We use cookies for a better online experience.
By continuing to browse this site, you agree to our privacy policy


Filter by


LATEST Article

LATEST Case study


It's time to get serious about impersonation to finally end consumer scams

Singtel’s latest anti-scam offering SingVerify sadly arrived a few months too late for the 21 DBS customers robbed of $450,000 back in January. The move to offer SIM card data as an additional identity assurance at log in will thankfully make it much tougher for stolen credentials to be used in the future. The uncomfortable truth, which I have sadly witnessed first hand through a family member losing both assets and self-esteem from such a con, is that unauthorised account access is often just the final act in a harrowing drama played out across a number of interactions - a heady mix of impersonation, misinformation and manipulation. The worry for us all is that a continued focus on the outcome of this scourge means we may miss the most potent antidote to the root cause.

The common thread across unwitting victims is that their ordeal likely began with some form of impersonation. A loved one in need or, in my uncle’s case, a corporate account update that urgently needed his attention. The vast majority of the $1.4 trillion ill-gotten gains exploit our inability to spot the fraud from the familiar. What we learn from this latest SMS swindle is that despite policy shifts in what companies will and won’t send us, a well crafted message or call that preys on our fears will always trump well-intentioned initiatives. We act on fearful instinct despite our cautious angels. Applying a salve to the open sore that is our potentially exploited account does not deal with our ever present inability to verify what’s what, or more critically who’s who, in the face of a scam.

So how do we intend to stop tricksters earlier in their tracks? Perhaps it’s time we shift our attention to the communication channels that are so often the gateway on the road to financial loss. We’ve all gotten used to the neverending need to KYC or OTP to access most online services. Why do we as consumers then not expect our bank to authenticate itself when they wish to communicate with us? The vigilant may have habitualised the Googling of email domains and cross-checking of Caller IDs - but surely this can’t be the failsafe way for us to trust the communication we receive?

A starting point is to ask what role our devices can play, if any? Having swapped an iPhone for Android of late I can personally attest there is a material difference in the capabilities available. Initiatives like Google’s Verified SMS are a valiant attempt to provide us assurance of authenticity, but personal preferences mean only a percentage of us benefit. The rest left to find their own protection to fend off the 3.4 billion smishes in daily circulation. Compounded with the latest ask of businesses for us to “Click and Accept” our role as honorary scam sniffer, we see first hand the struggle to deliver technology that can protect us effectively.

Regulators also have a role to play here, stepping in to help us discern Peter from Paul - pick your own bad guy in this scenario. The call to action has been loud and clear in light of scam losses reaching unsustainable levels for many economies: Thailand, Indonesia, Malaysia and Vietnam lose over 2% of their equivalent GDP to e-bandits each year. Even here in Singapore, so often opined for its high-trust economy, we are haemorrhaging $4,031 on average per citizen, an unwanted first place if ever there was one.

Their response? The removal of unregistered SIMs and an array of sender restrictions has undoubtedly left us safer, but still uneasily reliant on the perfect execution of upstream checks and balances. Combined with new identity authentication like SingVerify we have a patchwork of approaches that continue to treat Digital Trust as a service to, rather than a collaboration with, those they are looking to safeguard. The common thread is that we as consumers still lack the means to control our own destiny in the face of a scam. Maybe it is this that needs to change.

Take organisations’ approach to data breach protection for example - cyber pros have shifted to a zero trust architecture to safeguard their infrastructure and assets. The requirement: validation of anyone, anything, all the time across a digital interaction. An Everything, Everywhere, All At Once if you will. Would making businesses apply these principles to communications they send be a logical next step? Put in practical terms, imagine a world where any message or call you receive provides a way for you to verify who it’s from, whatever the device and whatever the channel used to communicate with you. With one quick check.

This might sound like a wishful bucket list of wants but this capability is in fact already here. Singapore’s lead in tightening up mobile app standards will greatly help homegrown verification platforms like Ping by DedocoTM deliver the foundations for safer omni-channel communication. Secure smartphone apps offer us the dual promise of safe in-app experiences and a verifier-of-record for a broader set of digital interactions. A simple check or notification could displace the threat of impersonation across all channels. Necessity may truly be the mother of invention and save the day.

The question we now need to ask ourselves is are we willing to tolerate a little friction to make this a reality? Having worked in this area for the past year I believe this type of trade-off will be the most impactful way to apply a handbrake on the runaway scam train hurtling toward us. Digital trust can certainly win-out in the face of online threats, but we first must acknowledge that at its core this is a human problem. As such, we must demand the right tools for ourselves as consumers to meet the challenge head on. Governments and corporations will need to provide the means. We may just need to apply pressure to make it happen.


Jason Williamson is founding member of the Singapore Global Anti-Scam Alliance Chapter and VP at PingbyDedoco.com - the first omni-channel verification platform that makes business communication safe, trusted and verifiable for consumers and citizens.

Singtel’s latest anti-scam offering SingVerify sadly arrived a few months too late for the 21 DBS customers robbed of $450,000 back in January.


Read more

LATEST Article

LATEST Case study


Is it time to think differently about Digital Trust in the face of Scams?

One thing we’ve all gotten used to over the past decade is the never-ending need to authenticate ourselves. Be it KYC to get through the door, or OTP to transact once in - the checks, we’re told, are a necessary inconvenience for safe passage to global e-commerce. The logic makes sense - curbing fraud is good for business, and by extension, its customers. As we enter 2024 there is a growing realisation however, that trust is conspicuous by its absence when the boot finds itself on the other foot - and it is our bank or service provider that requires something of us. We can all tap into the uncertainty of a message or call that leaves us unsure of what's what, or most critically who’s who, in the face of a potential scam. Where is the guarantee of authenticity now? Maybe there’s just no money to be made in affording us the basic protections against being defrauded on our own time and dime? A cynical view, perhaps. But if true, where to from here?

The emerging threat

If 2020 to 2022 will be etched into the history books as the COVID Years, there is an argument to be made that 2023 will go down as the Year of the Scam. Whilst SARS-CoV-2 successfully infiltrated the population through infection and injection; scammers leveraged a simple yet effective modal to proliferate their societal virus - impersonation. What is most concerning is their best is yet to come. Weapons of such warfare have just received an upgrade, the all-seeing all-powerful artificial intelligence. AI we’re told will leave us not just dealing with fakes, but deep fakes, which hints at a future where we’ll quickly find ourselves desperately out of our depths.

Maybe the right starting point is to ask how has this opportunistic yet growingly sophisticated bunch of scoundrels managed to generate an income greater than that of Switzerland, and just a shade less than arabian power house Saudi Arabia? Despite scams often relying on the impersonation of loved ones or those in need, the vast majority of the $1.4 trillion (with a T!) ill-gotten gains prey on our inability, as consumers, to spot the fraud from the familiar when we receive a Spoof Sunday Special from Amazon and the likes.

Sounds like there should be a simple fix right? Use communication that allows businesses to securely identify themselves to us, their intended recipient. Problem solved. Oh if it was only that simple. We’ve seen a raft of cumbersome solutions designed to protect messages of value coming our way - Secure Mail in the financial services sector, the poster boy of friction-full attempts to coalesce enterprise-grade security and consumer experience in the pursuit of a safe interaction. Turns out, requiring login to access most content crosses a threshold that makes the juice just not worth the squeeze. Lesson learnt - tools generating assurance for us as a by-product are not going to cut.

Seemingly without a secure scalable alternative we find ourselves asking two old friends to evolve - the ever reliable Email, revered for its accommodating attachments and fine threads and the unassuming SMS, boasting enviable open rates (98% is a pretty good percentage of anything) across any device - both of whom have struggled to make senders known to recipients since the beginning of time. The vigilant have habitualised the Googling of email domains and cross-checking of Caller IDs - but surely this can’t be the failsafe way to bring digital trust to the communication we receive?

