Abstract
Big data-based credit reference system gradually attracts wide attention due to its ad-vantages in remedying the shortages of traditional credit reference and dealing with new challenges arising from financial credit management. Nevertheless, this new method is also adapted through different studies and experiments to be problematic with island of credit information and information security. Some researchers begin exploring the possibility of applying blockchain technology to the individual credit reference field. The business links in the individual credit reference can be innovated through the blockchain mechanism so that credit data from different industries get collected through peering points, secure communication and anonymous protection on the basis of such techniques as distributed storage, point-to-point transmission, consensus mechanism and encryption algorithm. In this way, it is feasible to solve island of information and enhance the protection of user information security. A promising future can be expected about the big data-based credit reference, but there are also many problems with blockchain-based credit reference in China.
Similar content being viewed by others
Avoid common mistakes on your manuscript.
1 Introduction
The operation of modern financial system can never be separated from the credit support. Big data-based credit reference system gradually attracts wide attention due to its advantages in remedying the shortages of traditional credit reference and dealing with new challenges arising from financial credit management. Nevertheless, this new method is also adapted through different studies and experiments to be problematic with island of credit information and information security. Some researchers begin exploring the possibility of applying blockchain technology to the individual credit reference field. Though the combination of blockchain technology with big data-based credit reference remains as a frontier research in credit reference study, it still catches wide attention and turns out to be thought-provoking after G20 High-level Principles for Digital Financial Inclusion was proposed by China during 2016 G20 Summit in Hangzhou. The business links in the individual credit reference can be innovated through the blockchain mechanism so that credit data from different industries get collected through peering points, secure communication and anonymous protection on the basis of such techniques as distributed storage, point-to-point transmission, consensus mechanism and encryption algorithm. In this way, it is feasible to solve island of information and enhance the protection of user information security. A promising future can be expected about the big data-based credit reference, but there are also many problems with blockchain-based credit reference in China. Future research is required to find corresponding solutions and verify their feasibility.
For example, China’s first big data-based credit reference system is a personal credit score system, literally named as Sesame Credit Score, which refers to internationally accepted credit scoring standards, such as the US FICO credit scoring system, based on the user’s various consumption and behavioral data on the internet combined with traditional financial credit information. By using cloud computing and machine learning techniques, through the various model algorithms, it can obtain a comprehensive score of personal credit status, ranging from 300 to 950 which are divided into five levels of poor, medium, good, excellent, perfect. The higher the score is, the better the credit of the user gets, so as to evaluate the personal credit. Based on the operating mode and characteristics of the Sesame Credit Score, the data collection dimension is incomplete and the score is difficult to reflect the personal real credit status, there are hidden problems about online personal information and privacy protection, the objection handling and relief face great difficulties.
In order to discuss the related issues in this paper, Section 2 will introduce the challenges of big data-based credit service industry in China. Section 3 presents combination of big data-based credit reference with blockchain technology in China. Section 4 discuss problems and solutions of blockchain-based credit reference in China. Finally, the conclusion is presented in Section 5.
2 Challenges of big data-based credit service industry in China
So far the big data-based credit reference is only part of the Chinese credit investigation system, and it is still unable to replace the traditional credit investigation system. For the complete evaluation of the credit status of a specific person, it is still necessary to combine the traditional credit report with big data, the credit report can then be completed. Therefore, the importance of big data-based credit reference cannot be overemphasized and then ignore the importance of traditional credit reporting methods.
2.1 Big data-based credit service industry in China
Big data-based credit reference means the employment of such new technical means as big data [1], deep algorithms (incl. Cloud computing) [2], mobile terminal, and artificial intelligence to re-design a credit rating model, both structural and non-structural data to analyze the credit information of enterprises and individuals [3], portrait of credit subjects from different dimensions to present their default rate and credit conditions so as to form credit evaluation of higher reference value. Therefore, the credit reference system built on the basis of big data can improve the comprehensiveness, real-time capability and crediting efficiency, as a beneficial supplementation to the traditional credit reference system [4].
What is more, compared with the traditional credit investigation system, big data-based credit reference has its own characteristics as follows [4].
-
(1)
Comprehensive sources of the credit investigation data: The information source of big data credit investigation includes not only personal internet financial data but also non-financial internet behavior data of the information subject, such as online shopping, browsing, searching, socializing, travel, online games, online education and other behavioral data can become the contents of information collection.
-
(2)
Complicated types of the credit investigation data: The information handled by big data credit investigation system, in addition to the structured data that can be handled by traditional credit investigation data systems, also include unstructured data such as hypertext, images, sounds, pictures, geographical location information, behavioral data, social relations, etc.
-
(3)
Concealed data acquisition and processing: Compared with the standard process of collecting, sorting, processing and even forming credit products of traditional credit investigation, big data credit investigation has completely different information collection channels and model design among different agencies, which is extremely strange to most of the public and has a relatively low degree of transparency.
-
(4)
Multiplicate application of the credit investigation data: The application of big data credit investigation products, such as credit rating, can be applied not only to the financial credit field targeted by traditional credit investigation business, but also to marriage, dating, accommodation, recruitment, visa, job hunting, renting cars and houses, hotels and tourism and other scenes of life, which gets closer to our daily life.
