Out-Law News | 03 Jun 2015 | 1:05 pm | 4 min. read
Financial services sector head John Salmon and the Pinsent Masons financial services sector team bring you insight and analysis on what really matters in the world of financial services.
Trust and identity are essential aspects of digital life that most people do not want to spend a lot of time talking about. But amongst those charged with moving digital forward in financial services, there is growing recognition that they are key to making digital work.
Until now no single digital customer identity and related transaction verification tool has been embraced in a way that would enable customers to deal effectively with financial services organisations without reliance on offline verification processes. Blockchain technology looms as a possible answer to this trust problem.
There are still some questions that need to be addressed before its use can become a practical reality.
The use of blockchain technology in financial services could be extensive, and we will return to it in future blogs.
Blockchain is best known as the technology behind bitcoin. But it can also more broadly be described as a public ledger solution with storage capacity that is secured by cryptography and a system of algorithmic problem-solving.
So what does that really mean? It means it can be used to provide a publicly verifiable record of transactions, as a blockchain system places trust in the robustness of the technology itself rather than in any third party organisation.
While the intricacies of how the technology works are not easy to understand, even just a general understanding of its potential is generating considerable excitement for many reasons, one of which is that it could be used to replace many of the roles that trusted third parties currently undertake in financial services.
Blockchain in the context of payments
Take for example, the infrastructure and roles that underpin secure payment systems. From a customer perspective, payment systems exist largely to ensure that layers of efficiency and trust are added when transactions are made, particularly when they are made at a distance. Rules for apportioning liability for the essential payment activities – initiating, processing, clearing and settling transactions – give customers comfort that errors and ultimately unauthorised transactions will not result in uncertain amounts of losses for them.
But from the perspective of finance institutions the picture looks very different. Payment systems require costly infrastructure to be developed and maintained and they require detailed regulatory protocols and rules to be put in place. Even so, disputes over transactions are rarely clear-cut.
As the financial services ombudsman office has recently said, redress is often provided on the basis of "what is most likely to have happened" rather than evidence of what took place where a claim that a transaction was unauthorised has been made.
A lack of trust in payment systems means that third party organisations are required to take on liability when something goes wrong. Finance institutions largely take on this role at a substantial cost.
With the Payment Services Directive II (PSD2) reaching the political agreement stage at EU level, these costs are set to increase. PSD2 will require that finance institutions to expand their trusted third party liability role to cover errors and unauthorised transactions connected to a customer's decision to allow providers of innovative payment initiation and account information aggregation services access to their accounts.
There is therefore good reason for finance institutions to understand alternative payment system models that could decrease the importance of their role as carriers of liability for unauthorised transactions. As a paper published by the European Payments Council suggests, if the claims are true, blockchain technology could give banks a competitive advantage if embraced quickly.
Some questions remain
There are, though, a number of unanswered questions about the true effectiveness of blockchain technology. Security is often raised as the first, but actually it is one of the least important.
The theory is that blockchain technology is secure because it would not be practical for any organisation to use computing resources in a way that would undermine it and enable the manipulation of transactions. In other words, the security of a blockchain is not absolute.
This issue may not be as serious as it may seem if the relative security of blockchain technology is compared to that of existing payment systems. None of the security protocols which govern card transfers, SWIFT and other payment systems offer guaranteed protection.
A bigger issue could be the dependence on the technology of third parties to validate transactions. As the technology requires computation to take place for blocks to be validated and transactions to be recorded on the ledger, someone needs to do the validating.
In theory, validation could take place by anyone who has the tools and know-how to do it. But in reality, or at least in the experience of its use as the technology underpinning bitcoin, validation has largely taken place through centralised groups that control collective computing resources.
Centralisation of an essential component of how the technology works raises two important concerns – vulnerability to bias and to the need for incentivisation. In relation to bias, a centralised validating body could prevent or delay the inclusion of transactions on the ledger in a way that raises similar arguments to those regulators are now having about net neutrality. Is it fair to give a centralised non-governmental body the power to decide which transactions should be validated first or within particular timescales?
In relation to incentivisation this is where decoupling blockchain from bitcoin may become problematic. The bitcoin system rewards participants that use computing resources to validate transactions by paying them in bitcoins. It seems that any blockchain technology would require similar incentivisation – which may translate into transaction fees.
These are both points that regulators will have to consider in much closer detail.