The question I aim to address in this article is whether the technology built to store and protect our consumer credit data represents a problem that will not just go away as long as our data continues to be centralized, the way it is now at companies such as Equifax. As you’ve undoubtedly read by now, millions of complete credit records were stolen recently, and primarily because they were all in the same place, centralized. And then, if decentralization is the key, is the Blockchain the perfect vehicle to power that distribution network.
First, let’s take a look at how our consumer credit data, and most data for that matter, is housed. Since the beginning of computing, data has been centralized. Often it is replicated and copied for backup and version control purposes, but generally speaking there is always a core central live database which is considered the current state of the data. This structure is usually in place for most of the data you access today, such as your email or cloud documents. This information may be stored in several sections, or separate databases, and then combined for a complete record, but aside from this standard segmentation, data lives in these central environments. All of this has sizeable digital security walls built around them, including hardware and software solutions, explicitly designed to prevent unauthorized viewers from accessing the data. These firewalls are excellent, and part of a billion-dollar industry representing great minds in engineering and computing. However, there is a flaw, and that is, if a breach does occur, all the data is still collected in one place, and thus, available to steal in one fell swoop as well. And sadly, as we are seeing, it’s not so much if, but when breaches will occur.
We have seen this many times over the past few years, with email providers, wireless carriers, and recently the credit industry, reporting that intruders broke in and stole large amounts of data all at once. In the case of Equifax, much of the essential information needed to verify an identity was obtained. It is no longer is enough for a company to ask what your previous address was, or what the color of your first car was, as it’s potentially no longer information only you know. It’s out there on a hard drive somewhere it shouldn’t be. The massive walls built around that central server had a hole poked through them, and your data was exposed. The focus should not be on making a bigger and better wall, but instead, an optimized distribution of data to void the idea of the heist in the first place. The current structure has left us all vulnerable and the systems with the most significant rewards, like credit and identity reports, are being targeted. Blockchain can solve this, and to date, is the best candidate for the job.
We all know that our credit check experience depends on us proving who we say we are. If we can’t show who we are, or others can easily assume our identity, our centralized credit score becomes worthless. Most recently, the credit industry has patched this with an additional level of ‘pin verification,’ via a ‘credit freeze’ process which in many cases, shockingly, in some states, the consumer has to pay to add and remove it, which is a focus for another article. Is the pin you create also centrally stored and vulnerable? What will we do if they are stolen as well; add a credit freeze-freeze? You see the issue here with just adding an extra level of security, but remaining centralized? It’s the central storage of the credit data, which leaves everyone vulnerable.
Ok, so what is the potential solution? I see it in three parts:
A system where the ‘keys’ to accessing the protected data are not controlled and secured by the same entity that is storing the data that is being protected. This reads a bit like a riddle, but if you think about it practically speaking, it makes no sense to have the key to your safe taped to the bottom of your safe; your key should be kept elsewhere.
Because the keys to the data are not being centrally stored, they thereby, cannot be centrally stolen. The idea or concept of stealing millions of passwords goes away because millions of passwords are never kept in the same place. Now, if those keys are not centrally stored, then where are they stored? Well, who better to store your key than you! Each person, protects themselves, by protecting their key. You would protect this the same way you would cash. To be clear, it doesn’t mean someone can’t steal your key somehow, but they can’t steal millions at once and it’s not worth a concerted effort of a team of malicious hackers to try to take one credit profile. They need loads of records for it to have any real value, so it essentially removes the threat by removing the value of the data the threat was targeting.
Finally, because the data is not centrally stored, but stored across millions of computers, including yours (the person with a credit profile) the process of verifying creditworthiness all of a sudden depends not on one central authority (like Equifax) but on hundreds of thousands of other consumers agreeing on a record being true. This means that when you check your credit for a loan, your credit is verified by everyone in the network, and when 51% or more agree on your ‘score,’ it is deemed correct. Every time you take a loan or make a loan, it goes on your record in the same distributed process.
The implications of this are immense, not just for credit security as I’ve been focusing on here, but for the millions of people in the world who have no credit at all. Imagine all the people who have ‘no credit,’ simply because they haven’t had the opportunity to build it with the three major bureaus. Over half of the credit holders in the world are in the US. There are millions of creditworthy individuals worldwide who deserve the right to borrow, repay, and establish credit as well as lend themselves. Because each of us becomes a keeper of everyone’s credit profile score, we also can become a lender, report a payment history, and in turn, establish credit score for someone else. After all, credit should be based on an individual’s capability to responsibly pay back a loan that was made to them, on time, regardless of the lender? The Blockchain has the chance to transform the security and landscape of loaning and borrowing on credit monumentally.
Once more, shouldn’t the credit system be built to protect us, the consumers, as much as it is built to protect the lenders? Now it has very little protection for consumers because the profits come from the lenders, who pay a fee each time they run a credit check. With a peer-to-peer credit system, both lender and borrower would hold a neutral position, allowing for an inherently fair system of checks and balances for both.
Now that I’ve hopefully explained the concept well - one of the teams so far that I feel are doing the best job of making this concept a reality, call their Blockchain credit solution, Celsius.
From their offices in New York City, they are gaining traction quickly, and are working to ‘open the floodgates of credit’ using a decentralized system similar to my description above, to build an ethereum-member based lending platform. They plan to launch in January, and offer individuals the chance to loan, and report payments, essentially beginning a credit revolution.