guest post by Nicole DeCicco Owner/Founder CryptoConsultz, LLC
Where is our “triple threat” solution to payment processing?Cryptocurrency enthusiasts are well aware of the problems the crypto economy faces in terms of privacy, speed, and fees. While the blockchain community is scrambling to solve these issues, will the real “triple threat” solution emerge?
Privacy in a crypto-economy: A blessing or a curse?As recent megadata breaches show, security is an important element of any payment ecosystem. We often take privacy for granted and only regret when we lose it. The notion of privacy and data ownership has clearly been brought to the forefront of many industries, most recently and notably social media. Spring of 2018 has proved to dismantle the previous beliefs consumers held concerning privacy. In March, The New York Times reported Facebook was duped by a developer who reportedly gained access to the data of millions of users. Reports claimed that such data then may have been misused for political ads during the 2016 political election. In response to the allegations, Mark Zukerburg addressed the media, “We didn’t focus enough on preventing abuse and thinking through how people could use these tools to do harm as well. That goes for fake news, foreign interference in elections, hate speech, in addition to developers and data privacy. We didn’t take a broad enough view of what our responsibility is, and that was a huge mistake. It was my mistake.”
Consumers are beginning to shift discussions about privacy focusing on the risks involved when relying on a central authority to secure our data and protect our privacy. This new era has given users insight to the flaws of a centralized model and the astronomical consequences we might bear through its use. If such breaches have the potential to influence an election, one can only imagine what else we are compromising if we fail to take control of our data.
While often viewed as “anonymous” Bitcoin, Ethereum and many other cryptotokens are not considered “private” due to the open ledger characteristics of their blockchain. Such cryptocurrencies lack privacy due to the traceability of the blockchain and have incomplete security. Ironically, Bitcoin and its derivatives take a step backward in the privacy area compared to older payment technologies like cash or even plastic cards, which became an inglorious symbol of compromised security and privacy. Bitcoin creator(s) either did not think about privacy, or simply did not have enough time to resolve all the problems, understandable as they had an even more important problem to solve: the very existence of blockchain technology.
It’s no wonder cryptocurrency investors find value in various crypto-tokens based on characteristics these particular tokens hold. For investors of privacy tokens like Monero, Zcash, or DASH the ability to use crypto at the Point of Sale (POS) is not only unattainable but undesirable when utilizing a centralized payment processor.
Some industries are solving this problem by accepting privacy tokens for POS transactions. Consumers in industries like adult entertainment, gambling, cannabis and healthcare require that their privacy be maintained. Merchants in these industries see the value in supporting such consumer preferences. Take, for example the recent partnership between Pornhub and Verge which has shifted the future of porn payments.
Corey Price, VP of Pornhub, “Our acceptance of Verge is an affirmation of our dedication to innovation and privacy, which recently has caused much concern and been at the forefront of all tech consumers’ minds,” said Price in a press release. “We’re extremely excited to offer our fans the ability to use crypto and think Verge, with its focus on anonymity, is the best option – whether for privacy, convenience or both!”
Privacy tokens, like Verge, have attempted to solve the privacy issue, some with much success. But these solutions are still not adequate. These same tokens have failed to address other barriers faced when using these tokens at POS, such as speed and fees, which we will discuss in parts two and three of this “Triple Threat” series.
Privacy is a delicate subject for cryptocurrencies and the payment industry in general. While maintaining privacy is important, and in some industries mandatory, there are times that absolute privacy can become a barrier to payment processing.
Privacy demands a range from complete anonymity to complete transparency, as decided by both the seller and the buyer. The seller, for example, may have regulatory compliance requirements to collect and verify certain identity data, like age for liquor/cigarette purchases, or zip codes for online merchant’s tax calculations. The buyer, on the other hand, may or may not agree to disclose all or some attributes of their identity and should be in a position to do so. If the seller and the buyer can agree on the identity attributes to be shared, the transaction can proceed.
