Jonas Lundqvist, CEO at Haidrun, explores how private blockchain technology is helping to fight fraud in the supply chain by delivering trust and confidence using cryptographic security, a shared source of the truth and tamper-evident transaction history
Private blockchain technology can help to deliver trust and confidence using cryptographic security.
Every enterprise has a supply chain. They can’t exist without them and effective management of the supply chain is at the heart of any successful business. Controlling the flow of data and funds related to suppliers and partners for components, parts, raw materials, work in progress and finished goods from the point of origin to the point of consumption has always been a complex procedure. Global events have made this even more challenging and with the increasing risk of cyber attacks, counterfeiting and the drive for sustainability, it is no wonder that supply chain fraud poses a bigger threat to organisations now than ever before.
Supply chain fraud affects organisations of all sizes in all industries and can occur at any step in a supply chain and routinely including bribes offered during supplier selection and forged cheques for financing to fraudulent payments and guarantees. However, a growing and more challenging trend is the corruption in supply chain data. It is a significant management challenge that can take a wide variety of forms including manipulation of provenance data, item quantity and payments information, as well as the introduction of fake and counterfeit goods into the system.
Identifying such compromises in the process is obscured by the lack of consistency and integration across today’s broad spectrum of technologies supporting the links in the chain: from legacy analogue comms through to cutting edge integrated digital systems. People and processes connect in a combination of ways from non-secure, low-tech phone calls, emails, apps and even faxes to advanced technologies such as IoT-enabled devices, artificial intelligence (AI) and machine learning (ML). This lack of uniformity and security across the modes of communication creates risk exposure in areas such as authenticity, payments and reporting.
Fraud scenarios in the ‘Buy Now, Pay Later’ ecosystem
Shahnawaz Backer, principal security advisor at F5 Labs, discusses how fraud scenarios can occur in the ‘Buy Now, Pay Later’ (BNPL) ecosystem. Read here
How to implement blockchain in the supply chain
Supply chains are created by the linkage of parts, products, services, individuals, departments and companies. With all these variables in play, a further challenge to effective supply chain management lies in identifying how to streamline, unify and secure the flow of data. One way this can be done is through the implementation of a private blockchain platform to provide full end-to-end digital connectivity across the entire supply chain ecosystem. One of the inherent features of blockchain technology is the security of the data. Blockchain is a digital transaction ledger, which records transactions as a growing list of blocks shared across multiple computers, which are linked using cryptography that cannot be altered, cheated or hacked without everyone knowing about it. It is a distributed database that can efficiently record transactions between parties in the chain, in a verifiable and permanent way. Simply put, blockchains permit trust to be intrinsically embedded into the supply chain process.
Blockchain technology can also eliminate suspicious and duplicate transactions by securely and chronologically logging and time-stamping each transaction. Once verified using an advanced consensus algorithm and then cryptographically sealed into data blocks, the transaction is immutable and tamper-evident to everyone on the network.
The first public blockchains were originally associated with cryptocurrencies, but increasingly, the fundamental concept to manage any transaction digitally is disrupting sectors from financial markets, telecoms and insurance to the distribution of humanitarian aid, and even the way we vote in elections.
How does private blockchain work in supply chain
Blockchains come in three flavours – public, hybrid and private, which is also referred to as an enterprise blockchain. While anyone can join and participate in a public blockchain, a private or enterprise blockchain empowers the business rather than any individual employees and allows a single authority or organisation to ultimately retain control. This makes it more attractive for enterprise applications such as supply chain management where it’s important to have a single, time-stamped, open and transparent version of the truth.
Private blockchain platforms are particularly suited to supply chain management because they provide traceability, transparency, real-time logistics tracking, electronic funds transfer and smart contract management. Processes including negotiations support and procurement can also be connected via blockchain to build trust and confidence with new suppliers, partners and colleagues.
While private blockchains adhere to the original principles of blockchain and offer all the distributed benefits, they also retain some of the characteristics of more centralised, controlled networks. This improves greater privacy and eliminates many of the illicit activities often associated with public blockchains and cryptocurrencies. No one can enter this type of ‘permissioned’ network without proper authentication, making it ideal where it does not suit an enterprise to allow every participant full access to the entire contents of the database.
How the future of business could be built on blockchain
Antoni Trenchev, co-founder and managing partner of Nexo, discusses how the future of business could be built on blockchain. Read here
Cyber attacks on supply chains are on the rise with no signs of stopping
In a recent report published by The European Union Cybersecurity Agency (ENISA) it precited a four-fold increase in supply chain attacks in the last six months of 2021. The ENISA-sponsored study Threat Landscape for Supply Chain Attacks, found that older frameworks used to defend against supply chain attacks no longer provide adequate security and that organisations must find new means of securing against supply chain threats.
In 62% of analysed attacks, cyber criminals exploited supplier trust to reach critical access points and 20% of supply chain attacks targeted data. In the SolarWinds supply chain attack of late 2020, it is reported that as many as 18,000 organisations were affected. Meanwhile, in July 2021 Kaseya, which provides software for Managed Service Providers (MSPs), was exploited by REvil ransomware gang to infect over 1,000 customers with ransomware. The group demanded a ransom of $70 million to provide decryption keys for all affected customers.
Supply chain fraud continues to be a growing threat but not one that organisations must fall victim to. When it comes to safeguarding a company’s sensitive information, using private blockchain supply chains not only offers a secure solution but can demonstrate provenance with full accountability even via external audits.
Private blockchain supply chains provide a higher degree of regulation, determined and set by the administrators in line with industry regulatory codes. Importantly, private blockchains do not need to use cryptocurrencies or native tokens for the network. Any association with cryptocurrencies, good or bad, is not part of the private solution. All of this means minimal resources and participants are required to run the private blockchain, resulting in reduced costs on a far more predictable scale. As the frequency and consequences of supply chain fraud increase, it is imperative that all supply chains realise the seriousness of this threat and take the appropriate steps to mitigate the risks involved.