Why bitcoin is both less and more secure than credit cards
This week, the FBI issued a warning about an unusual form of credit card fraud. Credit card processing networks at gas stations and other retailers in Indiana, Kentucky, Ohio, Pennsylvania, and West Virginia, are being knocked out by a piece of aluminum foil. Thieves wrap it around the satellite antenna used to communicate with credit card companies. While unable to authorize sales, many merchants process them anyway, assuming the network is temporarily down and that transactions will clear when the connection resumes.
Thieves have been making away with tens of thousands of dollars worth of electronics, cigarettes, and other stuff, all paid for with stolen (and often cancelled) credit cards. In many ways the merchants are accepting a personal check and trusting that the account holder has sufficient funds to cover it.
While this is more a social engineering hack than a true breach of system integrity, the aluminum foil scam is hardly the only way credit card systems are breached. Card skimmers are regularly installed on ATMs and payment terminals, stealing user credentials that are often later sold on the black market. Malware installed on PCs and mobile devices or network breaches similarly allow online thieves to intercept payment information. And the recent Target credit card hack is just the latest in several decades of large-scale corporate breaches that have exposed user payment information.
The frequency and variety of these scams highlight the vulnerability of any system that must rely on a central clearinghouse to authorize and process transactions, such as credit cards and bank transfers. Merchants and transaction counterparties are ill-equipped to verify the authenticity of a credit card or the solvency of a personal check and thus rely on banks and credit card companies. It’s a slow, inefficient, and costly system. From a consumer perspective, paying with cash is far and away the most secure and privacy-enabling option. It’s just not convenient.
This is where bitcoin comes in. Like cash, bitcoin does not need third-party verification. Once it’s transferred, the receiving party can be assured of payment completeness and does not need to worry about chargebacks. Unlike cash, bitcoin cannot be counterfeited thanks to both its cryptologic nature and the blockchain general ledger system used to verify and record every transaction.
From the consumer perspective, paying with bitcoin affords a degree of anonymity, while the simple act of paying with the virtual currency in no way increases their risk of being robbed (since payments don’t involve a user sharing their bitcoin wallet private key). The same attributes that make bitcoin secure and fungible, however, can also make it attractive to fraudsters and somewhat unapproachable to the layperson.
Once bitcoin is stolen, it’s nearly impossible to recover. The fact that there's no central clearinghouse also means that there's no one to take responsibility and refund or guarantee merchants and consumers against fraudulent charges. In most cases of bitcoin theft, it has been a breach at the platform level – exchanges, wallet providers, etc. – rather than an individual consumer’s account, although those have occurred as well. This means, it’s often out of the individual user’s control to prevent such attacks. Nonetheless, these scenarios have been relatively rare, and have typically involved new and unproven platforms or novice users. As the anchor companies within the bitcoin infrastructure are identified and continue to mature, the frequency of bitcoin theft should decline even further. The development and communication of best practices, for both corporations and consumers, should also improve things considerably.
One of the unfortunate consequences of the recent explosion in bitcoin’s popularity and, subsequently, its value, is has been the shift from a savvy early-adopter to a more mainstream user base before all the necessary infrastructure could be established. Buying or acquiring bitcoin, securely storing it in a wallet, and finding places to spend it are still too onerous for it to replace traditional currencies and financial services – yet. By contrast, few people need to be “trained” how to use a credit card.
This is changing by the day. Two competing bitcoin ATM manufacturers announced plans this week to deploy additional units in Hong Kong, Taiwan (Robocoin), Saudi Arabia, and Singapore (Lamassu). Several dozen more are expected to arrive around the world in the coming months. In parallel, a number of venture-backed startups are creating consumer-friendly bitcoin wallets, payment platforms, and other services aimed at reducing the intimidation factor and making bitcoin more widely accessible.
Like credit cards, bitcoin (and its virtual currency cousins) will undoubtedly be the target of fraud attempts for as long as it holds value. But unlike credit cards or personal checks, merchants will never need to worry if the payment they’re receiving is going to clear or if the currency is counterfeit.
It won’t solve all payment fraud problems, but accepting bitcoin makes trusting unknown customers a much safer bet.
[Image via InsuranceProviders.com]