Payment Security in Blockchain (Part1): Introduction and Wallet Security

Introduction

In the payment sector, security is paramount to protect sensitive financial data, prevent fraud, comply with industry standards and regulations, maintain customer trust, and ensure system stability. Encryption safeguards customer data during transmission, while authentication restricts access to authorized parties only. Fraud detection and prevention tools employ advanced algorithms to identify and prevent fraudulent transactions. Compliance with industry standards and regulations, such as the Payment Card Industry Data Security Standard (PCI DSS), is critical to secure payment systems. Regular audits and penetration testing reveal vulnerabilities, and disaster recovery and business continuity plans ensure timely responses to security incidents and other disasters. By understanding and implementing these security factors, payment service providers can maintain a secure and reliable payment system that safeguards customer data, prevents fraud, complies with regulations, maintains customer trust, and ensures system stability.

Payment security is essential for protecting consumers and businesses from financial fraud, identity theft, and other types of cybercrime.

According to the FBI’s Internet Crime Complaint Center (IC3), in 2020, they received a record number of complaints, with over 791,000 reported incidents, amounting to more than $4.2 billion in losses. This was a significant increase compared to 2019 when the IC3 received approximately 467,000 complaints.

It’s important to note that these figures only represent reported incidents in the United States, and the global number of cybercrimes is much higher.

Cybersecurity Ventures estimated that cybercrime could cost the world $10.5 trillion annually by 2025, making it one of the most significant global threats.

We will elaborate on the importance and some examples of the “security” issue from the perspectives of wallets, settlement, on and off ramps, and other aspects.

1. Wallet

Wallet, users’ assets holder, is the user access point of the whole payment process and thus it plays an important role in payment security. Security incidents and hacking frequently occur during this stage. Wallet security is all about how users protect their public and private keys.

Custodial wallets’ private keys are controlled under centralized parties, and thus their securities are tied with centralized parties. If If the central parties’ servers are hacked, or if their malicious actions affect users’ assets, the assets are at risk.

Non-custodial wallet security is more complex, with users assuming greater responsibility for protecting their private keys.

EOA wallets, MPC wallets, and Smart Contract wallets are among the most common non-custodial wallets. To protect private keys, various methods may be used, such as strengthening passwords, implementing two-factor authentication (2FA), and encrypting private keys.

MPC wallets use a distributed key generation technique that involves multiple parties, making it more difficult to engage in malicious activities related to users’ assets. Nonetheless, this approach raises concerns about centralization, and hacking targets at centralized parties could pose a threat to asset security. Another possible concern is that while MPC technology is popular among institutional clients for its privacy protection features, the MPC algorithm is not standardized and is not natively supported by security devices commonly used in institutional settings, such as iPhone SEP and HSM.

Smart Contract Wallets are a type of non-custodial wallet that provides greater flexibility, and we will delve deeper into their potential benefits and risks using the example of Safe. One advantage of smart contract wallets is the ability to include transaction conditions in the smart contract, such as requiring multiple signatures or specific time periods, reducing the risk of unauthorized transactions and increasing wallet security. Safe wallets feature a threshold function that requires transactions to be confirmed by multiple parties set up by the user.

Smart contract wallets eliminate the risk of mismanaging private keys in EOA wallets because they are not controlled by private keys. Furthermore, they inherit smart contracts’ characteristics of transparent operations and public auditing. However, while smart contract wallets provide greater flexibility and user experience, they also introduce new wallet security challenges. Function design issues, code logic flaws, or errors can result in intended or unintended consequences, such as escalating owner privileges and unauthorized money movement. In general, smart contract wallets prioritize flexibility and user experience more over wallet security benefits. As numbers of security incidents are happening on smart contract currently, it might be hard to say smart contract wallet is relatively secure.