Few diamond firms found it unusual when Punjab National Bank demanded 100% cash margins for issuing LOUs (letters of undertaking), which is a form of bank guarantee under which its customers can raise money from any other Indian bank's foreign branch in the form of short-term credit.
However, the firms argued that this requirement was not enforced for the LOUs they received since 2010. This raised alarms and PNB called for an investigation. They found out a few employees had been issuing fake LOUs through the SWIFT system (a messaging system between banks). Unfortunately, the software that PNB used to facilitate SWIFT didn't record its transactions. This allowed the fraud to go undetected. A month later, PNB found out that the scam cost them $1.8 billion.
We have been using centralized systems to build internet applications for a long time. Here, business logic and data lies in one or more central servers. Client applications communicate with these servers to process information. Bank employees use software, which interfaces with the bank's central system, to facilitate transactions. Another example is your bank's application: when you tap to send money, the request is sent to the bank's centralized system for processing.
What happens if that central system is compromised? What happens when someone makes a transaction and deletes its traces? How do we prevent such fraudulent activities?
To solve these problems, we need to satisfy the following requirements:
- A system shouldn't have a central point of attack
- Transactions or data in the system must be tamper-proof
These are the key concepts behind distributed ledger systems or blockchain-based systems. Technically, these concepts are known as decentralization and immutability.
