Please Support SilentVector:

Tuesday, July 21, 2015

Bitcoin: A Solution to the Financial Data Breach Debacle



Financial Data Breach Statistics


Since 2005 there have been at least 5,377 high-profile data breaches, totaling 786,098,214 (financial, medical, corporate, and intellectual property) records stolen.(1)  The monetary impact these breaches has cost governments, companies, and consumers is widely approximated and can never completely be known.  Some large companies that have been breached within recent years are Target, Citibank, Heartland, Bank of New York Mellon, Countrywide Financial, T.J. Maxx, and CardSystems Solutions.  There are hundreds, if not thousands of more breaches; the ones listed are only the ones that have been formally identified and reported.  This article addresses financial records, specifically.

The costs of these heists are passed directly to the consumer by proxy payments of higher insurance premiums, expensive encryption algorithms (that often aren't applied at all), security hardware, and software.  The monetary second and third order effects of these initial costs are also inflated by the costs of training financial employees to use encryption software (which lowers overall productivity in time lost encrypting and decrypting customer information databases), and familiarization of IT employees with proper implementation and protocols associated with new security hardware and software.

Regardless of whether a company experiences a financial breach in security or not, the costs incurred just trying to keep up with the computer security arms race to keep financial data secure, costs consumers.

Maintaining Your Financial Information Costs Money

The United States military uses sophisticated, time-based, "rotating key" encryption algorithms to secure even the most benign communications.  These methods are effective, because as a code-breaker gains enough information about the encryption and "pools of relevant data" to attempt to break the algorithm, the time-based protocols will modify the electronic keys before it is computationally possible to exploit the communications they protect.

The personal information you transmit during any electronic financial transaction already presents an attacker with "pools of relevant data" that cuts their work into smaller pieces.  For example, the majority of credit card numbers are 16 digits, are accompanied by a four digit expiration date, a 3 digit CVV/CVC, and are always paired with your first and last name and your billing address.


Image from deltecsolutions.com

This makes databases of your financial data some of the most lucrative electronic targets on the planet, simply because so much personal information is stored in one place.  Quite often, it sits on computer hardware whose security settings are factory defaulted (and easily searchable on Google).  It is often situated in poorly protected areas of corporate infrastructure.  It is also either shoddily encrypted or not encrypted at all to save productivity overhead time spent encrypting and decrypting portions of the database.

When a system breach and data purge occurs, there are corporate protections in place to compensate immediate victims and mitigate damage control.  What is not usually taken into account, are the financial hardships of the consumer when their identity is stolen.  The process of rebuilding mistakes on a credit score and recouping lost savings does not favor the individual consumer.  Often, companies will issue free subscriptions to identity theft protection services, which are themselves vulnerable to electronic attack.

Bitcoin and the Blockchain

Bitcoin was released in 2009 by Satoshi Nakamoto.  Bitcoin is a decentralized form of currency that operates outside of the industry standard "pool of relevant data" vulnerabilities I mentioned earlier.  It does not require a bank account, a credit card number, or your personal information to be transmitted along with financial transactions.

Bitcoin derives its value from the continued development of an encryption technology called the Blockchain.  The Blockchain is a complete record of all encrypted financial transactions that have ever occurred through the Bitcoin financial network.  Each Bitcoin transaction relies on a mathematical derivative (called a "hash") of every transaction that has occurred through the Blockchain, ever.

Each time a transaction is fed into the Blockchain, it is independently verified (by Bitcoin mining computers) against the entire history of the Blockchain.  Each time the individual transaction is verified, a new "hash" is encoded into the Blockchain.  When enough Bitcoin mining computers reach a consensus, or "verify" the transaction, it is permanently recorded into the Blockchain to be used in future transactions.  A new, temporary "CryptoAccount Key" is issued to the user's Bitcoin "wallet" as the old one is encoded in the Blockchain (although, permanent CryptoAccount Keys can be used as merchant accounts).

Bitcoin Miners use specialized computers to process these transactions back through the Blockchain, usually for a "miner fee" of 0.0001 Bitcoins (BTC).  Using the BTC to $USD exchange rates, that equates to approximately 25 to 30 cents.


Image from cryptocoinsnews.com

The incredible utility of this system is derived from the mathematical elegance of its "rotating-key" Blockchain technology.  It is essentially a military-grade method of encrypting financial transactions that is essentially free for the public to use.  Personally, I am more than happy to pay a quarter of one dollar to instantaneously order products from my favorite companies without the fear of my financial data being siphoned off by an electronic criminal.  Any malicious attempt to modify transaction data or inject nefarious code into the Blockchain is immediately purged, because the customer to vendor "end to end encryption" cannot be verified against the copy of the Blockchain that is kept on all Bitcoin mining computers.  

Get With the Times, Crypto-Currency Is the Future

According to Judd Bagley, CEO of overstock.com, Bitcoin users are between the ages of 18 and 34 years old.(2)  If we examine that demographic from outside the lens of crypto-currency users, these are the prime ages of American citizens attending colleges as computer science, software, and hardware engineering majors.

As a computer scientist attending school myself, I would rather not work in the financial sector of a company that has had any history of being breached.  These incidents are bad for the reputation of any company I may be employed by: my overall job security suffers, the amount of income I make while working for one of these companies is lessened any time their security is breached.  If I work as an electronic security manager when one of these companies is breached, my personal reputation suffers.

Like the person that insists on writing a check in line during peak hours at the grocery store, the continued use of non-secure financial technologies is becoming culturally annoying.  There needs to be a push from computer scientists working in all financial sectors to broaden the understanding of Blockchain technologies and crypto-currencies in general.  While others feel content to pay insurance premiums for financial institutions through service fees (on accounts and at ATM's), I feel quite comfortable paying 25 cents per use when I make purchases with my Bitcoin wallet.

References:

For more information on Bitcoin and Blockchain technologies, visit: https://en.wikipedia.org/wiki/Bitcoin

The author uses Mycelium Bitcoin Wallet, which I have found to be secure and user-friendly: https://mycelium.com









No comments:

Post a Comment