At Galion and throughout the crypto-currency ecosystem, security is paramount. Not because it should be, which is the case across most of the internet, but because it rises ideologically and practically from people that not only care about it, but make it one of their core missions. Legacy software is often built with security being an afterthought and too often we see the massive cost of such an approach. OPM . Equifax. Uber. Facebook. The North Korean ballistic scare.
Those failures do not always stem only from shortcomings and carelessness, but also from a fundamental misalignment between companies’ and users’ interests.
At Galion our revenue streams depends entirely on our users: they are not rows of data we peddle around but our customers.
Our mission is to hear their needs and answer them.
And the need number one is security.
This translates in two requirements, building a secure app, and making this security integrate seamlessly. Cryptos are still an entirely foreign beast for most, with weird ways they are not accustomed to, making it hard to tame. I’ve often witnessed sadening user mistakes, especially on some of the most innovative platforms such as decentralized exchanges, arising from the complexity of the interfaces and the unforgiven nature of cryptocurrencies in which there is no do-over.
Regarding the security of the app, we didn’t turn to regulation to look what standards we had to comply with. We did not turn to legacy software to see how they did. We turned inward and asked ourselves: under which conditions would I be willing to use such a product?
The answer was easy and two-fold: we want the company to know the bare minimum about its users, and we want to deserve the trust put in us.
On the crypto-front, that’s why our MVP does not include some of the most exciting features planned yet: we are not prepared to roll out user transactions from integrated accounts without extensive security audit and testing nor do we want to avoid the necessary compliance steps designed to protect consumers. We also focus on the ease of use and making our UI and UX intuitive: for most of us out there convenience is king, and it is our mission to find ways to bring this convenience to Galion’s users in the most secure way possible, to enable those of us that have no time or inclination to fiddle with their Nano S to be a part of the crypto adventure too.
On the fiat front the good news is, at least here in the European Union, regulators have taken some great steps. There’s the General Data Protection Reglement, which you will have undoubtedly heard about from the tens of services claiming a sudden interest in safeguarding your privacy recently. But there’s also the directive on payment services 2 (DSP2), which ends the madness of data scraping from banks to enable third party services.
Today, if you sign up for an app such as Bankin, a French start-up aggregating your data from your various bank accounts, you will be asked for your user credentials. Not an API key, not a dedicated and identified access for the app to your accounts. The same user credentials you use to initiate payment on your bank website. It will be used to log as you, and scrap data so that it can be displayed in the third party app. Banks do not want to develop APIs which they see as a threat to their data peddling, so they make fintechs use data scraping techniques which are not only unelegant, but unsafe.
Great news is, come september 2019, the DSP2 bans data scraping. In turns, banks will have to roll out APIs to enable safe interfacing with third party services. We see this as an opportunity to bring to our users a safe way to interact with their bank accounts, and will wait accordingly.
This philosophy irrigates our work at Galion. It is the reason we have not rushed to release sensitive features such as centralized exchanges access to wallets, and why we will not sacrifice compliance at our users’ expense. We want to make sure every aspect of our project is as safe as possible and always strive toward excellence.