From Microsoft to AT&T to Home Depot, more companies are accepting cryptocurrency as a way to pay for products and services. This makes perfect sense as crypto coins are a viable revenue source. Perhaps the time is ripe for businesses to learn how to receive, process and convert crypto payments into fiat currency.

Still, many questions remain. How can you safely enable customers to pay with Bitcoin or other digital currency? What are the security risks that come with cryptocurrency? Let’s find out.

Who accepts payment in Bitcoin?

Some of the biggest brands on earth (Microsoft, PayPal, Mastercard, Starbucks, AT&T and Amazon) now accept cryptocurrency as payment. Also, up to a third of small businesses accept payment in Bitcoin. Now, you can’t go up to the counter at Starbucks and pay for your latte in crypto. But you can link the Bakkt crypto application to your Starbucks app and pay from there.

Meanwhile, Microsoft lets you redeem Bitcoin to fund your account balance to make purchases online.

How to accept payment in Bitcoin

There are two ways to accept cryptocurrency, and each method has its own security risks. Crypto wallets are like real-world wallets. That is, they are a place to privately store your cash. Cryptocurrency exchanges or payment gateways are third-party platforms that enable crypto transactions. Let’s look at each one, crypto wallets and crypto exchanges, separately.

Cryptocurrency wallet

A cryptocurrency wallet is an app or device that enables you to store and retrieve all your cryptocurrency. The software version of crypto wallets goes by the name ‘hot’ wallets. You can also purchase a ‘cold’ wallet device (USB stick). To receive a crypto payment, you simply direct the sender to the unique public cryptographic address issued by your wallet. You can enable payments by QR code or by entering the crypto coin address.

Crypto wallets are freestanding apps or devices that do not always require an exchange to store or receive funds. Setting up your crypto wallet involves selecting a password and receiving a wallet-generated ‘seed phrase.’ If you forget your password or lose your wallet device, the seed phrase can recover on-chain funds. But if you also lost or forgot the seed phrase, your coins could be lost forever.

Crypto wallet security issues include:

  • Forgetting passwords and seed phrases could lead to the permanent loss of all funds
  • Theft or damage of wallet devices or computers with wallet software could lead to loss of currency
  • While difficult, it is possible to break into hardware crypto wallets
  • Payments remain anonymous as the transaction occurs on the blockchain only
  • Phishing attacks trick victims into giving up credentials on fake software wallet platform sites. If a hardware wallet is plugged in, compromised credentials could also lead to theft of funds.
  • Malware can detect saved cryptocurrency addresses on a computer and replace them with an attacker’s wallet addresses. This leads to a diversion of funds to the attacker’s wallet.

Seed phrase security

Seed phrase security is a big deal. Imagine if you have millions of dollars stored in your wallet. If anyone stole your seed phrase, they could empty your wallet. Some say to write it on a piece of paper and lock it in a safe deposit box. Others say to secure your seed phrase in encrypted files online. However, an attacker can exfiltrate your online files if they steal your credentials.

What are burner crypto wallets?

For those very concerned about security, some set up crypto burner wallets that could be used for an individual or group of transactions. These simple, less technical apps are fully functioning wallets with no seed phrases. Burner wallets can be used for trade shows, conventions or even for daily business. The funds can then be transferred to your main wallet, and the burner wallet could be discarded at the end of the day.

Cryptocurrency payment gateway and exchange

A cryptocurrency exchange is a digital platform that enables users to sell or buy digital currency or convert fiat currency into digital currency. Exchanges may also offer a web-hosted crypto wallet. Many exchanges enable you to link your physical wallet or third-party wallet application to your exchange account. One component of a cryptocurrency exchange is the payment gateway, which is a payment receiving and processing app.

The main advantage of a crypto exchange is convenience. For example, to receive funds in a crypto wallet it must have the capability to accept each type of coin. So if someone wants to pay you in Ether, but your wallet only accepts Bitcoin, you’re out of luck. Plus, crypto wallets can’t convert one currency to another. But exchanges can accept payment from many types of coins, then convert them instantly to another coin or fiat currency. Exchanges also provide API and e-commerce integration solutions.

Some security concerns associated with crypto exchanges include:

  • If the exchange gets infected with malware, the attacker potentially has access to all the wallets on the exchange
  • Exchanges have a wider attack surface. For example, any employee of an exchange could have their credentials compromised, thus exposing the entire exchange.
  • Threat actors posing as customer service could lure targets into giving up wallet access
  • The U.S. government could sanction the cyber currency exchange if it has been linked to ransomware payments
  • Crypto exchanges are open to any software vulnerabilities hidden in their APIs or integrations
  • Embedded in legitimate-looking apps, crypto Trojans let attackers steal sensitive cryptocurrency information, including user credentials, personal information and current balance.

How to get paid in cryptocurrency safely

Upon reviewing the risks, you might be apprehensive about accepting cryptocurrency payments. However, conventional online banking is not immune to risk either. For example, the crypto Trojan mentioned earlier infected banks as well. Plus, phishing attacks can occur nearly anywhere online. In all cases, strong security, which includes encryption and multifactor authentication, should be standard for any crypto platform you use.

For maximum cryptocurrency protection, a physical wallet may be the way to go. You could even use a crypto exchange to manage daily business, like a burner wallet, and then transfer funds to your cold wallet at the end of the day. Meanwhile, ongoing developments in regulation are also helping to identify cyber currency threat actors.

More from Risk Management

Remote access risks on the rise with CVE-2024-1708 and CVE-2024-1709

4 min read - On February 19, ConnectWise reported two vulnerabilities in its ScreenConnect product, CVE-2024-1708 and 1709. The first is an authentication bypass vulnerability, and the second is a path traversal vulnerability. Both made it possible for attackers to bypass authentication processes and execute remote code.While ConnectWise initially reported that the vulnerabilities had proof-of-concept but hadn’t been spotted in the wild, reports from customers quickly made it clear that hackers were actively exploring both flaws. As a result, the company created patches for…

Researchers develop malicious AI ‘worm’ targeting generative AI systems

2 min read - Researchers have created a new, never-seen-before kind of malware they call the "Morris II" worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the internet in 1988.The worm demonstrates the potential dangers of AI security threats and creates a new urgency around securing AI models.New worm utilizes adversarial self-replicating promptThe researchers from Cornell Tech, the Israel Institute of Technology and Intuit, used what’s…

What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?

3 min read - The IBM X-Force 2024 Threat Intelligence Index has been released. The headlines are in and among them are the fact that a global identity crisis is emerging. X-Force noted a 71% increase year-to-year in attacks using valid credentials.In this blog post, I’ll explore three cybersecurity recommendations from the Threat Intelligence Index, and define a checklist your Security Operations Center (SOC) should consider as you help your organization manage identity risk.The report identified six action items:Remove identity silosReduce the risk of…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today