Blockchain Will Radically Transform Anti-Fraud

Blockchain is poised to change IT in much the same way open-source software did a quarter of a century ago.

With GDPR about to force banks to rethink how they handle and share personally identifiable info, and with fraud-enabling darknet data ballooning, enterprises will need blockchain's immutability and security to thwart bad actors.

However, In the same way that Linux took more than a decade to become a cornerstone in modern application development, Blockchain will take years to become a lower cost, more efficient way to share information between open and private networks.

But the hype around this seemingly new, secure electronic ledger is real. In essence, blockchain represents a new paradigm for the way information is shared and tech vendors and companies are rushing to figure out how they can use the distributed ledger technology to save time and admin costs.

Blockchain could be the answer to increasingly tough anti-money laundering (AML) statutes and enterprise fraud management (EFM) requirements looming for the financial services industry.

In a report by Forrester Research, blockchain's distributed ledger technology, because it is both secure and immutable, is ideal for meeting new government requirements and serving as a trusted repository for identification purposes.

Governments are also considering using blockchain networks to secure sensitive data, but none as of yet have, according to Martha Bennett, a principal analyst at Forrester Research and co-author of the report.

This year, several new regulations will toughen requirements on financial services to ensure customer privacy and secure online and mobile payments. The new laws include the Revised Payment Service Directive(PSD2) and the General Data Protection Regulation (GDPR).

Additionally, the Fifth European Union Anti-Money Laundering Directive (5AMLD), which is currently being negotiated, will likely increase oversight of virtual currencies, prepaid cards, information sharing and enhanced customer due diligence.

Starting in May, GDPR will force European banks to rethink how they store, manage, use and disseminate personally identifiable information, according to the report.

"If they wish to partake in blockchain-based AML and EFM device, whitelist, and transactional data sharing, [financial institutions] must adapt their privacy policies and tools to be able to cope with this requirement," Forrester said.

The research firm expects that privacy regulations and disclosures will have to cover blockchain-stored data assets as well.

"GDPR is one key requirement for handling [personally identifiable information] data securely," Andras Cser, a Forrester principal analyst and co-author of the report, said in via email. "Encryption algorithm standardization and strength testing (FIPS, etc.) are also key steps here."

Fraud and money laundering cost Billions

Last year, the cost of retail fraud, everything from fraudulent transactions to fraudulent returns, amounted to 1.9% of revenue, up from 1.47% in 2016. With Forrester's estimate of $3.56 trillion in U.S. retail sales in 2017, fraud will cost U.S. merchants almost $68 billion. On top of that, the cost of detecting and preventing money laundering is steep, as are the fines for businesses that fail to do so.

In 2018, for example, Dutch Rabobank was fined $369 million by authorities for handling illicit funds. And last fall, a data breach at consumer credit reporting agency Equifax, resulted in 143 million records being stolen.

Widespread availability of sensitive consumer information on the darknet and synthetic identity fraud – where criminals use stolen data combined with fake information to create credit and bank accounts – has proven traditional know-your-customer verification and knowledge-based authentication is unreliable.

AML and EFM are harder than ever to enforce and need to rely on the most diverse data possible, Forrester said, adding that "verifying identities before allowing them to transact helps avoid fraud losses in a complex payment ecosystem."

That's where blockchain can be useful.

Because it is an immutable, auditable electronic record, blockchain ensures that transaction records contain artifacts and identifiers of previous transactions. "This allows authorized investigators to backtrack transactions on the blockchain more easily than with current AML and EFM systems," Forrester said.

Blockchain implementations will challenge the monopoly of legacy identity verifiers, credit bureaus such as Equifax, Experian, RELX, and TransUnion, as well as watch list providers such as Dow Jones and World-Check, by providing auditable data for anti-money laundering.

Blockchain implementations for AML and EFM aren't expected to begin surfacing for another year to two in North America and for two to three years in other geographies, according to Cser.

Initially, enterprise blockchain networks will likely co-exist alongside more traditional AML and EFM tools, "at least Initially," Cser said.

"The biggest issue is creating the regulatory, privacy and legal framework for [blockchain's] adoption in EFM and AML," Cser said.

Forrester expects that existing and new data provider vendors, as well as banks and financial institutions, will be able to contribute to distributed and controlled blacklists/whitelists and privacy-controlled transaction repository blockchains.

And, because blockchain is built on open-source software such as Ethereum, MultiChain, OpenChain and other iterations, it is less expensive to acquire a platform, while anyone can also view, audit and fix security flaws in blockchain implementations.

Requirements for enterprise fraud management and anti-money laundering are similar in that it's "all about looking for patterns, identifying known bad players, and performing investigations.

"The main difference is that, while AML has traditionally been batch-based and reactive, EFM in the past five years has largely turned proactive," the Forrester report said. "Using real-time data in EFM is now a standard and critical requirement. EFM will use blockchain in risk-based authentication and account takeover detection as well as in back-end transaction (payment) monitoring."

Computerworld

You Might Aslo Read:

The Role Of Blockchain In Helping Organisations Meet GDPR Compliance:

Blockchain: What Business Executives Need To Know:

« The Next Russian Cyberattacks Will Be More Damaging
Leading Companies Pledge To Fight Cyber-Attacks »

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 5,000+ specialist service providers.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CyberSource

CyberSource

CyberSource provides online payment and fraud management services for medium and large-sized merchants.

ODVA

ODVA

ODVA is a global trade and standards development organization whose members comprise the world’s leading industrial automation companies.

Acutec

Acutec

Acutec is an award winning IT support, services and solutions provider including managed IT Security and backup/disaster recovery.

InstaSafe Technologies

InstaSafe Technologies

InstaSafe®, a Software Defined Perimeter based (SDP) one-stop Secure Access Solution for On-Premise and Cloud Applications.

Spanish Network of Excellence on Cybersecurity Research (RENIC)

Spanish Network of Excellence on Cybersecurity Research (RENIC)

RENIC is a membership based sectoral association that includes research centers and other agents of the research cybersecurity ecosystem in Spain.

Cog Systems

Cog Systems

Cog Systems offer an embedded solution built on modularity, proactive security, trustworthiness, and adaptability to enable highly secure connected devices.

North European Cybersecurity Cluster (NECC)

North European Cybersecurity Cluster (NECC)

NECC promotes information security and cybersecurity-related cooperation and collaboration in the Northern European region in order to enhance integration into the European Digital Single Market.

Arc4dia Labs

Arc4dia Labs

Arc4dia have developed SNOW, a cyber security solution to combat the world’s most sophisticated cyber threats.