The head of security for cryptocurrency exchange Coinbase describes his biggest challenge: EducationAugust 18, 2019
- Coinbase CISO Philip Martin explains that cryptocurrency users need to understand security and the importance of passwords.
Coinbase security chief Philip Martin has a big challenge: Explaining the fundamentals of security to customers whose financial worth absolutely depends on remembering their passwords and keeping their keys safe.
"We have the problem of a global cryptocurrency company figuring out how to talk about security, in a way that plays in Japan in San Francisco and in Europe, and across the age divide, in a way that actually resonates to the people we're talking to," he said.
Coinbase is one of the largest cryptocurrency trading and payment platforms, most recently valued at around $8 billion, and supports more than a quarter million bitcoin transactions per day.
Financial companies have to deal with encryption as part of the day-to-day security duties. But at a typical bank, cryptography is often limited to two basic categories: masking personal information, like Social Security numbers, and ensuring websites are secured. But cryptocurrency wallets are different, because encryption plays such a fundamental role. This is new to a lot of consumers working with Bitcoin for the first time, Martin said.
"We deal with long-lived keys that we generate that live for a very long time, that are the direct controller of liquid value," said Martin, who previously served as an information security lead at Palantir Technologies and in U.S. Army counterintelligence.
"Possession of a key is possession of your currency. What that means is that you can't revoke a cryptocurrency key, if that key is lost, compromised, there is no ability to get [the value] back."
This makes the stakes of theft of encrypted data more severe, than, say, the theft of encrypted social security data at a financial institutions, he explained. "The consequences of loss are much higher." It also means attackers are much more aggressive about gaining access to that encryption, he said.
Those high consequences mean Coinbase's security organization must help contribute to a broad communication plan to customers, that helps explain clearly how to handle their keys, passwords and other important information for securing their accounts.
For those new to cryptocurrency, "a lot of work is going to how do I interact with the ecosystem? How do I act differently here than if I am protecting my social media account?" he said.
Traditional banks have an advantage, he added, in that "transactions in the traditional fiat system are reversible," whereas transactions via blockchain are by and large irrevocable. Banks might have more problems with wire fraud involving CEO impersonation, but cryptocurrency users are often subject to cold-call "tech support" scams, he said, in which a criminal calls a customer to convince them to give up valuable security information, starting with "I'm here to help you with your coinbase account problem."
Know Your Customer
Coinbase uses traditional banking procedures in signing up new customers, one area that people new to investing see as attractive, he said. That includes gathering the usual personal information from people using the platform and taking part in the "Know Your Customer" (KYC) due diligence most banks employ, which involves sussing out customers who may be using their account for illegal transactions.
But still, cryptocurrencies have a reputation for supporting all manner of illicit transactions. Doing KYC has been one step in reassuring new investors that cryptocurrencies aren't all shadowy. One reason the reputation persists in the U.S., Martin believes, is because Americans aren't accustomed to the alternative use cases for the currencies.
"The hardest part of this conversation is that in the U.S., we have a fairly trusted financial system. It's easy to use, we have credit cards, we have bank accounts, we trust those institutions to do the right thing," he said. "When we get outside the U.S., the utility use cases become much more obvious … in places like Venezuela, as a shore of value in a place where everyday citizens have lost faith in their government to handle their money."
The use of cryptocurrency by guest workers in other countries, where using a "Western Union" style service may be difficult or cost prohibitive, is another compelling use of the platform outside the U.S., he said.
When it comes to illicit use of cryptocurrencies, the problem is real but it's not exclusive to these currencies, Martin believes. "You could say the same thing about cash, because of it's lack of public traceability. It's much easier to buy a high-end watch and sell it," using cash without being discovered than to move funds with Bitcoin, he said, because in the case of cryptocurrency, "all of those transactions are on the record."
"You may not be able to associate the identity with a single address, but you now have a perfect retrospective view of everything that was done."
As far as adoption goes, Martin has high hopes for the Facebook-led Libra project to create a new cryptocurrency, of which Coinbase is a member. But it's too early to judge the security implications of expanding cryptocurrency so broadly.
"From our perspective, Libra has the potential to bring cryptocurrency to a billion people, because of the folks that are involved. I think that while the potential is there, it's really too early to be talking about the technical implications of the coin, their protocols and the currency, because it's still under development."
Follow @CNBCtech on Twitter for the latest tech industry news.
Source: Read Full Article