Blockchain
Blockchain Cryptocurrency Cybersecurity Europe Fintech

UTIMACO: Providing a Secure Blockchain Through the Adoption of HSMs

Fintechs, more than ever before, are turning to blockchain technology as a means to offer a complete, unchangeable, and hopefully unalterable, record of every transaction through cryptocurrencies. It also enables cross-border transactions to become frictionless and offers banking services to typically underbanked parts of the world.

However, blockchain is often still perceived as the ‘wild west’ of fintech; unregulated, ungoverned, and even unlawful in some cases. This perception must shift in order to allow blockchain-based technologies to become more widely adopted.

Mario Galatovic, Vice President Products and Alliances, UTIMACO
Mario Galatovic, Vice President Products and Alliances, UTIMACO

Here, Mario Galatovic, Vice President Products and Alliances at UTIMACO discusses the possibilities that blockchain technology can procure for the fintech sector, the steps that are needed to ensure blockchain operates securely, and how hardware security modules (HSMs) form the backbone of efforts to make blockchain-based identity feasible in finance.

Mario has a diploma in engineering for information technology with a main focus on applied cryptography from the University of Applied Sciences in Offenburg. Currently, he is very active in the fields of Blockchain and Post-Quantum-Cryptography.

Mario has more than 10 years of experience in consulting, planning, and implementing cryptographic systems like PKIs and payment systems. Prior to joining UTIMACO, he gathered experience with payment solutions, smartcards, and authentication systems at Gemalto and Thales.

Despite having existed since 1982, people outside of the computer science circles were not aware of blockchain until the pseudonymous person(s) ‘Satoshi Nakamoto’ produced the whitepaper ‘Bitcoin: A Peer-to-Peer Electronic Cash System’. This introduced the concept of an electronic cryptocurrency that ran on blockchains.

Blockchains have been used to power everything from Non-Fungible Tokens (NFTs) to refugee camps. They are essentially lists of records (‘blocks’), like an Excel spreadsheet or SQL database, linked together by cryptography. Unlike other forms of recording data, each block contains a cryptographic hash of the previous block, a timestamp, and transaction data (‘Bitcoin wallet X sent 1 Bitcoin to wallet Y’, etc). Each block contains information about the block before it, forming a chain, and the data in these blocks cannot be retroactively altered.

Although renowned for the secure nature, blockchains can be subject to security failure. For example, Mt. Gox, which at one time handled 70% of all bitcoin transactions, experienced catastrophic security collapse. Creditors alleged that they had lost $2.4 trillion dollars in the bankruptcy that followed the exchange losing the majority of coins it held.

The ways in which blockchains are used

Despite these security blips, blockchain technology is growing in popularity with fintech companies.  Blockchain-based cryptocurrency companies such as Coinbase are by definition fintechs, and existing fintechs, like the challenger bank Revolut, offer investment in cryptocurrency alongside other financial services. Legacy financial companies such as Citi Bank are trialling an application of blockchain technology to significantly speed up cross-border transactions. JP Morgan’s ‘Confirm’ system allows money to be sent to other countries nearly instantaneously when it previously could take days.

There are more inefficient areas of finance that blockchain can accelerate such as trading, which traditionally requires heavy paperwork and shuts down at the weekend. However, blockchains can be adapted to systems where all participants can easily check and verify trades and execute them in real time, 24 hours a day, seven days a week. Furthermore, companies like Figure are using blockchain to provide personal loans and mortgages, again with much faster turnaround times than have been standard in the industry for decades.

Building societies trust in cryptocurrency

Although blockchain technology has been mainstream for nearly a decade, cryptocurrency is yet to be considered as legal tender in all but one country, El Salvador. Governing bodies till consider it as being the unregulated, ungoverned, and often unlawful frontier of money.

Only 2.3 million people in the UK hold any form of cryptocurrency, whereas one-third of the region owns traditional investments like stocks and shares. Use of other blockchain applications is likely to be rare, and the most recent research on people’s attitudes showed that 70% of survey respondents either hadn’t heard of cryptocurrencies or didn’t know how to define one. Just 7% of respondents who hadn’t already purchased cryptocurrency said they intended to do so. It is therefore apparent that fintech companies have a lot to do before the idea of blockchain-based services expands past a narrow, overwhelmingly wealthy, middle-aged, white and male demographic.

The importance of a secure blockchain

There are two ways for bad actors to breach blockchain security. The first is through editing the historical record itself – performing ‘double spend’ attacks in which a transaction is performed; the block that records that transaction is replaced by a block that does not. If one actor controls the majority of the computing power in a blockchain then they effectively get to decide what is ‘true’ on that blockchain. Given the technical complexity and raw computing power required, this type of attack is very unlikely.

The second, more common breach occurs when hackers compromise an individual wallet by finding or correctly guessing the username and password to get into an account. So-called ‘hot wallets’ can and have been hacked. Poor password management and a lack of two-factor identification could lead to the contents of your wallet being wiped. More worryingly for businesses, blockchain-based companies like cryptocurrency exchanges also use private and public keys; the method for getting money from a site like Coinbase is no different from getting it from a friend. This is why exchange hacks are so common – a hacker just needs two pieces of information and they have the keys to the kingdom.

Therefore, the strong cryptography provided by hardware security modules will become crucial to blockchain-based fintechs as they generate, store and protect the private and public keys that form the ‘root of trust’ in blockchains. Because each node in the blockchain has access to part of the chain, there is no central location where data can be protected behind firewalls, however with hardware security modules (HSMs), companies handling sensitive financial data can be assured that their information is secured safely.

It is impossible to predict future compliance regulations with blockchain technology continuously evolving. However, the crucial part that HSMs play in providing security suggests that FinTechs will continue to rely on them as blockchain technology evolves.

Author

Related posts

EMVCo Establishes Security Evaluation Process for Software-Based Mobile Payments

Jason Williams

Vladimir Goloborodko: “We never set a goal to become the next “slayer of VISA”

Manisha Patel

Mobile Fraud Has Met Its Match With Evina and Telecoming’s Latest Global Alliance

Tyler Smith