Fighting Fraud using NFTs for Identity in Credit Unions
Credit Unions are under constant threat of fraud. According to the Association of Certified Fraud Examiners, financial institutions lose around 5% of annual revenues to fraudulent activity. Among the most common attacks is through identity theft, either through phishing attacks or password theft. But how can credit unions protect their members against fraud? One of the most effective methods in practice today is with Multi-Factor Authentication, which involves using more than two factors to achieve authentication.
One authentication factor that can be used for MFA is through the use of Non-Fungible Tokens, or NFTs. An NFT is a completely unique token that is minted on a blockchain and stored in a cryptocurrency wallet that is secured with a private key or a password that is only known by the owner. In addition to being completely unique, the blockchain that the NFT is stored on is immutable, meaning that it cannot be changed once an NFT is created.
What this means is that a credit union could provide their members with a unique NFT that is stored on a blockchain at the time their account is established once "Know Your Customer" (KYC) processes have been completed. The NFT could then be used as an additional factor of authentication for digital banking applications. The token (NFT) also has the added value that it can be used as a factor for authentication at other institutions rather than only at the credit union where the identity was established.
Due to the nature of the blockchain, it is easy for regulators to audit. Whether the chain is public or private, government auditors could leverage the platform by auditing directly against the standardized NFT contract, providing incredible cost savings in the automation of accounting processes.
So let's take a look at how the process could work!
The Process
- Account Establishment and KYC Validation
- Minting the Identity NFT
- Validating NFT Ownership
- Auditing and Governance
Account Establishment and KYC Verification
In the United States, when the member first establishes their account with their Credit Union, they need to provide forms of identification that are run through a process called "Know Your Customer" or KYC. This process is used so that the US Government can identify who is holding accounts in United States Banks and trace details about every transaction.
The Credit Union then stores the KYC documents in an appropriate data store which can be audited by federal regulators as needed. If all is successful, the new member's account is created with the Credit Union. At this point, the member's identity has been established within the organization.
Minting the Identity NFT
When the member's identity has been established the member is given access to digital banking platform, which can be a suite of applications for access to banking services.
In order to technologically accomplish this, a mobile or browser based application could be integrated with an Ethereum Virtual Machine (EVM) compatible wallet. There are many third party wallet integrations available. One of the most commonly used crypto wallets is called Metamask, ia browser extension used by millions of people to interface with EVM blockchains. Alone, the wallet integration can be linked to the identity of the member, and only the member knows the secret key that provides access to the crypto wallet.
When the member chooses to turn on NFT authentication, they will go through a process of using the Metamask wallet integration to "mint" the NFT on an Ethereum compatible blockchain. At this time the minted NFT is the official property of the member. They store the NFT in their wallet and it can then be used to identify the member, tying the wallet and the NFT records to the identity information from the KYC process.
At this stage, the member has their own cryptocurrency wallet and it is integrated with the digital banking platform in order to provide an application for managing their NFT details. And the authentication workflows can be integrated with the wallet for use in validating the NFT as an identity factor. The NFT ID can also be stored in the Digital Banking App's relational database to link the NFT to the member's identity information.
Validating NFT Ownership
In the news people have associated the term NFT with an image, or piece of art that can be traded on the blockchain. This has indeed been one of the most popular use cases for NFTs. However, a better metaphor to explain an NFT is that it is much like a title of ownership, like the title for a car, or a property deed, except stored on a blockchain. NFTs are truly owned by the member in this case. They alone have access to transfer ownership or to execute certain functions against the contract.
The NFT contract is already a well defined through the ERC-721 Non Fungible Token Standard. In order to verify the member owns the NFT, the digital banking platform will interface with the member's wallet integration and use web3 JavaScript or other code to execute the following function against the contract to determine ownership.
function ownerOf(uint256 _tokenId) external view returns (address);
Using the above function call against the Ethereum or EVM compatible smart contract, the stored NFT token ID can be used to determine whether the user is the owner of the NFT. Once that validation has been determined, this factor is considered to be authenticated.
Auditing and Governance
Whether the blockchain network used is Ethererum, or a level-2 EVM blockchain, it will be important for the network to be a public one. This is for two reasons. Firstly, and perhaps most importantly, this means that more people will adopt the technology. The second is that government institutions and auditors can access the data without asking the Credit Union, and can more easily trace the wallet accounts.
This technology can open the door to greater visibility of transactions as money flows through the system. It provides the opportunity for regulators and auditors to automate many accounting systems, reducing the cost of maintaining the monetary system.
In addition to using the token in fraud prevention, the NFT can be used to provide special rights to certain areas of an application, or special features services or deals. Using an NFT as access control is a way that a member can be given very specific access for assets or that only they control.
Next Steps
As of this writing, this technology has gotten to the point where all of these features are possible using today's technology. However, the technology is still not quite ready. The Ethereum network can be costly in terms of fees due to scalability issues. However as Ethereum transitions to Proof of Stake, the scalability of the platform will improve significantly, allowing for transactions to be resolved for a lower cost. There are new technologies emerging now, typically referred to as "Layer 2" technologies that use the Ethereum network as a settlement layer, and allowing for much more affordable transaction costs.
As costs decrease and more people adopt cryptocurrency technology, it will become imperative for traditional financial institutions to integrate with crypto. As Gen Z begins to onboard into the financial system, they will already be well acquainted with crypto and will expect to see it used with anything related to money.
Projects like this are still early, but can provide a way for Credit Unions to safely explore the cryptocurrency space as an investment that can potentially reduce fraud and return an ROI.
References
Recent Articles
We create solutions using APIs and AI to advance financial security in the world. If you need help in your organization, contact us!
