Digital Transactions Authoritative, insightful and timely information for payments professionals
The news is grim, and getting grimmer, for consumers, banks, and traders everywhere. The most fortified cyber fortresses are being overrun by wily hackers worldwide, ranging from lone wolves to state-sponsored data thieves motivated by misplaced playfulness, greed, or some fanatic faith in a moral imperative. Most victims are not even aware of their exposure because the quantity of cards stolen worldwide is more than the hackers can exploit.
Observers keep wondering: How come the good guys cannot do a better job? And more important: What are we looking at, strategically? Options seem to range from getting hammered more and more to restricting e-commerce with ever more burdensome shackles of dubious efficacy.
What is the road ahead? Let’s look at the big picture.
Yes, this war is unending—as the title of my recent book “The Unending CyberWar” suggests. But in my opinion the current losing trend is about to be reversed. Let me explain.
I have argued here time and again that the fundamental weakness of our payment reality today is that our vital data are duplicated in countless computer systems around the world. Your credit card information is transacted and exposed to every computer system of every merchant you ever deal with. All it takes is for one of those computer networks to spring a leak, and your data are compromised.
Once a thread of your private profile is exposed, it leads to more data exposure. In this cascading way, your financial profile is eventually exposed in its entirety, with the bad guys always attacking the most vulnerable system. Furthermore, a small list of your daily transactions will readily betray your socio-economic status. That’s how the affluent attract special attention.
So how will things change? Retrenching.
We are going to remove the fundamental vulnerability where breaking into one merchant’s system causes a cascading effect amounting to a massive and total breach of financial security. Instead, we will have a single data fortress to defend, and the hackers will have no recourse but to meet us on our chosen battleground.
How are we going to do that? By doing away with the accounts-transfer paradigm in favor of making payments by passing a digital string that represents the money transfer.
Accounts will become obsolete. That’s a good thing, because accounts represent vulnerability. You buy something for a dollar, but expose your account that holds $1,000. A modern cryptographic trend known as “zero knowledge” claims that transactions should bear only the absolutely necessary information, nothing more. There is no need for the merchant to know his customer’s account reference. He only needs to know that the bit string can turn into money in his pocket.
Such assurance may be provided by a hierarchy of authentication nodes where only the root contains the information needed for a hacker to abuse the system. This new transaction paradigm will draw hackers to the root node, where we, the security team, will be ready for them.
The new paradigm will apply not only to data in motion, but also to status banking. Today, once a hacker breaks in to any financial system, he can, by gaining administrator privileges, easily change the amount of money recorded in any given account. If he does this smartly, the change will escape the bank’s integrity checks.
But tomorrow, money will be cryptographically packaged with owner ID, purpose, and other use parameters. If stolen, the package will self destruct. Hackers will not be able to invent money without having compromised the root node, which is where the battle will rage. Just as Bonnie and Clyde had to steal actual dollars, so will it be for the future hacker. By comparison, today’s hacker can mint money by simply changing the figures in the accounts he breaks into.
In other words, the strategic direction for cyber defense is to use zero-knowledge cryptography in new, robust, and efficient ways so that hackers will have to attack the central cryptographic dispenser system—the root node, the mint.
I don’t offer the illusion that hackers will never violate any central system. But this strategic shift will drain the marshes, the flood of vulnerabilities in merchant networks, and draw the bad guys into our chosen arena. This arena will be well-defined and limited, and will be a place where we may focus our fire power and score a strategic victory.
Gideon Samid • Gideon@AGSgo.com