The lay of the land - if you know what you’re looking for…

Innovation to secure these channels has been a mixed bag of success at best, and is often dependent on who in the scam food chain you’re asking. Email protection has been rolled out in the shadows since the year 2000, DKIM, SPF and DMARC have seen skewed benefits for diligent organisations and their own legitimate communications - offering scant protection against impersonation executed against the masses. Authentication in this context is not a zero sum game. Scammers play by a different set of rules.

Fancy yourself as an amateur impersonation spotter? See if you can spot the difference between these two fictional Donald Trump campaign websites:

The success of the playfully acronymed BIMI, championed by the who’s who of the email ecosystem, is sadly best gauged by no-one being sure of the assurances it provides. Did you know that an email showing a company's official logo in Gmail is more than just a marketing play? Time will tell whether assured branding will enter our cultural-consciousness for authentic mail, however, its laboured adoption is in no small part down to mail monster Microsoft slow rolling its support. By excluding vast swathes of us simply based on our choice of email provider it's a non-starter for businesses wishing to afford all customers a comparable level of protection.

Speaking of compatibility, SMS has itself seen a ‘device-ive’ war in recent years, with IoS and Android offering up differing probes and protection for our short-message inbox. One of the most promising initiatives, Google’s Verified SMS, looked to offer companies and consumers a similar level of brand identification as BIMI, however, they quickly pivoted toward SMS’s slightly younger and richer (experience for the recipient that is) alternative RCS messaging. A bet on the future that sadly leaves us having to procure our own protection to fend off the 3.4 billion smishes (I hope you can make that a noun) in daily circulation. Add this to the new trend of our favourite apps requesting us to “Click and Accept” our role as honorary ‘Scam Sniffer’ and it’s not surprising that our desire to engage digitally is starting to wane.

The latest roll of the dice is to offer the safety we seek behind the authenticated walled-garden that is our banking and ecommerce apps. Messages doth flow unabated in these noisy echo chambers, the fact we’re only reading 1 in 4 of missives however has marketing and fraud teams asking if their efforts to engage and protect us are even landing. Problems with a One Channel Policy are not just limited to mobile apps - ask an ardent WeChatter whether their bank's WhatsApp for Business channel is the solution and you'll quickly see what a creature of habit looks like. Centralised verified accounts offer promise as a foundation for interactions we can trust but the silver bullet will need to protect all messages as equals. Such a challenge may need a very different approach.

We regulate any stealing of his property (we’re damn good too)

History tells us national threats call for nationwide responses. So dutifully into the trust-vacuum have stepped a raft of higher powers to help us discern Peter from Paul - pick your bad guy in this scenario. And let’s be honest, the call-to-action was loud and clear in light of scam losses reaching unsustainable levels for many economies: Thailand, Indonesia, Malaysia and Vietnam finding themselves losing over 2% of their equivalent GDP to e-bandits. Even Singapore, so often opined for its high-trust economy, found itself haemorrhaging $4,031 on average per citizen, an unwanted first place if ever there was one. Phishing attacks more than doubling every year since 2019 quite simply forced regional governments to kick into gear.

Fig 1: Graph from APWG 2023 Phishing Activity Trends Report showing that Asia is not alone, phishing attacks continue their upward global trajectory

The general approach has seen unregistered SIM cards stripped from national networks, in the belief that swindlers won’t go phishing with a number linked to their identity. Vietnam leant on this limiting factor, only allowing calls or texts from numbers on their national database whilst tightening up their KYC checks for corporate senders. The Philippines followed a similar approach but additionally blocked individuals' ability to send the much vilified clickable links. Malaysia mandated Telco’s to block all SMS containing links, no excuses, whilst Australia turned their attention squarely to system-generated messages, installing gateway gatekeepers - no verified Sender ID, no transit. The impact across the board - less spam hitting our devices. Yet we still find ourselves relying on the perfect execution of these upstream checks and balances. To its credit Singapore’s SSIR initiative has made an attempt to let us know if something is a ‘Likely Scam’ but a quick look under the hood and you’ll see ‘Likely Unscribed’ is just as ‘Likely’ for many messages finding themselves in the dog box.

What we have is a first phase of imperfect approaches that see Digital Trust as a service to, rather than a collaboration with, those who need safeguarding. Common wisdom: avoid single points of failure. 3,500 scam messages slipping through the net in Australia is a timely reminder that mistakes will be possible, if not expected, when relying on a single choke point to stem the tide. Top down thinking, much like the frameworks and protocols before it, looks to deliver trust rather than earn it. Maybe it’s time for a fresh approach for phase two - where consumers have the right to protect themselves?

A new paradigm, of sorts

Lessons from the past are often a good starting playbook for the challenges ahead. The most comparable war is actually being waged in parallel against corporate data the world over, causing a shift in approach by the cybersecurity industry writ large. The concept of a Zero Trust Architecture is now in vogue, demanding that all assets, applications and services are vigilant in the face of both internal and external threats. The requirement: validation of anyone, anything, all the time across a digital interaction. An Everything, Everywhere, All At Once of sorts. Could such a risk-intolerant approach be applied to communication - requiring a message to identify itself and its content each and every time if asked? Hold that thought.

There seems also to be inspiration to be drawn from the global response to a very human challenge - the obesity crisis (bear with me on this one). With nearly a billion people requiring a radical shift in behaviour we started by attacking the pathogen: bad calories in the system. Analogous to the recent spam clearout perhaps? What's hopefully instructive is what came next. With calories under control we moved to empower people with tools - the traffic light system, a shining beacon - helping us to verify the content of our food. Building resilience became about making better decisions with the right information, a proposition perhaps we can apply to communication.

The optimistic among us believe these lessons and legacy limitations point to a framework for empowered decision making in the face of scams - A Recipients Charter if you will:

A healthy shopping list no doubt but an achievable one in light of the ingredients we have to work with. Singapore’s lead to sure-up mobile app standards is a move that, if effectively executed domestically and abroad, will form a critical foundation for the future. Secure smartphone apps offer up the dual promise of safe in-app experiences and a verifier-of-record for a broader set of digital interactions. A simple check can now displace the threat of misdirection and impersonation across any channel. Necessity may truly be the mother of invention and save the day.

Trust in the process

Whatever comes next will bring necessary friction for the consumer. Yet any scam victim will attest this is a small price to pay for protection. Behaviour change theory teaches us we need motivation, opportunity and capability to move a population, so a few billion scam-weary mobile-first citizens should have the first two requirements covered. Now we must deliver the capability. Digital Trust can win-out in the face of online threats, the critical next step is to acknowledge that it always takes two to tango.

One thing we’ve all gotten used to over the past decade is the never-ending need to authenticate ourselves.


Read more

LATEST Article

LATEST Case study


Environment, Sustainability, Governance and Blockchain

1. Introduction to ESG 

What is the purpose of ESG and why is it important? 

Environmental, Social, and Governance (ESG) considerations have become increasingly vital in the business and investment landscape, driven by the urgent need to address global challenges and create a more sustainable future. ESG refers to a framework that assesses organizations' environmental impact, social responsibilities, and corporate governance practices. Its purpose is to evaluate how businesses integrate sustainability into their operations and decision-making processes.

Since the signing of the Paris Agreement in 2015, which marked a significant milestone in global efforts to combat climate change, the importance of ESG has continued to evolve. Emissions in Europe fell 23% below 1990 levels in 2018, and are on track to reduce further to 55% by 2030. A consumer survey conducted by IBM showed that despite the increasing cost of living, 6 in 10 stated that at least half of their purchases were branded environmentally sustainable or socially responsible, indicating that consumers’ commitment to sustainable development remains strong.

