Blockchain is not a silver bullet for fraud prevention

Hailed as a tamper-proof public ledger, blockchain is a welcome weapon in the fight against fraud, but it is not the panacea some believe it to be

When new technological solutions emerge they are often hailed as a panacea for all things, including fraud. Is blockchain a silver bullet for preventing fraud? No. But it’s a welcome addition to the arsenal of fraud prevention and a significant step towards squeezing out the fraudsters.

Eric Wall, cryptocurrency blockchain lead at technology company Cinnober, is dismissive of the hype. He says: “Everyone with blockchain knowledge agrees that, in reality, blockchains are specific solutions for a specific problem. The idea it’s a silver bullet is spread in the media and by people new to the technology.”

Because blockchain is a decentralised shared ledger and resistant to tampering, it certainly offers some robustness to transactions. Verified users can store, view and share digital information in a security-rich environment. This helps to foster trust, accountability and transparency in transactions, all important aspects of commercial relationships, and can be applied to financial transactions, identity management and the supply chain.

It is used in maintaining asset registers for shares, property, smart contracts, and other titles to ownership and documentation, all making such fraud more difficult. However, it should not be forgotten that technology is equally an enabler of fraud.

The rising cost of fraud and identity theft

According to the 2017 Identity Fraud Study by Javelin Strategy & Research, identity theft and fraud is costing consumers $16 billion a year and 15.4 million people were victims. American Express is investigating ways in which blockchain can be used to safeguard user identities, as well as helping merchants securely process transactions.

Tereasa Kastel, American Express vice president technology, says the company is examining several avenues for blockchain. She says: “Being in the financial industry, we have to be somewhat conservative on what legal and regulatory requirements there are, but on the other hand, what I would say is that what it empowers an individual user to do in terms of controlling their identity, and have that identity be immutable, is something you can’t pass by, despite what the regulatory controls might be at this time.”

Specific industries and services are particularly vulnerable to fraud. The National Health Care Anti-Fraud Association conservatively estimates healthcare fraud to cost the United States about $68 billion annually, representing 3 per cent of total $2.26 trillion US healthcare spending.

On the global stage, foreign aid is rife with corruption, and funds intended to help people on the ground finds its way into the hands of corrupt officials and  militia groups. John J. Sullivan, US deputy secretary of state, addressing last year’s Blockchain Forum in Washington, explained: “Two major challenges in foreign assistance that blockchain technology could address are, first, corruption, fraud or misappropriation of funds and, second, inefficiencies within the aid delivery process itself.”

Blockchain is powerful, but not infallible

Don Tapscott, chief executive of the Tapscott Group and co-author of Blockchain Revolution, says: “That’s why it’s called blockchain, and that block is linked to the previous block and the previous block, ergo, chain. This blockchain is running across countless computers. I would have to commit fraud in the light of the most powerful computing resource in the world, not just for that ten-minute block, but for the entire history of commerce, on a distributed platform - this is not practically feasible.”

However, we should be careful not to hype it up too much. Blockchain can increase the efficiency of transaction processing and reduce fraud, but it doesn’t entirely prevent it and risk officers would be unwise to ignore its limitations.

I would have to commit fraud in the light of the most powerful computing resource in the world - this is not practically feasible

Mr Wall highlights high-performance environments such as financial trading, where the speed of transactions can mean the difference between massive profits and even bigger losses. Blockchain is inherently slow in the validation process. He says: “It can only see an order and process it; what it can’t understand is the trading context and see if fraud is involved.”

Initial coin offerings (ICOs) are another good example of limitations. Last year, JPMorgan Chase chief executive Jamie Dimon attacked bitcoin claiming cryptocurrency is a fraud and a mania reminiscent of the tulip bulb craze in the 17th century. If the prospectus is based on a tissue of lies, then the ICO blockchain will simply validate the integrity of a fallacy. Mr Wall adds: “In ICOs, blockchain can become the facilitator of a fraud.

Blockchain can only be as safe - or as fraudulent - as the humans behind it

People commit fraud, not the technology, and the art of fraud is getting into and out of the system. Succeed in that and the rest is the system doing its normal job. If an employee or person with authority to act can find a way into the transaction, then it is difficult to monitor.

Mr Wall says: “Any information processing system that has bad input provides bad output. The blockchain can only be aware of the inputs, not the reality. The blockchain will track it as valid data, so if you have the authority to input bad data, then the blockchain will validate the bad data. You still have a dependency on the real world, trusted sources of data and authorisation. If you corrupt that then you corrupt the process.”

Unlocking the full potential of blockchain technology will need governments to work as a facilitator, by providing an enabling environment to interested players. There is a need to develop uniform standards, assess infrastructure requirements, deal with security concerns, raise stakeholder awareness and build trust within the financial ecosystem as a whole. This should be done in partnership with risk managers, enforcement agencies and others tackling fraud.

However, greed, speculation and fraud are not financial mechanisms; they are behaviours and, as long as we have human behaviour, we will have fraud.

Point of entry

The UK’s National Fraud Intelligence Bureau (NFIB) defines fraud as happening “when trickery is used to gain a dishonest advantage, which is often financial, over another person”.

There are numerous forms of fraud, the most prevalent being Ponzi-schemes, pyramid schemes, identity fraud, mortgage and lending fraud, phishing, card fraud, skimming, counterfeit cards, advance fee scams, fund transfer scams, fake prizes, inheritance scams, false wills and legacies, and international lottery fraud. The more we digitise, the more we can record, track and detect patterns in such frauds.

What these frauds have in common is behaviour. The NFIB notes there are many words used to describe fraud: scam, con, swindle, extortion, sham, double-cross, hoax, cheat, ploy, ruse, hoodwink, confidence trick. These have been around since the beginning of the human race, as they are all behaviours rather than the specific means of perpetrating fraud.

Technology has enhanced the means and made fraud more global, but the key focus becomes the point of entry. If employees do not protect passwords or individuals give out identify information, then the fraudsters can use these as points of entry. Technology then simply automates the folly.

Blockchain’s appeal is that all transactions take place on a public ledger; no individual or group of individuals can tamper with financial data and there is complete transparency. According to the Certified Public Accountant Journal: “Blockchain can effectively prevent one or several individuals in collusion from overriding controls, or illicitly changing or deleting official accounting records.” However, this doesn’t address the point of entry problem or bad data at origin. Blockchain is part of an anti-fraud ecosystem, which includes various new technologies such as biometrics, tougher regulatory regimes for customer identification, such as know-your-customer rules, anti-money laundering regulations and data protection laws, aimed at defending fraudsters’ potential point of entry.