Banks + Blockchain = Financial Superpowers!

I think it’s time to talk about blockchain technology in banking. Can the financial system that powers our society be improved with blockchain technology? What are the fundamental flaws of banking right now?

Let’s start with a brief overview of what are banks.

Banks are institutions that were born because there was a huge need to store valuable assets. I imagine that back in history law enforcement was not as advanced and strong as now, so it would have been a big risk to keep any significant amount of gold at home under the mattress. Thanks to banks, all the families and individuals of the society could store their wealth in a secure place, have peace of mind, and focus on doing what they wanted instead of being paranoid and guarding the home 24/7.

What happened right after is that the bank owners started to realize that they were sitting on a very large amount of gold, so they came up with lending strategies that would allow them to grow that reserve of gold even more.

The people depositing the gold there sooner or later figured out what the bankers were doing, so they rightfully asked for a slice of the reward too. This is why still nowadays banks pay back interest on what customers deposit.

Remember that I’m not a banking expert, the world of banking is complicated due to many legalities and rules, so I will keep things conceptually broad. Maybe somebody more expert can pitch in the comments and spark some cool discussion! We’ll see…

So now that we know what banks fundamentally do, let’s travel back from the past times to the present ones, where gold is no longer used, where money is not tied directly to a precious material and where currency is also moved digitally.

What happened during all this time? Well, banks evolved from that initial concept of gold storage, and became modern institutions that manage all of the aspects of an individual’s financial life.

Everything fine until here, right? So where do I want to get? I want to get to a fundamental problem, which is HOW modern banks manage to perform all of their duties.

Most people will not see anything wrong with HOW banks operate, they are happy that their cash is safe, that their wire transfer will get to their relatives abroad, and that they have an app on the phone that will allow them to do cool stuff.

As a software engineer and also as a cybersecurity-aware person, I do see many many wrong things. Let me explain them by making a strong use case of blockchain in banking. I will not only point out the flaws, but I will also suggest why it would be right to implement a blockchain-based solution.

Too many third parties!!!

The simplest operation we can all think of is transferring money, and yes, banks will allow you to transfer money from individual A in country X to individual B in country Y. It works, nothing wrong with that, but there are some invisible flaws.

The main flaw is that there are just too many third parties in between, the transfer needs to be communicated to different agencies, companies, institutions, and every one of these entities need to agree before continuing with the whole process. This cycle then needs to be repeated for millions of transactions, over and over.

There is a problem in terms of efficiency, a problem in terms of transparency and another one in terms of security, let’s start with the efficiency problem.

Efficiency

So we are examining the fact that banks have too many third parties involved with their operations, let’s talk here about the efficiency aspect of this.

You need to give a valuable USB memory key to your friend, what would you do?

OPTION A – Give it to your parents, which will give it to your school’s janitor, which will pass it to the school’s dean, which will give it to another janitor, which will give it to your friend’s parents, which will ultimately give it to your friend. This will take a couple of days.

OPTION B – Meet up with your friend and give it to him the same day.

I would do B, but banks will in some way choose to do A when sending your money. This is not because they are stupid or evil, but because over the last decades it has been the only way to accomplish that task consistently.

Literally the only way to get currency from country A to country B has always been to rely on a series of entities in between that will make sure the money gets sent and cleared correctly as it moves toward the receiver.

Even when you swipe your card for a payment at the grocery store more than thirty organizations enter in action to coordinate your transaction.

So I am blaming this whole process, yes! Because it is 2018! Not 1980!

From the perspective of an engineer living in 2018, I can tell that most of the bank’s processes are inefficient! lots of time is wasted in order to perform tasks that computers would be able to automate in an error-proof way.

Here’s another reason why I think having third parties in banking processes is inefficient. If you ever took hardcore science classes in university, you will know that at the most fundamental level adding a step into any process introduces some degree of accidental error. Add more and more intermediate steps and the error compounds, resulting in significant losses in terms of time or other resources.

Security

Here’s the my favorite part of this discussion: exposing the dangers of having too many third parties involved.

Remember the USB key example? Remember that the memory stick has some valuable data in it?

Option A involved the delivery of the USB key through a series of people, over a course of a relatively longer period of time compared to option B. We talked previously about the efficiency of this process, let’s now analyze the security of these two options.

Option A is obviously least secure model, anybody can inspect your flash drive content by plugging it into their own computer’s USB ports, they can potentially copy the contents, save them, delete a few parts, or even implant dangerous malware or spyware into it. You will absolutely have no way to tell if something like this will happen to the USB key.

