20 January 2018
John Bertrand


John Bertrand - SAP

24Posts 213,822Views 8Comments

Blockchains, and Cybercrime and APIs! Oh my!

01 June 2016  |  8781 views  |  0

With digital innovation comes cybercrime and responsibilities. SWIFT and the Bangladesh Central Bank loss of $80 million demonstrating this coupled with SWIFT further emphasis ‘we cannot secure our customers’ environments and cannot assume responsibility for that’. 

The mind-set of ‘if it ain’t broke don’t fix it’ has to go along with legacy systems without on-going up to date protection. Both occurred before the arrival of digital and in a world less technically sophisticated. Often core systems had minimum security and data, regardless of privacy, often allowed to flow literally anywhere.

The link between SWIFT, blockchain and apps to the banking systems is often through an API. An API is a set of functions and procedures that allow the creation of applications that can access the features or data of an operating system linking with a bank account. By October 2017 standardised APIs will become mandatory in Europe.

The EU Payment Service Directive (PSD2) is designed to accelerate banking innovation and simplify payments. Banks will have to provide access for their customers to allow others to access their account.

SWIFT has just stated ‘Alliance interface software is mandatory’. Reuters has reported the Bank of England is calling for banks to check if they are compliant with excellent security practises.

History has shown us some of our biggest solutional and technological advances have come from blending existing products together forming many new products and using them in very different ways. From mining industry, we gained the steam engine and that in turn transformed transportation and consigned the barge, horse and cart to the leisure industry.  

To many institutions APIs are feared as an “Open_Sesame” access for the cybercriminal. A technology structured cyber-security environment is the best practice but it’s people who are responsible for cybercrime. Celent estimates close to 60% of frauds involve an Insider.  CERT’s 2014 report showed 37% cyber-crime involved Insiders. 

Cyber-crime comes from three distinct sources: The Joy Riders, the Sophisticated and the Organized Crime/Hostile Nations with all able to deploy state of the art powerful computers and programs. Banks need to understand whom they have employed, both permanent and contractual, and what they are doing as they could be an Insider. Phrases such as Bad Actor or Bad Agent are starting to describe what are malicious Insiders. 

The blockchain does provide provenance of any asset from day one and with five or more distributed ledgers end-points making it virtually fraud proof. The next step is to move from the many blockchain proofs of concept to industrialised solutions that become commonplace.

Blockchain with APIs allow STP (straight through processing) asset and payment movement between to and from the buyer and the seller. The blockchain assets and liabilities created need to be registered on the general ledger of the buyers and sellers. In doing so Compliance: Know Your Customer (KYC) and Anti Money Laundering (AML) and Accounts Payable process need to be involved.

Now secure, fraud resistant, compliant STP with ongoing provenance is a mouth-watering prospect. For banks, it has taken decades to reach 90% STP for payments. While that is a great improvement in automating the payments, the cost repairing the remaining 10% of the payments is the same as the cost of processing the 90%. In addition the repair of a payment can become the liability of the bank. Blockchain, APIs and cyber-security would give 100% STP from the get go.

The ultimate goal is end-to-end (E2E) cyber security. Both SWIFT and blockchain are parts of the chain. The buyers and sellers and their bank’s are part of that chain. At a minimum there should be E2E Encryption and more, Token Based Authentication of the data.

Embrace the digital yellow brick road. Unlike the ‘Lions, and tigers, and bears! lyric suggesting a fear of rumored threats, in ‘blockchain and cybercrime and APIs!’ there are real threats. The opportunities though far outweigh the threats, which can be eliminated by taking blockchain and cybercrime seriously NOW. 





Comments: (0)

Comment on this story (membership required)

Latest posts from John

Open Banking: Redefining the Private Banker

18 January 2018  |  2832 views  |  0 comments | recomends Recommends 1 TagsArtificial IntelligenceInnovationGroupOpen Banking

Open Banking: The Ageing Society and Alzheimer’s - How Banks can Help

27 November 2017  |  5245 views  |  1 comments | recomends Recommends 2 TagsRetail bankingInnovationGroupOpen Banking

Open Banking: Consent is Key

06 November 2017  |  6032 views  |  11 comments | recomends Recommends 1 TagsRisk & regulationInnovationGroupOpen Banking

Digital Transformation Adaption or Extinction

18 October 2017  |  8394 views  |  0 comments | recomends Recommends 0 TagsMobile & onlineInnovationGroupTrends in Financial Services

Open banking; who to choose

04 October 2017  |  16397 views  |  1 comments | recomends Recommends 1 TagsInnovationTransaction bankingGroupOnline Banking

John's profile

job title IVE
location London
member since 2016
Summary profile See full profile »

John's expertise

Member since 2016
23 posts8 comments
What John reads

Who's commenting on John's posts

Ketharaman Swaminathan
Kenneth Marritt
Mark Santall
Deepthi Rajan
John Lathouwers
Nabeel Patel