The Equifax data breach was shocking for several reasons. For many people, Equifax perfectly illustrated a major problem with personal and private data protection. An agency that exists solely to collect deeply personal credit information is found wanting. And then again, in the aftermath, the recovery site is redirected to a malicious page.
We could keep talking about Equifax all day. But at this juncture, it is time to look forward to the lessons we can learn. Better still, we can talk about the technology that will stop another Equifax-style loss of data taking place.
This article is going to examine how the blockchain and decentralization of credit scoring agencies will keep us safe.
What Is the Blockchain?
The blockchain is the technology underpinning cryptocurrencies (notable examples include Bitcoin and Ethereum). Explained extremely simply, the blockchain is a transaction ledger for digital transactions. Whenever a transaction takes place, it is stored in a block. The block is broadcast to a network that verifies the transaction, adding the block to the chain. Network verification stops the same transaction taking place twice, and stops cryptocurrency being spent twice.
The Blockgeeks illustration below offers a great visual guide to how blockchain works:
The blockchain is revolutionary. But perhaps the biggest blockchain positive will be its use in reducing fraud.
Why Credit Agencies Are No Longer Fit for Purpose
A credit agency exists solely to track financial transactions linked to an identity. They’re essentially a reputation service that other financial institutions can ask if you’re a good prospect (or not). A regular credit agency has several issues (many of which face all major data collecting institutions).
For instance, centralized databases hold an enormous amount of personally identifying data. As we have seen on numerous occasions, it is a matter of when — not if — a breach will occur. (How to freeze your credit to prevent identity theft!)
Furthermore, the U.S. identification method of choice — Social Security numbers — is tied to an extremely basic numerical sequence. Social Security numbers haven’t been genuinely secure for a long time and were never meant to be used in this manner to begin with. What’s more, it is essentially an unchangeable password bound to your name until the end of time (or death, whichever comes first).
Using a decentralized blockchain network would completely alter our relationship with private data, as well as the agencies that demand it without giving recourse to users to change it. (Everyone has a credit file, whether you’ve applied for credit or not.) Credit rating agencies do play an important role in society, but one that has gone almost unchallenged since their inception (Equifax was founded in 1899). If their only role is a valued historical financial partner, one that refuses to innovate and loses our private data in the process, isn’t it time for a change?
Decentralized Blockchain Credit Checking
Blockchain is one of the major buzzwords of 2017. Alongside cryptocurrency, Bitcoin, and ICOs, blockchain technology receives a significant amount of press. It is predominantly for the right reasons. A network that promotes transparency, is scalable and applicable to a massive range of daily institutions is a game changer. But how would a blockchain-based credit agency work?
For starters, a decentralized blockchain-based credit agency would give power back to applicants. Currently, all and any account information is scooped up with little recourse. Credit agencies see businesses as the customers. Users are just a numerical afterthought.
Users could offer express permission to use their data, or offer different forms of data to underline their applications. One example suggests using social media posts to gauge creditworthiness. Although we have seen insurance brokers attempt to leverage this type of data, usually to the detriment of the applicant.
A blockchain-based system would have greater agency over transaction history, too. As standardized data is accessible in real-time querying specific moments of a history becomes easier. Furthermore, it increases the difficulty of hiding previous credit indiscretions, such as false accounts, false data, and false identities.
Smart contracts are another option. At a basic level, a smart contract is a computer program or algorithm that facilitates or enforces a contract. The contract is stored on and validated by the blockchain. Regarding a credit agency, smart contracts can secure and enforce decentralized lending. Users can stake reputation delivered by calculating a wide range of digital accounts.
Will It Solve Every Problem?
At first glance, it looks like blockchain technology would solve a significant number of problems. But it just isn’t as simple as that. Decentralizing credit agency databases and introducing smart contracts to allow leverage in loan applications is all well and good. But in many cases, it just won’t work as advertised.
For starters, blockchain technology in its current state isn’t well suited to the vast range of personal and private identification data required for a credit agency. The top layer of data — financial transactions — would work fine. But the secondary layer of consultation and private data isn’t entirely ready to make the transition.
Furthermore, smart contracts aren’t always what people think. They sound great. After all, they’re “smart.” But they cannot do certain things, least of all hide your confidential data. Once the block containing your data is active on an open blockchain, it is accessible by anyone. Hiding data, even encrypted, in a smart contract, is (at least at this point) a difficult task. There are mechanisms in development to combat this issue, but the current best practice is simply keeping that data away from the blockchain altogether.
Balancing Data Requirements
The introduction of an open and easily accessible data register doesn’t fill everyone with joy, however. As I’ve said above, the data would be accessible on a decentralized blockchain that is verified by anyone. Meaning once data is verified as part of the chain, it is out there for anyone to see. This creates a different issue.
Many people are extremely angry at Equifax for leaking their private identifying data to an as yet unknown hacker or hackers. But if there hadn’t been a data breach, their private data theoretically remained secure, away from prying eyes. Not everyone will download an entire blockchain relating to a credit agency. But some would, especially if using an open blockchain.
Of course, this isn’t a new question of blockchain technology. It is entirely possible to build a private blockchain for the exclusive use of an organization or business. A private blockchain moves away from the core underpinnings of the technology. Instead of being open, an organization or individual tightly controls any access. Instead of allowing an entire network of individual users to verify transactions, the duty falls upon just a few.
Private blockchains will feature in daily life, soon enough. They are of particular interest to financial institutions whose customers demand privacy. A private blockchain might operate in one of two ways:
- Full Privacy: A single person, entity, or business owns and operates the blockchain. Write permissions are extremely restrictive and read permissions are limited to a certain degree.