In recent years, institutional investors have demonstrated a longstanding interest in ESG considerations. However, the industry now appears to be on the brink of a significant shift, characterized by a growing demand for more detailed and advanced ESG mandates. This shift is driven by an array of pressing factors, including escalating climate risks like the Super El Niño Phenomenon, societal upheaval stemming from the COVID-19 pandemic, and geopolitical tensions such as the war in Ukraine. In response to these challenges, institutions are moving away from passive exclusionary approaches and harnessing new data sources to actively engage with management teams, establish concrete objectives and gauge the measurable impact of their ESG strategies. 

Understanding ESG and the standards 

To effectively evaluate and compare ESG performance, reporting standards and frameworks have evolved and become more robust. Organizations have embraced frameworks such as the Global Reporting Initiative (GRI), the Sustainability Accounting Standards Board (SASB), and the Task Force on Climate-related Financial Disclosures (TCFD). These standards provide guidance on disclosing and measuring ESG metrics, facilitating transparency, comparability, and accountability.

2. Current Problems in ESG Reporting

Despite the progress made, challenges still persist in the collection, auditing, and reporting of ESG data for the stakeholders. To understand the pain points in the industry firsthand, we asked the attendees of Dedoco’s  Blockchain On The Rocks event, “What are the key problems you are currently facing or foresee to face in ESG reporting?”. The responses are summarized as a word cloud in Figure 1.

Figure 1. Survey results from Blockchain on the Rocks event by Dedoco

Based on the response from the attendees, the most common issues of ESG reporting are attributed to high costs, lack of standardization of reporting, and intensive labor requirements. 

Challenges for the reporting companies

One of the primary difficulties lies in the multitude of global reporting standards available, with over 600 reporting provisions globally. This lack of standardization creates complexity and confusion for reporting companies, as each standard has its own requirements, metrics, and reporting guidelines, making it challenging for companies to determine which standards are most relevant and applicable to their specific industry and operations. 

Additionally, gathering ESG data can be a highly manual and resource-intensive process. A survey conducted on 2,200 executives showed that 73% of them agreed that the high demand for manual data-gathering processes is holding back their organization’s ESG efforts. Companies often struggle to collect the necessary data from disparate sources within their organization, such as financial systems, operational records, and employee surveys. This data-gathering process can be time-consuming and prone to errors, making it difficult to ensure the accuracy and completeness of the reported information. Furthermore, companies may face challenges in aligning their data collection processes with the specific metrics and reporting requirements of the chosen ESG standards. 

Carbon credits emerge as a vital mechanism in the quest for achieving net-zero emissions. They represent measurable reductions in emissions that can be acquired to offset equivalent emissions elsewhere. The concept of net zero aims to balance total emissions by achieving equal reductions or removals, resulting in a climate-neutral impact. It is important to differentiate between offset and avoidance credits. Offset credits originate from projects actively reducing or removing emissions, such as renewable energy installations or reforestation initiatives. They counterbalance emissions by creating carbon sinks or preventing emissions that would have occurred. In contrast, avoidance credits focus on preventing emissions through sustainable practices and cleaner technologies. Both types of credits contribute to the journey towards net zero, driving emissions reductions and promoting sustainable development. Therefore, carbon credits are a crucial tool in transitioning to a carbon-neutral future.

Challenges for investors

Investors face their own set of challenges when it comes to ESG reporting. One significant concern is the issue of greenwashing, where companies present a misleading or exaggerated picture of their ESG performance. This can make it difficult for investors to accurately assess a company’s true sustainability practices and the impact of their investments. Without robust and standardized reporting data, investors struggle to differentiate between companies genuinely prioritizing sustainability and those merely making superficial or unsubstantiated claims. 

Another challenge for investors is the lack of transparency and consistency in ESG reporting data points. Due to the non-standardized reporting standards, companies often report different ESG metrics. The lack of consistent data standards hampers meaningful analysis and benchmarking, limiting investors’ ability to make informed decisions based on reliable and comparable information. Furthermore, the non-transparent and vague nature of reported data hinders the ability of funds to allocate capital towards companies that align with their ESG goals and may result in missed opportunities to support sustainable businesses. 

Addressing these challenges requires concerted efforts from reporting companies, investors, and regulatory bodies. Standardization of reporting standards, increased transparency, and the development of robust data collection and verification processes are key steps toward overcoming these obstacles. By establishing clear guidelines, enhancing data quality, and fostering accountability, the ESG reporting landscape can become more reliable, accessible, and conducive to sustainable decision-making.

3. Blockchain 

Blockchain is a revolutionary amalgamation of cryptographic techniques designed to establish a decentralized ledger that is resistant to unauthorized alterations. Its functionalities extend beyond the realm of cryptocurrencies, enabling the peer-to-peer exchange of digital assets and data. While blockchain gained prominence through cryptocurrencies, it has evolved to offer numerous other use cases. Over the past decade, enterprises have undertaken experiments utilizing blockchain for their operational workflows. As the focus on Environmental, Social, and Governance (ESG) practices intensifies, it is now crucial to leverage insights garnered from these experiments to enhance ESG tracking and reporting processes.

Cryptography plays a pivotal role within the blockchain ecosystem, employing various mechanisms to ensure security. At its core, cryptography facilitates the digital signing of transactions, enabling verification of the sender's authenticity. Furthermore, it is instrumental in establishing an unbreakable "chain" of data. Each block within the blockchain is cryptographically hashed, creating a unique digital fingerprint that serves as the header for the subsequent block. Retroactively altering any transaction would modify the hash of the affected block, thereby impacting the hashes of all subsequent blocks. This disruption in the chain ensures that tampering becomes easily detectable. In order to avoid detection, an attacker would need to replace the hashes of all blocks. Given the distributed nature of blockchain, the attacker will have to take over a majority of the network in order to make such changes. Thus, blockchain data is generally seen as tamperproof.

Blockchain and ESG

By harnessing the potential of blockchain technology, management can seize the opportunity to fortify their organizations' ESG initiatives. Blockchain facilitates the establishment of an auditable and transparent system for tracking ESG milestones and reporting progress. It enhances the reliability and accuracy of ESG reporting by providing a trustworthy and immutable record of sustainability efforts. Additionally, blockchain offers benefits such as improved transparency, enhanced data security, and the ability to track provenance within supply chains

As organizations face mounting pressure to elevate their standards and accountability in the realm of ESG, blockchain emerges as a powerful tool to drive positive change. By leveraging blockchain's inherent features of immutability, transparency, and trust, management can propel their organizations toward a more sustainable and responsible future. Current ESG systems face shortcomings in data accuracy, transparency, and trust. Blockchain holds immense potential to address these challenges and revolutionize ESG reporting, some examples include:

