Finger authentication: The answer to cryptocurrency crime
November 2018 by David Orme, SVP at IDEX Biometrics
Cryptocurrency, commonly defined as digital assets that use cryptography to secure transactions without the need for a central banking authority, is rising in popularity and being widely adopted across the globe. According to research by the University of Cambridge, 3 million people are estimated to be actively trading in cryptocurrencies today, and many are already using crypto to pay for items such as hotels, games and even their rent. Since the 2009 launch of Bitcoin, the first decentralised cryptocurrency, the adoption of digital currencies has become increasingly popular as consumers look for convenient, accessible and low-cost alternatives to common currency.
Whilst we are seeing a rise in cryptocurrency usage – it is still a relatively new concept, with a concerning lack of knowledge and monitoring surrounding it. Recent studies found that most cryptocurrency investors in the UK put their money on the line without fully understanding it, resulting in only 5% of the UK’s crypto investors managing to turn a profit. More alarmingly than this, there is a distinct lack of regulation in place to protect consumers against potential data hacks and fraudulent behaviour. In fact, according to research by P.A.ID Strategies, 68 percent of 25 prominent digital wallets and cryptocurrency exchanges are currently allowing users to trade with no formal identification. In many instances, trading is able to take place using just an email address or mobile telephone number.
This ease of online trading is resulting in a number of large-scale data hacks, meaning that millions of pounds worth of cryptocurrency is being lost, with very little means of recovering it. Just earlier this year, the South Korean cryptocurrency exchange, Bithumb, announced that 35bn ($31.5m) worth of virtual coins had been stolen by hackers. Furthermore, Blockchain security firm CipherTrace reported that $731 million worth of cryptocurrencies were stolen from crypto exchanges during the first half of 2018. As a result, the cryptocurrency market remains volatile, and with each hack comes a sharp drop in the value of Bitcoin and other virtual currencies.
Whilst the anonymity of cryptocurrency can be seen as beneficial for some, it leaves digital currencies insecure and open to exploitation. A mixture of public and private keys (used to authenticate and encrypt these transactions) means that it is difficult to track illegal transactions, and with the current lack of formal regulation in place to combat this, cryptocurrencies remain extremely vulnerable to criminal activity such as money laundering and fraud. However, the deadline for the EU anti money-laundering directive AMLD5 is on the horizon and has now been extended to cover virtual currency platforms. Cryptocurrency providers who are failing to verify identity against existing ID documents are not only running the risk of incurring regulatory penalties, but also reputational harm and significant financial losses to their users.
Could Biometrics be the solution?
Until recently, the majority of cryptocurrency users stored their crypto keys on devices known as ‘Hot Wallets’. This term refers to devices that are connected to the internet such as a laptop, tablet or mobile phone. Whilst convenient, devices such as these can be easily hacked, lost, stolen, damaged or even destroyed, meaning any currency stored will be lost forever. Users of digital currencies, particularly those who are dealing in large quantities, are now being urged to use ‘Cold Wallet’ storage to combat this. The ‘Cold Wallet’ refers to an external, offline device, such as a USB stick or hard drive, on which cryptocurrency can be stored. These devices require a PIN or a password to be entered to access the stored crypto keys. Whilst these devices are being seen as the safer option, there is still much more to be done to ensure security against potential hacks and theft. To combat this, personalised and secure authentication methods are set to play a pivotal role in extending the chain of trust when it comes to cryptocurrency. The incorporation of biometric authentication technology with these external hardware, such as ‘cold wallet’ devices, could be the perfect solution to ending these security concerns. By adding a biometric fingerprint sensor to external devices, this would eradicate these risks, as to access the stored crypto keys you would need to authenticate yourself using your own fingerprint.
The additional level of security that fingerprint biometric authentication would offer prior to any online transactions would help protect from hacks and regulate this commerce. Much like traditional card transactions that would usually require a PIN or a signature, the use of biometrics would replace a need for a password and offer simple, secure and personal authentication when making cryptocurrency transactions.
What does the future have ‘in-store’ for digital currency?
Despite the current security concerns surrounding this digital currency, the use of crypto is expected to continue to grow as we move towards an increasingly digital world. Countries such as Canada are already leading the way – Vancouver alone has over 20 Bitcoin ATMs and there are already thousands of accepting merchants. Not only is this trend being adopted by westernised society, but it also has the potential to bridge the gap to financial inclusion for undeveloped countries who currently lack access to financial systems. Traditional banking infrastructures can be very expensive and timely to put in place, digital currencies merely require a connection to internet for trading to commence.
A recent Forbes article looking into 2018 shopping trends predicted many retailers (SMB and enterprise) will hop onboard the cryptocurrency trend to diversify payment options. Well known online merchants such as Expedia and Microsoft are already accepting bitcoin for hotel bookings and app and game purchases. Experts in the field envisage, that before long, cryptocurrency will be at a point where it is also used for in-store purchases.
When used under these circumstances, cryptocurrencies will fall under traditional payment regulations including the new PSD2 directive that came into effect earlier this year. Under this revised directive, the concept of Strong Customer Authentication is a key factor, meaning that two-factor authentication will become mandatory for all payment transactions over £30. This is authentication based on the use of two or more of the following elements: something the user knows (i.e. a password or pin), something the user possesses (potentially a prepaid card containing the cryptocurrency) and something the user is (i.e., a fingerprint or other form of biometric). Fingerprint biometrics is already set to play a key role in two-factor authentication and can ensure that all transactions are authenticated effectively, as ultimately there is nothing more secure or personal to you than your own fingerprint.
Whilst there is still an air of mystery around what the future has in store for cryptocurrency, one thing is for sure – biometric fingerprint authentication will hold the key to a safe and secure future for both new and traditional payment transactions.