- Consortium: A group of pre-selected users or businesses control. Data requires verification by the entire group (or a percentage) before adding to the blockchain.
So while the core idea of an individual ledger remains, open access doesn’t. As you’ll see in the next section, several organizations are working on privacy and access issues.
Credit Agencies and Social Security Numbers
It is unclear what the results of switching to a blockchain-based credit checking system would be. Blockchain technology advocates are obviously bullish on a switch. Stepping into a serious unknown is too much for others to contemplate, though. There are some businesses already making the step toward blockchain identity attestation services.
Bloom is an end-to-end protocol with a focus on risk assessment and credit scoring. It aims to offer an entire credit ecosystem as well as the opportunity for previously “unbanked” individuals to access credit. The BloomID is central to this system, allowing users to establish a “global federated identity with independent third parties who publicly vouch for their identity information and legal status.”
The Bloom system implements rating many of the alternative data sources we earlier considered, including consistent utility payments, service payments, and so on. To add further value to a credit request, users can “stake” their peers, like a form of co-signing. Borrowers intending to default don’t just hurt their BloomScore (the Bloom version of a credit score), but their friends too.
Identities are created and verified with real-world sources. The Bloom network relies on established nodes to verify user identity information. All pre-ordained nodes are open and equally verified. So while a user could apply for credit using a set of fake information, it is extremely unlikely that it would receive confirmation.
Bloom launched an ICO in November 2017 to attract investors and raise the profile of the platform.
MicroMoney aims to bring credit services to the estimated 2 billion unbanked individuals, across 100 countries. The service has trialed successfully throughout Cambodia, Myanmar, and Thailand, and is set to launch in Indonesia, Sri Lanka, and the Philippines within three months.
MicroMoney differs from Bloom in that its main goal is to connect new customers to existing financial services. In turn, new customers can connect to existing businesses, or start their own using access to new lines of credit. However, like Bloom, MicroMoney will value a user credit request with alternative data sources, including web and social network behavior, contact lists, and messaging services.
As well as this, the MicroMoney algorithm will track borrowers during the credit request forms (completed through a smartphone app to allow deeper insight into borrowers’ private habits), analyzing their decision making. Some parameters include how long the borrower takes to complete the form, how many times the salary field changes, and moments of doubt for specific fields. MicroMoney will leverage the simply enormous amount of big data available to develop detailed user profiles.
Finally, MicroMoney has developed a self-learning algorithm that leverages the Microsoft Azure Neural network to calculate risk. The more loans provided, the faster the algorithm learns, the faster risky loans reduce.
Pave is an existing alternative credit agency that focus on underwriting and lending to those with limited credit history. So far, Pave has provided funds to over 1,600 individuals with limited credit history, with a focus on younger borrowers and immigrants.
Pave has created a new global credit profile (GCP) that users can take wherever they go. In turn, users can apply for credit in any country so long as their GCP is positive. Like Bloom and MicroMoney, Pave will leverage new forms of financial data to provide users opportunity to prove their creditworthiness.
Furthermore, Pave will allow their users greater control over what institutions can access their private financial data. Users will make corrections to their financial history (through a verification process), fully monetize their existing financial data, and more. Pave has a strong focus on security and user privacy, strengthened in the days following the confirmation of the Equifax breach.
Two things have to happen.
First, a shift away from using Social Security numbers as a major form of identification. The Eastern European country of Estonia is leading the way in utilizing blockchain technology to provide secure identification for its citizens. Of course, Estonia has a population of 1.316 million — around 0.35 percent the population of the U.S. It would take time, but the benefits to U.S. citizens would be staggering.
This isn’t news. Rob Joyce, special assistant to the President and White House cybersecurity coordinator recently suggested that a new and improved system should involve technologies such as a “modern cryptographic identifier.” An Estonian ID card contains a chip that requires two PIN codes. The first authenticates the identity of the card, the second acts as a digital signature.
The second change is “simply” bringing blockchain credit opportunities to citizens and illustrating why the new technology beats out the old.
The End of Credit Agencies as We Know It?
The Equifax data breach affected almost every single American adult citizen. And even while I was writing this article, yet more information relating to the leak emerged. In the U.K., Equifax was only just beginning to send out letters by snail mail, despite the leak occurring four months previous. (Let alone the fact the majority of affected U.K. residents have no idea the company even held their data.)
But is it the end of credit agencies as we know it?
Not likely — at least, not yet. Unfortunately, the penalty for rank incompetence, a series of data breaches, and failure upon failure is… nothing. In fact, the three Equifax executives that sold huge amounts of stock before the data breach leaked were cleared of any wrongdoing, and Equifax is protected by corporate laws. The only direct penalty as yet is the huge drop in Equifax share price.
There is not a significant clamber for a blockchain alternative simply because the overwhelming majority of people don’t realize it is possible, let alone an option. Credit agency lobbyists have strong backing, too. In the days following the Equifax leak, TransUnion (another major U.S. credit agency) hired a number of new lobbyists. And those credit agencies’ major business customers — banks, mortgage lenders, marketers, and so on — remain profitable.
Until there is a significant product illustrating the benefits of switching away from the established systems, they’re here to stay.
Would you welcome a blockchain-based credit agency alternative? Do credit agencies hold too much power? How should we handle Social Security numbers in the future? Let us know your thoughts below!
Image Credit: phonlamai/Depositphotos