Blockchain: more transactions, more security

The Internet is an information network, through which data travels, but it did not seem made to carry out commercial transactions, contracts, financial operations. Blockchain proposes collaboration and security to be able to do it.

Two people make a document with an agreement and put it in a glass box, closing each one with a padlock. One hundred people are looking at the ballot box and receive a copy of the agreement. They ask a third person to join the agreement, open both padlocks, this person adds something, gives copies to 110 people who continue to look at the ballot box and puts a third padlock. For a fourth to join, all three locks must be opened and more people will watch and receive copies. Everyone can read the document, and when the locks are opened you can read and add something, but not change what is already agreed.

The document is only one, but every time someone signs it, there are more padlocks and there are multiple witnesses. Each operation causes the document to be protected by more locks.  And in the unlikely event that someone did manage to open them, there would be too many witnesses to say that person was not authorized to sign the document.

That is the principle of blockchain  (“chain of blocks”, each operation is a block),  a technology that seeks, using cryptography and collaboration, that there is more security in operations between people. .


Bitcoin is the best known example of a blockchain. It is a cryptocurrency (money based on the principles of collaboration and cryptography)  that has been growing in such a way that it has made governments think about the way in which transactions made in this way can be regulated.

Bitcoin users are already millions in the world and thousands of operations are made a day ,  which leads to millions of padlocks that make it practically invulnerable: it is not possible for anyone to appropriate anyone’s bitcoins if there is no Approved transaction.

But it is only one of several existing cryptocurrencies. And cryptocurrency is one use of many that blockchain has.

Business operations using blockchain

Under a blockchain system, cryptocurrencies, electricity, working hours,  and almost anything can be traded, explains Joaquín López, from Kolokium. In addition, businesses that require the fulfillment of several conditions to be carried out can be insured. In these cases there is talk of Smart Contracts.

The Spanish company Kolokium, an ally of Cadena, is one of the pioneering Spanish-speaking companies in traceability solutions through Blockchain, thanks to its Truetrace system that allows any object to be identified, located and tracked in an unalterable, public and permanent in time.

Each movement is registered and stored in the Blockchain as if it were an accounting book.


1. Two people negotiate a vehicle. They define conditions for the business to materialize. The contract is mounted on the  blockchain  and each agreed step must be fulfilled.
2. Each step that is being fulfilled is certified in the document, a new block is generated ,  the other party is notified and there are multiple “witnesses”. And in the end, when all the conditions are met, the operation is perfected, without the need for anything other than the evidence in the contract that all the steps were met.
3. Each movement has a  hash  (part of the encryption) of the previous one that is recorded and stored as if  the blockchain  were an accounting book  that is constantly rewritten forward, never on what has already been recorded. This ensures that no one can change the information provided.
4. Encryption: Each movement that is made in the file is encrypted, that is, with a code that makes it impossible for an unauthorized person to do so. And each new block is encrypted on top of the previous encryption, making the system increasingly invulnerable.

decentralized custody

Blockchain  is a decentralized system: the information is not found in a single deposit, it is in thousands of servers (miners) connected to each other. In each of them, the file is updated with each new block, that is, when an operation is performed.

This makes it work as an endless database and at the same time as a backup copy that is replicated countless times. The fact that the data generated during a transaction is recorded in several servers ensures that it is safe, in case one of the nodes fails or disappears.

The need for a trusted third party in the physical world that endorses and certifies each transaction disappears in the digital world with Blockchain.


In the physical world, institutions have been created that function as third parties that certify data, transactions, identities, etc. In these systems, what gives confidence is the centralization of information:  the parties depend on an entity that is the one that accredits or certifies that what they say is correct. In general, this information is not shared except at the request of the parties.

Public access to documents proposed by the blockchain  facilitates certification based on the file itself. So that the chain is not broken, the nodes must validate each transaction, and in the event that one detects an irregularity, the process is suspended.



Transactions are considered concluded when all the steps of the process have been validated or rejected by the actors involved.

The miners: they can indicate if there are fraudulent actions or a step is being taken without satisfying a previous condition.