As the big data-based credit reference is to collect, arrange, save, process and release the information about credit subjects in essence, it is still within the credit reference business scope defined in Credit reference Management Regulations of China. In June of 2014, the State Council of China released Social Credit System Construction Layout Plan (2014–2020) to schedule the work related to social credit system construction and suggested preliminary creation of a credit reference system covering the whole society with credit information resources sharing as the basis by 2020. By the end of 2014, over 50 credit reference enterprises have completed filing procedures; and in the early 2015, 8 agencies are authorized to deal with individual credit reference business, including ZHIMA Credit Management Co., Ltd., Tecent Credit Co., Ltd., Qianhai Credit Center Co., Ltd., Pengyuan Credit Service Co., Ltd., China Chengxin Credit Co., Ltd., Koala Credit Service Co., Ltd., INTELLI Credit and Sinoway Credit Co., Ltd. The State Council of China printed and distributed Executive Summary for Promoting Big Data Development in July of 2015 and the General Office of the State Council issued Opinions about Using Big Data to Strengthen the Market Subject Services and Supervision in September of the same year. It is clear that the state is encouraging the application and development of big data in the credit service industry from the policies, and it is an inevitable trend for the big data to be blended with traditional credit reference. On the other hand, the development of big data-based credit reference still faces following outstanding challenges (Fig. 1).
Challenges of Big Data-based Credit Service Industry in China
2.2 Information use lacks transverse connectivity
There is not any information sharing mechanism among big data-based credit service agencies [5, 6]. What is more, the credit information between financial industry and non-financial industries are scattered around different agencies [7] so that a number of problems arises, such as difficult data integration and islands of information [8]. Such behaviors as multi-source loan application, excessive loan and deceived loan are never uncommon, damaging the healthy development of internet and financial markets. The possible causes include: firstly, the ownership of data in our country is not defined yet, and all the agencies involved view such data as their own core assets and are unwilling to share the data or providing distorted data, which result in the islands of information; secondly, out of consideration about privacy protection, all the agencies prefer securing the information under control to sharing them with others; thirdly, besides the mechanical and institutional reasons, data can not be securely shared among different agencies and industries due to the technical architecture of traditional credit service industry so that the problem about islands of information is not solved in the traditional credit reference work.
2.3 Information security lacks effective protection
During the information collection process, big data-based credit service agencies frequently infringe the privacy right, consent right and other rights and interests of the information subjects because of the asymmetrical information. Hereby the phenomena are explained as follows:
In the first place, information collection against the big data background features elusiveness and block box processing [9, 10]. It is specified in Article 2 and 14 of Credit service industry Management Regulations, personal information acquisition is limited to credit-related information, and the scopes of personal information that can and can’t be collected by the credit service agencies are defined. However, the information subjects can never know whether the collected personal sensitive data contains any information forbidden to be collected by relevant laws and regulations and whether the collected information is true and accurate. Besides, in accordance with Article 3, 13 and 25 of Credit service industry Management Regulations, the information subjects are entitled to enjoy consent right in credit business as well as the rights of dissent, correction and privacy derived from this basis. In view of the industrial status quo in China, most of the big data-based credit service agencies can hardly provide a complete list of information collecting. With overwhelming information collecting behaviors, the information subjects can’t execute the consent right endowed by laws, and their privacy that should have been protected is collected and utilized without any cover. Privacy protection has become a difficult part for the big data-based credit reference [11]. What is worse, there is a dark web or “deep web” [12, 13] that contains a diversified, concealed and complicated gray industrial chain of privacy transaction. It becomes a place beyond the supervision as well as a place with frequent infringement of information subjects’ privacy right, consent right and other rights and interests.
Secondly, even if the users give consent, it is hardly to acknowledge the scope of collection, intended use, and the time and place of copying and transmission under present “package authorization” mode [14], and the consent right can’t fulfill the designed purpose.
Thirdly, the credit report resulting from analysis by big data-based credit service agencies is in nature a kind of personal information, and its output and use should be based on the consent from information subjects. It is specified that “when credit service agency or information supplier or user obtain the permission from information subject through contractual terms and conditions, prompt that can attract the attention of information subject shall be offered in the contract in combination with explicit explanation” in Article 19 of Credit Service Industry Management Regulations, and “information user shall use the personal information for the proposes agreed with the information subject instead of using it for any other purpose, or provide the information for a third party without gaining the permission from the information subject” in Article 20. However, in China, some big data-based credit service agencies extend the credit evaluation results to all sorts of social living scenes such as credit query for tourism, social contact, car renting, and visa without gaining the prior consent of information subjects. In the meantime, in case of any inconsistency between credit products and real credit status, linking of credit evaluation result to other social services will cause the information subjects to lose the opportunity of receiving equal related social services. This is obviously more harmful for the rights and interests of information subjects.
