Securing mobile cashless payments in the Philippines using blockchain

March 22, 2019


When people think of blockchain, most would associate this with a cryptocurrency. Indeed, even for those who have some familiarity with the concept, blockchain and cryptocurrency are considered synonymous. But they’re not; and understanding the difference is key to advancing the utility of blockchain beyond just creating cryptocurrencies. Blockchain is basically just a digital ledger that is resistant to tampering. Imagine if our bank records are tamper-proof, or our land registration systems, government records, or health records. If all these are recorded in a blockchain, no malicious agent can change, delete, or mess up with those records. We will have considerably less corruption, less (or zero) incidence of hacking and more transparent, more fair institutions.

At Paytaca, we are in a mission to make use of the blockchain and all the technologies that enable it to secure the ownership and recording of transactions of traditional/fiat currencies (e.g. Philippine Peso). This means, we are not creating any new currency. We simply record financial transactions in a more secure way. Like a typical blockchain system, the records in Paytaca are distributed over multiple servers (also called nodes). These nodes independently validate and vote on every transaction to reach a consensus before incorporating it to the ledger. A hacker, to be successful, would have to compromise and influence the majority of the hundreds of participating nodes in our blockchain network to even attempt to tamper with or mess up with the ledger.

Along with the decentralized consensus described above, blockchains are secured by state-of-the-art cryptography. Accounts and transactions are secured by digital signatures and sent over secured channels. Private keys used to generate the digital signatures are created and stored in the users’ mobile devices and are never sent to the servers. Private keys are encrypted and requires fingerprint/PIN code to decrypt and use to sign transactions on the mobile device. Even if a hacker gets access to our servers, users’ funds are safe because transactions on behalf of a user can never be created server-side without the private key to sign it. What this means, in layman’s terms, is that the user has sole and ultimate control in spending his/her funds. We don’t need our users to trust us to keep their funds safe because we can never ever spend users’ funds without their private keys, which are in their possession. That’s the reason why blockchains are considered “trustless”.

You might ask: Why bother? Is there even a need for a secure blockchain-powered cashless payment system? Will the market appreciate it and actually prefer to use it over existing ones? We don’t have answers to these questions yet until we try but there are good indications that a blockchain-based payment system, if done right, may have a chance to thrive.

According to a recent survey conducted in the Philippines, 58% of respondents are not using cashless payment methods due to security concerns (see reference 1). They worry about hacking and cyber theft. These concerns are legitimate given that there were multiple publicly known incidents of hacking in our banks and financial institutions in the past. It’s probably because of these that Filipinos don’t feel that current cashless payment solutions are secure enough. Paytaca is thus addressing a real public concern that is pushing back the mainstream adoption of cashless payments in the country. The message is clear: Convenience alone is not enough, Filipinos expect more and rightly so. This is why we think carrying on with Paytaca’s mission is worth it.

On top of security, Paytaca is able to do a lot more by leveraging the blockchain. We are able to introduce unique features, such as offline payments, multi-signature accounts for secure escrow services, and more. All these contribute to the goal of creating a payment system that brings not just convenience, not just security, but also freedom and control to you — our users. The experience of putting funds in a Paytaca wallet app should give you a level of control as if you’re holding cash in your hands — it’s yours and nobody else gets to spend it but you..not even the hackers in our servers (if any), not even anyone in our development team, not even me.

Let me highlight here one unique feature that is truly revolutionary and aptly addresses another roadblock to the widespread adoption of cashless payments. I’m talking about the ability to transact (send and receive funds) offline. I’ll spare you the numbers, but it’s well known that the Philippines has one of the most unreliable mobile internet infrastructures in Southeast Asia (see reference 2). Our mobile internet speeds are slow and can be maddeningly unstable even in urban areas. Existing mobile payment apps require internet connection to be able to pay or transfer funds. Since every transaction in Paytaca is digitally signed, they can be validated on site on the merchant /recipient side even without internet connection and we can defer the broadcast of the transaction to the blockchain to a later time when the user or merchant’s connection is restored. The experience of paying offline with Paytaca is made seamless that the user doesn’t even have to think if he/she has mobile internet connection. I can’t emphasize enough how much of a game-changer this is.

With two major roadblocks we’re addressing — security concerns and difficulties of spotty unstable internet connection —Paytaca is poised to change the way cashless payments is done in the country. The core backend components and the mobile app are already built and working. In the next few months, we will be gradually rolling out the product into the market to see if we can gain traction. We do these while we continuously work on improving the product, adding a carefully selected set of features along the way.