Blockchain Will Radically Transform Anti-Fraud

Blockchain is poised to change IT in much the same way open-source software did a quarter of a century ago.

With GDPR about to force banks to rethink how they handle and share personally identifiable info, and with fraud-enabling darknet data ballooning, enterprises will need blockchain's immutability and security to thwart bad actors.

However, In the same way that Linux took more than a decade to become a cornerstone in modern application development, Blockchain will take years to become a lower cost, more efficient way to share information between open and private networks.

But the hype around this seemingly new, secure electronic ledger is real. In essence, blockchain represents a new paradigm for the way information is shared and tech vendors and companies are rushing to figure out how they can use the distributed ledger technology to save time and admin costs.

Blockchain could be the answer to increasingly tough anti-money laundering (AML) statutes and enterprise fraud management (EFM) requirements looming for the financial services industry.

In a report by Forrester Research, blockchain's distributed ledger technology, because it is both secure and immutable, is ideal for meeting new government requirements and serving as a trusted repository for identification purposes.

Governments are also considering using blockchain networks to secure sensitive data, but none as of yet have, according to Martha Bennett, a principal analyst at Forrester Research and co-author of the report.

This year, several new regulations will toughen requirements on financial services to ensure customer privacy and secure online and mobile payments. The new laws include the Revised Payment Service Directive(PSD2) and the General Data Protection Regulation (GDPR).

Additionally, the Fifth European Union Anti-Money Laundering Directive (5AMLD), which is currently being negotiated, will likely increase oversight of virtual currencies, prepaid cards, information sharing and enhanced customer due diligence.

Starting in May, GDPR will force European banks to rethink how they store, manage, use and disseminate personally identifiable information, according to the report.

"If they wish to partake in blockchain-based AML and EFM device, whitelist, and transactional data sharing, [financial institutions] must adapt their privacy policies and tools to be able to cope with this requirement," Forrester said.

The research firm expects that privacy regulations and disclosures will have to cover blockchain-stored data assets as well.

"GDPR is one key requirement for handling [personally identifiable information] data securely," Andras Cser, a Forrester principal analyst and co-author of the report, said in via email. "Encryption algorithm standardization and strength testing (FIPS, etc.) are also key steps here."

Fraud and money laundering cost Billions

Last year, the cost of retail fraud, everything from fraudulent transactions to fraudulent returns, amounted to 1.9% of revenue, up from 1.47% in 2016. With Forrester's estimate of $3.56 trillion in U.S. retail sales in 2017, fraud will cost U.S. merchants almost $68 billion. On top of that, the cost of detecting and preventing money laundering is steep, as are the fines for businesses that fail to do so.

In 2018, for example, Dutch Rabobank was fined $369 million by authorities for handling illicit funds. And last fall, a data breach at consumer credit reporting agency Equifax, resulted in 143 million records being stolen.

Widespread availability of sensitive consumer information on the darknet and synthetic identity fraud – where criminals use stolen data combined with fake information to create credit and bank accounts – has proven traditional know-your-customer verification and knowledge-based authentication is unreliable.

AML and EFM are harder than ever to enforce and need to rely on the most diverse data possible, Forrester said, adding that "verifying identities before allowing them to transact helps avoid fraud losses in a complex payment ecosystem."

That's where blockchain can be useful.

Because it is an immutable, auditable electronic record, blockchain ensures that transaction records contain artifacts and identifiers of previous transactions. "This allows authorized investigators to backtrack transactions on the blockchain more easily than with current AML and EFM systems," Forrester said.

Blockchain implementations will challenge the monopoly of legacy identity verifiers, credit bureaus such as Equifax, Experian, RELX, and TransUnion, as well as watch list providers such as Dow Jones and World-Check, by providing auditable data for anti-money laundering.

Blockchain implementations for AML and EFM aren't expected to begin surfacing for another year to two in North America and for two to three years in other geographies, according to Cser.

Initially, enterprise blockchain networks will likely co-exist alongside more traditional AML and EFM tools, "at least Initially," Cser said.

"The biggest issue is creating the regulatory, privacy and legal framework for [blockchain's] adoption in EFM and AML," Cser said.

Forrester expects that existing and new data provider vendors, as well as banks and financial institutions, will be able to contribute to distributed and controlled blacklists/whitelists and privacy-controlled transaction repository blockchains.

And, because blockchain is built on open-source software such as Ethereum, MultiChain, OpenChain and other iterations, it is less expensive to acquire a platform, while anyone can also view, audit and fix security flaws in blockchain implementations.

Requirements for enterprise fraud management and anti-money laundering are similar in that it's "all about looking for patterns, identifying known bad players, and performing investigations.

"The main difference is that, while AML has traditionally been batch-based and reactive, EFM in the past five years has largely turned proactive," the Forrester report said. "Using real-time data in EFM is now a standard and critical requirement. EFM will use blockchain in risk-based authentication and account takeover detection as well as in back-end transaction (payment) monitoring."

Computerworld

You Might Aslo Read:

The Role Of Blockchain In Helping Organisations Meet GDPR Compliance:

Blockchain: What Business Executives Need To Know:

« The Next Russian Cyberattacks Will Be More Damaging
Leading Companies Pledge To Fight Cyber-Attacks »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

TZ-CERT

TZ-CERT

TZ-CERT is the National Computer Emergence Response Team of Tanzania.

Intland Software

Intland Software

Intland offer an integrated Application Lifecycle Management platform that offers all-round Requirements, Development, and Testing & Quality Assurance functionality.

Materna Virtual Solution

Materna Virtual Solution

Materna Virtual Solution security solutions enable user-friendly, secure mobile working environments.

ClickDatos

ClickDatos

ClickDatos specializes in consulting, auditing, data protection training, accredited by ISO/IEC 27001 certification.

SecuPi

SecuPi

SecuPi delivers data-centric security with data-flow discovery, real-time monitoring, behavior analytics, and protection across web and enterprise applications and big data environments.

Brighter AI

Brighter AI

Brighter AI empowers companies to use publicly-recorded camera data for analytics & AI while being compliant with increasing data privacy regulations worldwide.

AlertSec

AlertSec

AlertSec Ensure is a U.S. patented technology that allows you to educate, verify and enforce encryption compliance of third-party devices.

Winterhawk

Winterhawk

Winterhawk is a specialist and leading global Cyber, ESG, GRC, Risk & Identity consulting practice.

ANSEC IA

ANSEC IA

ANSEC is a consultancy practice providing independent Information Assurance and IT Security focussed services to customers throughout the UK, Ireland and internationally.

FirstWave Cloud Technology

FirstWave Cloud Technology

FirstWave Cloud Technology is a global cyber security company which has been delivering Cybersecurity-as-a-service solutions to the market since 2004.

ProLion

ProLion

ProLion provides Data Integrity solutions that ensure organisations’ data remains secure, compliant, manageable and accessible.

Xopero Software

Xopero Software

Xopero Software develops a comprehensive range of professional tools for protecting and restoring critical business data.

Digistor

Digistor

Digistor is a leading manufacturer of industrial-grade flash storage products, secure storage products, and Removable Secure Data Storage.

Scribe Security

Scribe Security

Scribe security provides end-to-end software supply chain security solutions.

Tamnoon

Tamnoon

Tamnoon is the Managed Cloud Detection and Response platform that helps you turn CNAPP and CSPM alerts into action and fortify your cloud security posture.

RESTIV Technology

RESTIV Technology

RESTIV Compliance Copilot is your partner in continuous compliance. Real-time monitoring, continuous testing, and transparent evidence—no surprises, just peace of mind.