This post first appeared on Risk Management Magazine. Read the original article.
Particularly over the past year, individuals have seen lucrative returns from investing in various types of cryptocurrency like bitcoin, ethereum and ripple—the three most popular by market capitalization. Stories of amateur investors becoming cryptocurrency millionaires have sparked widespread public interest and, as a result, its prospects not only as an investment vehicle, but as a possible alternative to traditional currency continues to grow.
The increasing acceptance of cryptocurrency by governments and businesses has helped to fuel the boom. Japan declared bitcoin legal tender in 2017, while businesses such as Overstock.com, DISH Network, Microsoft, Intuit and PayPal are currently accepting payment in bitcoin. Overstock.com has accepted bitcoin since January 2014, while Microsoft has allowed its customers to use bitcoin to purchase content in the Windows and Xbox stores since December 2014. More recently, Microsoft announced that it was adding bitcoin support to Excel 2017 so users can track, calculate and analyze bitcoin data using the software.
Yet cryptocurrency continues to experience considerable growing pains. While the values of various digital currencies have increased exponentially over the past year, there have been more losses than gains in recent months, highlighting their inherent volatility. Bitcoin, for example, was trading at almost $20,000 last December, but plummeted to $7,000 by early February. Bitcoin was hardly alone—similar trends were seen across the board. In the space of a month, the value of the entire cryptocurrency market dropped from all-time high of $836 billion on Jan. 7 to $279 billion on Feb. 6 before jumping to $400 billion three days later.
With this increased activity has come an increase in restrictions on cryptocurrency use. A number of banks including JPMorgan Chase, Bank of America, Citigroup and Lloyd’s have recently banned customers from using credit cards to buy cryptocurrencies, as Capital One and Discover did previously, meaning all of the top five credit card issuers have now announced or implemented bans. In addition, India and China are considering tougher regulations on digital currency, while regulators in South Korea and Russia have expressed concern. Famed investor Warren Buffett issued warnings that the bitcoin boom will “come to a bad ending,” while JP Morgan CEO Jamie Dimon has called the crypto craze “a fraud” (though he later recanted the statement).
As with any new technology, there are both risks and rewards to adopting cryptocurrency, and businesses need to be aware of both before deciding whether to get involved in this nascent market.
Potential Challenges
Accepting cryptocurrency offers businesses a number of benefits including lower to no bank transaction fees, enhanced fraud protection, increased transparency of transactions, less collection and retention of data like credit card information or proof of identity, and no chargebacks. But there are challenges that need to be solved before cryptocurrency can become mainstream.
Beyond the economic issues related to pricing volatility, businesses accepting it as a form of payment will need a way to comply with know your customer (KYC) and anti-money laundering regulations. “When a business is accepting money using credit cards, checking drafts or bank transfers, there is an inherent way to track the customers,” said Vishal Singh, chief technology officer at software development company LINK3D. “With bitcoin, businesses receive the transaction from a crypto address, which could be anywhere and could have been funded in unknown ways. There are several companies that are trying to address this specific problem.”
Taking a Strategic Approach
Recent ransomware attacks have highlighted one of the most common business uses for bitcoin. As was seen in last year’s WannaCry attack, cybercriminals who deploy ramsomware favor the anonymity of bitcoin, often demanding ransom payments in the cryptocurrency in exchange for unlocking a user’s compromised computer.
Obtaining and transferring bitcoin can be complex and time-consuming, however, adding to the challenges of responding to attack. To be better prepared to help clients facing such demands, some law firms have opted to take a proactive approach and purchase bitcoin in advance.
“We are seeing law firms that have incident response groups holding some value in cryptocurrency, primarily in bitcoin,” said LogicForce’s Jordan McQuown. “This is to avoid the transfer limitations on exchanges and be able to pay the ransom for their clients in a timely matter so that business operations can be restored. The last thing a business wants to worry about after having its data held for ransom is signing with an exchange, adding bank account information and all the steps necessary to buy bitcoin. Incident response groups add a trusted name and reputation that are available to help their clients through the process of obtaining the necessary cryptocurrency without the risk of using online exchanges.”
