Can security replace trust?
Banks used to sell their customers the concept of trust – large marble banking halls and big metal vaults made people feel secure that their money was safe.
But things have changed. The large banking halls are now wine bars, replaced by high-street stores full of technology (that sometimes fails). Our “money” is now just a few bytes held on a disk in a data centre. And the Global Financial Crisis pretty much destroyed trust in the banks and the bankers as a result of some pretty poor behaviour.
So, as a bank, how do you create that trust now – or do you actually need to?
The modern day equivalent of the large metal vault is the cryptography that we use to secure the bank systems and data. The more security we use the greater the trust in the bank, right? Wrong.
For example, Chip and Pin was introduced with the concept that it was more secure for customers, and open to less fraud than signatures. Less “Trustcard” and more “secure card”. But anyone who’s had a problem with this knows that it shifted responsibility from the banks to the customers – i.e. “it’s your problem as someone must have known your pin number”.
That didn’t help create trust!
But it did highlight a problem – who is responsible? With the additional security put in place around Internet and Mobile Banking are we actually creating more “trust” in our banks, or are we shifting responsibility further from the bank to its customers? And do they realise this?
Blockchain technology is now starting to provide a new mechanism for “non repudiation” – i.e. proving that all transactions have been authorised and validated. It does this by using cryptography to “sign” the transactions you perform, as well as the history of all transactions in a “chain” of events, so that we can be confident that they occurred. Trying to go back and change something – a value in a payment or a balance – is almost unfeasible as it would impact (break) the entire chain. And you can’t join that chain unless your transaction has been validated by others.
So, if we could use this technology to validate all transactions flowing through the system do we actually need to trust the banks (and conversely, do they need to trust us)? After all, you’re not putting your faith in the bank to look after your money now, you’re putting your faith in the cryptography that protects the blockchain in which this value is stored. Could this be the security model that protects both banks and customers?
Some think so, but as a result they are asking the question “If you have this, do you need trust?”
I think this misses the point. I believe we want our banks to help us navigate life’s financial challenges and help us make good financial decisions. So long as they do that I will trust them to help me further. I am less concerned about the strength of the cryptography in their mobile banking app than I am about how they will treat me in the event that something goes wrong.
And I think this is the key – for banks, regaining trust has to be about rebuilding relationships, not just about providing stronger security. It’s a different type of trust model, married to stronger and more provable security, and I want both.