3 Combination of big Data-based Credit reference with blockchain technology in China
Blockchain is a kind of decentralized sharing transaction database that makes use of encrypted chain-type block structure and distributed nodal consensus algorithm to execute data verification, storage and updating. Featuring decentralized, open, anonymous, falsification-proof, and traceable [15, 16], it is usually divided into following three types [17,18,19,20]. (1) Public chain: all the nodes can freely join and retreat the website and read and write the data on the chain; during the operation, flat topologic structure is used to achieve interconnectivity, and there is not any centralized service terminal node in the network. (2) Alliance chain: all the nodes have corresponding entities that can join and retreat from the network only after being authorized; all the agencies or organizations form a interest-based alliance and maintain the healthy operation of the blockchain together. (3) Exclusive chain: the write-in right of all the nodes is placed under internal control while the reading right is made public on a selective basis. The exclusive chain still has the general structure of multi-node operation in blockchain, and it is suitable to the internal data management and auditing of specific agencies.
Now there are mainly two modes through which the blockchain technology is applied to the big data-based credit service industry in China.
3.1 Employment of blockchain in Chinese credit service industry
3.1.1 Data exchange platform mode
In the data exchange platform mode (Fig. 2), all the participants independently maintain the original databases and submit only some limited abstract information to third party data exchange platform for safekeeping through the blockchain technology. The inquirer can send inquiry application to the original data supplier through the platform so that a sea of external data is available for inquiry and the core business data are protected from being disclosed. Since 2016, many domestic blockchain companies and credit investigating enterprises have established their own data exchange platforms. For instance, GXB data exchange is a decentralized data transaction platform based on blockchain technology [21], which creates an alliance data-based blockchain and adopts Delegated Proof of Stake (DPoS) as the consensus mechanism [22]. The consensus in blockchain means the consistency reached in a certain block among all the nodes in the open and distributed network, which serves as the core of the blockchain. The consensus mechanism mainly studies the distribution of bookkeeping right upon generation of a block and verification after the block generation. GXB data exchange’s representative clients include a number of industrial enterprises that have data exchange demand in such industries as internet, finance, government agencies, banking, insurance and securities. On the other hand, it takes the financial performance data produced by such clients as the major assets in data transaction in order to solve the data sharing and exchange problem among different industries.
Alliance Chain-based Data Exchange Platform
3.1.2 Common construction and sharing data platform mode
As for the common construction and sharing data platform mode (Fig. 3), the generation, recording and inquiry of credit are completely dependent on blockchain technology [18]. It creates decentralized credit inquiry, credit performance, and default records, and offers such data for all the credit reference users and consumption financial partners that use client credit records. In this platform mode, once such data and information as personal credit performance and default records are generated and distributed to all the nodes of network, every credit behavior will become personal assets with definite ownership. The members can use and share the open and transparent user credit data that are protected from being falsified or denied. This is a relatively radical mode in the application of blockchain technology to credit, and it can even be used to reconstruct the existing credit evaluation mode used in credit service industry. Chinese Cloud Prism credit system has devoted itself to the blockchain-based credit reference business of this mode since 2014 [23]. In this system, the personal assets, transaction behaviors, credit use records, and performing and default data are encrypted to produce permanent, irreversible and unchangeable records that are broadcast to all the nodes of the members in order form effective and undeniable personal credit certification. Instead of demanding any credit endorsement from a third party, the partners and users can directly utilize the real credit data in the blockchain to carry out all the credit payment transactions.
Public Chain-based Common Construction and Sharing Data Platform Mode
3.1.3 Analysis of two modes in terms of advantages and disadvantages
Though having a low construction cost, the data exchange platform mode has many demerits. More specifically, this mode focuses more on the combination of existing technologies with data in credit service industry, so it is easier in operation, low in cost, and more possible in achieving a success. Nevertheless, it still fails to solve following problems perplexing the present credit service industry, though it does use the blockchain technology: (1) difficulty in data acquisition: as data are still collected by all the participants in the existing ways, no new credit data can be produced on the data exchange platform and credit data collection still remains difficult; (2) authenticity of data: this mode uses blockchain technology only in the information retrieval part but follows traditional techniques and contents in database part, so it is hard to avoid the intentional mixing of wrong information among peers and the authenticity of the original data can hardly be secured; and (3) data monopoly: in the present credit reference biology in China, the credit information and data become the assets of data acquisition agencies once being produced and are later occupied by a few e-merchants or social media websites, resulting in monopoly of personal credit data.
The common sharing and construction data platform mode is hard in construction but advantageous in many aspects. It demands the construction of a new credit reference ecology based on blockchain technology, which means besides the input of the credit service industry, other fields (such as ownership confirmation, transaction process, and registration procedures) should also adopt the blockchain. This makes the mode hard to be constructed. However, since blockchain technology gets radially applied to the generation, recording and inquiry of credit in this mode, following credit application problems can be solved:(1) Difficult data acquisition: the blockchain is employed as soon as a transaction begins, so all the credit behaviors can be recorded promptly, completely and truly. The data platform under this mode can not only store the credit information but also create such information so as to render the data acquisition easier; (2)Information monopoly: with credit information being recorded through blockchain technology, personal credit information can be ascertained as personal assets instead of accessories of any large e-commerce platform or credit reference company. This mode not only recognizes the value of personal assets but also effectively avoids the information monopoly in the credit reference field.
