cases outside of just cryptocurrency mining – there are also a few issues that financial service providers should be aware of.
First is the malicious activity that has emerged with the rising popularity of mining. As noted, in order for the blockchain to work, users must verify the information of cryptocurrency transactions, resolve a hash function and then add the transaction to the next block in the chain. Once this is performed, the cryptocurrency miner supporting this process receives a small reward for verifying and enabling the next set of transactions in the blockchain.
Unsurprisingly, cybercriminals have taken note and are now taking over victims’ systems for this purpose, an attack style now known as cryptojacking. As Trend Micro reported, cryptojacking is on the rise: Late last year, hackers enabled a campaign that impacted almost 1,500 websites, thanks to embedded cryptocurrency mining code within a live assistance widget.
Immutable nature of the blockchain
Another important aspect to understand about blockchain is the fact that transactions added to blocks in the chain are uneditable and unchangeable once verified and included in the digital ledger. This is the way the system was designed, as changing one part of a block could impact all the subsequent blocks added afterwards – similar to a long math problem, wherein a mistake early on affects all calculations that followed.
“Each block has a hash based on its contents, and carries the has of its predecessor,” Trend Micro CISA VP of Infrastructure Strategies William Malik wrote. “So when you look at a block on a blockchain, you can trace the block back through its predecessors to the founding block. Changing the contents of a block changes the block’s hash. If a block’s hash changes, the successor blocks will no longer reference it. Rebuilding the chain with with the replacement block means the has for each successive block will have to be recalculated, which is an enormous computational task.”
And, as Malik pointed out, this part of the blockchain process could have considerable repercussions, particularly in the face of new industry regulations like the European Union’s General Data Protection Regulation (GDPR).
Blockchain and GDPR
GDPR includes several key data protection rules for EU data subjects, but is a global standard that impacts every organization that in any way does business or supports the needs of EU citizens – including U.S.-based institutions.
One rule included in the standard is the Right to be Forgotten, which states that EU citizens can request that organizations using their personal data remove this information from the record. However, as Malik noted, this could be potentially disastrous for institutions that take part in the blockchain, including financial service providers.
“Under GDPR, an organization that constructs a blockchain may have to remove a block or modify some data to comply with a request to forget someone,” Malik wrote. “GDPR does not prohibit blockchain, but it does put some procedural requirements around blockchain’s use in commercial enterprises.”
As Malik explained, one of the only ways to ensure compliance with GDPR while maintaining the integrity and accuracy of the blockchain would be to create a system that enable the dissociation of a particularly identity with the relevant information included in the blockchain. In this way, data subjects can be protected and the unchangeable blockchain can persist.
Overall, blockchain is still a complex and immature, emerging technology. However, it does provide certain opportunities for financial service providers who are willing to also consider and balance these benefits with associated risks.
To find out more about blockchain and its use in financial services, connect with the experts at Trend Micro today.