  • Enhanced Data Accuracy and Transparency By utilizing blockchain technology, ESG-related information can be securely recorded, verified, and shared across multiple stakeholders in a transparent manner. This ensures that data is tamper-proof and eliminates the need for intermediaries, reducing the risk of data manipulation and increasing trust in the reported metrics. Moreover, blockchain-based smart contracts enable automated validation and enforcement of predefined ESG criteria, further enhancing accuracy and reducing human error.
  • Supply Chain Traceability and Provenance ESG reporting often involves complex supply chains with numerous stakeholders. Blockchain can enable end-to-end traceability and provenance verification by recording every transaction and event within the supply chain. This allows organizations to track the environmental and social impacts of their products or services, ensuring compliance with sustainable practices. By providing a transparent and auditable record, blockchain enables consumers and investors to make informed decisions based on verifiable ESG information.
  • Improved Stakeholder Engagement Blockchain technology fosters increased stakeholder engagement by creating a shared ecosystem for ESG data. Through decentralized networks, stakeholders such as investors, regulators, NGOs, and consumers can access reliable and up-to-date ESG information. This transparency empowers stakeholders to actively participate in monitoring and influencing corporate sustainability practices. Additionally, blockchain-based platforms can incentivize stakeholders to contribute their own ESG data, creating a more comprehensive and accurate picture of an organization's impact.
  • Enhanced ESG Assurance and Auditing The auditing process plays a crucial role in ensuring the reliability of ESG reports. Blockchain technology can streamline and automate the auditing process, making it more efficient and cost-effective. With the integration of smart contracts and cryptographic algorithms, auditors can securely access and verify ESG data directly from the blockchain, eliminating the need for manual data collection and reconciliation. This automated process enhances auditability, reduces the risk of fraud, and improves the overall assurance of ESG reporting.
  • Tokenization and Impact Investing Blockchain's ability to tokenize assets opens up new possibilities for impact investing and incentivizing sustainable behaviors. Tokenization allows the representation of assets such as carbon credits, renewable energy certificates, or social impact projects on a blockchain. This enables fractional ownership, liquidity, and seamless transferability of ESG-related assets, facilitating innovative financing models and promoting investments in sustainable initiatives.

4. Blockchain use cases for ESG

Although the possible applications of blockchain on ESG are broad, most attempts in the real world are limited to two main use cases.

Data tracking and supply chain provenance

One of the significant benefits of utilizing blockchain technology in supply chain provenance is the ability to map out the entire value chain. Blockchain provides a decentralized and immutable ledger that records transactions and data at every stage of the supply chain. This mapping capability offers full visibility into the movement and transformation of goods, enabling stakeholders to track and verify the origin, authenticity, and quality of products. By ensuring transparency and traceability, blockchain enhances trust among trading partners and consumers.

Furthermore, blockchain enables complete data transparency within the supply chain. All relevant information, including certifications, test results, and environmental impact data, can be securely stored and accessed by authorized participants. This transparency empowers companies to gather granular data on the carbon footprint of their products and attributes it to the product level accurately. By capturing detailed information at each stage, blockchain facilitates the calculation of carbon emissions, facilitating effective environmental management and sustainability reporting.

However, integrating blockchain into the entire supply chain system poses challenges. One major hurdle is the requirement for integration with various enterprise resource planning (ERP) software systems and trading partners. Achieving seamless connectivity and interoperability across diverse platforms and stakeholders can be a complex and time-consuming process. It demands significant coordination and collaboration to ensure all participants are onboarded and their systems can interact with the blockchain network effectively.

Additionally, the creation of a blockchain-based supply chain provenance system incurs substantial costs. Developing and implementing a robust blockchain infrastructure requires substantial investments in technology, resources, and expertise. The costs associated with designing, deploying, and maintaining the system can be high, particularly considering the need to ensure scalability, security, and continuous operation. Moreover, ongoing maintenance and updates to address emerging challenges and evolving technology can further contribute to the overall cost burden. Below are some real-world examples of the use of blockchain for supply chain and data tracking:

  • World Economic Forum (WEF): The WEF has been actively exploring the application of blockchain principles to improve ESG systems. Their efforts aim to leverage blockchain's capabilities to enhance the accuracy, traceability, and accessibility of ESG data, ultimately fostering greater trust among stakeholders.
  • Kaleido: Kaleido, a blockchain platform provider, is working on maximizing ESG impact by enabling companies to record, share, and track sustainable efforts throughout their supply chains. Their blockchain solution offers a secure and efficient way to measure impact and attract value-based investments.
  • IBM: IBM has collaborated with organizations like Nestlé, Unilever, and Walmart to develop blockchain-based supply chain platforms that enhance traceability and sustainability. These platforms enable real-time monitoring and verification of ESG-related data, ensuring compliance with responsible sourcing practices
  • Everledger: Everledger, a global leader in blockchain-based supply chain solutions, focuses on the traceability of high-value assets, including diamonds and fine wines. By leveraging blockchain, Everledger ensures transparency and ethical sourcing, contributing to the overall ESG goals of the industries it serves.
  • Data Gumbo and Topl: These two Houston-based blockchain technology companies have partnered to help corporations report timely and accurate ESG data. Their integrated platform enables companies to track and report ESG metrics, providing evidence-based progress reports to external stakeholders.

Tokenization of carbon credits or similar

Tokenization can help to enhance efficiency and disintermediation in the Voluntary Carbon Market. Utilizing blockchain technology enables direct peer-to-peer transactions for carbon credits, eliminating the need for intermediaries. This streamlined approach reduces transaction costs and enhances operational efficiency. Additionally, the absence of intermediaries decreases the risk of fraud as trust is established through the transparent and immutable nature of the blockchain.

Another key benefit is the ability to eliminate double counting: The public ledger feature of blockchain simplifies the identification and prevention of double counting in carbon credit claims. Double counting occurs when multiple sustainability claims are made on the same carbon credit, leading to inaccuracies and potentially fraudulent activities. With blockchain, each transaction is recorded on a publicly accessible ledger, ensuring clear traceability of ownership and retirement of carbon credits. This enhances transparency in the verification process and minimizes the risk of double counting.

Lastly, fractionalization unlocks key potentials in the carbon market: Blockchain tokenization enables fractional ownership of carbon credits, making them more accessible to smaller retailers and individuals. This division of carbon credits into smaller units facilitates flexible purchasing, selling, and retirement options. Industries such as retail and transportation, which require sub-tonne carbon credits to offset specific carbon footprints, can benefit from the granularity provided by tokenization. For example, a retailer can offset the precise carbon emissions associated with the production of a single pair of shoes, while a traveler can offset the carbon footprint of a specific flight. Tokenization enables precise and targeted carbon offsetting efforts.

However, there are limitations associated with blockchain tokenization of carbon credits. One critique of tokenization is that it provides renewed attention to "non-additional" credits that would typically be disregarded in the market. Non-additional credits refer to those generated from projects that did not require financial incentives to implement emission reduction measures. Such credits are generally perceived as having minimal to no environmental impact. Below are examples of how tokenization is used in ESG:

  • International Finance Corp (IFC): The IFC, a World Bank affiliate, has partnered with Aspiration, Chia Network, and Cultivo to launch the Carbon Opportunities Fund. This blockchain-enabled platform aims to attract institutional investors to support climate-friendly projects in emerging markets by tokenizing and tracking carbon credits using blockchain technology. The platform seeks to address concerns about the origin and environmental benefits of traded credits and encourage more institutional capital to participate.
  • Securitize: Securitize is a leading blockchain-based platform that tokenizes real-world assets, including renewable energy projects and sustainable real estate. By enabling fractional ownership and simplifying the investment process, Securitize promotes ESG-focused investing.
  • ClimateTrade: ClimateTrade is leveraging blockchain to create a transparent marketplace for carbon offsetting. Their platform allows companies and individuals to trade certified carbon credits, facilitating investment in environmental projects and promoting sustainable practices.
  • Toucan and Topl: These startups are leveraging blockchain technology to enhance the transparency and reliability of carbon credits. By incorporating blockchain into climate initiatives, they aim to address the lack of transparency in carbon markets and ensure that funded projects effectively reduce carbon emissions.
  • Flowcarbon: Flowcarbon is a blockchain-enabled carbon credits trading firm that aims to tokenize carbon credits and leverage Web3 technology to protect natural carbon sinks. It seeks to address the fragmented and opaque nature of the voluntary carbon market by increasing transparency and democratizing access to offsets. The company focuses on nature-based projects such as reforestation and conservation.
  • Moss: Moss is a Brazilian startup known for its blockchain carbon credit token called MCO2. Each MCO2 token represents one carbon credit, equivalent to one metric ton of CO2 prevented from being emitted into the atmosphere. Moss has facilitated transactions and contributed to the conservation of trees in the Amazon through verified programs. It has partnered with GOL, Brazil's largest airline, to enable customers to offset their emissions by purchasing MCO2 tokens.

