Could blockchain technology solve the data security crisis?
First, the bad news
And it’s pretty bad. But don’t panic – there’s good news coming too.
Right now, data security is in crisis. A better word might be meltdown. What was an emerging problem only a few years ago has blown up into the greatest fear of online shoppers, and the single biggest headache for businesses.
Data breaches have become almost daily news. And some of them are truly vast.
An escalating crisis
Earlier this year, hackers stole the details of 143 million Americans from credit monitoring firm Equifax. Those details included home addresses and Social Security numbers – gold dust for identity thieves.
Of course, the biggest breach of all time (so far) puts even Equifax in the shade. In 2016, Yahoo finally admitted that all three billion of its customer records were breached when it was hacked in 2013.
It’s a problem that has been growing exponentially in recent years. In the first half of 2017 alone, almost two billion customer records were compromised, according to digital security firm Gemalto. The same article reported a 164% increase in stolen, lost or compromised records over the previous six months.
This is clearly bad news for consumers, who can lose valuable payment and identity details. It’s also extremely bad for any company that has to store its customers’ personal information.
A bill in the billions
These huge central silos of data are obvious targets for cybercriminals. But they’re also vulnerable to self-inflicted accidents. A 2017 report by insurance group Beazley found that while 34% of breaches were the result of hacking or malware, almost as many – 29% – were down to ‘unintended disclosure.’
Criminal or accidental, the risks to customer loyalty are obvious. If a merchant can’t be trusted with your credit card details, you’re much less likely to buy from them.
But can we put a number against the cost of these breaches?
A recent study by CGI and Oxford Economics aimed to do exactly that. They studied 65 companies affected by cyber security breaches since 2013, and found that such breaches permanently damaged share values. Their report estimated the total cost to those 65 company’s’ shareholders at over $50 billion. That’s an average loss of almost $770 million.
In 2016, the cost of card and identity fraud was $16 billion in the US alone. This is partly because such fraud creates additional losses beyond the money directly stolen. For every dollar US merchants lost in card fraud in 2016, they lost an additional $2.40 in chargebacks, fees and replacing merchandise.
The measures taken to stop such crime can end up costing even more. In 2015, ‘false positives’ (legitimate transactions mistakenly declined as fraud) accounted for almost $118 billion of losses in the US alone.
Again, the longer-term impact on customer loyalty is also dramatic. Almost 40% of cardholders who suffered a false positive decided to abandon that card.
Convenience vs fear
No wonder today’s consumers are caught between their delight at the convenience of e-commerce, and their fear having their payment and identity details stolen.
A 2015 survey found that the potential theft of personal data was online shoppers’ biggest concern – cited by 70% of respondents.
More shopping, more breaches
Even so, consumers aren’t about to give up the new-found joys of online shopping. In fact, worldwide e-commerce sales are projected to hit over $4 trillion by 2020.
It’s not just shopping that’s moved online, of course. These days, each of us has an average of 100+ online accounts, and that number doubles every five years. We sign up for everything from the tax office to online gaming, magazine subscriptions to celebrity gossip sites.
At this rate, by 2020 we’ll each be storing valuable personal and payment information in over 200 different places. All this while the number of breaches and hacks continues to spiral.
No wonder wrote Tim Berners-Lee, the inventor of the web itself, wrote in March 2017 that “We’ve lost control of our personal data.”
A broken model
Until recently, the only “solutions” to this escalating problem haven’t looked much like solutions at all. Barclays CEO Ashok Vaswani, for example, has acknowledged the growing “digital safety gap” between the innovations of cyber criminals and consumer security measures.
But his advice was rather basic – such as encouraging people to change passwords regularly. Even the most security-conscious consumer would surely balk at regularly updating over 100 passwords – let alone 200.
The fact is, the current model – with organisations responsible for ever-expanding databases of valuable personal records – is broken beyond repair. We don’t need a fix. We need a new model.
The good news: blockchain
At last, it’s time for the good news. Because we now have the key to unlock a new model of managing personal data. And it comes in the form of a genuinely revolutionary technology: the blockchain.
Most famously associated with the cryptocurrency Bitcoin, blockchain has potential well beyond currency exchange. Not least in the arena of online payments and data security.
Blockchain enables direct payments without the need for a central authority – and no central database of data that could be breached. Instead, it uses a ‘distributed ledger’: a record of transactions shared across millions of nodes, with each transaction verified by the users on that network.
Coupled with exceptionally powerful encryption, the distributed nature of blockchain platforms has already put them at the heart of a growing transformation in the way identity information is managed – and by whom.
The concept of “self-sovereign identity” – individuals regaining control over their data – has been gaining rapid traction. In this scenario, you control your own data. You don’t hand it all over to dozens of companies.
Instead, you can validate your identity using the blockchain, which confirms you are who you claim to be. And these days, you can do that with a fingerprint, iris scan or other biometrics. No usernames, no passwords.
In fact, it can go further than confirming your identity. Once partners like your employer or college have joined the network, they can attest to, say, your ability to afford a loan, or that you have the right degree for a job.
Payments without the fear
The next step is payments. If you can reliably and securely verify your identity using a blockchain solution, could you also use it to verify payment details, and complete a transaction?
Nuggets is an application built on exactly that premise: being able to make purchases without having to hand over your personal or payment information.
Rooted in blockchain technology, this offers the tantalizing prospect of never having to remember a username or password again, or tap your details into the hundreds of different accounts we’re all gradually accumulating. It also opens up the opportunity to purchase with cryptocurrency as easily as traditional payment methods.
A blockchain future
These solutions – self-sovereign identity, blockchain-enabled payments – might sound like something from the far future. But there are already several start-ups offering secure identity management. And the Nuggets app is set to launch in early 2018.
This is the good news. Soon, we won’t have to worry about huge, vulnerable databases of personal information – because they won’t exist. Our identity and payment information will be our own again. We will hold and control it ourselves. And we’ll only share it when, and with whom, we choose.
The potential of this technology can’t be overstated. It is, in the words of Dan Tapscott, co-author of Blockchain Revolution, the “second generation of the internet.” It all starts here.
About the Author:
Alastair Johnson is Founder and CEO of Nuggets
Alastair has spent over 25 years as an entrepreneur and innovator, almost entirely in digital innovation: taking big ideas and design through to delivery. With deep knowledge across technical, production and commercial areas, he has led global integrated product development and product marketing for brands like Microsoft, Skype, Office, Xbox, Hololens, Disney, TED and the BBC.
Other exclusive articles at Pointofsale.com