The parties: the contract is approved when all the steps of the agreement have been made effective. Otherwise, it is not made effective and each person retains its properties.

The next step of the contract is not continued until all parties have reviewed and approved it.

Diplomas and resumes

The falsification of the documents that certify the knowledge acquired or the abilities of a person is increasingly common. Through Blockchain, it is possible to set up a whole secure, participatory and easily consultable public structure, through which each institution writes in the registry book, what knowledge or skill it is certifying. The physical diploma or letters or communications are not required, which will always be susceptible to falsifying or adulterating. Likewise, each employer can add to the record the experience of its employees, in such a way that a very complete and true resume of each employee is obtained at the end.

Appellation of origin systems

Health systems, education, banking, registration of real estate operations… the system can be implemented in all sectors.  For products that require traceability, for example those with a designation of origin, programs can be created that allow seeing the original product, the actors that have intervened in the chain and the point at which it is each time.

property registration

The characteristics of the Blockchain and its Smart Contracts applications make  this technology have an obvious application in the ecosystem of buying and selling properties. The specific conditions of each sale are established, each part of the transaction is authenticated,  the specifications of the property or property being negotiated are verified, compliance with the specific characteristics of the contract is verified, and the property title is changed. In this way, the inviolability of property records and the constant updating of the cadastral system are guaranteed. Each record is necessary to make the next transaction of a property.

This system can be connected with the cadastre and with the DIAN, to guarantee that the procedure complies with the law.

Related questions

Because it is:

  • Immutable:  the information is permanently recorded as it was recorded. Does not allow changes to the above.
  • Open:  Integrates systems, applications and people working together.
  • Secure:  a new block can only be created by someone who is authorized.
  • Trusted:  Each transaction has multiple validators plus it is encrypted.
  • Simple:  the interested party can consult the transactions in real time, saving time and resources.

Not necessarily. Blockchain is a system that allows different rules to be defined: some elements of the blocks can be visible and others can be codified. That way, the miners can verify the block, but only the parties see what is being traded. Or a party may see that its counterparty meets conditions, but not know who the counterparty is.

“That question is equivalent to asking ourselves in which sectors the Internet had the most potential, the answer to which would be that in all of them. Due to the characteristics of blockchain technology, it is especially appropriate for sectors/projects characterized by the use of common databases, which have to be accessed by various entities that do not trust each other and therefore require some mechanism that generates trust. From here, sectors can obviously be established whose adoption will be faster due to their potential to save costs and generate trust, as is already happening in banking, utilities, medicine and insurance, which are the fastest adopters of this technology. But it will extend to the rest, we have no doubts about that aspect”.

Joaquín López Lérida, kolokium


Cases that demonstrate the importance of managing risks such as money laundering in companies and societies


Cases that demonstrate the importance of managing risks such as money laundering in companies and societies


Cryptocurrencies and recommendations to avoid falling into money laundering

Virtual assets have become a great financial attraction for investors around the world. Here we explain the new resolution that regulates your transactions so that they do not fall into practices typical of illegal activities.

The growing interest of investors and companies in  cryptocurrencies  has increased the management of electronic money. This is, of course, a technological advance, however, many entities consider them a risk for money laundering and terrorist financing, due to the regulatory vacuum of these as financial instruments.

Colombia, for example, is the seventh country in operations with Bitcoin. Erick Rincón, president of the Colombian Fintech Association, assures that up to $70,000 million in this type of cryptoactive moves monthly from the country and, as these systems allow transactions under the anonymity of users (origin, amount, destination), they pose a danger potential.

What should I keep in mind when making transactions with cryptocurrencies?

  • Establish the use that you will give to the resources in virtual currency.
  • Know clearly which is the transaction network where you will carry out the operation.
  • Check if the network has the necessary permissions.
  • Details the right to reimbursement depending on the evolution of prices.

And now, what is the new resolution about?

In order to prevent these risks, the Financial Information and Analysis Unit (UIAF) issued Resolution 314 of December 15, 2021, in which it obliges companies that provide virtual asset services to send reports of their transactions and suspicious transactions.

Who should make the report to the UIAF?