3.2 Benefits of blockchain to Chinese credit service industry
The combination of big data-based credit reference system with “blockchain technology” is helpful in solving such issues as islands of information and credit security (Fig. 4).
Goal of the Combination of Blockchain and Encryption Algorithm in the Big Data-based Credit Reference System
3.2.1 Promote transverse connectivity of information
The distributed storage of blockchain offers a physical foundation of information sharing [24] which is exactly an effective means for solving the islands of information, alleviating the asymmetry of information, and reducing the credit risks in the financial system. The distributed storage can be flexible as per the contents of specific protocols. It is possible to achieve complete decentralization with public chain, partial centralization with alliance chain, or complete centralization with exclusive chain.
We analyze first the data exchange platform with “alliance chain”. Some academicians believe it is impossible to avoid data abuse in the completely decentralized information sharing system, thus only the credit reference and sharing mechanism built on the basis of the incompletely decentralized “alliance chain” technology can implement the information sharing functions of credit reference system within a more secure scope [11]. In this mode, following arrangements should be made for the blockchain-based credit reference information sharing mechanism: (1) market admission rules should be drafted for the blockchain-based credit reference system so that only those qualified agencies are allowed to get an access to the system and use and share the information therein; (2) after being stored by credit service agencies to a numbered blockchain, the personal credit information will be spread to all the nodes across the network, verified by most of the nodes including borrowers, and finally submitted to the blockchain-based credit reference system for sharing; (3) all the participants are responsible for maintaining their original databases and submitting only a little abstract information to the data exchange platform for safekeeping. In this way, the inquirer can send inquiry application to the original data suppliers through the data exchange platform; (4) to prevent the information from losing the authenticity during registration, the information subjects should be endowed with the right of dissent about the information. When the information is confirmed as authentic, a new block will be generated by the blockchain-based credit reference system to store the authentic information and the previous block is abandoned as indicated.
Then, it sets to analyze the common construction and sharing data platform of “public chain” mode. In this mode, the information ownership belongs to individuals [12] so that the common construction and sharing of data can better break the “islands of credit information” pattern. To put it in detail, the platform can help the users to establish their ownership on their own information and generate their own credit assets. As a node of the network, the credit service agencies store and share the stored credit states of users through encryption. Since the platform employs public & private key, the information subjects can be well protected in term of information and all the involved parties are situated in a fair and transparent environment in exchange the data in a fair and real-time way without worrying about disclosure of the data. All the information is sealed within the block with a time stamp, which can avoid the counterfeiting of data. Such kind of platform architecture can connect the enterprises with public sections so as to carry out user data authorization, solve the issue about islands of information, and achieve common sharing, communication, construction and use of information resources.
3.2.2 Maintain the information use safety
The combined use of “blockchain technology” with “encryption algorithm” in the big data-based credit reference system may be able to alleviate the conflict between information sharing and information protection [9]. When financial market is concerned, information sharing can help to relieve the problem of information asymmetry, but it also damages the personal information protection. It demands a lot of consideration and weighing of solving the information asymmetry and maintaining information subjects’ rights and interests in the financial market [11]. Because of the role it plays, the credit service industry undertakes dual responsibilities of information sharing and protection. Its development gets inevitably restricted by this inborn contradiction. The combination of “blockchain technology” and “encryption algorithm” can solve this conflict encountered by the big data-based credit service industry.
-
(1)
The “asymmetrical encryption function” of the blockchain is helpful in protecting the confidentiality of information and data, whereas its “distributed function” can assure their completeness. In the first place, after personal information is input into the blockchain-based credit reference system, the data exchange among nodes of blockchain can’t be completed in plain text but should be encrypted through such algorithms as homomorphic encryption [25] and zero-knowledge proof [26,27,28]. The zero-knowledge proof means the certifier can make the verifier believe in the accuracy of one judgment without submitting to the latter any useful information. When being applied to the blockchain system, it makes use of anonymous address to achieve the purpose of protecting transaction privacy. To put it in detail, in a secret transaction, the sender, receiver and transfer amount are all hidden in the generated zero-knowledge proof, and the nodes in the blockchain can verify the authenticity of the transaction with the previously generated zero-knowledge proof verification key. In this way, an effective secret transaction can be completed on the premise that the true sender has the real assets. Since the secret transaction contains no key information such as sender, receiver, transfer amount, the attacker can by no means obtain more information by tracing the transaction. The user privacy can be thus effectively protected. In this way, personal information will be deeply encrypted and protected with the asymmetrical encryption algorithm. Then, the blockchain information network can hardly be attacked. Moreover, the blockchain exists in the whole network in a distributed way, which means every complete node in the platform is involved in the system maintenance and the information completeness won’t be affected by an attack of single node by computer virus or any artificial mis-operation.
