From Microsoft to AT&T to Home Depot, more companies are accepting cryptocurrency as a way to pay for products and services. This makes perfect sense as crypto coins are a viable revenue source. Perhaps the time is ripe for businesses to learn how to receive, process and convert crypto payments into fiat currency.

Still, many questions remain. How can you safely enable customers to pay with Bitcoin or other digital currency? What are the security risks that come with cryptocurrency? Let’s find out.

Who Accepts Payment in Bitcoin?

Some of the biggest brands on earth (Microsoft, PayPal, Mastercard, Starbucks, AT&T and Amazon) now accept cryptocurrency as payment. Also, up to a third of small businesses accept payment in Bitcoin. Now, you can’t go up to the counter at Starbucks and pay for your latte in crypto. But you can link the Bakkt crypto application to your Starbucks app and pay from there.

Meanwhile, Microsoft lets you redeem Bitcoin to fund your account balance to make purchases online.

How to Accept Payment in Bitcoin

There are two ways to accept cryptocurrency, and each method has its own security risks. Crypto wallets are like real-world wallets. That is, they are a place to privately store your cash. Cryptocurrency exchanges or payment gateways are third-party platforms that enable crypto transactions. Let’s look at each one, crypto wallets and crypto exchanges, separately.

Cryptocurrency Wallet

A cryptocurrency wallet is an app or device that enables you to store and retrieve all your cryptocurrency. The software version of crypto wallets goes by the name ‘hot’ wallets. You can also purchase a ‘cold’ wallet device (USB stick). To receive a crypto payment, you simply direct the sender to the unique public cryptographic address issued by your wallet. You can enable payments by QR code or by entering the crypto coin address.

Crypto wallets are freestanding apps or devices that do not always require an exchange to store or receive funds. Setting up your crypto wallet involves selecting a password and receiving a wallet-generated ‘seed phrase.’ If you forget your password or lose your wallet device, the seed phrase can recover on-chain funds. But if you also lost or forgot the seed phrase, your coins could be lost forever.

Crypto wallet security issues include:

  • Forgetting passwords and seed phrases could lead to the permanent loss of all funds
  • Theft or damage of wallet devices or computers with wallet software could lead to loss of currency
  • While difficult, it is possible to break into hardware crypto wallets
  • Payments remain anonymous as the transaction occurs on the blockchain only
  • Phishing attacks trick victims into giving up credentials on fake software wallet platform sites. If a hardware wallet is plugged in, compromised credentials could also lead to theft of funds.
  • Malware can detect saved cryptocurrency addresses on a computer and replace them with an attacker’s wallet addresses. This leads to a diversion of funds to the attacker’s wallet.

Seed Phrase Security

Seed phrase security is a big deal. Imagine if you have millions of dollars stored in your wallet. If anyone stole your seed phrase, they could empty your wallet. Some say to write it on a piece of paper and lock it in a safe deposit box. Others say to secure your seed phrase in encrypted files online. However, an attacker can exfiltrate your online files if they steal your credentials.

What Are Burner Crypto Wallets?

For those very concerned about security, some set up crypto burner wallets that could be used for an individual or group of transactions. These simple, less technical apps are fully functioning wallets with no seed phrases. Burner wallets can be used for trade shows, conventions or even for daily business. The funds can then be transferred to your main wallet, and the burner wallet could be discarded at the end of the day.

Cryptocurrency Payment Gateway and Exchange

A cryptocurrency exchange is a digital platform that enables users to sell or buy digital currency or convert fiat currency into digital currency. Exchanges may also offer a web-hosted crypto wallet. Many exchanges enable you to link your physical wallet or third-party wallet application to your exchange account. One component of a cryptocurrency exchange is the payment gateway, which is a payment receiving and processing app.

The main advantage of a crypto exchange is convenience. For example, to receive funds in a crypto wallet it must have the capability to accept each type of coin. So if someone wants to pay you in Ether, but your wallet only accepts Bitcoin, you’re out of luck. Plus, crypto wallets can’t convert one currency to another. But exchanges can accept payment from many types of coins, then convert them instantly to another coin or fiat currency. Exchanges also provide API and e-commerce integration solutions.

Some security concerns associated with crypto exchanges include:

  • If the exchange gets infected with malware, the attacker potentially has access to all the wallets on the exchange
  • Exchanges have a wider attack surface. For example, any employee of an exchange could have their credentials compromised, thus exposing the entire exchange.
  • Threat actors posing as customer service could lure targets into giving up wallet access
  • The U.S. government could sanction the cyber currency exchange if it has been linked to ransomware payments
  • Crypto exchanges are open to any software vulnerabilities hidden in their APIs or integrations
  • Embedded in legitimate-looking apps, crypto Trojans let attackers steal sensitive cryptocurrency information, including user credentials, personal information and current balance.

How to Get Paid in Cryptocurrency Safely

Upon reviewing the risks, you might be apprehensive about accepting cryptocurrency payments. However, conventional online banking is not immune to risk either. For example, the crypto Trojan mentioned earlier infected banks as well. Plus, phishing attacks can occur nearly anywhere online. In all cases, strong security, which includes encryption and multifactor authentication, should be standard for any crypto platform you use.

For maximum cryptocurrency protection, a physical wallet may be the way to go. You could even use a crypto exchange to manage daily business, like a burner wallet, and then transfer funds to your cold wallet at the end of the day. Meanwhile, ongoing developments in regulation are also helping to identify cyber currency threat actors.

More from Banking & Finance

Cost of a data breach 2023: Financial industry impacts

3 min read - According to the IBM Cost of a Data Breach Report 2023, the global average cost of a data breach in 2023 was $4.45 million, 15% more than in 2020. In response, 51% of organizations plan to increase cybersecurity spending this year. For the financial industry, however, global statistics don’t tell the whole story. Finance firms lose approximately $5.9 million per data breach, 28% higher than the global average. In addition, evolving regulatory concerns play a role in how financial companies…

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

The rise of malicious Chrome extensions targeting Latin America

9 min read - This post was made possible through the research contributions provided by Amir Gendler and Michael  Gal. In its latest research, IBM Security Lab has observed a noticeable increase in campaigns related to malicious Chrome extensions, targeting  Latin America with a focus on financial institutions, booking sites, and instant messaging. This trend is particularly concerning considering Chrome is one of the most widely used web browsers globally, with a market share of over 80% using the Chromium engine. As such, malicious…

BlotchyQuasar: X-Force Hive0129 targeting financial institutions in LATAM with a custom banking trojan

16 min read - In late April through May 2023, IBM Security X-Force found several phishing emails leading to packed executable files delivering malware we have named BlotchyQuasar, likely developed by a group X-Force tracks as Hive0129. BlotchyQuasar is hardcoded to collect credentials from multiple Latin American-based banking applications and websites used within public and private environments. Similar operations conducted in late 2022 have also been noted delivering an earlier variant of this modified QuasarRAT by likely Spanish-speaking actors. BlotchyQuasar, which X-Force describes as…