People and companies that carry out exchange, transfer, administration or custody and, in general, transactions with virtual assets: 

  • Over $150, if they are single (around $590,052).
  • Over $450, if reported as multiples (around $1,770,000).

Likewise, these companies must send the Suspicious Operations Report (ROS) to the UIAF, as established in the regulation.

How should I make this Report?

You must make this report on a monthly basis before the SIREL (Online Reporting System), through the UIAF website. To do this, you have to register in 3 simple steps:


Go  to


Click on the SIREL section.


Request code and username.

Once registered, you will be able to start making the monthly report of suspicious transactions and operations as of July 1, 2022.

“Countries should ensure that virtual asset service providers are regulated for anti-money laundering and counter-terrorist financing purposes, are licensed or registered, and are subject to effective monitoring systems,” says the FATF (International Financial Action Task Force). ).

Why is this new Resolution important?


Strengthens the prevention and detection of ML/FT in activities involving  virtual assets , in line with the international standards of the International Financial Action Task Force (GAFI).


It means an advance of the AML/CFT system (anti-money laundering and counter-financing of terrorism) in the face of the challenges imposed by the birth of new industries and the evolution of technology.


It protects all sectors, subsectors, economic activities, professions and industries from the penetration of money of illicit origin.


It benefits  security , economic growth, free competition, investment, job creation, and the well-being of all Colombians.

You may also be interested in: Digital transformation to prevent risks such as money laundering

What happens if I break the rule?

Failure to comply with the regulations will give rise to a fine or sanction contemplated by the Superintendence of Companies.

If you don’t know where to start, consult the UIAF website and also look for allies to support you in this effort. At Cadena, for example, we help companies control ML/FT risks with an expert legal team. Learn more about how we can support you  here .


Cybersecurity, learn to protect your company

Information is one of a company’s most valuable assets. Having data detection and protection tools and managing a security culture are crucial to preventing or responding to a cyber attack.

Downloading applications from unauthorized sites, connecting to free Wi-Fi networks, creating weak passwords, and opening emails from unknown people are common actions that open the door to hackers.

Colombia is one of the Latin American countries that receives the most attempts at cyber attacks, most of which are directed at companies and government institutions. In the first quarter of 2019 alone, more than 40 billion cyberattacks were carried out. These actions put information about the operation of the company, employees, customers, finances, investors and expansion projects at risk and can lead to data theft, identity theft and scams or phishing  .

“In terms of cybersecurity, the success of the current organization will be defined by its ability to respond, minimizing the impact on its business. Awareness is the first preventive measure”, Luis Martíns.

How to protect the information?

The technology (IT) areas of companies must measure the degree of risk to which they are exposed according to their nature; This does not mean that any are exempt, but that there are organizations, for example financial entities or government institutions, that have a higher risk.

Based on this diagnosis, IT must define the detection systems, IDS, and protection, IPS, of intruders that allow examining the network and ports to recognize suspicious patterns and generate alerts. They must also explore other tools such as antivirus, encryption technologies and security patches, to simulate hacker attacks and assess the ability to defend and respond to these threats.

Having good cybersecurity practices builds customer trust and increases digital reputation.

Testing to adjust the protocols that will protect the company against real actions is an essential step. Luís Martins, Director of Cybersecurity at Multicert, a company focused on providing security solutions and which is Cadena’s ally to develop cybersecurity services in Colombia and the region, affirms that “organizations are subject to attacks with different levels of sophistication that require a response that protects them from the most common ones, while preparing to face the advanced and emerging ones”.

cybersecurity culture

Employees play a very important role in the discovery and inhibition of attacks, as they are the organization’s first line of defense. To create a safety culture, it is important to dialogue and offer periodic training sessions that help them make the right decisions and avoid dangerous actions. These recommendations can decrease the risk of a cyber attack:

  • Create passwords for documents that contain sensitive data or information.
  • Update the software and operating system to acquire the latest security news.
  • Give relevance to the antivirus, its function is to detect and eliminate threats.
  • Create strong passwords that are not easy to guess, avoid consecutive digits or names of people.
  • Be suspicious of emails sent by unknown senders, if they have links or files, do not open or download them until you verify the identity of the person who sent the email.
  • Avoid inserting external devices such as USB flash drives or hard drives because they may contain malicious files.
  • Always connect to authorized Wi-Fi networks, public ones are insecure and make you vulnerable to attack.
  • Create copies or backups.