-
(2)
The data exchange platform of alliance chain mode can offer relatively comprehensive protection for the target information, because the data suppliers can strictly assess the sensitivity and security level of the data, and thus decide whether the data should be sent into the blockchain-based credit reference system, whether the data should be desensitized, or whether strict access control measures should be adopted for the data. Therefore, in the alliance chain-based credit reference system, not all the data are broadcast to the whole network, and not all of them are open and transparent. Except for the parties involved in data sharing and transaction, no other third party can obtain the data.
-
(3)
The common construction and sharing data platform of public chain appears to be relatively weak in information security protection. The transaction data are made visible to the whole network and traceable by the general public, when such data are maliciously explored or utilized, the legal information rights and interests of individual or agencies will be harmed. It is, thus, proper to take following measures to avoid the possible risks [17]: firstly, individual users can’t direct use the blockchain-based credit reference system of public chain but carry out transaction in the blockchain through certified agencies in order to ensure no personal material is made public; secondly, the transmission of transaction data is limited to be between the nodes involved in related transaction instead of being broadcast to the whole network; thirdly, access control is exerted on user data, and only visitors provided with private key are allowed to decipher and visit the data; and fourthly, such privacy-protecting algorithms as zero-knowledge proof are adopted to evade disclosure of any privacy.
4 Problems and solutions of blockchain-based credit reference in China
4.1 Blockchain can’t satisfy the right to be forgotten of user
The blockchain technology has the feature of permanent recording, which contradicts with the “right to be forgotten” in information protection in existing Chinese legislation system. To put it more specifically, in accordance with Article 16 in Credit reference Management Regulations of China, “the credit service agencies can keep the adverse personal information for 5 years since the end of the bad behavior or event; after that, such information shall be deleted”. This rule also applied to the blockchain-based credit reference system, so the personal credit records saved in the blockchain should be kept for only 5 years, and the adverse credit information that has been kept for over 5 years should be deleted. However, built on the basis of cryptographic algorithm, the blockchain structure is composed of one after another connected link, in which no data can be deleted. One of its features is the inalterable time data chain. Even if the data at one node are deleted, other nodes will refuse to agree the deletion as a legal operation within the system. In other words, the credit reference system constructed with blockchain as the core technology is a network of data that can permanently record all the input information. This poses a great challenge to the execution of users’ “right to be forgotten”. As a result, it still needs more research and practice to prove how to ensure prompt deletion of users’ adverse credit information in the blockchain system.
4.2 Backward regulatory laws and means against the technological progress
The present credit reference regulation system in China is mainly arranged with traditional credit service industry, demanding further improvement in both legislation and means. First of all, the present credit reference regulatory system remains weak and ineffective in spite of the existing hierarchic institutional system. It appears to be a little disadvantageous in guaranteeing and promoting the development of credit service industry. The causes maybe as follows: the regulation on credit service industry are limited to administrative regulations and departmental rules instead of legislation in nature. For instance, the Credit reference Management Regulations released by State Council, Interim Procedures for Individual Credit Information Database Management, Regulations on Credit service agencies, Guidance for Administration of Credit service agencies, and Management Methods for Filing of Corporate Credit service agencies drafted by People’s Bank of China are all administrative regulations and departmental rules.
Secondly, the actual regulatory demand can hardly be satisfied due to the backward strategies and technical management means of traditional credit reference regulation, insufficient legal basis for regulation and punishment of credit service agencies, limited regulatory means and influence. By comparison, the anonymity and decentralization of blockchain form certain challenge to the traditional regulatory mode and makes the latter even more difficult to adapt to the regulation demand against the new situation [29].
4.3 Damage on users’ rights and interests caused by missing of private key
Once the private key of user to blockchain-based credit reference system is lost, forgotten or disclosed, the user won’t be able to get an access to the information stored in the block and the information ownership will be thus affected. More concretely speaking, the blockchain technology stores information anonymously through asymmetric encryption algorithm. A public key and a private key are used to encrypt the information so that the encrypted information can only be read with public key in combination with private key [30]. The public key is generated through private key: the contents encrypted by public key can also be deciphered with private key and vice versa. Since the private key is generated and kept by the user, once the private key gets lost, the user won’t be able to operate on the encrypted information in any way. Let’s take the blockchain-based credit reference system as an example, once the user loses the private key, he/she will have no right to authorize the credit service agencies to user his/her information. Even if he/she re-joins the blockchain, the credit service agencies still can’t trace his/her previous credit data. This does affect the credit assets of the user and cause some loss of interest.
