Creating a Blueprint for Blockchain in BankingIDRBT Lists Measures to Ensure Privacy and Security
The Indian Institute for Development and Research in Banking Technology is reportedly working with the Indian government, banks and industry players to create an interoperable blockchain platform designed to improve security in the financial services sector.
And in blueprint released this week, IDRBT describes a broad roadmap for adoption of the new technology in various business and organizational functions, along with common protocols to ensure interoperability among different entities, because there are no regulatory guidelines in place for adoption of blockchain by financial institutions in India.
The institute is advising CISOs to ensure proper end-to-end security is in place and has outlined privacy practices, including encryption, to be followed to ensure a smooth implementation of blockchain.
Meanwhile, Information Security Media Group has learned that "Bankchain" - a consortium of 30 banks to establish proof of concept application of blockchain - has launched a one-month pilot program called Trade Chain.
"Trade Chain is a trade finance blockchain," says Rohas Nagpal, chief blockchain architect at Primechain Technologies. "All use cases of trade finance are handled by major banks in India under this program. It has just got started and will run the pilot for a month before formally launching it."
Prasanna Lohar, head of IT at DCB Bank, says blockchain can play an important role in the fight against fraud.
"Blockchain helps in traceability of a financial transaction, if needed," he says. "This will automatically reduce banking fraud. Under the current system, when money is transferred between banks and payment gateways there are multiple servers involved, which [leads to the possibility of a] man-in-the-middle kind of attack. With blockchain, this problem will be solved. There will be a single source of data to store events, ownership and activities, and there will be no use of separate system and databases. This will have less manual intervention and less fraud."
Under blockchain - the distributed, decentralized public ledger now used to support cryptocurrencies - whatever data is entered gets pushed across all nodes and hence is visible to all. To ensure privacy, the IDRBT recommends that data is encrypted.
"Sensitive details may need to be encrypted in such a way that only respective parties would be able to decode the details," says Dr. A.S. Ramasastri, director at IDRBT. "If a single node is keeping records of multiple entities, there needs to be clear separation between these records to ensure that an entity (including super-user of the node) can never see unencrypted records of another entity."
Furthermore, IDRBT recommends that to help ensure end-to-end security, entities invoking a particular transaction must be checked to make sure they are authenticated to use the network and authorized to make that particular transaction.
"To secure data transmission, all network links through which the message passes need to use encryption, like TLS [transport Layer Security]," the report states.
IDRBT also recommends the use of IT guidelines, such as ISO 27000. "This would cover encryption of data at rest and segregation of duties between various roles within the data center," Ramasastri says.
The report also describes the design architecture, governance and technologies that will help in successful deployment of blockchain-based services.
Interoperability of Blockchain
Interoperability of different blockchain platforms is not well established, the blueprint notes.
"One option to realize such a business network for different groups of businesses is to set up subnetworks with their respective platforms, standards and technology," Ramasastri says. "These subnetworks may communicate with each using a potential future algorithm for interoperability between blockchain networks."
Ramasastri also notes: "Such an approach cannot create a true ecosystems effect. Stakeholders like corporates have to hook to different blockchain networks depending on which party they are transacting with. Small institutions may not have deep pockets to invest in multiple platforms. Common infrastructure and technology is a far superior approach."
Among the blockchain frameworks now available are Multichain, Hyperledger Sawtooth, Hyperledger Fabric and Ethereum.
"Different banks have different blockchain frameworks, and currently there is no way banks can transact seamlessly," Nagpal says. "Therefore, IDRBT's move is a welcome step, which will encourage the use of blockchain for different functions.
"The aim is to look at a future where a blockchain solution can run on multiple platforms. That is what Trade Chain is doing."
The Union government has been encouraging the development of an indigenous blockchain architecture apparently to help improve cybersecurity.
Many states also are considering using blockchain technology.
For example, the Andhra Pradesh government is conducting trials. The state is working with startups, such as Snapper Technologies and SimplyFy, to implement blockchain across administrative processes, according to news reports.
Earlier in 2018, Swiss startup WISEKey collaborated with the government of Andhra Pradesh to explore blockchain proofs of concept. The state has already implemented blockchain pilot projects in the departments of land records and transport.