Get Our Email Newsletter

Why Bitcoin May Be the Solution to POS Data Hacks

The idea that an Internet currency could solve the hacking epidemic we’ve witnessed over the past few months may seem counterintuitive. After all, hacking is a product of the Internet. Without the Internet, there would not be any point-of-sale (POS) hacks to fear. Bitcoin is far from mainstream, but it is a fascinating technological invention, which is virtually un-hackable. The current system using credit card data is flawed. There are hacks currently taking place that have yet to be discovered. It seems like there is a daily story regarding a major retailer being hacked. It may be time to consider Bitcoin.

What is a Bitcoin? Bitcoin is “crypto-currency” that exists only in data. Bitcoin’s value is determined by the market, without any tangible items to support the value. This is also true for most government currencies (including the United States of America), in which currency only has value because markets accept it. Bitcoins are transferred between users from digital “wallets”. The transaction experience from one wallet to another is similar to an electronic funds transfer using PayPal. While the process may seem similar, the two are very different. Bitcoins can be bought and sold on exchanges, like stocks. Some people speculate on Bitcoin, because of the fluctuations in its value. However, all currencies fluctuate in value, but many of them are so widely used that fluctuations are almost unnoticeable.

A single Bitcoin consists of an alphanumeric key (private key) and a public address. The private key is the only way a Bitcoin can be used. When a Bitcoin is transferred, a decentralized group of computers processes the exchange of currency. This group of computers creates a ledger called the “blockchain”. Computers contributing to the block chain are rewarded with newly minted Bitcoins. Anyone can run the software and participate, which makes it impossible for a government to shut down the service, although some countries have passed laws not allowing its use. Such laws dramatically impact the use of Bitcoin, but can never stop the technology itself. This provides a grey market currency for people living in countries where the government has hyper-inflated the national currency.

Bitcoin is very secure and virtually unhackable. The technology (blockchain) itself is unhackable. Because of Bitcoin’s use of private keys, the blockchain is accessible for anyone to see. Bitcoin’s design removes the need to keep hackers out, because there is no way to corrupt the blockchain, since all computers participating must agree. However, because of convenience, some Bitcoin holders started using online wallets, which are only as secure as the website’s security. Websites are commonly hacked, which makes this type of wallet insecure. All a hacker needs is the private key (text) in order to spend Bitcoins. Alternatively, keeping private keys locally on a phone or computer is much more secure, and in many ways unhackable. A hacker would need to physically have your phone or computer to steal Bitcoins (private keys). Additionally, most phones and computers are password protected, adding an additional layer of security. Some users have taken security a step further by printing Bitcoin private keys on paper and erasing digital records. This method is highly secure, but if the printed Bitcoin is lost or destroyed, it’s lost forever. However, you may make duplicate copies.

- Digital Partner -

You may have read about the recent hack of the “Mt. Gox” Bitcoin exchange. These hacks are frustrating setbacks for the Bitcoin community because Bitcoin was not hacked – an insecure website was hacked. Mt. Gox is a great example of what not to do. As mentioned above, your private keys should never be stored online. Additionally, Mt. Gox is a joke within the Bitcoin community. The website began as a trading card exchange named “Magic the Gathering Online eXchange” abbreviated “Mt Gox.” Other similar websites have been hacked and more will be hacked. However, this is a result of a fundamental misunderstanding of Bitcoin. Private keys should only be stored on a password-protected physical device.

The technology is complex, and this article doesn’t even begin to fully explain the technology. Quite honestly, I wouldn’t consider myself being anything close to an expert on the subject. However, I can see that the Bitcoin technology is revolutionary. Currency is just the beginning of this technology, and currency may never be fully adopted. However, the concept of a private key on a decentralized network opens the doors to exciting possibilities. Some are exploring using private keys for fully transparent voting, since you can only vote with a private key and the blockchain is visible to everyone. This could eliminate the possibility of voter fraud. It may sound grandiose, but this technology is as revolutionary as the Internet itself. It is democratization of information.

