Could Bitcoin Make Retail Cybersecurity Obsolete?

Privacy breaches and unauthorized use of stored data (including digital currency) can never be entirely avoided so long as system credentials can be stolen, security personnel corrupted, and network security weaknesses discovered and exploited.

In many ways, cash makes a merchant’s life easier. If a purchaser pays cash for an iPad, the sale is final even if the money was stolen. But if someone buys the iPad with a stolen credit card, expensive headaches like chargebacks and paperwork abound. And a merchant who stores customers’ credit card numbers on its computers faces additional headaches if the computers are hacked.

In a digital economy, physical cash is impractical. But there is virtual currency, digital markers purchased on online exchanges. Bitcoin is the best-known system of digital currency, employing cryptography and peer-to-peer networking to create a payment system that some merchants are beginning to accept as a way to avoid the headaches associated with credit card fraud. The sale is final and there are no credit card records to safeguard.

But life is never easy, and digital currency brings its own set of challenges. The digital tokens accepted by the merchant could themselves be hacked if the merchant fails to adopt security measures comparable to the safes and armored cars used by merchants of the last century to protect cash receipts. (The same, of course, is true of customers who may discover that a hacker has grabbed her virtual pocketbook before they have spent their Bitcoins.) Privacy breaches and unauthorized use of stored data (including digital currency) can never be entirely avoided so long as system credentials can be stolen, security personnel corrupted, and network security weaknesses discovered and exploited.

The law sometimes requires vendors to know something about their customers (at least that they are not agents of a country subject to economic and trade sanctions.)

Digital currency also presents legal and regulatory risks. The law sometimes requires vendors to know something about their customers (at least that they are not agents of a country subject to economic and trade sanctions.) Because the customer paying with Bitcoins is effectively anonymous, for example, a merchant accepting Bitcoins may inadvertently violate sanctions programs administered by the US Office of Foreign Asset Control, unless it takes steps to identify the customer.

Moreover, the largely unregulated and often misunderstood world of digital currency has proven attractive to thieves and rogues. The relative anonymity of Bitcoins has made them a currency of choice for money laundering, illegal gambling and the purchase of drugs, weapons and other contraband.  The federal government recently indicted the operators of Silk Road, an online black market for which Bitcoins were the principal medium of exchange. More recently, federal agents arrested BitInstant’s compliance officer and a Bitcoin exchanger for allegedly using Bitcoins to launder drug proceeds. In light of the newness of this currency and these events, retail cybersecurity is not likely to go away anytime soon.

*

[JD Supra's new Law Matters series asks experts for their quick take on popular news of the day, and specifically how such matters affect people in their personal or professional lives. Stay tuned for other posts in the series.

Grant Fondo is a partner in Goodwin Procter's Litigation department and a member of its Securities Litigation & White Collar Defense group and its Privacy & Data Security practice. William Stern is a partner in  Goodwin Procter's Business Law department, where he is a member of the Financial Services group and works on a variety of transactional and regulatory matters for the firm's financial services clients. Henry Dinger is a partner in the firm’s Litigation department and practices primarily in the intellectual property area.]