Other than carbon credits, renewable Energy Certifications or RECs are another area being tokenized with blockchain technology. Here are some examples:

  • RED: RED (Renewable Energy Database) is a blockchain-based platform that aims to provide transparency and trust in the renewable energy market. It allows users to tokenize and trade RECs, ensuring the provenance and impact of renewable energy sources.
  • Power Ledger: Power Ledger is another company utilizing blockchain for RECs. Their platform enables peer-to-peer energy trading and tracking of renewable energy generation and consumption. By leveraging blockchain, Power Ledger ensures transparency and efficiency in REC transactions.
  • WePower: WePower is focused on democratizing access to renewable energy through blockchain technology. Their platform allows renewable energy producers to tokenize and sell future energy production as RECs. Buyers can then purchase these tokens and offset their energy consumption with renewable energy.
  • enerT: enerT is a Hyperledger Fabric-based solution that tokenizes energy certificates. It creates a consumer-focused marketplace for trading and exchanging RECs.

Projects in Singapore

  • Project Greenprint: Project Greenprint is a MAS-initiated collection of initiatives that aims to utilize technology and data to create a more transparent, trusted, and efficient ESG ecosystem to enable green and sustainable finance. There are four pillars to the project, a disclosure platform (see ESGenome below), a data registry (see ESGpedia below), a data orchestrator, and a data marketplace.
  • SGX ESGenome: A disclosure platform for ESG. It enables companies to report metrics aligned with global standards and frameworks, ensuring regulatory compliance that meets investor needs for consistent and comparable ESG data. Ran by the Singapore Stock Exchange for listed companies.
  • STACS ESGpedia: A one-stop registry of ESG data and certifications. ESGpedia aggregates, records, and maintains the provenance of holistic and forward-looking  environmental, social, and governance (ESG) certifications and data of companies across various sectors and globally verified sources on a single registry, utilizing blockchain technology to ensure security and ease of access by different users.

5. The Dedoco Trust Engine

Blockchain technology alone cannot provide the complete solution to ESG. It needs to work in synergy with existing systems. A good solution, in this case, would impose minimal disruptions to existing processes and allow easy integrations.  However, most existing solutions for enterprise blockchain do not provide that. Utilizing blockchain technology has remained a daunting task for most enterprises. We discuss the challenges below:

The Challenge for Enterprises to adopt blockchain 

Traditional and legacy enterprises have faced challenges when it comes to integrating with blockchain technology. Despite the availability of privacy features offered by permissioned blockchain technologies like Hyperledger and Corda, these enterprises are often hesitant to send their data into a shared and replicated database. This is especially true for companies that deal with highly sensitive and heavily regulated data, such as healthcare providers. 

Additionally, designing a blockchain solution is a highly intensive process that requires significant resources to build out a full-scale solution. Enterprises need to gain buy-in from multiple stakeholders in the ecosystem and hire experienced blockchain developers to deploy and manage the system. 

Figure 2. Comparing Dedoco Trust Engine to traditional enterprise systems and enterprise blockchain

The current blockchain ecosystem is highly fragmented. 

Despite blockchain's value proposition of creating an interoperable ecosystem, the current landscape is highly fragmented and isolated from each other with multiple private consortiums built by large multinational corporations and smaller players deployed on their own networks.

Introducing Dedoco Trust Engine

The Dedoco Trust Engine is a blockchain-based solution that enables businesses to securely store, manage, and verify documents across multiple networks.

It provides a simple yet powerful API integration that allows businesses across various industries to seamlessly write and read blockchain data, and manage information exchange. With this singular solution, enterprises can reap the benefits of enhanced security, transparency, and trust without blockchain expertise. We address the current challenges of Web2 and Enterprise blockchain systems as shown in Figure 2.

Enhanced data/document privacy

DTE separates the document or data from the blockchain provenance. This means that sensitive documents that need to be trusted and shared within the ecosystem are not directly stored on the blockchain. Instead, we only store the document hashes and all business processes that are applied to the document.

This alternative approach ensures that only the document holders can get access to the information contained within the document and also verify its audit trail. Figure 3 demonstrates this process.

Figure 3. Retaining document privacy on the Dedoco Trust Engine

Deploy without blockchain expertise

The Dedoco Trust Engine is designed with the intention of creating an easy-to-use set of APIs for any business to be able to tap into blockchain features via smart contracts.

The APIs are made available as a Web2-friendly environment that is able to be integrated into any existing infrastructures and enterprise software without having to deal with the blockchain components.

Modular & Incremental Adoption 

As opposed to private consortiums when ecosystem members are required to undergo intensive integration and data migration, the Dedoco Trust Engine allows users to take a modular approach when integrating with Dedoco Trust Engine. This means that a company can start with the most basic functionalities with a simple API request, and incrementally add on more smart contract features on the go based on the business requirements.

Dedoco Trust Engine API: Multi-Chain Interoperability

Figure 4. Components of the DTE architecture

The Dedoco Trust Engine enables business applications to call the API service with different requests to write and read the blockchain data. The blockchain data is indexed and consolidated, making it easy for users to query. Acting as a moderator to the API requests, it uses indexed data to post and retrieve the information to the various connected blockchain networks. This unique feature allows for the verification of documents on Dedoco across different networks using one single API. These interactions are shown in Figure 4. 

Business Optimised Smart Contracts

DTE allows users to read and write smart contracts that are catered toward business processes. These include document hashing, transaction signing, business attestations, certificate issuance, ownership transfers, revocations, and verification.

Multiple Blockchain Connections

To cater to differing customization needs by different user demographics, our smart contracts are deployed on various blockchain networks such as Polygon Matic network and Hedera Hashgraph. DTE acts as an orchestrator for the information flows between and within each network.

With the cross-chain query feature, stakeholders are not restricted to deploying on a specific chain. In the case of supply chain management, any company can now sync data with each other on the blockchain without having to join a private consortium network. Users of the trust engine will not need to interface with each specific blockchain and will tap into their functions via the DTE APIs. See Figure 5.

Figure 5. DTE, the multi-chain orchestrator

Benefits of using DTE 

  1. Enhanced security & traceability: the immutable record cannot be tampered with, and the end-to-end encryption helps to prevent fraud and unauthorized activities. An audit trail documents the provenance of an asset and all actions taken to it at every step of its journey. This audit trail can be used as proof for industries that requires a provenance system due to regulations, or when the consumers want to see the audit trail for ESG purposes.
  2. Digitalisation: Traditional paper-based processes are highly time-consuming, prone to human error, and often require third-party mediation. The shared and replicated ledger on the blockchain acts as one source of truth, eliminating the need for paper exchange, and streamlining the settlement process.
  3. Automation: Smart contracts can automate transactions and settlements. It acts as a parametric solution that automatically triggers a process once pre-specified conditions are met. This reduces the reliance of a middleman to oversee the process that requires significant lead time.

Supply Chain Management 

One example of a DTE application is in supply chain management. Visibility remains a challenge in large supply chains in large supply chains involving complex transactions. Current ERP systems are not able to reliably connect information flows, inventory flows, and financial flows between stakeholders of the supply chain which makes it difficult to eliminate execution errors and resolve supply chain conflicts.

Often, large organizations may have more than 100 legacy ERP systems with multiple ledgers in each ERP system that does not easily communicate with one another.

