Three key use cases could dramatically improve rewards programs, user authentication, and supply-chain management.
Blockchain is a changing business model for the banking industry, supporting the sharing of value between and among multiple companies to their mutual benefit. While the industry may be enamored of developments on the cryptocurrency front, we believe the real opportunity for payments lies in the application of blockchain technology to other types of shared value.
Blockchain technology is a digital, distributed transaction ledger protected with cryptography and only shared by the network’s members. Combining shared databases and cryptography, blockchain technology allows multiple parties to have simultaneous access to constantly updated content that cannot be altered.
Our prediction is that the early rollout of blockchain for financial institutions will focus on back-office functionality associated with payments and will not be dollar dominated. The underpinnings of blockchain technology provide a solid foundation for several aspects of the mobile channel.
There are three use cases primed for testing blockchain in the mobile channel. Ranging from simple to more complex, they include: (1) rewards programs; (2) identity management; and (3) device management. Here are some thoughts about how this might work from a practical application perspective.
Rewards programs are a no-brainer, basically using blockchain to support the transparency and traceability of transactions. The distributed ledger enables merchants to tie rewards to a specific product and then to track the success of the promotional program using audit trails and other accounting mechanisms.
In May, American Express Co. announced the launch of a Membership Rewards program using blockchain technology in this manner. Customers sign up to earn the rewards via an app or online site. Perhaps the biggest benefit is that the technology allows the merchant to track valuable customer behavioral data.
Another model for rewards programs is to use blockchain such that all participants contribute to an independent database, thereby serving multiple constituencies. The governance structure of the blockchain determines who gets access to that database.
For identity management in the mobile channel, blockchain and distributed ledger support user authentication by preserving the sovereign identity of information. The user creates a public certificate, using private/public key infrastructure to prove his identity. User or device tokens are verified against a shared ledger, thereby validating that the user or device is authentic. Users can add and verify the blocks of information. No personal data is shared in the process.
Identity management may be easy enough to implement but raises some issues about the predisposition of issuers (e.g., financial institutions) to relinquish control of information on their customers. It is likely that the first applications of blockchain in the mobile channel will materialize in closed-loop environments where the issuer and the acquirer are the same entity, or in private blockchains.
Device management is a big gap for issuers in support of online customer on-boarding. Here, blockchain could be used to track the life cycle of the mobile device. The Payment Card Industry Data Security Standard (PCI DSS) includes a provision for this type of estate management to ensure that device tracking and chain of custody—from procurement through key provisioning—remains immutable. Transaction activity in the card-reader mechanism can also be put into a blockchain, recording every in-app purchase transaction and wallet interaction.
In fact, supply-chain management of this sort lends itself beautifully to blockchain technology. Some industry experts forecast that, eventually, device authentication will be tied inextricably to user authentication.
Apple Inc. has been in discussions with Goldman Sachs Group Inc. on the issuance of a new credit card with the Apple Pay brand. While the details are still unfolding, this event may provide some foreshadowing of the use of blockchain for device management. Apple issues its phones, inserting cryptographic secrets into them. Each phone becomes a unique token, which uses symmetric encryption to verify it. Goldman Sachs will likely play the role of white labeling value storage in this scenario.
Blockchain technology can help to protect against cyber attacks and ID theft, and to streamline the Know Your Customer (KYC) process. It pushes authenticated information to the mobile app and acts as a trusted authority, like a bank or credit union. The customer controls how much data is shared with each transaction, and ideally should be able to monitor and verify the use of his identity in real time.
A Question of Control
In many respects, the mobile channel is still in its infancy. Pilot programs for mobile provide unique opportunities to test these blockchain use cases. Industry specialists can help organizations develop a blockchain strategy, including use cases, architecture, and testing and implementation of these applications, to ensure a successful outcome.
Philosophically, blockchain changes the center of control among payment stakeholders. In the traditional payments world, control resides with the owner of the database of stored assets. Private or permission-based blockchain changes the rules. Here, control resides with the entity that is responsible not only for the governance of the public and private keys, but also for the policy that determines access to participate in building the blockchain.
This is the model that is likely to emerge in the financial-services industry. However, this is anathema to the banking industry, where one trusted authority, the bank, wants to control all information about its customers.
Notwithstanding these challenges, the payment industry must begin testing. It must continue to learn about the myriad applications that can be further secured by this innovative technology.
—Maria Arminio is president and chief executive at Avenue B Consulting, Redondo Beach, Calif. Reach her at firstname.lastname@example.org. Bo Berg is a digital-transformation and blockchain expert. Reach him at email@example.com.