What's in Your Digital Wallet—and How Safe is It?
Developers are eager to make cryptocurrency transactions secure—but can they design a digital wallet that everyone will trust?
Consumers are accustomed to seeing credit card transactions at checkout, but how many have ever witnessed a cryptocurrency payment?
It’s difficult to imagine, but given cryptocurrency’s explosive growth, these transactions could one day be mainstream. Bitcoin’s market cap reached $10.2 billion in January 2014. By April 2018, it topped $114 billion. And while Bitcoin is the most prominent example, it represents only 33 percent of all cryptocurrency in circulation today. Ethereum, Litecoin and Ripple are a few of the other cryptocurrencies in the market.
Thanks to its underlying blockchain technology, experts agree that cryptocurrency itself is quite secure. The real risk comes into play with the third-party hardware and software that makes its use possible—namely, digital wallets. But a new class of developers on the fringes of the financial services industry is working to address the security concerns—and to convince consumers and retailers that the digital wallets carrying their valuable virtual currencies are safe.
A New Front in Financial Security
To transfer cryptocurrency from one person to another, users need both a private key and a public key. The public key and the value of the transaction are logged through blockchain, a tamper-proof public ledger. The private key ensures that the transaction is mapped to the right individual.
“For cryptocurrency to be secure, the private key must be kept safe and protected in a cryptocurrency wallet,” explains Chad Bennett, founder and CEO of HEROIC Cybersecurity, a blockchain cybersecurity firm. “That can be a hardware wallet, such as Trezor, or a software wallet, such as Coinbase.”
Hardware wallets, which users can physically lock away, are considered more secure (although not impenetrable), but software cryptocurrency wallets are more popular at this point. Today, e-commerce sites like Overstock.com and even certain Subway franchises are among the retailers that accept cryptocurrency.
How Hackable are Crypto Wallets?
According to San Francisco-based web security firm High-Tech Bridge, 93 percent of crypto mobile wallet apps contain at least three “medium-risk” vulnerabilities, and 90 percent contain at least two “high-risk” issues. Cryptocurrency wallets, similar to mainstream financial software, face ever-evolving security risks as hacking tools become more sophisticated, which creates a dynamic security challenge for the IT teams eager to push the currency into the mainstream.
A lack of industry standards, however, complicates the task. Companies like CoinBase and BitPay have rolled out competing wallet platforms, but none has yet come to dominate the market—or be proven fully secure. Hackers can steal cryptocurrency through some of the same techniques used to steal credit card information, such as tricking consumers into giving up passwords, or intercepting emails and SMS content that contains authentication information.
The stakes are higher with cryptocurrency wallets, though. Once virtual currency is stolen from a digital wallet, it’s almost impossible to get back.
“Any time a wallet is hacked, those funds are lost for good, and there is no crypto version of the FDIC to restore them,” Paul Puey, CEO of Edge (a cybersecurity firm that developed the Airbitz wallet) tells Forbes. "So, it’s vital that funds are always secure.”
What Will It Take to Earn Consumers' Trust?
People’s fears about cryptocurrency, like any technology, often stem from not understanding how the technology works, says Bennett. It will take time and effort to convince users that cryptocurrency is as secure as more established digital payment options—but he predicts that cryptocurrency wallet providers will ultimately overcome security challenges (and perception issues) just as credit card companies have.
Innovations like EMV (Europay, MasterCard and Visa) chips have been key. In under two years since the chips launched in the United States, fraud has declined by 66 percent at EMV chip-enabled merchants, according to Visa.
The Anatomy of an Online Credit Card Transaction >
For cryptocurrency, price volatility and regulatory concerns remain, but the currency’s road to the mainstream is also an IT challenge, Bennett says. And success hinges on finding security solutions like the EMV chip for virtual currencies. To that end, developers are exploring (and refining) two technologies long associated with enterprise security: multifactor authentication and identity management.
Cryptocurrency wallets can draw from three types of authentication factor, explains Pamela Morgan, an entrepreneur and attorney specializing in cryptocurrency:
- Something users know (i.e. a password)
- Something they own (i.e. their mobile device)
- Something that’s physically unique to the user (i.e. biometric identification, such as a fingerprint or retinal scan)
Transactions are safer when employing a combination of authentication factors, or randomizing the factors used at any given instance. But doing so also adds complexity, Morgan says.
“Good account security, meaning reasonably effective security that you will actually use, is always a balance between user (and thus hacker) inconvenience, the value of what’s being secured and the relative security of the system,” Morgan writes.
Identity management comes into play to ensure that each factor maps to the correct individual, a step that cryptocurrency wallet providers are still working to perfect. But HEROIC’s Bennett predicts that it’s only a matter of time until developers solve the challenges, setting cryptocurrency for broader adoption.
“The underlying technology—blockchain—is incredibly safe,” he says, “but people need some reassurance that third parties like wallet providers are up to the task of protecting their currency.”