In a time, long past, when we went to a bank to deposit or withdraw money, we had a passbook where a bank teller or post master would write, by hand, the date and amount of the transaction, the updated balance, and enter his or her initials.
We also wrote checks to make payments, and the bank would send us back the cancelled check for our records. All this was done on paper and it served us well for validating payments and transactions. Paper was considered to be durable media since the consumer could prove that he had made a transaction by showing the paper receipt. However, this process was very manual, time consuming, expensive and did not scale.
Now most transactions and payments are electronic, and we trust the banks and payment gateways to keep the electronic documents related to the payments, safe and secure and unaltered. However, lately we have become more critical of the trust we place in the durability of electronic media. The aim of durable media is to protect the customer by ensuring that the medium used does not allow firms to unilaterally modify information given to customers. How can we be assured that the holder of our electronic records has not modified, deleted, or disclosed it to non-authorized third parties?
In 2015, Verein für Konsumenteninformation, an Austrian consumer association, brought action against an Austrian e-banking, company BAWAG, contending that the bank was not complying with the requirement in the EU Payment Services Directive (PSD) to provide information on a durable medium. BAWAG was providing information through the internal mailbox of its internet e-banking system which the consumer association contended was not durable in the sense that it could be electronically altered by the bank.
On the first instance and on the first appeal, the association won. This sent shivers through the financial community, since reverting back to the old forms of durable media, mainly paper, would have been very expensive and would have sent payments back into the dark ages.
The bank appealed to the Austrian Supreme court, who stayed the proceedings and referred this to the Court of justice of the European Union (CJEU). The CJEU ruled that: “ information transmitted by a bank to its e-banking customer’s mailboxes on its website had been provided on a durable media only if the website allowed the customer to store the information so they could access and reproduce it unchanged for an adequate period without the bank being able to unilaterally change it, and if the bank drew the customers’ attention to the existence of the information if they had to consult the website to acquire it.”
The significance of this ruling was that a financial services’ secure messaging system could amount to a durable media. The financial services industry breathed a sigh of relief. However, the financial services industry must now “prove” what is “secure” in terms of durable media which cannot be electronically modified or erased. The Court defined durable media as "functional equivalent to paper”, which purposely left it open to interpretation so as not to preclude any new technology.
In other words, something else that had the functionality of paper was needed to insure, that data in the e-banking mailbox could not be altered or deleted. That something else was not prescribed and so banks and other financial institutions would have to present their solutions to the regulators and see if they had any objections. If there were no objections, the solutions could be assumed to be compliant.
I blogged about this in 2016 when these discussions took place and recommended the use of our object storage platform, Hitachi Content Platform as a durable media solution. Hitachi’s Object store, HCP, creates a hash of an object (file) when it is ingested into the store. This hash is checked again when the object is retrieved to prove that nothing has changed since it was first ingested. The hash provides immutability which is the requirement for “durable Media”. Updates to an object are entered as a new version of the original object and the object is encrypted for privacy. (this is also a protection against ransomware, since an attempt to re-encrypt the data would be recorded as another version and would not disturb the original record) The data is duplicated to insure availability. This object store could be connected to email, web, and file servers via Veritas enterprise vault or directly through an SMTP, File, or HTTPs interfaces. The file or object can also be accessible on mobile devices with HCP AnyWhere.
In addition to immutability, HCP data can be encrypted to ensure privacy. All information stored in an HCP system is “write once, read many” (WORM). When WORM mode is activated, data written to the repository cannot be modified, and thus is immune to ransomware attacks. Depending on the configuration of the namespace in which the data resides, deletion of data from the namespace may be allowed. The software includes layers of security, including physical, network, tenant, administration and data access. Other security features include use of certificates, data-in-flight encryption (DIFE), IP whitelisting and blacklisting, data-at- rest encryption (DARE) and regular security scans. The system enforces multitenancy and namespace isolation to create virtual object stores that maintain separation between applications, users, data and storage. HCP is a proven object storage solution since its introduction in 2007. In addition to durability, HCP provides additional security, privacy , and availability capabilities.
At the time when I posted the blog in 2016, I recommended that in order to verify, that HCP meets the requirement for “durable Medium”, one would have to submit this to the EU. That has been done now by a number of banks in Europe and this solution has been accepted by the EU regulators and is in production. One of Poland’s largest banks, Santander Bank in Poland, needed a compliance solution that would meet requirements for providing client information on a durable medium and integrate seamlessly with their e-banking portal. With Hitachi’s durable medium solution, they were able to:
- Get up and running in less than a month
- Migrate the data of 1.2 million customers in one month
- Gain immediate savings through operational efficiencies and the elimination of postal and delivery costs
Banks are investigating other options. Due to the hype around blockchains, one startup is proposing a blockchain implementation. Blockchain has the ability to permanently and immutably store data. However, this would be an expensive approach which will have to be proven before it can accepted for durability. Blockchain is a distributed, public, ledger which requires a robust network with a widely distributed grid of nodes doing intensive hash calculations. Blockchains are expensive since many nodes have to process the same transaction in order to gain consensus. As an example a blockchain technology like Ethereum costs about .035 ETH (Ether) per kb. At today's price for an ETH at $308 that comes to about $10.78 per kb. The proposed blockchain solution for Durability would store the record as an encrypted PDF in the Blockchain transaction.There is also the question about scalability since Ethereum is one of the higher performance blockchains and only does about 15 transactions a second compared to 47,000 for Visa. The hashing algorithms also have a limitation in size, which limits the number of transactions that can be stored in a blockchain system. That raises another question about long term retention across technology families.
The benefits of a blockchain solution is largely gained by eliminating the middlemen associated with a central ledger, for instance in the case of funds transfers, funds can be sent directly between the parties involved without having to go through the cost and delays of a bank or payment gateway. However, if you are not eliminating any middlemen, the ROI, may not be there.
A blockchain implementation for durable media for use by financial institutions will also have to provide other security, privacy, and availability requirements. For instance, there is another regulation, GDPR, which requires the right to be forgotten. The right to be forgotten requires the destruction of data, and once your record is entered in a blockchain, deletion is not a possibility.
HCP provides a proven and economical way to not only solve the durable media problem, but other security, privacy, availability, and long term retention challenges. If you are facing the durability challenge, please investigate the use of HCP, calculate the ROI and compare it to other solutions before you proceed..