Identification, Authentication, and Authorization. In the context of financial transactions between buyers and sellers, some trust must be established between parties. For types of transactions that require regulations and compliances be dealt with, it’s imperative that a good system for authentication/authorization is in place. And yet, such methods have largely been an afterthought of existing cryptocurrencies. The anonymity of cryptocurrency wallets has caused as many problems as it has solved in terms of security.
Identity Proofing. Effective identity proofing is not trivial. To understand the need for identity proofing, consider a merchant that might request a strong level of identity proofing to make sure the buyer is eligible to purchase prescribed medications, and a superior level of identity proofing to purchase arms (as defined by NIST Special Publication 800-63A in the US). Conversely, buyers purchasing goods from an aftermarket might want to protect themselves from buying stolen goods by requesting that the merchant provide a higher level of identity proofing.
Identity Attributes Authenticity. In many cases, there is a requirement to establish an identity attributes authenticity by the merchant. These digital identity guidelines, set out by government regulators, are focused on privacy enhancement. Merchants can benefit from platforms which provide efficient processes for capturing and validating such attributes. It is the responsibility of the merchant to ensure regulation compliance but, in blockchain technology, there is a great opportunity to ease the pain associated with meeting such requirements.
While regulation and compliance are considered dirty words in the crypto-space, projects that tackle these issues headon are poised to be leaders of the industry.
Identity Management. Relying on the wallets to do user management opens up a big security risk as wallets are typically free to implement their own security measures and can be compromised individually. To protect the network and ensure integrity of user identities, payment networks need to support an identity verification function. As such, regardless of wallet implementation, user verification and authentication will be carried out in a manner that will prevent compromised user identities, spoofing, replays, and man-in-the-middle attacks.
The GRAFT SolutionThe blockchain industry is seeing several promising solutions to solving privacy at the point of sale. One project that has the potential to transform the industry is GRAFT Blockchain. One unique characteristic of GRAFT is that it employs payment processing protocols and flows similar to how traditional electronic payment systems—such as credit, debit, and prepaid cards—are processed. These processes are already familiar to and trusted by millions of users and merchants around the world. This approach enables easier and faster adoption of GRAFT as a mainstream payment platform while eliminating the need for centralized intermediaries (payment gateways and processors), currently required to facilitate transactions between buyers and merchants.
In order to maintain privacy, one must ensure ultimate security is achieved. Without security, identities can be compromised. Like passwords, once identity is compromised at one juncture it’s compromised everywhere. The highest level of security can be achieved if privacy is at the core of the system rather than an add-on created after implementation is done. GRAFT achieves this through the implementation of a CryptoNote protocol. Privacy components of this blockchain are equally as impressive. GRAFT uses an untraceable blockchain, decentralized API, and an open community of service brokers that support various payment and payout methods, including cryptocurrencies, cryptographic tokens, and traditional credit cards and bank transfers.
ConclusionThe demand for decentralization has brought blockchain technology to the forefront of nearly every industry of the modern day. The centralized approach of yesteryear clearly is riddled with flaws, and its these flaws that have been the fuel behind the fire we call cryptocurrency. While revolutionary, cryptocurrency still isn’t working at the point of sale for various reasons. Attempts have been made to solve problems in terms of privacy, speed and fees, but we’ve yet to see one platform perfect this delicate balance. Even cryptocurrencies that seem to get it right, in terms of privacy, are held back by the dominating forces of centralized exchanges. Absolute privacy is not the answer and can cause additional problems at the POS if not implemented in a manner that allows for an anonymity/transparency range, as decided by both the seller and the buyer.
While some cryptocurrency payment processors are attempting to solve the speed problem, we must look to projects that accomplish this along with solutions to the multitude of problems that exist when using cryptocurrency at the point of sale. To do so while upholding decentralization is a lofty task. That being said, there are exciting projects on the horizon that give us a glimpse into a bright future of the crypto-economy.