Blockchain Will Radically Transform Anti-Fraud

Blockchain is poised to change IT in much the same way open-source software did a quarter of a century ago.

With GDPR about to force banks to rethink how they handle and share personally identifiable info, and with fraud-enabling darknet data ballooning, enterprises will need blockchain's immutability and security to thwart bad actors.

However, In the same way that Linux took more than a decade to become a cornerstone in modern application development, Blockchain will take years to become a lower cost, more efficient way to share information between open and private networks.

But the hype around this seemingly new, secure electronic ledger is real. In essence, blockchain represents a new paradigm for the way information is shared and tech vendors and companies are rushing to figure out how they can use the distributed ledger technology to save time and admin costs.

Blockchain could be the answer to increasingly tough anti-money laundering (AML) statutes and enterprise fraud management (EFM) requirements looming for the financial services industry.

In a report by Forrester Research, blockchain's distributed ledger technology, because it is both secure and immutable, is ideal for meeting new government requirements and serving as a trusted repository for identification purposes.

Governments are also considering using blockchain networks to secure sensitive data, but none as of yet have, according to Martha Bennett, a principal analyst at Forrester Research and co-author of the report.

This year, several new regulations will toughen requirements on financial services to ensure customer privacy and secure online and mobile payments. The new laws include the Revised Payment Service Directive(PSD2) and the General Data Protection Regulation (GDPR).

Additionally, the Fifth European Union Anti-Money Laundering Directive (5AMLD), which is currently being negotiated, will likely increase oversight of virtual currencies, prepaid cards, information sharing and enhanced customer due diligence.

Starting in May, GDPR will force European banks to rethink how they store, manage, use and disseminate personally identifiable information, according to the report.

"If they wish to partake in blockchain-based AML and EFM device, whitelist, and transactional data sharing, [financial institutions] must adapt their privacy policies and tools to be able to cope with this requirement," Forrester said.

The research firm expects that privacy regulations and disclosures will have to cover blockchain-stored data assets as well.

"GDPR is one key requirement for handling [personally identifiable information] data securely," Andras Cser, a Forrester principal analyst and co-author of the report, said in via email. "Encryption algorithm standardization and strength testing (FIPS, etc.) are also key steps here."

Fraud and money laundering cost Billions

Last year, the cost of retail fraud, everything from fraudulent transactions to fraudulent returns, amounted to 1.9% of revenue, up from 1.47% in 2016. With Forrester's estimate of $3.56 trillion in U.S. retail sales in 2017, fraud will cost U.S. merchants almost $68 billion. On top of that, the cost of detecting and preventing money laundering is steep, as are the fines for businesses that fail to do so.

In 2018, for example, Dutch Rabobank was fined $369 million by authorities for handling illicit funds. And last fall, a data breach at consumer credit reporting agency Equifax, resulted in 143 million records being stolen.

Widespread availability of sensitive consumer information on the darknet and synthetic identity fraud – where criminals use stolen data combined with fake information to create credit and bank accounts – has proven traditional know-your-customer verification and knowledge-based authentication is unreliable.

AML and EFM are harder than ever to enforce and need to rely on the most diverse data possible, Forrester said, adding that "verifying identities before allowing them to transact helps avoid fraud losses in a complex payment ecosystem."

That's where blockchain can be useful.

Because it is an immutable, auditable electronic record, blockchain ensures that transaction records contain artifacts and identifiers of previous transactions. "This allows authorized investigators to backtrack transactions on the blockchain more easily than with current AML and EFM systems," Forrester said.

Blockchain implementations will challenge the monopoly of legacy identity verifiers, credit bureaus such as Equifax, Experian, RELX, and TransUnion, as well as watch list providers such as Dow Jones and World-Check, by providing auditable data for anti-money laundering.

Blockchain implementations for AML and EFM aren't expected to begin surfacing for another year to two in North America and for two to three years in other geographies, according to Cser.

Initially, enterprise blockchain networks will likely co-exist alongside more traditional AML and EFM tools, "at least Initially," Cser said.

"The biggest issue is creating the regulatory, privacy and legal framework for [blockchain's] adoption in EFM and AML," Cser said.

Forrester expects that existing and new data provider vendors, as well as banks and financial institutions, will be able to contribute to distributed and controlled blacklists/whitelists and privacy-controlled transaction repository blockchains.

And, because blockchain is built on open-source software such as Ethereum, MultiChain, OpenChain and other iterations, it is less expensive to acquire a platform, while anyone can also view, audit and fix security flaws in blockchain implementations.

Requirements for enterprise fraud management and anti-money laundering are similar in that it's "all about looking for patterns, identifying known bad players, and performing investigations.

"The main difference is that, while AML has traditionally been batch-based and reactive, EFM in the past five years has largely turned proactive," the Forrester report said. "Using real-time data in EFM is now a standard and critical requirement. EFM will use blockchain in risk-based authentication and account takeover detection as well as in back-end transaction (payment) monitoring."

Computerworld

You Might Aslo Read:

The Role Of Blockchain In Helping Organisations Meet GDPR Compliance:

Blockchain: What Business Executives Need To Know:

« The Next Russian Cyberattacks Will Be More Damaging
Leading Companies Pledge To Fight Cyber-Attacks »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

RU-CERT

RU-CERT

RU-CERT is the CSIRT / CERT team of the Russian Federation.

Cyber Security Centre - University of Hertfordshire

Cyber Security Centre - University of Hertfordshire

The Cyber Security Centre provides training, teaching and research in the fast paced topics of cyber security and digital forensics.

Oracle Cloud Security

Oracle Cloud Security

Oracle’s cloud security solutions enable organizations to implement and manage consistent security policies across the hybrid data center.

GTB Technologies

GTB Technologies

GTB Technologies is a cyber security company that focuses on providing enterprise class data protection and data loss prevention solutions.

Tukan IT

Tukan IT

Tukan IT provides a data classification and protection solution.

Veriato

Veriato

Veriato develops intelligent solutions that provide companies with visibility into the human behaviors and activities occurring within their network, making them more secure and productive.

Lifespan Technology

Lifespan Technology

Lifespan Technology provides the full range of IT Asset Disposition services. This includes hardware recycling and disposal, data destruction, and hardware resale.

RhodeCode

RhodeCode

RhodeCode is an open source repository management platform. It provides unified security and team collaboration across Git, Subversion, and Mercurial.

Terralogic

Terralogic

Terralogic is a software and IT services company, an expert in IoT, Cloud, DevOps, App development and Cybersecurity.

Sontiq

Sontiq

Sontiq is committed to providing best-in-class, highly scalable, award-winning identity security solutions to consumers, businesses and government agencies.

Electrosoft Services

Electrosoft Services

Electrosoft provide mature, innovative technology-based services and solutions to power critical IT programs and keep our nation safe from cybersecurity attacks.

Com Olho

Com Olho

Com Olho provides the measurement, analytics, quality assurance, and fraud protection technologies brands need for their business and customers.

Lupovis

Lupovis

Lupovis is an AI-based deception solution that deploys active decoys turning your network from a flock of sheep to a pack of wolves where the hunter becomes the hunted.

Policy Monitor

Policy Monitor

Policy Monitor is a cyber security company founded by experts with extensive experience in operational and risk management.

TetherView

TetherView

TetherView provides leading virtual desktop and email security technology to help businesses stand up and manage digital workspaces.

CIS Secure

CIS Secure

CIS Secure is an innovator, integrator and expert advisor supporting the broadest portfolio of powerful, mission-specific C5ISR communications and cybersecurity solutions.