As you may have noticed, this is a topic we just couldn’t ignore.
Thanks to the cryptocurrency market becoming, for better or worse, the latest media darling, the term “blockchain” seems to be on everybody’s lips. By itself, blockchain technology is a collective term that combines both the database (databases) containing information about owners and a number of technologies, such as blockchain (chain of transaction blocks) and distributed ledger technology. It is this sphere that receives the most attention, and the hype is deserved at the moment.
Blockchain (distributed ledger technology) is considered effective because records or transactions are contained in database blocks, where only new records can be added, and cannot be changed without editing the previous blocks in the chain. New blocks are attached to the existing ones and protected by an encrypted digital signature. The reliability of the signature is confirmed by the global computer network. When the block is changed, all blocks associated with it are declared invalid. And since multiple copies of this database or ledger are created, the system immediately identifies unauthorized changes.
Blockchain technology is revolutionary, but you need to understand its limitations and possible vulnerabilities. And, perhaps, in much the same way that the Internet changed how we communicate, blockchain technology will change how we assign value to assets. And furthermore, it will help us to create digital analogs of rights to assets that can be verified without intermediaries.
The significant advantages of distributed ledger technology are the simplification and reduction of costs of complex processes, when the documents of one organization or a small number of others are verified. Some examples of this include:
•legal documents on corporate banking transactions;
•verification of the authenticity of holders of shares, options and other securities, a and the administration of new types of securities (this trend is now developing in the form of primary placement of cryptocurrency);
•work of notaries and verification of powers of attorney (which may significantly change in the future);
•management of logistics and supply chains;
•verification of the authenticity of official documents, drawing up of state certificates, etc.
Today, pioneers are trying to find a practical application of this system to perform various tasks, but they often overlook the existing problems of blockchain.
One of the frequently mentioned tasks which is expected to yield revolutionary results is the remote online identification of users and the creation of a reliable system of protection from online fraud. It should be understood that solving the problem of remote identification or preventing identity theft will eliminate about 20-30% of incidents of online fraud. The pre-feasibility study showed that solving the remote identification problem will face a number of challenges associated with the current form of blockchain technology.
• False data. By itself, the blockchain system does not verify the authenticity of the data, but rather protects the existing data from unauthorized changes. In this situation, with the initial input of false data, the system will protect this false data, which creates a serious vulnerability for the “collective fraud” model. Suppose, a remote authentication system was created using the blockchain mechanisms. Let’s say that there is an employee in a large bank with 10 wealthy clients and 10 friends. At the moment of updating or creating identification parameters for clients, the employee invites his friends and proposes them to enter their parameters as identifiers. After entering this data, the system will decide that the customers are the employee’s friends. Further, the employee and his friends will have the opportunity to remotely prepare a “blow” on the bank and other financial institutions.
• Personal account hacking. Frequent incidents of hacking of cryptocurrency exchange participants’ private accounts proved that this problem is one of the most serious threats.
• Synthetic accounts. This type of attack occurs when fragments of proved data are used from different blockchain systems. Such an attack is based on the fact that a person has on average more than five email addresses, more than three bank cards and more than one SIM-card, which constantly change and therefore they cannot be permanently registered in one system. In the foreseeable future, it will be difficult to build a single system capable of tracking all contact data, including the creation of fictitious companies for 30-50 people with a corporate mail, telephones, “bloated” accounts in social networks and salary projects in banks.
• Competition for access to information and customers. This is the format of an indirect attack, when there is a single identification system distributed among the main market participants. Suppose that after the client’s identification with Bank A, he enters Bank B. In this case, Bank B will benefit from opening as many accounts for the client as possible to entice him away from Bank A. As a result, this system will only register new customers without checking existing ones.
• Operational costs. If you compare the cost of transaction in a centralized and decentralized system, the difference will exceed 10-100 times in favor of the first one. This is also true for systems performance.
• 51% Attack. This type of attack takes place when the system that monitors a significant portion of the nodes or the network’s mining capabilities is likely to change values in cells or network ledgers. Currently, almost every network has 2-3 players with the capacity above 40%.
The first three problems listed are based on an important assumption: the blockchain system can control release and use of all identification parameters only within itself and with simultaneous creation. The fourth problem is connected with the fact that the blockchain system is open; there is no competition for access to information, as ledgers are stored on a huge number of nodes.
The need for a remote authentication system is very high. Most likely, such a system will be created on the basis of a centralized approach or distributed ledgers for a small number of participants. However, in the open part of the system, the users will not have the personal data; probably, there will be only their masks (for example, instead of email@example.com, you have e***l@e***l.ru) or hashed data will be specified. This system should be managed by an independent operator or a small number of participants who will not be commercially interested in accessing personal data, but will be interested in the number of users. Perhaps, with the solution of these existing problems, we will see the successful implementation of this task on the basis of blockchain approach.
It remains to be seen whether blockchain can be the “end all, be all” solution to online fraud. However, the way the technology is designed does present us with many opportunities to thwart it. Like any new technology, all it takes is a deeper understanding of its strengths and weaknesses.
Have a question for us about something that is relevant to the development of your business? Send your queries to firstname.lastname@example.org and we will do our best to cover them in our publications and studies.