Recent developments associated with Bitcoin, its silver-like sister Litecoin, and other crypto-currencies forced many merchants to start thinking seriously about accepting these digital alternatives to cash and plastic cards. In fact, some businesses already accept Bitcoin. E-commerce merchants were first to accept Bitcoin; however, just as life once emerged from the ocean to the land, Bitcoin is slowly but surely creeping out of its virtual cradle to the real world of brick-and-mortar merchants.
The benefits of crypto-currency for consumers are well known. They provide:
- Limited anonymity, or pseudonymity — your wallet is anonymous, but its address and transaction records are kept public and can be flagged and traced
- Independence from traditional financial institutions — unless you need to exchange your Bitcoins and get back your dollars
- Decentralization — nobody controls the “main switch” or “emergency brake,” unless the open source client software is compromised
- Fast, reliable, and cheap money transfer between any locations in the world (no objections here).
There are also some downsides. Unlike credit cards, Bitcoin transaction fees are paid by senders. Fraudulent transactions cannot be disputed or reversed. Bitcoin wallets can be hacked. But the million-dollar (oh, I’m sorry — thousand-Bitcoin) question is, can Bitcoin technology meet the picky requirements and withstand the tough conditions of real retailers?
An uncertain mechanism of calculating the transaction fee is one of the factors that could negatively affect mainstream acceptance of crypto-currencies. In the world of traditional retail payments, buyers do not deal with transaction fees at all: They’re handled by the seller. Even though the average fee for a Bitcoin transaction (0.0001 BTC) is much lower than credit or debit card processing fees (up to 3%), the average buyer may ask, why should I use Bitcoins if I can pay by credit card and spend less? This is especially important for micropayments, where the amount of the fee is comparable to the transaction amount.
On a related point, not all Bitcoin transactions are created equal, so the fee also affects the transaction processing time (as I’ll discuss below). The lower the fee, which can be set either automatically by the software or manually by the buyer, the lower the transaction priority in the Bitcoin processing network. Imagine a cashier in a grocery store asking you for tips in order to cut the checkout line.
Besides the transaction fee issues, there are security concerns that should be clarified and resolved before implementing Bitcoin payments in brick-and-mortar stores on a large scale. First, let’s understand which area is mostly problematic.
As is well known in theory of information security, there are three security domains: confidentiality, integrity, and availability. When those domains are applied to the security of traditional electronic payments, the first one is most famous (card data breaches), the second one is also often cited (counterfeit cards and fraudulent transactions), while the third one is sometimes overlooked or simply discarded into a non-security category, although it is no less important than the other two. Just think about issues such as payment network downtime, backup of transaction records, or transaction processing time — they are all subjects of availability!
Ironically, this domain — availability — is the only one that is mostly kept under control in the payment card industry. If you compare the security of the Bitcoin ecosystem with credit cards, it is pretty obvious that the designer (or designers — we still don’t know) of the digital currency had a different order of priorities. Integrity is mainly taken care of (thanks to modern cryptography); confidentiality is still problematic but manageable; but availability is out of scope. Perhaps, that’s due to a lack of experience with retail payment processing systems. Or maybe the Internet was the only target?
Transaction processing time is one of the main differences between online and brick-and-mortar cultures. While it is acceptable in most cases to wait several minutes, hours, or sometimes days for shipment and delivery of goods purchased online, the customer in a brick-and-mortar store gives up very quickly if there are delays. Tough competition forces the point-of sale hardware and software vendors along with the payment processors to fight on milliseconds. This situation is aggravated by the fact that a single ecommerce website can process multiple transactions simultaneously, while a single point of sale machine — either attended or unattended — can handle only one customer at a time.
Large chains save a lot of money on employees’ salaries and POS hardware/software fees by cutting transaction processing time (which includes payment processing time) just by a few milliseconds. Now let’s look at the Bitcoin timing. The average time of first confirmation (analog of pre-authorization in the payment card industry) is 10 minutes. That’s a huge delay compared to the several hundred milliseconds required for the average online credit card approval. Yes, the initial validation of a Bitcoin transaction can be done by client software and also received from other nodes of the network within seconds. But the fact that the transaction record is valid does not guarantee that the payment will be accepted by the entire network.
Such behavior is determined by Bitcoin design. Each transaction is recorded in a special registry called the blockchain, which is visible and accessible to anyone on the Internet. The blockchain consists of transaction blocks that are created every 10 minutes on average. Even though a transaction cannot be reversed once it’s transmitted to the network, it can be rejected by the network before or after it’s added to the new block. The reason for rejection can be another transaction with the same source address (if someone tries to send the same money at different addresses simultaneously). A Bitcoin transaction is considered finally confirmed only after five blocks are added to the blockchain on top of the block containing the transaction and accepted by the majority of the network nodes. This mechanism prevents double-spending (remember the integrity domain?) and works pretty well, but there is a price for it: A one-hour waiting time for final confirmation. Such a delay is obviously not acceptable in a regular merchant environment where a customer usually walks away right after the payment is done (think about fast food restaurants, grocery stores, or gas stations).