4.4 National information security protection criteria fall behind the technological progress
The blockchain-based credit reference architecture of public chain can’t meet the information safety protection evaluation criteria for domestic credit reference information system. (1) More specifically, in accordance with Article 21 and 31 in Network Security Law of the country, the state enforces hierarchical network safety protection system. It is specified that “the state executes classification network security protection system. The network operator shall perform following security protection obligations to protect the network from being interfered, destructed or approached through an illegal way and prevent the network data from being disclosed, stolen or falsified” in Article 21 of Network Security Law of the People’s Republic of China. In accordance with the Article 31, “the state exerts key protection on such important industries and fields as public communication and information service, energy, traffic, water conservancy, finance, public service and e-government as well as other key information infrastructures that may cause material damage to state safety, national economy and people’s livelihood and public interests once being destructed, inactivated or attacked for data interception on the basis of the classified security protection system. The scope and methods of key information infrastructures shall be determined by the State Council”. (2) In accordance with Article 30 of Credit Service Agencies Management Methods, “the credit service agencies shall assess the safety of the credit information system according to national classified information security protection criteria. The information systems of level 2 security protection shall be assessed once every two years while those of level 3 or above shall be assessed every year”. To be specific, it is specified in Article 30 of Credit service agencies Management Regulations, the credit service agencies should assess the security of credit information system by referring to “National Classified Information Security Protection Criteria” as updated in GB/T 22239–2008 Information Security Technology--Baseline for Classified Protection of Information System Security [31]. (3) As the public chain system allows several nodes to lose effect or retreat from it in essence, and even indulges the existence of malicious nodes. This is believed by some to be possible to cause severe consequence to the blockchain-based credit reference system.
Therefore, the technical architecture of public chain can’t satisfy national standards. In other words, it fails to comply with the national classified protection of information security in terms of physical access control, cyber security guarantee, service performance, and system operation reliability [8].
4.5 Possible solutions to above problems
4.5.1 The alliance chain credit investigation framework protects the right to be forgotten of bad credit information
The credit reference system combined with blockchain technology [32,33,34,35,36], especially the adoption of alliance chain architecture, still can be adopted to implement the right to be forgotten of bad credit information, because the tamper-proofing feature of blockchain does not mean that the information cannot be modified. For example, for public chain, each node can be freely read or written by any block in the block chain, and each node is in a competitive relationship. Therefore, as long as more than half of the total number of nodes can be mastered, a new consensus can be generated on a specific block. This allows you to change the information stored on the block, but this approach is expensive and generally hard to achieve. For another example, for the alliance chain, only users authorized by the alliance can read and write information on the nodes, and they usually sign contracts with the alliance institutions, which can not only prevent improper behavior of users, but also enable the alliance to form a new consensus for any block in the blockchain. In other words, the contract requires all users to modify the information stored in a specific block if they comply with the law. Based on this arrangement, the right to be forgotten of the bad credit information can be guaranteed.
Regarding the application of blockchain in big data credit investigation system, although China has issued a number of laws and regulations such as the Cyber Security Law, Amendment to Criminal Law (IX), there is still a lack of legislation on the protection of financial consumers’ privacy rights and the application of blockchain technology. In the context of blockchain technology combined with big data credit investigation system, this paper proposes that the legislation in the future shall focus on the definition of the legal concept of information, the connotation of rights and the ownership of rights, and the right balance between the reasonable flow of information sharing and confidentiality.
4.5.2 New rules and means of blockchain credit investigation regulation
In view of the supervision of blockchain credit investigation system in China, the existing supervision legal system is weak and the means are insufficient, which cannot meet the needs of the supervision of blockchain credit investigation system. This paper proposes the following suggestions:
-
(1)
Supervision pattern: sandbox pattern of the UK and Singapore can be used for reference [37,38,39]. On the premise of protecting the rights and interests of financial consumers, blockchain credit investigation enterprises are encouraged to make aggressive operations on innovative products, services, business models and other mechanisms, so as to avoid financial security risks caused by relevant innovations and adverse effects on consumers’ interests.
-
(2)
Regulatory legal system: The sandbox pattern of supervision can be adopted to construct a legal supervision system at the legal level, and its contents should be based on the principle of encouraging innovation and focusing on risks. Accordingly, we can guide the blockchain credit investigation business to proceed in an orderly manner, and guide the big data credit investigation institutions to improve the business operation process and internal control system. Until such legislation is enacted, financial regulators have the option to adopt the following approaches: (i) use the right of interpretation of regulations to make the blockchain technology as applicable to existing laws and regulations as possible; (ii) suspend the application of existing laws and regulations hindering the development of blockchain technology; (iii) in the case of complete unavailability, the blockchain credit investigation agency shall not be restricted if there is no doubt that the behavior of the blockchain credit investigation agency doesn’t infringe the rights and interests of financial consumers.
-
(3)
Supervisory measure: The regulation of the new form of blockchain credit investigation should not limit the creativity of the market, but also prevent the risks before they occur. For example: (i) integrate the supervisory department into the blockchain credit investigation system, make it a node in the block chain, and obtain the permission of reading and writing blocks to obtain the supervision authority. (ii) By issuing temporary license system, the start-up and small blockchain credit investigation enterprises can enjoy a lower threshold for entrepreneurship, so as to encourage the application and exploration of blockchain technology in the credit investigation field. (iii) The blockchain credit investigation institutions are required to introduce the principle of “Privacy by Design”. Based on the principle of least collection of data, privacy protection should be considered in the system and program design, and privacy impact assessment should be carried out to protect the privacy rights and interests of financial consumers.
