It’s difficult to ignore the persistent cybersecurity threats that the financial services industry endures each day. Equifax, JP Morgan Chase, the Internal Revenue Service, and Deloitte have all experienced data breaches over the past five years. But, hackers don’t solely focus on enterprises that aggregate personal financial data. Indeed, retail and restaurant payment systems such as Target, Walmart, CVS, Wendy’s, and Chipotle have been hacked within the same time period. As such, anywhere you choose to use a credit card, whether online or in person, there is an increasing likelihood that your sensitive financial information will end up in the wrong hands.
By now, most have heard of the astronomical trajectory of Bitcoin valuation. As of October 2017, a single Bitcoin is worth almost $6,000 USD. This is a six-fold increase from January of the same year where the valuation was hovering at $1,000 USD per Bitcoin. Certainly, supply and demand are a driving factor in the enormous boost for the Bitcoin investors and speculators. However, it’s the underlying blockchain technology rather than the cryptocurrency which holds the most promise for everyone. This is particularly true for the financial services industry.
Blockchain technology uses an immutable digital ledger system that facilitates peer to peer transactions. At this time, it is the most secure method for a wide variety of transactions as it deploys a cryptographic system that incorporates both a public and private identification key. The public key is used to track the exchange between parties on the blockchain, which is then encoded into the ledger – or blocks. The private key is a verification integer that is only known to the owner of the key and is used to verify the authenticity of the transaction. Meanwhile, the public key will be known to everyone on the network as it is part of the data that is sent notifying the blockchain users that transaction approval and verification are needed.
How might this improve credit card transaction security? It takes an enormous amount of computational power for a hacking attempt. The approval mechanism used by Bitcoin blockchain, in particular, requires the solving of a complex mathematical algorithm, then approval by 51% of the network participants (called nodes) that a. the problem was solved correctly and b. the transaction is valid. Once recorded in the digital ledger, it is immutable, meaning no one can go into the particular block or group of blocks and arbitrarily reverse the transaction.
For credit card payments, your data would be locked by the private key. As long as that key isn’t shared with anyone, it’s safely tucked away by a cryptographic “wall.” Only data or information relevant to a single transaction is presented to the blockchain network, but your private key isn’t publicly broadcast. Current payment systems and financial services databases offer no such protection. Not only are their database systems regularly hacked, but credit card transactions are intercepted with increasing regularity. Additionally, the transaction data is transmitted through several different systems: from the merchant to the payment processor’s bank, then to the credit card issuer (e.g., MasterCard, VISA, American Express), and finally to your bank. A hacker can intervene at any step in this process or choose to attack any of the databases where your information is now stored.
Using a blockchain credit card not only removes at least one of the intermediaries, thus reducing the risk of a data breach, but it also decreases the transaction costs since each institution in a regular credit card transaction collects a fee. An added layer of security exists if the financial institution uses a private or permissioned blockchain. This allows only preapproved nodes – or participants – to approve and validate transactions.
However, this does not relieve the credit card holder from practicing robust cybersecurity protocols. Hackers will use phishing scams and other deceptive attacks to gain access to your private key. While blockchain provides a more secure protocol for digital transactions, it’s still entirely up to the credit card holder to protect their private key and refrain from revealing it to anyone. The first line of defense against a cyberattack still remains in the hands of the credit card holder.