Option B is the most secure model, you give your key directly to the recipient and you feel the peace of mind. Nothing can happen to that device since it’s been the whole time under your direct control.

Same exact thing in the banking world, one of the intermediaries can be a corrupted entity and can tamper the records, install stealth malware etc etc.

Even in a perfect case where the intermediaries are 100% honest, you still have the risk of having these same intermediaries being hacked and manipulated unknowingly by skilled attackers. How do I know this? Google it yourself! Cybersecurity research papers and conference videos freely available on the web provide tons of information and case studies on financial companies that were silently compromised, and stayed compromised even for YEARS.

At the end of the day, it does not matter if the vulnerability was in the database software of intermediary company A or in the login system of intermediary agency B. What matters is that attacks are happening now as I’m typing this, and there are not enough resources to defend companies from all of the threats. Remember, it is much more difficult to protect a whole perimeter, than attacking it, becaus the attacker just needs to find one flaw and exploit it.

Now that I raised some dust, maybe even exaggerating a tiny bit, let’s think of a solution!

Here is the solution! Cut the damn middle entities! This way the attack surface is reduced to a minimum, and you can focus your cybersecurity budget more efficiently on a smaller, more defendable space.

How do you cut the middle entities? By using state of the art cryptography and new developments in peer-to-peer networking protocols. Yes, I’m talking about blockchain, the distributed ledger that will move value between parties directly, guaranteeing higher security compared to the traditional systems.

How technically this would be implemented is out of the scope of this article, and I hope to be writing about a single more-targeted use case more deeply soon.

Transparency

Banks nowadays definitely lack some degree of transparency with their customers, but most importantly with nations and public institutions.

Why? Because the financial data and the transactions are all stored in centralized databases, therefore they are hidden behind thick walls of concrete. This means that nobody except the company administration knows what is happening in there, and it also means that official regulatory and auditing entities need to spend copious amount of time and resources to contact the company directly in order to get access to these datasets.

We cannot have a 100% decentralized system yet because most of the blockchain-related technologies are at their infancy, but we can definitely start to decentralize some of the less privacy-sensitive data of financial systems, and slowly improve the technological infrastructure around.

Putting parts of data in a decentralized ledger would allow a degree of financial transparency that was never seen before.

Lastly, I think transparency became a “lifestyle” choice. Remember that a long time ago it was cool for people to fill up all their profile info on social media? Adding all of their interests, favorite movies, answering quizzes about musical tastes etc. But nowadays everybody is so much aware of their privacy, what they share, therefore they want to see proofs of what happens online.

In 2018 people definitely feel insecure online without proper transparency mechanisms in place.

Final toughts

So am I saying that the banking world is a total disaster? Absolutely not! We are all able to do amazing things like sending money abroad, checking our balance at any moment, and most importantly sleep with peace of mind, knowing that nobody can steal our money easily.

Since I don’t want to conclude the article talking about only what’s bad, I want to dedicate a few words on the good aspects of banking and banks.

What I want to especially underline is that banks are still guaranteeing the degree of safety that cryptocurrency are not able to provide yet. To illustrate with an example, imagine that tomorrow you become suddenly victim of a cyberattack, and the thieves withdraw your savings away from your bank account. High chances are that the very next day the bank security department is already working on the case and will provide support during the whole process.

Imagine now the same situation, but with cryptocurrencies. You check your funds and they are at zero, no trace of the thief, no “official” company to contact, nobody holding a database of the balances/accounts that can help you find proof of theft. Basically it’s like they stole from you a suitcase full of cash, nothing to do besides hiring a shady bounty hunter, which is… not exactly something that the average Joe would do.

So banks are not inherently bad, but unfortunately, as I underlined along the whole article, they are often using outdated processes and technological systems. Things that worked amazingly twenty years ago do not perform as well now in 2018, and given the modern cyberattack vectors available today, this is also not a stable security model to follow, as we discussed earlier.

Since I kept pointing the finger at banking institutions, now I need to be diplomatic and offer some advice and encouragement. In my opinion banks need to invest more and more into the R&D of new technologies. Banks do have a lot of money, therefore they can afford to pay for the best talent in the industry, and build many teams that together will collaborate and build cutting-edge prototypes. These prototypes will then become the future models of banking.

Questions? Objections? Anything cool to add? Leave a comment below and I’ll let you know what I think! Thanks for reading!

I got inspired to write this article after I read David Hamilton’s “Why Blockchain Technology is the Answer to the World’s Banking System Woes“, which was published at coincentral.com , a cool and very frequently updated website with tons of crypto/blockchain related news.