Fintech: how technology updates a centuries old industry
After completing his undergraduate and postgraduate study in electrical engineering in Hong Kong, Dr Aldar Chan was awarded a Croucher scholarship for his doctoral work in computer engineering at the University of Toronto, with a focus on mathematical and theoretical computer science.
Initially, Dr Chan thought he would only pursue a career in electrical engineering, but inspiring professors of cryptography and computer science, along with a promising job market and his own inclinations soon prompted a switch. Maths had been constant throughout Chan’s career, but he said the structures of studying pure maths for the sake of a qualification was unappealing. Instead, he preferred the applied math of engineering. “Engineering and computers were still emerging fields then so it wasn’t as huge of a shift as today, and it was a chance for me to explore some new areas I was interested in,” Chan said.
These areas are cornerstones of our digital concerns today, but were particularly forward-thinking for 2001: cryptography, digital signatures, and protecting the integrity of users and their data. Chan’s doctoral research focused on cryptographic designs of implausible systems therefore allowing identity verification of certain people. He used strong privacy walls to keep identities confidential, echoing the privacy versus identity integrity debate that continues today.
Early cybersecurity study started back in 1978 when the first "practical" protections were invented, and as online transactions grew, so did worries about confidentiality. “Research was being collected, but it was waiting for the tools to transform it into real applications,” Chan explained, “It’s all well and good to know you need maths for abstract issues like security, but you also need to know the algorithms for different security layers, which was exactly the kind of challenge I wanted.”
Chan headed to The Chinese University of Hong Kong after his PhD as an assistant professor of information engineering. But soon, the rapid advances in research lured him into postdoctoral fellowships in France and the National University of Singapore. Here he contributed to basic research on cryptography and secure multi-party computations. “Theoretical computer science is mostly a maths question, i.e. ten billionaires want to know who is richer, but don’t want to disclose the exact amounts of their fortunes to each other. Who wouldn’t enjoy making that happen?” he joked.
Like many academics at the forefront of their fields, Chan crossed the aisle into the industry as a research scientist and lab head of network security at A*STAR working on cloud, smart grid, and cyber-physical security. It was a sharp change from basic fundamental research to industrial cybersecurity demands. “In basic research, you have the freedom to choose your problem, but in applied research, you get problems identified by the industry.”
One notable project saw Chan manoeuvring between Singapore’s power industry’s need for better planning and operations, and securing their vulnerable infrastructure to support such a move. An assessment of the power grid and how attackers might compromise the system to contain potential risks was also complicated by the power industry’s conservative idea of system security of limiting access to other parties. “It’s an ongoing dance, even now. Nobody has full access to any systems in the name of privacy, but this in itself can be a problem,” Chan said.
Banking technology in the 21st century
This training on how attackers think, served Chan well when he became the principal engineer at the Hong Kong Applied Science and Technology Institute, designing security protocol and intelligence-gathering infrastructure. These “honeypots” are embedded into systems purposely to be attacked, giving cybersecurity researchers information on the attacker, their methods, and malware samples.
This and Chan’s background in security and cryptography made him the perfect fit for rising concerns over privacy and digital innovations in the financial industry. Digital currency like Bitcoin and distributed ledger technologies (DLT) circumvent financial institutions. These technologies have a higher premium on secure recording of transactions. "Blockchains" and the more general DLT typically contain a distributed chain of blocks using a decentralized consensus algorithm. National central banks lead conversations about using DLT as a platform for digital currency and other financial services, efforts to implement and regulate it, and the data security of the system. Chan worked to review compliance with government regulation to model possible implementation in the banking industry.
DLT keeps track of all transactions, which are traditionally stored in a centralized system, in a series of replicated, shared, and synchronized digital data spread across multiple sites or institutions. This level of accuracy and synchronicity in a decentralized system makes it difficult for all machines to update uniformly, without any way to make sure that they do so. There may be duplicates, or one transaction recognized in one place but not another, and inaccuracies in coding. Chan’s team is working on assessment frameworks to streamline use, with the ultimate goal of banks having central control. There are a number of speed bumps before such a mass move to DLT can occur, especially around security and financial and operational risks, and the legal recognition and regulation of DLT platforms.
Chan’s current work at the Monetary Authority involves creating a robust ecosystem for the Hong Kong financial tech industry, allowing dialogue between banks, start ups, and financial tech companies to see what kind of new solutions they can offer and brainstorm different needs. Banks use financial technology to do business but may not be aware of the security problems they face because they are not actively involved in solution creation. Financial tech companies have creative solutions to general cybersecurity and privacy problems, but need banks’ knowledge of financial models, risk, and other logistical issues. “Both banks and technology companies have the same bottom line: a better consumer experience. Technology needs to be better integrated to create more streamlined, secure processes, but we have a ways to go before everything catches up to the ideal,” Chan said.
Dr Aldar Chan holds a BEng from The University of Hong Kong, a MPhil from the Hong Kong University of Science and Technology in Electrical and Electronic Engineering, and a PhD in Computer Engineering from the University of Toronto, specializing in network security and cryptographic protocols. He has served on several expert groups on cloud security and security. Dr Chan is currently a Manager at the Financial Technology Facilitation Office of the Hong Kong Monetary Authority. Dr Chan was awarded a Croucher Scholarship in 2000.
To view Dr Aldan Chan’s Croucher profile, please click here.