Payments in Traditional Banking
We all make payments or transfer funds within the country or internationally. These functions are carried out by banks or similar financial intermediaries. i explained in one of my previous blogs (Week 2) how payments or fund transfers are carried out by banks. Let us refresh our memory with the below diagram :
Let us go a little deeper into this payment between "Sender" and "Beneficiary". A funds transfer or payment is initiated when a sender gives instruction to his / her bank to make payment of a particular amount to the recipient's bank account. This instruction can be given :
- Through a cheque (Does anyone do that anymore??)
- Through online banking via browser
- By using an app of the bank
- By using an app of a financial intermediary which is connected to the banks in your area or country
There are three stages in a payment transaction :
- Transaction Initiation
- Transaction Verification & Authorization
- Transaction Execution
Transaction Initiation
Transaction initiation happens
When the sender enters the recipient details with the amount in a cheque and signs it as proof of authorization to the bank to carry out the transfer or
When the sender logs in to the app or online banking with his / her password and initiates the transaction.
We all know online banking happens "online" on the bank's website. Websites are hosted on servers. The base layer of the internet consists of protocols which connects millions of these servers so that they are "online". Now, to access these protocols, we as clients accessing the web and the servers need something that can "talk" the same language as the protocol. That "something" is what we call the web browser. The name of the protocol is called HTTP (Hyper Text Transfer Protocol). You can read more about Hyper Text Transfer Protocol here.
In online banking, we access the bank server using a browser. The web browser "talks" to the bank server using "requests" initiated from the browser which goes like :
Browser request : "Hey Bank Server, the client has input the user name and password, can you check whether this username and password are genuine?"
The above request goes to the Bank's server which communicates to the database where the input username and password are checked against that maintained in the database (Note : The password is not saved as is, but a hash of the password is saved).
Server response : "The username exists and the password is correct"
The browser sees this response and then the client is able to access their accounts to carry out the transaction.
So, for initiating a transaction, the sender signs on a cheque or uses a password to login to their accounts which provides irrefutable proof that it was the sender who initiated the transaction.
Transaction Verification & Authorization
Transaction verification & authorization happens
In the case of a cheque, the relevant bank staff checks the signature, account details and the instructions provided by the customer. The signature is checked with the one in the bank's records to ensure they match. Signing the instruction makes the same non-repudiable meaning the customer cannot deny having provided the instruction. The transaction is then authorized by a senior staff in the system.
In the case of online banking, logging into the account using a password and then authorizing the payment is the same as signing a physical cheque. Here the password is key to ensure the customer actually gave the payment instructions. The authorization is done through automated processes like sending an OTP to the authorized phone number.
Transaction Execution
Transaction execution happens when the sender's account gets debited and the funds move out from the sender's account to the recipient bank account. If this is done through a cheque, a transaction debiting the sender account and crediting the recipient bank account will be passed within the same bank if the recipient maintains an account in the same bank. If the accounts are maintained in different banks, the credit will go to an intermediary (Like Central Bank for local transfers and nostro accounts for international transfers - e.g., JP Morgan for USD, HSBC for GBP etc). This all happens within the core banking system of the banks.
How does this happen when the transaction is initiated online or through an app? The online banking application or the phone app interacts with the core banking application of the bank through a series of messages which prove that the sender in fact logged in to the application or app and then the transactions get executed in the core banking system where the customer ledgers are maintained. The verification and authorization of the transaction is done in the system without manual intervention. The entries remain the same as above.
The below diagram summarizes the same :
How does the funds reach the recipient account? The funds move out from the sender's bank by a debit to the intermediary account and its received through a credit into the intermediary account maintained with the Beneficiary bank. Further entry is passed debiting the intermediary account and crediting the beneficiary account in the Beneficiary Bank books.
In the Intermediary's books, the bank where the sender maintains their account is debited and the bank where the recipient maintain their account is credited.
This is how the ledger accounts look on passing these entries (Refer Week 5 for further explanations):
Transaction in a Blockchain
Now, let us explore how a transaction or funds transfer goes through in a blockchain. Now, the "funds" that we refer here it the underlying cryptocurrency. Let us take the example where "Sender" wants to transfer cryptocurrency (E.g., Bitcoin) to "Beneficiary". Here also, the three steps described above takes place but very differently.
Before we deep dive into the actual transaction, we need understand some new paradigms which we introduced in my earlier blogs but will explain in more detail now. Let us divide our discussion into :
a. Wallets
b. Public & Private Keys
c. Addresses
d. Digital Signature
Wallets
Bitcoin is the native token of Bitcoin blockchain. Now, to transfer bitcoin, "Sender" needs to access the Bitcoin blockchain just like in online banking, we access the bank servers through the internet via a browser. In blockchain world, this is done via something known as a wallet.
As per wikipedia, a simple cryptocurrency wallet is defined as below:
A simple cryptocurrency wallet contains pairs of public and private keys
Just like the browser serves as a primary user interface for connecting to the internet, a wallet is a user interface for connecting to any blockchain. A wallet
a. Controls access to a user's cryptocurrency
b. Manages keys and addresses (These are explained in detail below!)
c. Sign transactions
d. Tracks balances of cryptocurrency
There are different classifications of wallets. Eg., Hot & Cold Wallets, Deterministic & Non-deterministic wallets (To be described later!!)
Public & Private keys
In one of my earlier blogs, I mentioned about asymmetric cryptography where a paired public and private key system is used. The public key is derived from the private key and hence is related to each other.
Now, to get back to our analogy of online banking, we have a bank account and we have a password to access that bank account. In a wallet, the bank account is a public key which can be shared with anyone and the password is the private key which only the owner can know. The below diagram makes it simpler to understand :
So a wallet is something that stores public and private keys. These keys in a user's wallet is independent of the blockchain network and is managed in the wallet independently of the blockchain network.
The public key is generated from the private key using complicated mathematical formulas which are one-way functions, meaning a public key can be generated from a private key but the private key cannot be re-engineered back from public key. This makes it "cryptographically" secure.
Addresses
An address (E.g., bitcoin address) is a random combination of digits and numbers that can be shared for the purpose of receiving funds like a beneficiary in traditional banking. Just like a public key is derived from a private key using complicated mathematical functions, an address is derived from a public key using hash functions which are one - way, meaning we cannot arrive at the public key from the address. The below diagram makes it more clear
Digital Signatures
As per wikipedia,
*A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature, where the prerequisites are satisfied, gives the recipient very strong reason to believe that
a. the message was created by a known sender (AUTHENTICITY), and
b. that the message was not altered in transit (INTEGRITY).*
A digital signature consists of two algorithms :
A SIGNING ALGORITHM that, given a private key & a transaction, produces a signature &
A SIGNATURE VERIFYING ALGORITHM, that allows anyone to verify the signature, given the message & a public key (corresponding to the private key used in the signing algorithm)
In simple terms it means that - just like someone signing a cheque is irrefutable proof of instructions to transfer funds, if a digital signature satisfies some conditions, it means the owner of that wallet has initiated that transaction and he / she cannot deny that later. We introduced the concept in Week 13. The below diagram will help refresh our memory!!
Let's tie this all up next week for better understanding!!