4.5.3 Enhance the safety of private key
To enhance the safety of private key, following measures may be taken [17]: the communication data among different nodes in the blockchain may be encrypted, and the private key to the encrypted data stored at a node of blockchain should be well preserved instead of saved explicitly on the same node; in case of missing or disclosure of the private key, the system should be able to identify the records related to this private key, such as account control, communication encryption, and stored data encryption, and implement response measures to inactivate the original private key. In addition, the private key should be managed with strict life cycle instead of being effective forever. According to the life cycle management, the private key should be changed at fixed interval.
4.5.4 Adopt alliance chain credit investigation to meet the standard of Chinese information security protection
It’s the best choice for the blockchain credit investigation agencies to adopt the alliance chain architecture at present, because this technical architecture not only conforms to the national information security protection standards, but also is more suitable for credit investigation agencies to promote business activities. When applying for the establishment of a personal credit agency in accordance with the regulations of Guide for the Service of Approval Items of Credit Investigation Agencies Engaged in Personal Credit Investigation Business issued by People’s Bank of China in 2019 [40], personal credit information system conforms to the standard of national information security protection level II or above, and as mentioned above, the public chain credit investigation framework cannot meet the above standards. From the perspective of technical architecture, credit investigation agencies adopting the structure of alliance chain or private chain can meet China’s information security protection standards, because their technical architectures are more reliable in controlling node access, blockchain system security, service performance, system operation and other aspects, and can exclude the existence of invalid nodes and malicious nodes. However, the proprietary chain architecture is not conducive to promote business activities by credit investigation agencies, because the proprietary chain is still a blockchain multi-node operation structure. However, each node does not have block write permission, and all kinds of credit information can only be recorded inside the credit investigation agency, which hinders the timely update of credit information. In addition, each node doesn’t necessarily have read permission, only when there is a need to open it by the credit agency, so it is not conducive to the customer of the credit agency to inquire the required credit information. Therefore, it’s the most suitable choice for the blockchain credit institution to adopt the alliance chain architecture at present.
5 Conclusion
The traceability of blockchain enables all related steps from data collection to transaction, circulation, computation and analysis to be kept in the blockchain and the data quality to become unprecedently trustable. The correctness of data analysis outcome and data mining effect are also better guaranteed. Now the blockchain technology has been applied to the big data-based credit service industry of China, including the data exchange platform mode and common construction and sharing data platform mode, in order to achieve data sharing and conquer the problem about islands of information. But when it comes to the practical employment and development, there are still many challenges in front of blockchain-based credit service industry in China. Active endeavors are needed in terms of technology and legislation in order to meet the future market demand.
References
Wang K, Wang Y, Hu X, Sun Y, Deng DJ, Vine A, l, Zhang Y. (2017) Wireless big Data computing in smart grid. IEEE Commun Mag 24(2):58–64
Widodo RNS, Lim H, Atiquzzaman M (2017) SDM: smart deduplication for mobile cloud storage. Future Gener Comp Sy 70:64–73
Liu XH, Ding W (2014) Application of big Data-based Credit reference and the revelation--with American internet financial company zest finance as an example. Tsinghua Financial Rev 10:93–98
Shi MS (2017) A study of big Data Credit reporting and the protection of personal information Subjects' rights and interests. Credit Reference 5(220):38–43
Deng DJ, Lin YP, Yang X, Zhu J, Li YB, Chen KC (2017) IEEE 802.11ax: highly efficient WLANs for intelligent information infrastructure. IEEE Commun Mag 55(12):52–59
Lin CC, Deng DJ, Chen ZY, Chen KC (2016) Key Design of Driving Industry 4.0: joint energy-efficient deployment and scheduling in group-based industrial wireless sensor networks. IEEE Commun Mag 54(10):46–52
Tu YQ, Wang XT (2017) Improvement of legislation about individual Credit information against big Data background. China Internet 5:38–43
Wang Q, Qing SD, Ba JR (2017) Discussion about application of Blockchain to Credit service industry. Telecommun Netw Technol 6:37–41
Kumari S, Khan MK, Atiquzzaman M (2015) User authentication schemes for wireless sensor networks: a review. Ad Hoc Netw 27:159–194
Chu HC, Deng DJ, Park JH (2011) Live Data mining concerning social networking forensics based on a Facebook session through aggregation of social Data. IEEE J Sel Areas Commun 29(7):1–9