The first solution that comes to mind to this problem of confirmation delay is introducing some kind of intermediary that would guarantee a merchant that the transaction is valid without having to wait an hour (in the credit card world this function is performed by the issuing bank). The customer can be asked to make an initial deposit to a special account (similar to a debit card), or provide identification so her previous purchase history can be analyzed (just like with a credit card). Of course the problem with this solution is that it nullifies the fundamental properties of crypto-currency: anonymity, independence from financial institutions, and decentralization.
So why should consumers bother using the Bitcoin wallet if it behaves exactly as a credit or debit card? Litecoin and other altcoins partially resolve this issue by reducing the time between the blocks. The Litecoin network creates block every 2.5 minutes, while recently created Worldcoin has the lowest interval, one minute, which — as the creators claim — enables Worldcoin acceptance in the brick-and-mortar merchant environment without design changes.
It’s fair to say, however, that the slow processing is a less important issue for some groups of retailers whose typical transaction amount is too small or too big. When the amount of payment is small (a cup of coffee), the probability of attack, and therefore the risk of losing money, is low. When the transaction amount is big (buying a car), a one-hour wait time could be acceptable for the buyer (compare that to the time needed for a bank check validation or the time required to withdraw and count cash).
Another factor that affects transaction processing time (and therefore the overall availability of the system) is scalability — the ability of the payment network to absorb successfully a very large number of transactions simultaneously. Visa processes on average 1,500 transactions per second (tps) in the US alone. The figure is much higher during rush hours and holiday seasons, so the maximum total capability of Visa’s network is more than 10,000 tps. If we add to this number all the transactions handled by other brands — MasterCard, American Express, Discover, and JCB, plus private label, stored value, and fleet card processors — we get a very serious load that is supported by pretty sophisticated infrastructure. Now imagine that customers and merchants suddenly decide to abandon traditional payment cards and rush to spend and accept a crypto-currency. Is the Bitcoin network scalable enough to process an equivalent volume of transactions without significant delays and failures? Let’s take a look again at the Bitcoin design to review those two threats.
The size of a typical Bitcoin transaction record is 500 bytes, while the maximum block size is (artificially) set to 250,000 bytes, which means that, on average, a maximum of 500 transactions can be added to a single block. That gives us a maximum current capacity of less than 1 tps on the Bitcoin network. The initial confirmation of any over-the-limit payments will be delayed. In addition, the size of the blockchain will grow significantly, which will demand more computing power from processing nodes. Obviously, serious design changes as well as software updates and hardware upgrades are required in order to provide the scalability required for big retailers.
One of the natural solutions to this problem would be using multiple parallel networks in the form of accepting alternative crypto-currencies (“altcoins”) such as Litecoin and Worldcoin. Currently, there are more than 80 types of altcoins, and many of them are actively traded online and have significant market capitalization. Each altcoin has an independent blockchain and network of transaction processing nodes.
Another option is changing the design of the Bitcoin blockchain; for example, expanding the block size, reducing the time between the blocks, or maybe even adding parallel blockchains that would be able to absorb more transactions simultaneously.
The risk of failure is less obvious but more dangerous. The networks of Visa and other card payment brands are supported by thousands of paid professionals who continuously design, develop, test, and maintain their systems. The Bitcoin network is supported by a community of crypto-currency enthusiasts who do not report to any private company or state, meaning there is no accountability (another security feature) if something goes wrong. We don’t know how the mechanism of making decisions on code changes exactly works, or how secure the Bitcoin software development lifecycle is. A single bug or virus in a Bitcoin client application can bring down the entire system as well as significantly affect the Bitcoin value. Perhaps, this is another reason for merchants to preserve diversity of payment methods and accept multiple crypto-currencies.
With that said, I like Bitcoin for its brilliant idea, comprehensive design, cutting-edge technology, and taste of freedom. I believe that all the problems eventually will be resolved in one way or another.
Slava Gomzin is a security and payments technologist at Hewlett-Packard and author of the upcoming book Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions (John Wiley & Sons, Feb. 2014). He also has a blog on payment security and technology, PayAppSec. In his role at HP, Slava helps create products that are integrated into modern payment processing ecosystems using the latest security and payments technologies. Prior to joining Hewlett-Packard, he was a security architect, corporate product security officer, R&D and application security manager, and development team leader at Retalix, a Division of NCR Retail. As PCI ISA, he focused on security and PA-DSS, PCI DSS, and PCI P2PE compliance of POS systems, payment applications, and gateways. Before moving into security, Slava worked in R&D on design and implementation of new products including next-generation POS systems and various interfaces to payment gateways and processors. Slava currently holds CISSP, PCIP, ECSP, and Security+ certifications.