Introduction: The Issue of Security

The hammer of regulators is beginning to fall on cryptocurrency companies.

In order to ensure that cryptocurrencies are not used to perpetrate criminal activities, regulators are stepping in to ensure crypto companies know their customers. Global surveys have revealed that the cost and complexity involved in Know Your Customer (KYC) processes are rising, a reality that will certainly have negative implications on financial companies (crypto companies included).

Firms spend anything from $60 million to as much as $500 million on KYC and Customer Due Diligence (CDD) compliance. While the cost of KYC and customer onboarding processes are worth discussing, a more pertinent and less discussed subject is customer security.

There have been cases of ICOs raising funds and vanishing into thin air with customers’ money. Because the crypto space is still new and loosely regulated, questions have arisen on how user information is being stored, where it’s being stored, and what happens if a cryptocurrency exchange decides to shut down operations.

Here, we examine KYC in the crypto market as it relates to the security and privacy of user information.

How Important is User Data?

Cyber criminals are always on the lookout to target business-critical information. And in financial settings where banks may request several documents just to open an account, concerns about cybersecurity and private data cannot be pushed aside.

While there are clear benefits to opening a cryptocurrency account from the comfort of your home by simply uploading an ID and other supporting documents, you should be wary of what might happen if your information is stolen or accidentally leaked.

To get a clearer picture of how important your information is, the Bureau of Justice Statistics (BJS) reported that in 2013, “identity theft cost Americans $10 billion more than all other property crimes measured by the National Crime Victimization Survey.” Meaning — it’s the most profitable form of theft.

And as a user, this should tell you the extent to which cyber criminals will go to obtain your data.

Security of User Data in Cryptocurrency

If you are in the US and need to purchase Bitcoin, you’ll need to transfer money to a centralized exchange like Coinbase. But this actually presents an irony.

Bitcoin and cryptocurrencies were initially promoted as anonymous and decentralized options for transactions, but we now have to supply personal information to centralized exchanges like GDAX, Poloniex, Bittrex, Bitfinex, or Gemini.

This may not be a problem in and of itself — credible traders and investors shouldn’t have any problem doing business on these platforms — but, as asked earlier: what happens to the data one gives to these companies?

One of the biggest vulnerabilities of crypto exchanges is how they store data. In addition to storing the public and private keys of their users on online databases, sensitive information like one’s address, copy of passport, copy of utility bill, driver’s license, and even social security number are stored online.

This makes them a prime target for hacking.

Crypto Hacks: It’s Only a Matter of Time

Uber, Dropbox, Equifax, Deloitte, LinkedIn, OneLogin, Verizon, and the SEC are among a list of countless top corporations that have had their databases breached. It’s only logical to reason that if these large corporations with sophisticated security teams were unable to deter hackers, it’s only a matter of time before some cryptocurrency exchanges start getting hacked.

Mt Gox, Shapeshift, and Bitfinex have already been hit by hackers and many more will likely follow. And when they do, users’ data will be vulnerable.

Conclusion: Turn to Third-Party Experts

For this reason, it becomes expedient to subcontract data collation, storage, and management to third-party companies whose core expertise is encryption and storage of data.

By adopting such a strategy, cryptocurrencies will not only cut costs; they will be able to focus more on their core business activities while ensuring a greater degree of data protection.