Fighting Fraud using NFTs for Identity in Credit Unions

Author: Shane Larson

Credit Unions are under constant threat of fraud. According to the Association of Certified Fraud Examiners, financial institutions lose around 5% of annual revenues to fraudulent activity. One solution is to use NFTs for MultiFactor Authentication. An NFT is a completely unique token that is minted on a blockchain and stored in a cryptocurrency wallet.

Credit Unions are under constant threat of fraud. According to the Association of Certified Fraud Examiners, financial institutions lose around 5% of annual revenues to fraudulent activity. Among the most common attacks is through identity theft, either through phishing attacks or password theft. But how can credit unions protect their members against fraud? One of the most effective methods in practice today is with Multi-Factor Authentication, which involves using more than two factors to achieve authentication.

One authentication factor that can be used for MFA is through the use of Non-Fungible Tokens, or NFTs. An NFT is a completely unique token that is minted on a blockchain and stored in a cryptocurrency wallet that is secured with a private key or a password that is only known by the owner. In addition to being completely unique, the blockchain that the NFT is stored on is immutable, meaning that it cannot be changed once an NFT is created.

Credit Union Identity NFT System

What this means is that a credit union could provide their members with a unique NFT that is stored on a blockchain at the time their account is established once "Know Your Customer" (KYC) processes have been completed. The NFT could then be used as an additional factor of authentication for digital banking applications. The token (NFT) also has the added value that it can be used as a factor for authentication at other institutions rather than only at the credit union where the identity was established.

Due to the nature of the blockchain, it is easy for regulators to audit. Whether the chain is public or private, government auditors could leverage the platform by auditing directly against the standardized NFT contract, providing incredible cost savings in the automation of accounting processes.

So let's take a look at how the process could work!

The Process

  • Account Establishment and KYC Validation
  • Minting the Identity NFT
  • Validating NFT Ownership
  • Auditing and Governance

Account Establishment and KYC Verification

In the United States, when the member first establishes their account with their Credit Union, they need to provide forms of identification that are run through a process called "Know Your Customer" or KYC. This process is used so that the US Government can identify who is holding accounts in United States Banks and trace details about every transaction.

The Credit Union then stores the KYC documents in an appropriate data store which can be audited by federal regulators as needed. If all is successful, the new member's account is created with the Credit Union. At this point, the member's identity has been established within the organization.

KYC Verification Simplified

Minting the Identity NFT

When the member's identity has been established the member is given access to digital banking platform, which can be a suite of applications for access to banking services.

Minting the Identity NFT

In order to technologically accomplish this, a mobile or browser based application could be integrated with an Ethereum Virtual Machine (EVM) compatible wallet. There are many third party wallet integrations available. One of the most commonly used crypto wallets is called Metamask, ia browser extension used by millions of people to interface with EVM blockchains. Alone, the wallet integration can be linked to the identity of the member, and only the member knows the secret key that provides access to the crypto wallet.

Metamask Example Wallet

When the member chooses to turn on NFT authentication, they will go through a process of using the Metamask wallet integration to "mint" the NFT on an Ethereum compatible blockchain. At this time the minted NFT is the official property of the member. They store the NFT in their wallet and it can then be used to identify the member, tying the wallet and the NFT records to the identity information from the KYC process.

At this stage, the member has their own cryptocurrency wallet and it is integrated with the digital banking platform in order to provide an application for managing their NFT details. And the authentication workflows can be integrated with the wallet for use in validating the NFT as an identity factor. The NFT ID can also be stored in the Digital Banking App's relational database to link the NFT to the member's identity information.

Validating NFT Ownership

In the news people have associated the term NFT with an image, or piece of art that can be traded on the blockchain. This has indeed been one of the most popular use cases for NFTs. However, a better metaphor to explain an NFT is that it is much like a title of ownership, like the title for a car, or a property deed, except stored on a blockchain. NFTs are truly owned by the member in this case. They alone have access to transfer ownership or to execute certain functions against the contract.

Verifying NFT Ownership

The NFT contract is already a well defined through the ERC-721 Non Fungible Token Standard. In order to verify the member owns the NFT, the digital banking platform will interface with the member's wallet integration and use web3 JavaScript or other code to execute the following function against the contract to determine ownership.

function ownerOf(uint256 _tokenId) external view returns (address);

Using the above function call against the Ethereum or EVM compatible smart contract, the stored NFT token ID can be used to determine whether the user is the owner of the NFT. Once that validation has been determined, this factor is considered to be authenticated.

Auditing and Governance

Whether the blockchain network used is Ethererum, or a level-2 EVM blockchain, it will be important for the network to be a public one. This is for two reasons. Firstly, and perhaps most importantly, this means that more people will adopt the technology. The second is that government institutions and auditors can access the data without asking the Credit Union, and can more easily trace the wallet accounts.

Auditing NFTs

This technology can open the door to greater visibility of transactions as money flows through the system. It provides the opportunity for regulators and auditors to automate many accounting systems, reducing the cost of maintaining the monetary system.

In addition to using the token in fraud prevention, the NFT can be used to provide special rights to certain areas of an application, or special features services or deals. Using an NFT as access control is a way that a member can be given very specific access for assets or that only they control.

Next Steps

As of this writing, this technology has gotten to the point where all of these features are possible using today's technology. However, the technology is still not quite ready. The Ethereum network can be costly in terms of fees due to scalability issues. However as Ethereum transitions to Proof of Stake, the scalability of the platform will improve significantly, allowing for transactions to be resolved for a lower cost. There are new technologies emerging now, typically referred to as "Layer 2" technologies that use the Ethereum network as a settlement layer, and allowing for much more affordable transaction costs.

As costs decrease and more people adopt cryptocurrency technology, it will become imperative for traditional financial institutions to integrate with crypto. As Gen Z begins to onboard into the financial system, they will already be well acquainted with crypto and will expect to see it used with anything related to money.

Projects like this are still early, but can provide a way for Credit Unions to safely explore the cryptocurrency space as an investment that can potentially reduce fraud and return an ROI.

References

Impact of fraud on banking

NFT ERC-721 Smart Contract Specification

Impact of blockchain on the credit union industry

Recent Articles

Shane Larson

Software Engineer - Solutions Architect

Builder of Tiny Cabins in Alaska


I'm a software engineer with years of professional experience in NodeJS, Solidity, React, C#, Python, JavaScript, Postgres, SQL Server, MongoDb.

My current focus is in the areas of Microservices, API Frameworks, Cloud Native Architecture, Robotics, and DevOps.

I work as a Solutions Architect in the financial industry.

I also build tiny cabins in Alaska.


Author of Building Microservices with NodeJs

Packt Publishing

Microservices enable us to develop software in small pieces that work together but can be developed separately, one of the reasons why enterprises have started embracing them. For the past few years, Node.js has emerged as a strong candidate for developing these microservices because of its ability to increase developers' productivity and applications performance. This video is an end-to-end course on how to dismantle your monolith applications and embrace the microservice architecture.

Powered by Contentful