Blockchain: banks check data protection
Six out of ten banks in Germany are putting special security issues relating to data protection and user identification on the agenda when it comes to blockchain, the technology of the future.
Consumers who want to pay using blockchain technology must be separately protected against the loss of personal data. To do this, banks must adapt the control of previously centrally stored customer data to the blockchain. These are the findings of the study "Blockchain - Evolution or Revolution", which was conducted on behalf of DXC Technology.
"The majority of institutions see a need for action to improve the reliability of data within the blockchain," says Liliana Scheck of DXC Technology Switzerland. "True, once data is stored in the blockchain, it is considered tamper-proof. But the relevant information is hidden behind anonymous columns of numbers." In this context, the blockchain functions like a digital land register that publicly records all transactions made. However, it is not easy to check who is behind a payment that has been processed.
Blockchain users leave traces
In principle, the system promises a high level of security for the user's own data. However, the special risks associated with the new technology must be taken into account. Blockchain users leave traces, similar to the history of an Internet browser, which lists the websites visited. Anyone who transfers money digitally has their anonymous identifier stored in the blockchain. This data can be matched with other information, for example from online transactions, to determine the person behind a blockchain address. This puts anonymous payments at risk. With enough data, everyone can be uniquely identified on the Internet. This also applies to the blockchain.
"If there are problems, consumers need special protection. This is because institutions lack direct access, especially in the case of publicly operated blockchains. Even in the case of serious oversights, manual correction is explicitly excluded. This creates completely new compliance risks for banks," says Liliana Scheck. The idea behind a public blockchain is to eliminate the need for additional regulation, as transactions are approved electronically by the parties involved.
"Perform "Proof of Concepts
Legislators are already active in securing transactions in the blockchain. The German financial supervisory authority BaFin as well as the state central banks are intensively dealing with the topic. However, concrete recommendations for action in terms of legal requirements are not yet available. In our project and customer situations, we have made the experience that banks should not only deal with the topic of blockchain from a technology perspective, but also from a legal and compliance perspective. Conducting a pilot project together with the regulator helps both sides to get a better grip on the topic.
To ensure confidence in the new technology, banks with high transaction volumes should conduct appropriate technical "proof of concepts" to evaluate different blockchain technologies in relation to the required transaction volume. The different blockchain protocols show large differences in their suitability especially in terms of performance or protocol maturity levels for banks.
Establish an efficient governance structure
Due to still varying blockchain platforms and implementations, it is recommended to evaluate applications for their suitability to be integrated into a specific blockchain system. When building a blockchain, a risk-based approach is recommended in that security controls take business requirements and processes into account. On the one hand, this means knowing the data that will be stored and processed in the Blockchain. But it also means building solutions, for example for encryption, code verification or identity access management, to prevent classic threats such as compromising public key infrastructure and application development. It is also important to build an efficient governance structure to efficiently defend against cyberattacks. DXC expects cyberattacks in the future to be directed at software designed to provide simplified access to the blockchain, Rauer says. Here, the focus needs to be on implementation. In addition, the security level in the application area should be increased - or already be inherent in the software development.
Source: DXC Technology
