Blockchains, and Cybercrime and APIs! Oh my!
With digital innovation comes cybercrime and responsibilities. SWIFT and the Bangladesh Central Bank lost of $80 million demonstrating this coupled with SWIFT further emphasis ‘we cannot secure our customers’ environments and cannot assume responsibility for that’.
The mind-set of ‘if it ain’t broke don’t fix it’ has to go along with legacy systems without on-going up to date protection. Both occurred before the arrival of digital and in a world less technically sophisticated. Often core systems had minimum security and data, regardless of privacy, often allowed to flow literally anywhere.
The link between SWIFT, blockchain and apps to the banking systems is often through an API. An API is a set of functions and procedures that allow the creation of applications that can access the features or data of an operating system linking with a bank account. By October 2017 standardised APIs will become mandatory in Europe.
The EU Payment Service Directive (PSD2) is designed to accelerate banking innovation and simplify payments. Banks will have to provide access for their customers to allow others to access their account.
SWIFT has just stated ‘Alliance interface software is mandatory’. Reuters has reported the Bank of England is calling for banks to check if they are compliant with excellent security practises.
History has shown us some of our biggest solutional and technological advances have come from blending existing products together forming many new products and using them in very different ways. From mining industry, we gained the steam engine and that in turn transformed transportation and consigned the barge, horse and cart to the leisure industry.
To many institutions APIs are feared as an “Open_Sesame” access for the cybercriminal. A technology structured cyber-security environment is the best practice but it’s people who are responsible for cybercrime. Celent estimates close to 60% of frauds involve an Insider. CERT’s 2014 report showed 37% cyber-crime involved Insiders.
Cyber-crime comes from three distinct sources: The Joy Riders, the Sophisticated and the Organized Crime/Hostile Nations with all able to deploy state of the art powerful computers and programs. Banks need to understand whom they have employed, both permanent and contractual, and what they are doing as they could be an Insider. Phrases such as Bad Actor or Bad Agent are starting to describe what are malicious Insiders.
The blockchain does provide provenance of any asset from day one and with five or more distributed ledgers end-points making it virtually fraud proof. The next step is to move from the many blockchain proofs of concept to industrialised solutions that become commonplace.
Blockchain with APIs allow STP (straight through processing) asset and payment movement between to and from the buyer and the seller. The blockchain assets and liabilities created need to be registered on the general ledger of the buyers and sellers. In doing so Compliance: Know Your Customer (KYC) and Anti Money Laundering (AML) and Accounts Payable process need to be involved.
Now secure, fraud resistant, compliant STP with ongoing provenance is a mouth-watering prospect. For banks, it has taken decades to reach 90% STP for payments. While that is a great improvement in automating the payments, the cost repairing the remaining 10% of the payments is the same as the cost of processing the 90%. In addition the repair of a payment can become the liability of the bank. Blockchain, APIs and cyber-security would give 100% STP from the get go.
The ultimate goal is end-to-end (E2E) cyber security. Both SWIFT and blockchain are parts of the chain. The buyers and sellers and their bank’s are part of that chain. At a minimum there should be E2E Encryption and more, Token Based Authentication of the data.
Embrace the digital yellow brick road. Unlike the ‘Lions, and tigers, and bears! lyric suggesting a fear of rumored threats, in ‘blockchain and cybercrime and APIs!’ there are real threats. The opportunities though far outweigh the threats, which can be eliminated by taking blockchain and cybercrime seriously NOW.
Visit https://icn.sap.com/news/Blockchain.html for more information