Why should Bitcoin matter to retailers? First of all, Bitcoin is secure. Hacking POS becomes obsolete. Once a transaction (private key) is passed from a customer to the retailer, the funds transfer is nearly instantaneous, rendering the former private key unusable, as a new private key is issued to the retailer. By contrast, credit card numbers remain usable until their expiration. In some form, there will always be credit card data available to be hacked. In the recent POS hacks making headlines, some of the data was obtained from RAM, which is very temporary data storage in a computer. Encrypting data in RAM is very difficult. Even if a solution is created for this hack, hackers will devise new ways to penetrate data security systems.

Several card companies are moving to electronic chips and changing PIN numbers for their cards. However, eventually all data security countermeasures are compromised. When PCI (Payment Card Industry) data security compliance was required that encrypted all credit card data from POS, most thought this would eliminate the possibility of credit card hacking. However, hackers evolved, and we have seen several data breeches in just the last few months. Eventually, hackers will compromise data chips, PINs, or anything else retailers use to safeguard data.

LP Solutions

The current credit card system works under a system of “trust” between informational databases. This “trust” is like walls, doors, or locks to keep bad guys out. However, just like walks, doors, and locks; some bad guys find ways in. It’s difficult to keep bad guys out, because so many people legitimately need access to a retailer’s network. Recently, it was revealed that an HVAC vendor’s credentials were used as part of one of the hacks. It would be easy to criticize this, but several people need access to the network in order to efficiently run the business. In doing so, you now have several people with credentials that can be compromised. If access were locked down completely, several areas of the business would have difficulty functioning.

Bitcoin does not operate under a system of trust, rather a system of openness. All Bitcoin information is written to the blockchain (ledger). However, the only way to spend a Bitcoin is with the private key, which is only held by the user. There is nothing to hack – everything is open for anyone to see. There are no walls or locks necessary to keep bad guys out, because the blockchain is completely open. As it relates to POS systems, there is no useable data to steal, because all of the private keys have already been passed to the blockchain and are now worthless. Bitcoin private keys are like a one-time use credit card number, and only you have that number and it has never been used before. Once you use that card number, the card number is rendered useless.

This type of transaction may be appealing to retailers, because POS data becomes less valuable. I’m sure there are retail executives losing sleep over securing credit card data. With Bitcoin, this concern becomes a thing of the past. To make the technology more appealing, Bitcoin does not have the swipe fees associated with credit cards. These fees cost retailers millions. Bitcoin has the ability to eliminate fraud and swipe fee expenses – something that any retailer would be interested in.

Implementing Bitcoin at a major retailer would be uncharted territory. Doing so would require adding equipment similar to a credit card PIN pad. Additionally, Bitcoin has not been widely adopted by consumers, so very few customers would be using it initially. Most consumer fear stems from value fluctuations in the currency, which won’t be resolved until the currency hits a critical mass. If a major retailer with enough courage to implement Bitcoin in their business does so, we could see the tipping point for the currency.

- Digital Partner -

The credit card hacks we have seen recently are just the tip of the iceberg. The costs associated with fraud and new technology will make their way to retailers and consumers, and any efforts to secure credit card data will only band-aid the current situation. We need a new way of exchanging currency. Bitcoin may not be the crypto-currency eventually adopted, but in some format, crypto-currencies are here to stay.

Loss Prevention Magazine updates delivered to your inbox

Get the free daily newsletter read by thousands of loss prevention professionals, security, and retail management from the store level to the c-suite.

What's New

Digital Partners

Become a Digital Partner

Violence in the Workplace

Download this 34-page special report from Loss Prevention Magazine about types and frequency of violent incidents, impacts on employees and customers, effectiveness of tools and training, and much more.

Webinars

View All | Sponsor a Webinar

Whitepapers

View All | Submit a Whitepaper

LP Solutions

View All | Submit Your Content

Loss Prevention Media Logo

Stay up-to-date with our free email newsletter

The trusted newsletter for loss prevention professionals, security and retail management. Get the latest news, best practices, technology updates, management tips, career opportunities and more.

No, thank you.

View our privacy policy.