Although in organizations there is a risk of being the target of a cyberattack, it is essential to detect threats in order to have a timely response. To achieve this, detection and protection systems and the good habits of collaborators are necessary.

Source:  Luís Martins, Director of Cybersecurity at Multicert.


Parental Control Apps – Safe kids, calm parents.

Social isolation due to Covid-19 has strengthened the relationship between children and technology. Parents, in order to protect them from cyber risks, in addition to establishing rules, must know and install the available tools.

programs that care

Parental control apps restrict the content kids can access from their computers, tablets, and other smart devices. These, although they are always necessary, become more relevant in these times when our children spend more hours in front of the screens.

These 5 tools will protect you from cyber risks such as harassment, extortion, bullying, access to pornography, among others.


Kids place
This Google app, available for Android and IOS, allows parents to limit potentially risky smart device functions, such as downloading apps, making phone calls, sending text messages, or shopping online.
download it here


It is recognized as one of the best Apps for the variety of control and restriction functions: it allows you to block websites and applications, track the location and send you alerts when your children try to access prohibited content. In addition, it limits the time of use of the cell phone and applications.

Learn more about FamiSafe


Norton Family
The added value of this software is that it allows you to keep track of the websites visited, send alerts to parents in the event that any rule is violated, and monitor the social networks and videos accessed by the little ones. In addition, it provides monthly activity reports and allows instant blocking.

Learn about additional Norton Family features


Magic Desktop
This software creates a safe environment for children, with interactive design and development that allows them to have fun and learn new skills from play. Magic Desktop customizes the desktop appearance, filters emails, and recommends safe websites for your child to have a worry-free online experience.

In this link you can have a free trial


Kaspersky SafeKids
This tool blocks YouTube searches that contain sensitive content, monitors screen time, and shares important data such as the location and battery level of your children’s devices with you. It includes an application for parents to monitor their children’s behavior and configure tools based on the search reports it returns. She also shares advice from child psychologists who are experts in digital safety.

To find out more about Kaspersky SafeKids you can click here

It is important that in addition to downloading an application to protect children, you talk to them so that they understand that you look after their well-being and they do not feel pressured and look for other devices to access restricted content.

Tips to take care of your children

  • To prevent them from isolating themselves and losing control over their online behavior, keep technology out of the bedrooms and allow them to use it as long as they are in open spaces, like the living room and dining room, near you.
  • When your child tries to access websites or applications that require a username and password, accompany and guide them at the time of registration to limit the personal data they share.
  • It is important that in addition to having apps and software installed that block websites, apps, and features, you have an active antivirus that protects messages, chats, search history, and emails from infectious files.
  • Monitorea con frecuencia el historial de navegación y la carpeta de descargas de los ceulares, tablets o computadores de tus hijos para detectar qué tipo de contenido están consultando. Si evidencias que han borrado algunos datos de su huella digital, es importante que dialogues con ellos y tomes medidas correctivas.
  • Mantén la cámara web deshabilitada para evitar posibles espionajes o hackeos, lo puedes hacer desde el panel de control de computador o usando adhesivos.
  • Revisar las configuraciones de las redes sociales de los niños, en especial los seguidores, mensajes, contenido que comparten y las cuentas vinculadas.
  • It is important that you have a first experience with the games or applications that your children are going to use, to identify if they have advertising and what type it is, if it includes charges associated with the credit card and if it requires you to share your personal data such as location, email or home address.
  • If your child asks you about issues related to navigation, the Internet or security, and you don’t have the answer, look it up on the web, consult with experts or ask the people close to you. Your willingness to learn and teach will allow you to be closer to him.
  • Enable the options for children that some devices or platforms or television operators have, such as Samsung, Netflix and Claro.