With DTE, companies are able to break the data silos by integrating with all these ERP systems and query data with a single call. 

Additionally, unique identifiers can be assigned to assets such as inventory, orders, loans, and bills of lading and participants are able to create digital signatures to sign the blocks they add to the blockchain. The end-to-end process of the transaction is stored on the blockchain which creates a traceable and verifiable audit trail.

Proposed ESG Solutions with DTE

In this section we explore some possible solutions for ESG with DTE. 

Solution 1: Data Exchange 

One concern regarding ESG reporting requirements is the associated costs. For instance, the Singapore Stock Exchange mandates 27 reporting metrics for listed companies, encompassing areas such as carbon emissions, human resource statistics, and corporate governance. Large enterprises often need to gather this data from multiple disparate systems, leading to a substantial allocation of resources for data validation and auditing. Notably, it has been found that companies spend an average of around half a million USD solely on climate-related disclosures.

Figure 6. DTE, data orchestrator for ESG reporting

To streamline the disclosure and audit process, we propose the use of DTE as a platform for verified data exchange. With this approach, ESG data can be collected at the source and authenticated by machines or pre-endorsed by key stakeholders involved in the process. This method reduces the effort required to validate the data and facilitates the connection of certification reports to the source data, simplifying the overall process. By adopting DTE, organizations can enhance the efficiency and reliability of their ESG reporting while mitigating the associated costs.

Figure 6 provides an example of how the DTE can act as a data orchestrator between the reporting organization systems, auditors/certification bodies, and the reporting platform:

Challenges with this approach:

  1. Trust in the data source - as data would come from multiple sources, there may be a lack of trust in the data. This can be addressed in two way, with data collected from machines and sensors, one can integrate this directly to DTE APIs this would capture the data as it is generated and ensure tamper-proofing. The second way is to have the data certified by a human being involved in the process, this would be equivalent to a sign-off and makes the person liable for the information provided.
  2. Data privacy - Data collected in its raw from may be sensitive from a both a personal or organizational data privacy perspective. One approach to mitigate this would be to separate the data source from the data evidence as described above with DTE. Another possible solution would be to use privacy-enhancing approaches such as zero-knowledge.

Solution 2: Retail Carbon Avoidance Tracking

ESG applications primarily focus on disclosures and reporting to comply with regulatory requirements imposed on listed companies and other corporations. However, this is just the beginning, as the world is progressing toward achieving net-zero emissions and the demand for carbon credits is increasing. To address this, we need to explore additional avenues beyond green farms.

Opportunities exist for pro-environment retailers and corporations to support customers' environmental contributions and generate avoidance credits through innovative initiatives. Examples of such initiatives include promoting the use of second-hand and reusable goods. Corporations can leverage this opportunity by engaging in activities that generate avoidance credits, such as through sponsorships or internal corporate social responsibility (CSR) initiatives.

Use case: Reusable cups

Everytime a reusable cup is used instead of a disposable one, about 40g of CO2 emissions are reduced. Each year the average office worker can use about 500 disposable coffee cups. The amount of environmental impact can add up and can create valuable carbon avoidance credits. One ton of CO2 emissions can be offset with 50 workers switching to reusable cups. An enterprise can provide reusable cups in their office for its staff to use to generate these credits. However, the main challenge is the recognition of these credits. For any carbon credit issuance body to recognise this, it data needs to be trusted and verifiable. 

To demonstrate how we can do this, we propose a simple process integrated with DTE where participating cafes can scan a QR code at the point of sales whenever a reusable cup is used. See figure 7 for a proposed workflow.

Cafes will be given access to a Cafe App which requires authentication. Use of a reusable cup can only be captured via the Cafe App and not the cup holder directly. By using the reusable cups provided by their company, employees can contribute to the accumulation of carbon credits. The use of DTE and blockchain creates a transparent and verifiable process which ESG auditors can rely on. 

Figure 7. Reusable cups use case with DTE


  1. Standardization/ecosystem - a substantial group of cafes needs to be involved or use a common standard for this to generate substantial network externalities
  2. Collusion with Cafes is possible - if the app is used by the cup-user to generate carbon avoidance credits, collusion with cafes may be possible to fake the use of cups. There will need to be a strict and monitored process to ensure that this does not happen.
  3. Integration with a carbon credits issuer - there would be a need to integrate with a standard body that recognizes the generation of these avoidance credits as well as being able to issue these credits in a form that would be usable by corporates.

Solution 3: Dynamic ESG Certifications

Certification reports are mostly static and do not provide the provenance of disclosure data and how they are collected. We propose a blockchain-based certificate and the tracking of pre-cert and post-cert processes using DTE.  Figure 8 demonstrates how an ESG cert can be tied to data sources, disclosures, and reports. This can provide assurance and reduce validation time for entities that need to ascertain the organization’s ESG metrics such as banks or stock exchanges. 


Figure 8. Dynamic verifiable certificates for ESG with DT

Access management and authentication - as various stakeholders are involved in the process, there would be a need to ensure that special rights, to write different types of data onto blockchain, are only given to the right people. There would be a need to ensure proper authentication to prevent misrepresentation and ensure that the data can be trusted. Integrations with different forms of DIDs (decentralized identity) or centralized identity providers (such as LDAPs orational identity systems) could be possible solutions. 

6. Conclusion

As the world increasingly focuses on Environmental, Social, and Governance (ESG) reporting, organizations are seeking cost-effective and efficient solutions to meet reporting requirements and achieve zero-emission targets. The complexity of ESG reporting and the necessity for trustworthy data in green financing make technologies like blockchain particularly promising. Blockchain has the potential to streamline ESG reporting processes for enterprises, making them more accessible and palatable.

Currently, many organizations are burdened by their existing systems and processes, and a complete overhaul to meet ESG requirements might be challenging. Instead, the way forward lies in integrations. Integrating blockchain technology through low-disruption API interfaces can enable enterprises to achieve their ESG targets more effectively. By providing low-disruption API integrations with blockchain, DTE aims to help enterprises achieve their ESG targets.

This paper suggests different approaches where blockchain can help to enhance the process. As technology evolves, the intersection of blockchain with AI and IoT can offer even more synergies, further enhancing ESG reporting capabilities/ It is evident that blockchain can significantly contribute to the advancement of ESG reporting, improving data integrity and transparency while aiding organizations in meeting their sustainability goals. As technology continues to evolve, blockchain's potential synergies with other emerging technologies hold promise for further enhancing the ESG reporting landscape.

7. Acknowledgments

We would like to express our heartfelt appreciation to all the participants of Dedoco's Blockchain on the Rocks event, held on May 31, 2023. Their valuable contributions and engaging discussions on Environmental, Social, and Governance (ESG) matters have served as a great source of inspiration for the development of this paper. In addition, we extend our gratitude to the clients and partners with whom we had insightful conversations regarding ESG and its various use cases. Their valuable input and collaboration have significantly enhanced the overall depth and quality of this paper. Lastly, we commend the entire team at Dedoco for their dedicated efforts and unwavering support throughout the process. Each member has played a vital role in making this endeavor a reality, and we acknowledge their hard work and commitment.

We are truly grateful for the valuable contributions, collaborative efforts, and support from all those involved. Their involvement has greatly enriched our understanding and approach towards the subject of ESG, empowering us to make meaningful progress in this field.

8. About Us


Built on the Dedoco Trust Engine, our Dedoco platform is secure, tamper-proof, and convenient. The Dedoco platform offers flexibility for documents to reside securely with clients while protecting the integrity of your document records on-chain. Know at the click of a button, how your document and workflow changed hands, along with the chain of custody.

Our mission is to help you embed trust in your documents and processes, which will enable you to pass this trust assurance over to your brand and people. With Dedoco, you and your customers can be confident that your documents are secure, reliable, and trustworthy.