Sun GM, Li M (2017) A study on application of Blockchain technology to individual Credit field--based on digital inclusive finance perspective. Res Corp Finance 1(15):118–129
Liu T, Zhang Y, Sun Q, Yuan Y (2016) Hadoop-based visual deep web acquisition platform design. Comput Eng Sci 2:217–233
Liu Y, Zheng CH (2017) Scrapy-based deep web crawler study. Eng Res Appl 7:111–114
Harper J (2011) Reputation under regulation: the fair Credit reporting act at 40 and lessons for the internet privacy debate. Cato Inst Policy Anal 69:2–28
Hua J (2018) Application of Blockchain technology and smart contract in intellectual property determination and transaction and corresponding Laws and Regulations. Intellect Prop 2:13–19
Wang HL, Tian YL, Yin X (2018) Rights ascertainment plan for big Data in Blockchain. Comput Sci 2:15–19
Ministry of Industry and Informatization (2018) China Blockchain technology and application Progress whitepaper. Ministry of Industry and Informatization Web. http://www.miit.gov.cn/n1146290/n1146402/n1146445/c6180238/content.html. Accessed 25 February 2020
Zhang ZB, Liu YS (2017) Application practice of Blockchain technology to Credit service industry and future Prospect. Credit Reference 7(222):47–49
Tang CM, Ge L (2017) Multi-parties key agreement protocol in block chain. Net info Secur 12:17–21
Liu DS, Ge JP, Dong YB (2017) A tentative discussion about the application of Blockchain technology to book copyright protection. Sci Publ 6:76–79
GXB Data Exchange (2016) GXB Dapp whitepaper. GXB Web. http://static.gxb.io/files/GXS_Dapp_Whitepaper_V1.0.pdf. Accessed 25 February 2020
Zhang Y, Li XH (2018) Study on and achievement of an improved Blockchain consensus mechanism. Electronic Design Engineering 1:35–39
Cloud Prism Credit (2016) Blockchain Credit service. Huanqiu Web. https://china.huanqiu.com/article/9CaKrnJYXY6. Accessed 25 February 2020
Lin CC, Chin HH, Deng DJ (2014) Dynamic multi-service load balancing in cloud-based multimedia system. IEEE Syst J 8(1):225–234
Gong LM, Li SD, Dou JW, Guo YM, Wang DS (2017) Homomorphic encryption scheme and a protocol on secure computing a line by two private points. J Soft 12:3274–3292
Zhang X, Jiang YZ, Yan Y (2017) A glimpse at Blockchain: from the perspective of privacy. J Inf Secur Re 11:981–989
Li K, Sun Y, Zhang J, Li J, Zhou JH, Li ZC (2018) Technical challenges in applying zero-knowledge proof to blockchain. Big Data 1:57–65
Wang HQ, Wu T (2017) Cryptography on Blockchain. J Nanj Uni Posts and Telecommun 6:61–67
Zhou RJ (2017) Legal supervision of Blockchain technology. J Beij Uni Posts and Telecommun 3:39–45
Zhang S (2016) The technology principle, application and suggestion of block chain. Soft 11:51–54
China National Standardization Management Committee (2008) Information security technology--baseline for classified protection of information system security (GB/T 22239–2008). China National Standardization Management Committee Web. http://www.gb688.cn/bzgk/gb/newGbInfo?hcno=D13C8CD02AFC374BC31048590EB75445, last accessed 2020/2/23. Accessed 25 February 2020
Huang J, Kong L, Chen G, Wu M, Liu X, Zeng P (2019) Towards secure industrial IoT: Blockchain system with Credit-based consensus mechanism. IEEE Transactions on Industrial Informatics 15(6):3680–3689
Byström H (2019) Blockchains, real-time accounting, and the future of Credit risk modeling. Journal of Ledger 4:40–47. https://doi.org/10.5195/ledger.2019.100
Fanning K, Centers DP (2016) Blockchain and its coming impact on financial services. J Corp Account Finance 27(5):53–57. https://doi.org/10.1002/jcaf.22179
Wu BH, Duan TT (2019) The application of Blockchain Technology in Financial markets. J. Phys.: Conf. Ser. 1176(4):042094. https://doi.org/10.1088/1742-6596/1176/4/042094
Zhu XX (2020) Blockchain-based identity authentication and intelligent Credit reporting. J. Phys.: Conf. Ser. 1437(1):012086. https://doi.org/10.1088/1742-6596/1437/1/012086
Tsai CH, Lin CF, Liu HW (2019) The diffusion of the sandbox approach to disruptive innovation and its limitations. Cornell Int’l L.J. 53(3):4–36. https://doi.org/10.2139/ssrn.3487175
Fan PS (2018) Singapore approach to develop and regulate FinTech. In: Lee KC, Deng R (eds) Handbook of blockchain, digital finance, and inclusion: Cryptocurrency, FinTech, InsurTech, and regulation. Academic Press, San Diego, pp 347–357
Chen C (2020) Regulation of derivatives in Asia: when technology meets financial engineering. In: Arner DW, Wan WY, Godwin A, Shen W, Gibson E (eds) Research handbook on Asian financial law. Edward Elgar Publishing Ltd., Cheltenham, pp 101–121
People’s Bank of China (2019) Guide for the Service of Approval Items of Credit investigation agencies engaged in personal Credit investigation business. People’s Bank of China Web. http://www.pbc.gov.cn/zhengwugongkai/127924/128041/128120/3742163/index.html. Accessed 25 February 2020
Acknowledgments
The authors thank the editor and anonymous reviewers for their helpful comments and valuable suggestions.
Funding
The paper is supported by National Social Sciences Fund of China(Grant No.20CFX006).
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.
About this article
Cite this article
Liu, Cy., Hou, CC. Challenges of Credit Reference Based on Big Data Technology in China. Mobile Netw Appl 27, 47–57 (2022). https://doi.org/10.1007/s11036-020-01708-y
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11036-020-01708-y