Granted, paying a ransom is no guarantee that the matter will be resolved quickly. McQuown and his team said it often takes upwards of two months—and several ransom payments—to recover data from hackers. Nevertheless, proactively obtaining bitcoin may become a disaster recovery best practice for law firms and service providers alike.
The technology used to build ethereum’s platform includes “smart contracts” that control the transfer of digital currencies or assets between parties, while bitcoin uses a “private key,” a 256-bit number that allows a user to spend their coin. There is a risk, however, that the contract address or private key could be stolen or hacked by cybercriminals, in which case, all cryptocurrency a business holds can be lost. In January, for example, thieves hacked the exchange Coincheck and stole more than $500 million in cryptocurrency.
Further compounding the risk, the relative novelty of cryptocurrency means a large portion of businesses are not familiar with the speed of transactions or security best practices to secure their contract addresses and private keys. “Sending cryptocurrency isn’t as easy as swiping a credit card and can take a few more steps,” said Jordan McQuown, chief information officer at cybersecurity and IT firm LogicForce. “The blockchain network needs to authenticate and confirm that the transaction is validated before committing it to the ledger. During periods of high activity, delays can be multiple hours until the transaction is confirmed.”
The sheer number of cryptocurrencies currently available is also a concern. At the beginning of the year, there were more than 1,300 and more are added all the time. This presents a challenge in terms of determining what coins to accept, McQuown said, since, at any point, a coin could lose popularity and value almost instantly. New and notably varied regulations create difficulties for businesses as well. “The United States has generally not provided much of an opinion [on cryptocurrency], but other countries such as China have shut down coin exchanges,” McQuown said.
Despite the risks, individuals and businesses are still holding cryptocurrency and trading coins on exchanges. Some awareness has increased about various hacking cases and, in turn, how to keep cryptocurrency secure. Companies are selling hardware wallets and cold storage solutions to store the contract address and private keys. Others, like identity verification and protection company Civic, are helping with technology for identity verification, while organizations like the Request Network, a decentralized currency exchange network, are making it easier to request and send payment.
“As crypto is being mainstreamed and technologies to support this are evolving, business owners need to carefully observe the trends and be prepared to adapt to ensure they are not losing customers because they are not yet crypto-ready,” Singh said.
To combat potential cryptocurrency risks for both merchants and customers, companies can—and should—adopt a multi-pronged approach. First and foremost, Singh believes it is important to understand the threat model. “The risks can be related to exposure to money laundering and fraud or can be related to changes in regulations, which can cause the business to be on the wrong side of the law,” he said. “It is important to do IT security threat assessments and penetration testing in the organization and ensure security best practices are followed to protect devices and accounts against social engineering attacks and other malware attacks.” Robust KYC and anti-money laundering procedures—and the appropriate legal, accounting and IT oversight—will also go a long way to ensure crypto-readiness.
The Future of Finance
Whether cryptocurrency has the practical utility or staying power to be the future of commerce is a matter of some debate. Singh said bitcoin, as the first cryptocurrency, is still the most trusted. “I believe that bitcoin will stay around for 100 years but might not be the primarily-used currency,” he explained. “As blockchain technology is evolving and is being used in the world of finance and other digital ledger use-cases, some of these blockchain-based technology organizations will become mainstream and their token or coins will be used, popularizing cryptocurrencies further and adding to their intrinsic value.”
Other alternative currencies and the platforms that underpin them may also have a promising future as a primary crypto asset. For example, ethereum’s blockchain platform is now being used to create FunFair, an alternative currency for online casino gaming, and Dent, a coin for buying mobile data.
Despite recent market fluctuations, $400 billion is still a substantial market capitalization and cryptocurrencies look to be here for the long haul. Companies would therefore be wise to develop a basic understanding of how it might affect their operations in the future and whether it can play a role in their strategic planning process. “Investigating accepting cryptocurrency now will help prepare you for what will be inevitably part of the future of internet transactions,” McQuown said. “I don’t foresee cryptocurrency disappearing.”