In the last 2 years, Dedoco has grown from a start-up with HQ in Singapore to having offices in Malaysia, Australia, and the US. It raised S$3.3 mil in seed funding led by Vertex Ventures SEA. Dedoco was one of the first digital signing application providers to offer “Sign with Singpass” which allows users to digitally sign documents, an initiative rolled out by the Government Technology Agency of Singapore. Dedoco has earned ISO27001 certification and is IMDA accredited. Today, Dedoco serves over 150 customers in Asia-Pacific across multiple sectors such as Banking and Finance, Real-Estate, Government; Public sector, and Professional Services.


deLab is the innovation hub of Dedoco, which offers Web3-enabled, ready-to-use, and custom solutions to organizations of all sizes. Established in 2020, Dedoco harnesses the power of Web3 technology for Enterprise Trust, providing customers with true ownership of their documents and digital assets. Dedoco's team of blockchain consultants has proven experience in finding use cases to transform your business.

Environmental, Social, and Governance (ESG) considerations have become increasingly vital in the business and investment landscape, driven by the urgent need...


Read more

LATEST Article

LATEST Case study


Building Consumer Trust in Today’s Digital Market

Data has powered the growth of the internet for decades by delivering innovative tools and services for consumers and businesses to connect and communicate. Today, the economy is increasingly fueled by the free exchange of data. Global data flows now contribute more to worldwide growth than trade in goods. The U.S. Chamber of Commerce has said that international trade by data flows reached nearly $700 billion in exports from the U.S. and nearly $500 billion in imports.

This continuously growing volume of data presents new challenges — as well as new opportunities — for organizations to build consumer trust. Governments around the world are paying attention to data privacy and responding with new regulations. But relying on regulations alone is simply not enough in an age when data is the currency of our digital economy.

Data flows as the backbone of the economy

Data-driven advertising is one example of how data flow plays an important role in the modern economy by supporting and subsidizing the content and services consumers expect and rely on, including video, news, music and more. Data-driven advertising also allows consumers to access these resources at little or no cost to them, while enabling small publishers and startup companies to compete in the marketplace against the internet’s largest players.

On the global scale, data flow is critical to the trans-Atlantic economic relationship and for all companies large and small across all sectors of the economy. More data travels between the United States and Europe than anywhere else in the world, enabling a $7.1 trillion U.S.-EU economic relationship, per the U.S. Chamber of Commerce.

Half of all data flows in both regions are trans-Atlantic transfers. The trans-Atlantic data flows are so critical that to facilitate them, the United States and the European Commission have recently established a Trans-Atlantic Data Privacy Framework. This framework underscores our shared commitment to privacy, data protection, the rule of law and our collective security, as well as our mutual recognition of the importance of trans-Atlantic data flows to our respective citizens, economies, and societies.

The amount of data we produce every day is truly mind-boggling. There are 2.5 quintillion bytes of data created each day at our current pace, but that pace is only accelerating with the growth of things like mobile and the Internet of Things (IoT). Over the last two years alone, we have generated 90% of the data in the world and 75% of that data is unstructured. In other words, most of the data is random and difficult to index — and it’s presenting new opportunities, as well as new problems, for marketers, scientists, regulators and corporate security and operations teams alike.

For security professionals, the increased volumes of data mean there is a higher and more profound responsibility to protect customers’ security and privacy, to use the data appropriately and to ensure that any actions don’t inadvertently compromise the customers’ wants and needs. However, turning on the TV or opening a newspaper (or a tablet) on any given day reveals headlines that scream of another company, large or small, that has been targeted or significantly damaged by hackers. Data breach notifications are commonplace now, but in reality, we have been talking about breach fatigue as far back as 2014.

Regulations matter — but are not enough

Privacy is the currency we pay to engage in our digital ecosystem. We must give up something (personal data) to get something (services) for free. But we also understand that consumers need assurance they can count on the privacy and the safety of their information.

It’s clear that governments, attorneys general, federal law enforcement, media, academia and weary citizens all want answers. Not surprisingly, 2020 became a momentous year for data protection laws around the globe, with new fines levied on companies for security and privacy breaches, as well as new laws created. Some examples of new regulations include:

  • Brazil’s Lei Geral de Proteção de Dados (LGPD)
  • Thailand’s Personal Data Protection Act (PDPA)
  • Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)
  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

All these protections are great, but the regulations have raised concerns that a patchwork of differing frameworks around the world will prove unworkable. Without a consistent global privacy and security standard, the patchwork of laws has resulted in:

  • Consumer confusion about what protections they have.
  • Organizations’ failure to meet consumers’ expectations about their digital privacy and security choices.
  • Substantial challenges for businesses trying to comply with these laws.

While the law is a powerful element, alone it cannot address the many nuanced scenarios that arise in the digital market. The future technological environment will be made up of an interdependent ecosystem of legislators, corporations, IT developers and individuals. Each should be equally responsible for shaping this environment and any imbalance of power risks its sustainability.

An opportunity for businesses

We need organizations to self-regulate and develop a new ethical approach to handling the personal data they collect. The compliance problem that the disparate laws present for businesses is not likely to disappear anytime soon. And we know that the existing patchwork of privacy laws in the world has not served consumers well and will lead to more unintended consequences and harm.

While these new laws will not be quick in coming — regulations are notoriously slow to adapt to new technological challenges — software companies and their corporate customers shouldn’t wait to act. Additionally, taking into consideration the remote workforce now, companies must focus on embedding security processes and technologies into their design and data lifecycle as early and as often as possible. Organizations need to connect the resources spent on privacy and security to the volume and complexity of the data they seek to protect.

Many technology designers either put the onus on the users to protect themselves or take the responsibility out of the users’ hands in some unexplained way. Users are left with a lack of understanding of what’s needed from them and the result is a dwindling trust in the technology.

But it doesn’t have to be like this. Businesses have a big opportunity to build trust in their technology through a people-centric approach to security and still allow their users to work effectively and securely without limiting the use of data or expecting them to be security or data privacy experts.



Read more

LATEST Article

LATEST Case study


Embracing Digital Trust: Unleashing the Power of Blockchain for Business Processes

In today's interconnected world, where digital transactions and data exchanges have become the norm, trust has emerged as the cornerstone of successful business operations. Companies that prioritize establishing and maintaining digital trust gain a competitive advantage in the marketplace. One technology that has revolutionized digital trust is blockchain. This decentralized and immutable ledger has gained significant traction across industries due to its unparalleled security and transparency. In this article, we will explore the importance of digital trust in business processes, outline the benefits it brings, and delve into why blockchain is the preferred choice for fostering digital trust.

Importance of Digital Trust in Business Processes:

Digital trust encompasses the confidence and reliance that businesses and individuals have in the integrity, security, and reliability of digital interactions. In an era plagued by data breaches, privacy concerns, and online fraud, fostering trust has become a pressing need for organizations. Establishing digital trust in business processes has several key benefits:

  1. Enhanced Customer Confidence: Trust is the bedrock of successful customer relationships. By prioritizing digital trust, companies demonstrate their commitment to safeguarding customer data and ensuring secure transactions. This, in turn, fosters customer confidence, leading to increased customer loyalty and repeat business.
  2. Strengthened Partnerships: Trust is not limited to customer relationships but extends to partnerships with suppliers, vendors, and other stakeholders. Establishing digital trust can help build stronger and more collaborative partnerships, driving innovation and mutual growth.
  3. Regulatory Compliance: With an ever-increasing focus on data protection and privacy regulations, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), companies that prioritize digital trust can ensure compliance and avoid legal and financial repercussions.
  4. Operational Efficiency: Trust is a catalyst for streamlining business processes. By eliminating unnecessary intermediaries, reducing transaction costs, and enhancing transparency, digital trust enables organizations to optimize their operations and improve efficiency.

