“When you know that you're capable of dealing with whatever comes, you have the only security the world has to offer." - Harry Brown
Walking down a derelict street in center Johannesburg, with a watchful eye covering every possible nook and cranny for scenarios that could leave you vulnerable for attack. Your senses are firing on all cylinders, anticipating every passing stranger’s next move. Your only mission: to get safely to the petrol station on the corner, fill a 5L canister with fuel and make it safely back to the protective armor of your vehicle.
You proceed hastily, trying to appear calm as you approach the door of the convenience store adjacent to the petrol pump. You sigh with relief as you safely cross the first hurdle in your mission. Opening the rusty door rings a bell that wakes the cashier who seems to be passed out in a drunken stupor behind the counter.
With a beer stained vest he stumbles towards the counter to assist.
“Sorry for disturbing your siesta, however I need to get some fuel for my car down the road? 5L should do it.”
He groans as he bends beneath the counter re-appearing with a plastic 5L water bottle filled with what appears to be fuel. “R 250.00!” he slurs.
“That is a bit steep don’t you think?”
“Pay it or risk walking the gauntlet to the next station while hoping your car is still there on your return.”
Without an angle to negotiate with a drunken cashier, who is obviously holding all the aces, your only next move is determining how to pay without setting yourself up for further attack on your way back to your car.
He pops the cash register, whips out a card terminal and presents a Bitcoin QR code for payment. “Pick your poison…” He announces almost to bait you to pick any of the three, as if each would have a catch.
If you pay with cash, he will get a view of your wallet and the amount of cash you have on you, priming you for an ambush on your way back to your car, as untraceable cash is the easiest of heists.
If you pull out your bank card, it is possible that the terminal might have been compromised and your card could be depleted before you get back to your car.
As a final choice, if you pluck out your phone to pay from your Bitcoin wallet, you might be held at gunpoint to surrender your private keys and your phone.
“What do you do... Are you going to act as your own bank and carry the risk, or are you going to bet on your bank’s governance?”
Your one option for a low-value high-risk payment is to cower in the confines of the banking processes and trust in a regulated chargeback option. If your card does get cloned, you can put in a claim at the bank to recoup the fraudulent transactions that were made subsequent to you leaving the store.
At this point your bank charges become an insurance against the risk of theft and an assurance for recovery.
The bank’s ability to monitor fraudulent transactions on your card and halt them quickly, could give you comfort in limiting downside risk of compromise, whereas if access is gained to the private keys storing your Bitcoin, the financial consequences are severe.
The challenge with Open Banking:
With PSD2 (Second Payment Services Directive) forcing banks to open up their services through API's to Fintechs, they are faced with a larger problem as their customers continue to expect the same level of guarantees, while the banks give up control of the user journey and monitoring of payment initiations.
Fintechs and banks are going to have to overcome an array of challenges to give assurance to the banks that security and authentication cannot be compromised at Point of Sale.
At Waxed we use a combination of the public/private ECDSA (Elliptic Curve Digital Signature Algorithm) keypairs and cryptographically secure tokens to communicate with the banks. Our tokens are meaningless outside of the banks firewall to evade any man-in-the-middle attacks.
Along with these tokens we use lessons learnt from stacked, hidden wallets to apply a mechanism of failsafe, and give the user and his bank the ability to shut down his account and visually display lower balances when under duress.
“But Alex, you can just refuse to give up your private key, or store your keys elsewhere”
Before the Bitcoin community pitchforks me, let me elaborate.
I view my financial journey in the same vein as I navigate through daily transactions to long-term wealth. With each transaction we make, we are faced with associated risks and need to utilize the options we have available in the situation to limit our short-term risk and guarantee long-term certainty.
With Bitcoin and Cryptocurrencies we are electing to be our own banks and carry all the risks that come with that. That includes the safeguarding of our private keys associated to our respective coins, understanding the security vulnerabilities of each blockchain we transact over as well as the risk of compromise in any way.
Bitcoin and certain other blockchains have proven themselves over the passed decade to be an extremely secure means of payment, as long as human error is kept out of it. Many people will blame the technology for their own error that leads to their payments being compromised.
Another option you would have is to set up your personal cryptocurrency bank in such a manner to reflect the best practices of banking polices. Banks have spent decades securing their centralized ledgers and a lot can be learnt and ported to the blockchain and crypotcurrency community to emulate banking best practice while you set up your own payment mechanisms.
Separating your long-term wealth from your day-to-day transactions would limit the risk of compromising one by using the other. This could also lead to a discussion as to the benefit of having Bitcoin being slow to transact over as a stronger use case for wealth storage, and other cryptocurrency channels as better alternatives for quicker day-to-day transacting by limiting risk associated to that channel.
You would never link a card directly to your access bond of your house, as it would be financial suicide if that were to be compromised. In the same way risking exposure to your private key that is storing most of your Bitcoin wealth would be extremely risky.
The truth that most Bitcoin and blockchain maximalists don’t like hearing, is that most people entering into this space don’t really care about decentralization or blockchain technology; they are here because of a promise that they can become rich.
Until they are up to speed with the risks and benefits of being in this space, it is up to us technologists to keep them safe as they start spending their created wealth.
99% of people using the Internet have no clue what TCP/IP is. In the same way there is no need for the masses to understand Blockchain to achieve adoption. We need to make it simple to use and accessible while limiting the possibility of human error.
Once again if you found this interesting please share it, if you found it useless please ignore it and if you have an opinion please engage.