Source:  Plinio Neira Vargas
Systems engineer, specialist in technology and information systems


Teleworking without cyber risks

Would you leave your front door open while you work in a room? No, they could rob him, right? But surely, you would connect to a public WiFi to send a corporate file. Both actions are risky, and even telecommuting without good cybersecurity practices could leave your company’s door wide open.

Cyberattacks are among the ten most serious threats on the planet,  according to the World Economic Forum’s 2020 Risk Report . And even, cybercrime generates annual profits of 600,000 million dollars and is more profitable than drug trafficking, which moves about 400,000 million dollars a year.

These realities give great value to information as a profitable asset that must be protected, aligned with the sustainable strategy and understood as part of the corporate culture.

This is how cyberattacks affect organizations

  • 40% interrupt operations.
  • 39% cause loss or compromise sensitive data.
  • 32% affect the quality of the product.
  • 29% damage physical assets.
  • 22% harm the staff.

SOURCE: Global State of Information Security 2018

“It doesn’t matter how much technology and controls you have if your human team doesn’t make good use of them,” says Lida María Montoya, IT manager at Cadena SA, a company that started remote work a week before the quarantine was decreed, with a strategy gradual for 200 employees, and that today it has 420 people who work from home.

“The crash plan required us to ensure, in record time, that all the computers had antivirus updates, VPN installations and were inventoried, at the time the company left,” explains Juan Carlos Lujan Duque, Director of Information Security in Chain SA

Due to recent security problems, Zoom was banned from North American schools and entities. The company implemented reliability defaults.

For their part, spokespersons for Bancolombia, which has 19,500 employees working from home, highlight that the remote work plan included a “donation” or obtaining thousands of laptops among all areas in order to send the largest number of employees to telework possible, which required setting up the security equipment to facilitate the remote monitoring of data in real time, as was done at the bank’s facilities.

Among others, untimely teleworking required companies to have signed, as part of labor contracts, commitments to good use and compliance with safety recommendations and manuals, to have technological control and monitoring attachments, and mobility supports.

The support of the internal communication and human management units has also been key to sensitizing the human team about cybersecurity situations that may arise and the possibilities of dealing with them, how to use the devices correctly and have safe behaviors.

But beyond that, understanding how cybercriminals think and act makes it possible to implement and socialize good data protection practices in terms of being thoughtful when receiving, opening, and sharing information.

Internet criminal tricks

  • They build trust, create attractive relationships or contacts to access information.
  • They take advantage of emotional ties to a loved one who needs help.
  • They exploit fear, anguish and uncertainty at the possibility of losing access to valuable information.
  • They blackmail the victims.

Corporate teleculture changed offices and business corridors for   telephone  chats , extranets , video calls, and virtual channels that keep people together and almost inside the office. Today, standing aside is not possible, but it is possible to share the screen, see each other talk and make decisions.

This is how a person protects himself on the internet

    1. Make regular backup copies on external or corporate media.
    2. Close work sessions and apps when you’re not using them.
    3. Use double or triple factor authentication to make financial transactions.
    4. Work in spaces where there is no risk of losing information due to equipment damage, this includes moving away from food.
    5. Avoid sending files with corporate information through unofficial means such as WhatsApp, Dropbox, Wetransfer or free domain emails, among others.
    6. Do not connect to unknown networks or USB ports.
    7. Do not install applications that do not come from reliable sources, from official stores or that require permissions to access confidential information (agenda, geolocation, contacts, etc.).
    8. Keep the operating system of the equipment up to date.
    9. Do not lend your company devices to your family.

This is how companies protect themselves on the network

    1. Activate multifactor authentication in email accounts and tools (access to systems after two or more proofs of identity).
    2. Before enabling services on the Internet, evaluate that contingency actions do not affect data security.
    3. Update the operating system on all devices with the latest security patches released by the manufacturer.
    4. Install and keep antivirus software from a reputable manufacturer up to date.
    5. Deploy storage solutions like corporate Onedrive and Google Drive to store collaborator files.
    6. Permanently monitor the infrastructure of the services used by employees who work from home in order to analyze possible unauthorized actions. Generate backup policies to avoid information loss.
    7. Implement encryption policies on computers, servers, and transactional tools to protect information.
    8. Use comprehensive and centralized protection tools for devices.
    9. In the event of device loss, configure security measures to protect corporate information (location, screen lock, remote data wipe, and monitoring of running applications).

