In crypto, there’s no such thing as too much security

Pavel Matveev
Jan 31, 2019 · 4 min read

When our idea for Wirex was conceived we could hardly contain our excitement. We knew that we were going to solve a massive pain point for crypto enthusiasts — the ability to spend cryptos in everyday life. The logistics of putting a venture of this nature together was epic. While the technical and regulatory aspects were challenging, security of the platform took centre stage.

Ensuring that our clients’ funds and data is safe was and is our number one priority. While building the platform, we knew that a breach of any sort — would be catastrophic for everyone. The impact of a hack or data breach on a business can be brutal, and some companies may not survive its consequences.

When building the platform, we decided to implement a number of different security features including a multisig security model which requires more than one key (each stored in a different location) to authorise a payment. We went this route because it gives clients the peace of mind that if a hacker were to get hold of one key, it would not provide them with the permissions required to misappropriate funds.

99% in cold storage

You have probably heard or read about hacker attacks on exchanges where millions of cryptos are stolen. This is why many people are afraid to get involved in crypto. Bad news always gets the most headlines, but they don’t always give you the complete picture. Most large exchanges (where the crypto was stolen from) have what they call hot wallets, in other words, the wallets are online. When you have assets stored online there is always a risk that clever hackers can break through the security systems. For us, we made sure that 99% of our digital assets are kept offline or as the industry calls it — cold storage wallets. The funds are divided between multiple wallets and we have a detailed procedure in place on how and who has access to private keys.

Security standards

Most cards that you use today have what is called PCI DSS certified security (Wirex has Level 1 which is the highest level). We implemented this as a further layer of security and our platform has to conform to strict rules to keep the certification current.

I see the lack of security standards and audits in the cryptocurrency space as the main reason for hacks and customers fear. I am proud that Wirex is one of few companies, which certified and audited its IT infrastructure.

Multi-factor authentication

Other popular security features are Two-factor authentication (also known as 2FA) and Memorable Word. 2FA is a method of confirming a user’s identity by requiring users to provide two means of identification before accessing their account.

I encourage users to use 2FA wherever is possible. Memorable Word is a form of 2FA, where users need to enter 3 random digits from the word they’ve set during registration. Memorable words are very popular in traditional financial companies and works are more user-friendly than 2FA. No matter what service you are using you should always enable these security features because they provide an almost impenetrable barrier for fraudsters. All of these security features slow down the transaction process slightly but the few seconds it takes to verify your identity could save you hours of inconvenience, not to mention a lot of money.

Security literacy

As the saying goes “you are only as good as your last game“ and just one security breach can paint your business in a bad light for a long time. Payment platforms are complex animals, they have hundreds of thousands of lines of code, multiple API’s that allow them to integrate with other systems, and teams of programmers tweaking them, meaning things can and do go wrong. While our platform is on the leading edge of payments technology — we are always vigilant and keep up with the trends in the industry. When you are building a tech solution you will inevitably encounter obstacles but if you treat them like lessons you will progress and learn from them. Start-ups are particularly vulnerable to errors because we are forging new and unchartered paths — we do not have tracks to follow, we are making our own. One thing that is completely out of our control is the behaviour of our clients, all the security measures in the world won’t help if a client does not use the tools and tips provided to keep their accounts safe.

Crime and fraud prevention

As we evolve we want our security to progress with us, that’s we have formed some strong partnerships with Elliptic to keep our clients and platform safe. Due to the vast amount of transactions and their complex nature we knew we could not monitor them effectively without sophisticated software and experts that operate in this space. Elliptic’s solution quickly identifies suspicious behaviour that we can then investigate. Elliptic has developed software that gives us a transparent view of our clients and transactions while adhering to the rules of GDPR. Their solution stops criminals from undermining the integrity of cryptocurrencies.

So, with all the safety bases covered our eyes are firmly set on the goal of becoming the world’s number one digital money platform to help that helps both individuals and businesses to take advantage of the token economy, and we are excited to see how our plans unfold.

Wirex

Pavel Matveev

Written by

CEO @ Wirex

Wirex

Wirex

From cryptocurrency to company culture: Insights, lessons and learnings from the Wirex team

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade