Blocking Out Fraudsters

Could the same technology that powers bitcoin be used to protect your identity? For the latest Digital Identity Tracker™, PYMNTS discussed blockchain-based security and the future of the space with the founder and CEO of KYC-Chain, Edmund John. You can find that, along with the latest headlines and a scorecard of 80 of the biggest players from around the industry, inside the latest Tracker.

Whether it’s been the leaked emails of a major political candidate, massive security breaches from major companies like Yahoo and Dropbox or even the hacking of a U.S. bank regulator, information security has been a recurring headline in 2016.

But what if a new technology could help safeguard and protect sensitive information, from emails and login credentials to bank accounts and other financial information?

Edmund John, founder and CEO of KYC-Chain, a Hong Kong-based security and authentication startup, believes that blockchain’s (the distributed ledger technology that powers bitcoin) two-factor authentication capability holds the key to offering the ultimate security solution for digital identity.

“Right now, it’s very difficult to prove that you are who you say you are on the internet. We don’t have a digital identity, which is attested by a trusted source,” Edmund said during a recent interview. “But blockchain provides a mechanism for digital identity, which can be attested by a trusted source. In addition, you have the infrastructure to start layering in multiple-factor authentication with biometrics, and that’s been proven to be much safer and more convenient than a username and password, which is difficult to remember and gives you only one factor of authentication.”

PYMNTS recently caught up with John to talk about blockchain, its security advantages and its ever-evolving dynamics.

A long road to acceptance

While bitcoin — a digital currency that is designed to, among other things, keep a user’s identity a secret — is an unlikely source for security and identity solutions, its underlying blockchain technology has continued to evolve to become a secure solution for digital identity.

“A lot of people said at first that I was missing the point of bitcoin, because it was supposed to be anonymous,” John said. “But a decentralized approach to identity makes a lot of sense. This is because, ultimately, you as an individual, want to own your identity. This concept of self-sovereign identity will mean you have a great deal of control and security, without a centralized point of failure.”

Despite the benefits, blockchain technology still has flaws when it comes to identity protection, John pointed out. For instance, there are issues with governance and regulation that surround bitcoin, as well as some fraud prevention techniques, such as zero-knowledge proofs.

However, other add-on approaches seem to have found ways to fulfill the deficits. The Sovereign Blockchain, which KYC-Chain operates on, has appointed an internal governance board, John noted.

But just like any other security system, blockchain’s protection capabilities come with their own flaws along with the many advantages.

“Ultimately, what’s really critical is that the blockchain or the technology you use is well-suited for the problem you are looking to solve,” he said. “Some problems are solved by a traditional centralized database, but other problems are more suited for a distributed approach, and blockchain is one technology which might be well-suited for these use cases.”

Taking away fraudsters’ rewards and incentives

Despite these drawbacks, John noted that blockchain’s distributed approach could have helped prevent some of the breaches that have dominated the news in recent weeks and months.

By eliminating large-scale collection of personal data, John said, he and his team can not only reduce the number of accounts that have been compromised but can also discourage fraudsters from attacking those users in the first place by removing some of the bounties that cybercriminals are after.

Hackers typically seek out massive troves of information, which can provide access to credentials not just for email addresses but also for accounts that use the same username and password, he said. By reducing the attack surface and by utilizing multiple-factor authentication, hackers are left with fewer reasons to target a company.

“If you have a large email company that hasn’t properly protected their servers, once that server is compromised, all of the people with that certain company email account are now compromised,” John explained. “They’ve gotten everyone on that list.”

But with blockchain-enabled security in place, those effects can be minimized because the user can take more responsibility for their data. If a company stores only a limited number of emails in one place, it not only reduces the expanse of accounts that can be compromised but “also makes it so the incentives to go after that are much lower, because now [fraudsters] don’t have that same prize when they get in,” he said.

A more promising future

For awhile, blockchain has been mostly used for facilitating bitcoin-based transactions, but that may not be the case for much longer. John envisions a future chock full of uses for the technology, including in the financial and health care fields, with digital identity and security chief among them.

“Blockchain is one of the most amazing technological breakthroughs of the 21st century, especially given its direct peer-to-peer nature and its ability to create a money system without a central source of power or control,” John said. “But we’ll see an evolution to new and other forms of distributed technology take over and improve different aspects of society. And the one that I’m working on and I think is most promising is identity.”

To download the November edition of the Digital Identity Tracker™, click the button below. 

1

About The Tracker

The PYMNTS.com Digital Identity Tracker™, powered by Socure, is a forum for framing and addressing key issues and trends facing the entities charged with efficiently and securely identifying and granting permission to individuals to access, purchase, transact or otherwise confirm their identity.