A recent survey by Feedzai, the world’s leading cloud-based financial crime management platform, has released its latest quarterly financial crime report. The report analyzes the trends in financial crime and consumer spending of more than 1.5 billion global transactions from April to July this year.

According to the data, eighteen months after the first outbreak of the pandemic, there was a 146% increase in P2P payments, a 44% decrease in cash transactions and a 109% increase in online transactions, almost doubling or increasing the number of cards in hand personal transactions. As a result, financial criminals have also shifted their targets online. The number of online card fraud attempts rose by 23% during this period.

It is more urgent than ever to find safe solutions. Blockchain technology seems to offer the much-acclaimed light at the end of the tunnel. But even so, it is not unbreakable. We spoke to Vadim Kulik, CTO of VTB Bank and Russia’s second largest retail bank, to find out more.

Blockchain is becoming the solution for digital payments. How will this affect mainstream centralized providers?

Blockchain has several undeniable advantages. For example, tokens on the distributed platform are an excellent technology for storing and instantly transferring digital values. Without exception, all centralized mainstream providers are studying or are already using blockchain platforms in their innovative solutions. On the other hand, distributed registries technology enables a close look at current business processes and increases their efficiency, speed and transaction security. We cannot ignore the opportunities that modern technology offers or we will simply be left behind by aspiring players.

How secure is blockchain and what are its weak points?

Here it is better to compare classic information systems and decentralized systems based on a distributed registration platform. The security of blockchain solutions is embedded in their architecture. For example, to hack the classic central information system of an organization, it is sufficient to gain access to the server. For a decentralized system, access must take place through at least 30% – 50% of the nodes of the system, depending on which consensus the blockchain is using.

An attacker who has gained access to the node, or the owner of the node himself, can adjust the information in his favor – for example cancel the transaction, but thanks to the consensus mechanism, these changes are ignored and do not come into play on the blockchain. The more decentralized the system, the more secure it is.

The second factor in blockchain security is that all transactions are only carried out with an account holder’s digital signature. In this case, the owner’s signature is verified directly within the blockchain. On the other hand, the insecure storage or use of a private key can be a weak point, not for the entire system, but for the individual. If your private key is compromised, the account holder could lose their digital assets. In most known cases, the weak point is the smart contract code and the cause of asset loss. One of the most famous attacks in Ethereum in 2016 used a vulnerability in the DAO smart contract; Several million dollars were withdrawn from the smart contract that managed the assets.

What guarantees are there currently that client assets can be protected when they use blockchain?

The customer can lose their assets if they lose access to their personal account key or if their key is compromised and the assets are withdrawn. In the case of cryptocurrencies, this loss will usually be irreplaceable if the blockchain community does not agree to cancel withdrawal transactions, as was the case with the DAO project in Ethereum, but this was an exceptional case.

Most banks are interested in a specific type of digital asset; regulated assets that meet regulatory requirements and are held on the bank’s balance sheet. In this case, the bank can return assets to their owner while locking the account the owner lost access to or following the withdrawal chain to lock the attacker’s account. Our bank pursues this approach with its solutions on the distributed ledger platform. The bank’s customer does not lose their digital assets that they have entrusted to the digital platform of the bank and its partners.

How can blockchain ensure more security?

Security in blockchain technology is no different from approaches to ensuring the security of information systems and always requires an integrated approach, starting with the network architecture. Unlike public blockchains, enterprise-level platforms use an approach where access is restricted to trusted nodes, and those trusted parties are responsible for transmitting new verified transactions to the rest of the network. The responsibility for providing access to these nodes via secure channels and for deciding when and for whom the group of trustworthy persons is expanded lies with the operator of the blockchain system.

An important security problem is the secure storage and use of private keys. The best and most proven solution is to use HSM, the gold standard for the payments industry.

An audit of the source code of smart contracts should play a special role in security measures. To increase security, it is possible to store cryptographic proof of ownership in the blockchain instead of information about the assets themselves, so that the nature of the asset is not revealed.

Are there better, decentralized alternatives to blockchain?

Thanks to its various useful properties, including immutability, reliability, programmability, and instant P2P value transfer, blockchain allows you to create a new trusted environment for storing, transferring and sharing assets. Transaction records can be stored in one system, rather than in each individual system of the organization, and this information can be trusted by all participants. New protocols are emerging, for example Avalanche, which promises the performance of classic systems, and interoperable protocols that combine individual blockchains with their value into a single global network. There is no decentralized alternative to DLT technology.

What trends will emerge in this area in 2022?

Dozens of central banks are currently investigating CDBCs, and the Russian central bank plans to launch a pilot project “Digital Ruble” in 2021-22. VTB Bank is one of the banks that will start testing the digital ruble platform. We expect the digital ruble to help companies innovate, reduce payment costs, and make it easier for citizens to access financial services. In 2022 we expect the introduction of digital asset platforms into industrial mode.

About Vadim Kulik: As CTO and Vice President and Chairman of the Board of Directors (approved by the Central Bank of the Russian Federation on October 29, 2019), JSC VTB Bank, Kulik is responsible for managing the day-to-day operations of the bank and the structural subdivisions within the borders his authority.


Please enter your comment!
Please enter your name here