Ripple is looking to capitalise on the recent spate of successful bank heists from institutions connected to the global Swift network by introducing a multi-sign feature on its consensus ledger.
Ripple says that the recent surge in cyberattacks in Bangladesh, Vietnam and Ecuador have highlighted the vulnerabilities in cross-border transaction banking, "and particularly in the Swift network which issued these payments".
It is rumored that the Bangladesh attack involved at least one insider who helped the hackers navigate the bank’s computer system using malware. Ripple says that the introduction of distributed ledgers presents an opportunity to help banks eradicate such vulnerabilities in the future.
To this end, the company has introduced a multi-sign feature on the Ripple Consensus Ledger (RCL), allowing account holders to require signatures by more than one stakeholder to authorise their transactions. With multi-sign, the user can require signatures from other users, devices, or institutions, so a malicious actor must compromise multiple machines to send transactions on the user’s behalf.
Ripple accepts that multi-signing already exists to some extent in traditional banking. "The difference with distributed financial technology is that the rules are enforced by the RCL," it says. "This creates a better safety net so that even if banks’ internal controls break down, they’re more likely to catch fraudulent transactions."
Ripple is also planning to offer a similar multi-sign capability over its Interledger Protocol (ILP). This would enable banks to require customers’ cryptographic signatures on transactions so individual bank employees can’t transfer customer funds on their own.
"The bank heists in Bangladesh and around the world have demonstrated that the weaknesses that exist today at the periphery of payment networks are partly due to outdated single signature methods," states the firm "The new features found in distributed fintech solutions, such as multi-signing, are not available in traditional systems like Swift’s. Blockchain technology delivers a more robust and distributed security architecture for banks."
Swift has vowed to update its security procedures in the wake of the hacks, and committed funding to a new programme to enhance controls, audit frameworks and fraud detection.