Bitcoin Gets a Security Boost as Payment Startups Target Enterprises
Bitcoin companies are looking to win business from large corporations by offering more of the security features that traditional payments providers have long used.
Many Bitcoin businesses are launching multi-signature services to secure consumer transactions. Since the Bitcoin protocol does not have a process for chargebacks, this added security can help win over consumers and businesses who want to use the digital currency for high-value payments.
The multi-signature security services require authorization from multiple parties before a transaction can be approved. The vendors provide one of the signatures needed to make a purchase, and the client sending the funds provides the other.
"We're bringing bank-grade security to Bitcoin," says Will O'Brien, BitGo's co-founder and CEO.
The feature allows the wallet providers to be a trusted third-party for Bitcoin users, blocking transactions based on fraud scoring or parameters set by the wallet's user. If a transaction is blocked by Ciphrex or BitGo, the user would have to provide an offline private key to let it through.
Citigroup, Wells Fargo and HSBC offer their own variants of multi-signature for conventional payments, usually referred to as four-eye (or higher) approval.
Ciphrex and BitGo are "making Bitcoin look like something consumers are more accustomed to, to help make the product more user and business-friendly," says Andy Schmidt, a research director at CEB TowerGroup.
Although it will be rare for a large corporation to begin using Bitcoin in the next three to five years, Schmidt says, companies that are looking to avoid foreign exchange fees might see more advantages. These exchange fees can range from $5 to $10 per transaction and can add up for businesses doing a lot of volume, he says.
Emphasizing security has been a trend in the Bitcoin market over the past year, as a handful of high-profile incidents have left Bitcoin users without access to their funds.
Some of the loss was from scam businesses and inside jobs, such as the Bitcoin Savings and Trust and Sheep Marketplace (accused of stealing $40 million in bitcoins from customers).
Before filing for bankruptcy, MtGox, once the largest Bitcoin exchange, said the bitcoins it stored were stolen using transaction malleability. But as former customers and angry hackers search the blockchain, the public ledger of all bitcoin transactions, some have accused MtGox of still having access to a large portion of the bitcoins it claimed were stolen.
Armory is developing a multi-signature wallet account that can be created and managed without the company's influence. Armory does not hold any of the keys needed to verify a transaction. Instead, users establish their own trusted parties, such as a spouse or business partner, says Reiner. Users could also set a separate computer server as the trusted third party.
Armory's approach elevates multi-signature security from being a two-factor authentication method to being a decentralized highly secure lockbox, Reiner says.
The decentralized approach is "not only 'the Bitcoin way,' it's also more robust in the long-term and guarantees full security and privacy," says Reiner. "Armory can be used as long as the Bitcoin network is still running, and security and privacy are always maximized without any external trust beyond the limitations of the raw Bitcoin network itself."
Armory plans to release the lockbox feature to the public in about two weeks, he says.
If a vendor holds one of the keys, "there is a single point of failure," says Reiner.
BitGo's O'Brien disagrees. "Multi-sig is by nature distributed keys so there is no single point of attack," he says. BitGo is currently offering its multi-signature wallet to enterprises on an invite-only basis, he says. The consumer version is generally available.
Cryptocorp is another company providing multi-signature technology but with a different business model. The company focuses on the service, hoping to sell multi-signature as an add-on feature to Bitcoin wallet providers.
Customers using Cryptocorp's service will receive a phone call when they request a transaction. The service asks the user to press the "1" key on the phone to approve the transaction. Afterwards, the company signs the transaction.
"This is very much like adding consumer protections to an emerging part of the market," says Schmidt. Bringing traditional corporate payment systems to Bitcoin and creating metaphors that compare Bitcoin to legacy systems will legitimize digital currency especially in the enterprise market, he says.