When privacy and security clash in crypto efforts to protect customer data

Despite the recent volatility and uncertainty in cryptocurrency markets, the fledgling currency remains a popular investment and transactional alternative for hundreds of millions of people around the globe. But because this new technology is still in its infancy questions about its regulation and security linger.

Arguably one of the biggest questions hanging over crypto markets has to do with data privacy and data security. This extends far beyond the obvious requirement for crypto platforms to protect their users from hackers. There is also the imperative to ensure that, within a still largely anonymous environment, the personal information of all participants in the crypto industry stays safe and secure.

The best and most obvious way of protecting customer data is using state-of-the-art encryption, but even that is not necessarily foolproof. As has been seen all too often in crypto’s brief history, if someone with nefarious intentions can gain access to the relevant server and find their way around its security measures, customer records protected only by “traditional” storage encryption methods may still be vulnerable.

The most effective way to protect customer data is through a combination of security and privacy protocols. Arguably the most secure protocol is blockchain — specifically, a blockchain-based decentralised identity solution that effectively enables users to own their personal information instead of having it all stored and managed by a single third party. Such a decentralised identity solution would enable an individual to capture their identification details and then have these stored across various distributed ledgers that are not controlled or owned by any single party.

Adding an additional layer of encryption for data in storage, and securing data in transit using end-to-end encryption, further ensures that users’ personal identifiable information is kept secure and prevents third parties from accessing their data while it is stored on a system or transferred from one system to another. 

Binance recently took steps towards such a decentralised identity storage and management system with the introduction of its Binance Account Bound tokens (Soulbound tokens), which certify the user’s know-your-client (KYC) verified status and function as their Binance identity,  meaning they can be verified by third-party protocols for various purposes.

Of course, some personal data is required by any crypto platform to complete transactions, communicate with the client, detect and prevent fraud and other types of financial crimes, and generally provide seamless functionality. Also, as the crypto industry becomes more regulated there is a requirement for some client data to be collected to comply with KYC and global anti-money laundering/combating the financing of terrorism obligations.

Not only is compliance with these KYC regulations a firm requirement of all regulators and other financial institutions, it is a proven method that crypto platforms can use to protect their clients against hackers and market manipulators. 

Data privacy and protection is also something of a two-way street. It cannot be fully achieved purely at a platform level; it also requires robust user-level security protocols to give crypto community members greater control over how they access and share their personal information. Biometric verification processes are another element of many a crypto platform’s security measures.

The most common forms of biometric authentication are face and fingerprint recognition. Both have become commonplace for users of smartphones today, and the convenience and security they offer are enabling them to enhance forms of password, SMS code and authenticator app methods of user identity verification on many crypto platforms.

The most obvious user-facing benefit of biometric authentication is convenience and simplicity. This is especially important in the fast-moving crypto market. Biometrics enhances user security as the identifiers are unique to everyone. A face or fingerprint is vastly more difficult to steal via electronic means or a phishing scam, which means hackers and identity thieves will have a far harder time stealing the identities of people who use biometric authentication technology.

The bottom line is that confidence among members of the public that their data is private and protected is an all-important requirement for the future of cryptocurrencies, and their ability to become even more mainstream.  Such confidence can only come from clear evidence that all personal and financial data of platform users are stored safely and securely, shared only with those who have permission, and protected from any form of compromise, corruption or vulnerability.

While blockchain is bound to eventually make it easy for all crypto parties to effectively control their own data, the need for such a data privacy system to be balanced with the client evidence requirements of coming crypto legislation cannot be ignored. But irrespective of how the crypto data privacy landscape evolves in the coming years, the importance of ensuring that users have access to, and control of their own information, while also protecting them against security breaches by malicious parties, will always be paramount.

• Andersen-Röed is deputy head of financial crime compliance at Binance.