Why Blockchain is the Choice of Digital Trust:

Blockchain technology has emerged as the preferred solution for fostering digital trust in business processes due to several compelling reasons:

  1. Immutability and Transparency: Blockchain's decentralized nature and cryptographic algorithms ensure that once information is recorded on the blockchain, it cannot be tampered with. This immutability and transparency provide an auditable trail of every transaction, enhancing trust among all participants.
  2. Enhanced Security: Blockchain's use of cryptographic techniques and consensus mechanisms makes it highly secure. The distributed nature of the technology makes it resistant to hacking, fraud, and unauthorized access, reducing the risk of data breaches and ensuring the integrity of digital interactions.
  3. Trust through Consensus: Blockchain achieves trust through consensus mechanisms, such as proof-of-work or proof-of-stake, where participants validate and agree on the state of the ledger. This eliminates the need for intermediaries, reducing costs and enhancing trust among participants.
  4. Decentralization and Resilience: Blockchain operates on a distributed network of nodes, making it resilient to single points of failure. The decentralized nature of blockchain ensures that no single entity can control or manipulate the data, enhancing trust in the system.


In an increasingly digital and interconnected world, establishing digital trust is paramount for organizations across industries. By embracing digital trust and leveraging blockchain technology, companies can reap the benefits of enhanced customer confidence, strengthened partnerships, regulatory compliance, and operational efficiency. The inherent features of blockchain, such as immutability, transparency, security, and decentralization, make it the ideal choice for fostering digital trust in business processes. As the business landscape continues to evolve, organizations that prioritize digital trust through blockchain technology will thrive in an environment built on transparency, security, and reliability.


Read more

LATEST Article

LATEST Case study


The Benefits of Digital Trust

New ISACA research shows significant gaps between what enterprises are doing now and what they should do to establish digital trust in the future digital ecosystem. While nearly most cybersecurity professionals (98%) say that digital trust is important and 63% say it is relevant to their jobs, only 12% of their organizations have a dedicated staff role for digital trust.

The State of Digital Trust 2022 survey report from ISACA  features insights from 2,755 business and information technology professionals worldwide. ISACA defines digital trust as the confidence in the integrity of relationships, interactions and transactions among providers and consumers within an associated digital ecosystem. It is a driving factor in consumer decisions and enterprise resilience in a digital-dominated environment.

“Digital trust is the bedrock of business relationships and is critical for strategic digital transformation,” said David Samuelson, chief executive officer of ISACA. “Innovation, market leadership and financial performance rely heavily on trust that must be earned every day.”

One breach of digital trust can cause devastating reputational, regulatory and financial repercussions. Yet only 66% say their organization currently prioritizes digital trust at a sufficient level.

Survey respondents are aware of the consequences and say that organizations with low levels of digital trust experience: reputation decline (62%), more privacy breaches (60%), more cybersecurity incidents (59%), lost customers (56%), less reliable data for decision-making (53%) a negative impact on revenue (43%) and a slower ability to innovate (36%).

Moving past obstacles

According to the ISACA survey, the most significant obstacles to digital trust are: lack of skills and training (53%), lack of alignment with enterprise goals (44%), lack of leadership buy-in (42%), lack of budget (41%) and lack of technological resources (40%).

Benefits of digital trust

Enterprises experience various key benefits when prioritizing digital trust in their strategic planning. According to respondents, high levels of digital trust lead to:

  • Positive reputation (66%)
  • Fewer privacy breaches (58%)
  • Fewer cybersecurity incidents (57%)
  • Stronger customer loyalty (55%)
  • Faster innovation (44%)
  • Higher revenue (25%)

Growth opportunities

An emphasis on digital trust also presents major opportunities for career growth, as 82% say digital trust will be much more important in their organization, and 28% say their organization will likely have a senior staff role dedicated to digital trust in five years.

Respondents said the top three components of digital trust are security, data integrity and privacy, but only half of the respondents agree that there is a sufficient collaboration among professionals in these and other digital trust fields.

The top three roles for strengthening digital trust are IT strategy/governance (84%), security (80%) and information technology (74%). Many organizations are still in the early stages of digital transformation, so this is an excellent opportunity for professionals to step up, gain knowledge and lead a multi-disciplinary team.

According to 76% of respondents, digital trust is very important to digital transformation. Respondents also want tools to help with transformation — 55% say that having a digital trust framework would be extremely or very important to their organization.

To help businesses prioritize digital trust, ISACA will be releasing the Digital Trust Ecosystem Framework (DTEF) in the fourth quarter of 2022. DTEF is a business framework designed for the entire enterprise and focuses on providing critical factors for organizational success by fostering trusted, meaningful and mutually beneficial relationships, interactions and transactions.

The State of Digital Trust report is available to download at www.isaca.org/state-of-digital-trust.

Source: https://www.securitymagazine.com/articles/98355-the-benefits-of-digital-trust


Read more

LATEST Article

LATEST Case study


My Dedoco Internship Experience - Glen Teo

Name: Glen Teo

Course/University: Law, National University of Singapore

Period of Internship: 10 April 2023 to 12 May 2023

Internship function: All Star Intern

My Dedoco Internship

Coming into this internship, I only had one goal in mind – Learn as much as I can about the entrepreneurial and technological space that is developing our world today. Needless to say, through my weeks interning at Dedoco, I was able to do just that.

Outside of my interest in the study of Law, I’ve always had a profound curiosity about the technology that drives our society. This led me to explore an internship opportunity with Dedoco – a tech-based startup that seeks to reinvent the entrepreneurial use of blockchain technology.

What I liked about my internship experience

As part of my internship, I was allowed to venture into the different departments available at Dedoco from Research and Development to Partnerships. This allowed me to not only explore a broader depth ofskills and knowledge but how they interplayed with one another. For example, grasping the technology behind blockchain gave me insight into potentially explorable use cases, thus honing my ability to research means of improving products and how to cater to different industries.

Challenges faced

As with other knowledge and skill-intensive industries, there was an extremely steep learning curve. Thankfully, there were plenty of resources given which I was able to self-study. This enriched my understandings of both the technology behind Dedoco itself and the aspirations and goals behind the company and its people. Being able to align my values with the company and people helped in my ability to research and brainstorm efficiently. Furthermore, I knew I could always rely on my well-versed colleagues (and now friends) to help teach me whenever I had questions about gaps in my knowledge.

What I learnt

Similar to law, I believe that technology is forward-thinking in nature. It is a reflection of society’s history, an understanding of society’s present, and an anticipation of its future. My experience at Dedoco has not only given me a deeper insight into this but also allowed me to understand the inner workings behind a startup. Not only have I learnt more about the world but also more about myself as a person and how to approach the world with a better intellectual and practical view.

My Advice for internship

1. Always understand the rationale behind the work you need to do

When you build the proper foundation of knowledge and skills, you can always go back to the fundamentals when facing a problem and it helps align your workflow to be more efficient.

2. Be Confident

Confidence can be gained in many ways such as being knowledgeable on a subject matter of discussion. But confidence is a key factor in the acquisition, retention and sharing of knowledge. This will prove extremely useful to you not only in the working setting but in your personal life as well.

3. Be a Proactive Learner

Learning is a lifelong journey and one aspect of it is to always be proactive. You should always seek to not only broaden your depth of knowledge but deepen it as well. There are many ways to go about this from self-research to asking questions. As long as you can do this, you will be a valuable resource to the people around you.


Read more
Coming soon.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Subscribe to our newsletter

Stay up to date with the latest happenings in the world of documents and blockchain.

Dedoco Symbol