Bitcoin startups are much more outspoken about security than traditional payments companies are, and the new Ciphrex wallet is no exception, claiming to be the first to use multi-signature transaction management.
In the wake of recent security incidents, "the lesson being learned right now is that the transfer of money requires a far higher level of security," says Gil Luria, an analyst with Los Angeles-based Wedbush Securities.
The payments industry is responding to Target's massive holiday-season data breach by advocating the use of security technologies such as EMV, encryption and tokenization. "But the potential for Bitcoin, with an infrastructure that's secure and decentralized, is to build a level of security the existing payments systems are struggling to achieve," Luria says.
There's some level of tolerance for fraud from traditional payments systems, which mitigates fraud through fees paid by merchants, he says. Bitcoin payments are designed to be irreversible, reducing chargeback risk for merchants but making users more responsible for their own security.
Ciphrex's multi-signature feature allows the wallet service to be a trusted third-party for Bitcoin users, blocking transactions that it views as suspicious. These blocks can be based on parameters set by either Ciphrex itself, which will have one key needed to verify a transaction, or by the end user.
If Ciphrex blocks a transaction, the user can still approve the payment by providing an offline private key. To spend bitcoins, a transaction must have two signatures.
"Multi-signature appears to be the first major advance in securing transactions without taking them offline," says Luria.
Offline storage, also called cold storage, protects bitcoins by holding them on computers that are not connected to the Internet (and thus are not accessible by hackers). Most exchanges and wallet providers use cold storage for about 90% of the digital currency they handle, Luria says. "But that's backward for a technology that's meant to bring payments and currency online," he says.
To reduce risk, a Ciphrex user could set parameters that demand that high-value transactions be blocked automatically until the customer can provide the proper offline key.
Ciphrex did not respond to an inquiry by deadline.
Bitcoin startups "are understanding that they have to start with security, otherwise people will lose faith in Bitcoin," Luria says.
This mindset runs counter to mainstream financial services, where security is seldom a selling point. For example, Wesabe Inc., a failed personal financial management provider, says one of its earliest mistakes was placing security at the forefront of its marketing, whereas rivals such as Intuit's Mint.com succeeded by keeping security out of the spotlight.
Other Bitcoin companies are making security their selling point. Armory Technologies developed the Armory Bitcoin Wallet in the fall of 2013 to provide security "even at the expense of convenience."
Some entrepreneurs have stepped into the Bitcoin ecosystem to offer insurance for Bitcoin accounts, similar to the FDIC insurance on U.S. dollar-denominated bank accounts. Xapo, a Bitcoin wallet and vault recently launched by payments industry veteran Wences Casares, is fully insured by Meridian Insurance.
"I think this year is the year of pretty big adoption of multi-signature transactions," says Eli Dourado, research fellow at the Mercatus Center. Many Bitcoin companies will integrate multi-signature transaction management by the end of the year, Dourado says.
"There have been so many security problems and it's gratifying to see [Bitcoin] developers are accurately perceiving security as an aspect they need to improve on," Dourado says.
The most prominent security issue in recent weeks stems from the failure of MtGox, a large Bitcoin exchange. MtGox customers lost access to funds stored at the exchange, which has scrambled to locate all of the bitcoins it held.
The beta release of the Ciphrex wallet is free. The software company, which also announced a Bitcoin processing system, Coinstream, is looking for investment for its next phase of development.
Multi-signature transactions also have a future enterprise opportunity, helping companies organize their workflows, Luria says. Company transactions could be set up to need a certain number of department heads to digitally sign before it's verified and sent.