Report cyberattacks or fraud attempts like this:

If you are a citizen
If you are a public entity
If you are a private company



Anti-fraud ecosystems

The way to protect physical and virtual documents to shield identity, support or complement printed information and trace information in real time.

Before, holograms, security papers, magnetic prints, watermarks and seals were almost enough to protect valuable business information, which was almost always printed. Today, complete solutions are necessary that guarantee not only the custody of the data, but also integrate the physical information with the virtual one. There are ways to do it:


Link physical documents to virtual information:  beyond controlling the theft of information, companies must have confidential information systems without risks that integrate their documentation, records or files to the data in the cloud. This is the case of passports and notarial and conservatorship certificates, which, in addition to being protected as physical documents through security printing resources, have innovations that allow traceability with digital data of the persons or titles they represent.


Security printing:  at  Cadena  we have a specialized plant that guarantees the reliability and transparency of documents through technology and innovation. There we print documents such as Icfes type booklets, individualized with differential information to avoid fraud; automated lottery tickets to ensure transparency in the delivery of prizes, among other items such as plastic cards with a chip or high-security identification, checks and checkbooks, valued forms, notarial paper, transportation tickets, ticket office, diplomas and labels.


Inventory platforms:  to control merchandise and equipment through real-time validations that integrate the complete logistics process from enlistment, transportation, personnel coordination, reverse logistics, among others.



An effective tool against money laundering

Having an intelligent electronic invoicing system can also help you to comply with anti-money laundering and terrorist financing regulations more efficiently. Learn how we do it.

Having a good electronic invoice technology provider can generate opportunities in many areas of the business. For example:

Verify in each transaction whether the customer to whom the bill is made or the provider that bills represents a risk of contagion due to being involved in money laundering, terrorist financing or transnational bribery activities.
By identifying suspicious transactions, you can easily comply with the obligation to report them to the proper authorities.

With the current model, the diligence is carried out by the compliance officer almost manually: he reviews each of the transactions, their amounts, and if there is evidence of risks, he refers them to the authority as suspicious operations.

In alliance with Konfirma, Cadena can automate this process by incorporating a restrictive list query module into the electronic invoice platform to generate suspicious transaction reports to the authorities in real time.

Today Konfirma speeds up the work of the officer by making these inquiries in restrictive lists and sending the reports to the compliance officer. And that process, integrated with electronic invoicing, can be even more agile.

Beyond compliance

Not all companies are required to report suspicious transactions, but it is necessary to monitor the risks in relationships with suppliers, customers and other stakeholders.

Konfirma is an information manager that generates sophisticated knowledge to make decisions so that the client, based on his risk tolerance, determines actions with each of his interlocutors.

Checklist verification is a basic level of review, but deeper levels can be developed to protect organizations from various risks, including reputational risk.


Blockchain for what?

Beyond cryptocurrencies, data encryption is the source of successful business models in the world and could revolutionize security in social networks.

Cadena works on blockchain development through its applied innovation laboratory Cadena Labs and in alliance with the Spanish company Kolokium.

For secure and reliable transactions and contracts: through data encryption and execution of contracts and automatic transactions without human interaction on a platform. Avoid fraud, censorship or interference from third parties and allows you to create markets, store debt records and move funds. An example:


To follow traces in logistics and advertising: it allows monitoring delivery, supervising the supply chain, redesigning workflows with better indicators of transparency and reducing fraud and execution times without intermediaries. An example:


For accounting books: with the exchange of information through open source and value between machines, under the so-called Internet of Things, with tax-free transactions. An example:


To manage medical data: Allows you to encrypt patient information and exchange medical procedures across devices securely. An example: MediChain Medical Big Data Platform,


Collect funds in cryptocurrencies: for payments and donations, it allows you to collect funds, encrypt them and transfer them without costs associated with international transfers and taxes. Two examples: and

Could blockchain revolutionize social networks? Read this Cointelegraph article