Commentary: The value of a multi-pronged approach to data, privacy protection by crypto platforms

By Nils Andersen-Röed, Deputy Head of Financial Crime Compliance, Binance

Despite the recent volatility and uncertainty in crypto-currency markets, the fledgling currency remains a massively popular investment and transactional alternative for hundreds of millions of people around the globe. But the fact that this new technology is still in its relative infancy means that there are still lingering questions around its regulation and security.

Arguably one of the biggest question marks still hanging over the crypto markets has to do with data privacy and data security. This extends far beyond the obvious requirement for crypto platforms to protect their users from hackers. There is also the imperative to ensure that, within a still largely anonymous environment, the personal information of all participants in the crypto industry stays safe and secure.

The best, and most obvious way of protecting customer data is utilising state-of-the-art encryption, but even that isn’t necessarily foolproof. As has been seen too often in crypto’s brief history, if someone with nefarious intentions can gain access to the relevant server, and find their way around its security measures, customer records protected only by ‘traditional’ storage encryption methods may still be vulnerable.

The most effective way to protect customer data is through a combination of security and privacy protocols. Arguably the most secure protocol is blockchain – and specifically, a blockchain-based decentralised identity solution that effectively enables users to own their personal information instead of having it all stored and managed by a single third party. Such a decentralised identity solution would enable an individual to capture their identification details and then have these stored across various distributed ledgers that are not controlled or owned by any single party. Adding an additional layer of encryption for data in storage, and securing data in transit using end-to-end encryption, further ensures that users' Personal Identifiable Information (PII) is kept secure and prevents third parties from accessing their data while it's stored on a system or transferred from one system to another.

Binance recently took steps towards such a decentralised identity storage and management system with the introduction of its Binance Account Bound tokens (Soulbound tokens), which certify the user’s KYC verified status and function as their Binance identity, meaning they can be verified by third-party protocols for various purposes.

Of course, some personal data is required by any crypto platform to complete transactions, communicate with the client, detect and prevent fraud and other types of financial crimes, and generally provide seamless functionality. Also, as the crypto industry becomes more regulated, there is a requirement for some client data to be collected to comply with Know Your Client (KYC) and global Anti Money Laundering / Combating the Financing of Terrorism (AML/CTF) obligations.

Not only is compliance with these KYC regulations a firm requirement of all regulators and other financial institutions, but it is also a proven method that crypto platforms can use to protect their clients against hackers and market manipulators. Binance recognises the immense value of an effective KYC approach and as a result, we now have one of the most rigorous KYC processes in the industry, representing an invaluable line of defence for our clients and the crypto-currency industry against financial and data vulnerabilities.

Then, data privacy and protection is also something of a two-way street. It cannot be fully achieved purely at a platform level; it also requires robust user-level security protocols to give crypto community members greater control over how they access and share their personal information. Biometric verification processes are another element of many crypto platform’s security measures. The most common forms of biometric authentication are face and fingerprint recognition. Both have become commonplace for users of smartphones today, and the convenience and security they offer are seeing them enhancing forms of password, SMS code and authenticator app methods of user identity verification on many crypto platforms.

The most obvious user-facing benefit of Biometric Authentication is convenience and simplicity. This is especially important in the fast-moving crypto market.

Biometrics significantly enhances user security as the identifiers are unique to everyone. A face or fingerprint is vastly more difficult to steal via electronic means or a phishing scam – which means that hackers and identity thieves will have a much harder time stealing the identities of people who use biometric authentication technology.

The bottom line is that confidence by the public that their data is private and protected is an all-important requirement for the future of crypto-currencies, and their ability to become even more mainstream. Such confidence can only come from clear evidence that all personal and financial data of platform users are stored safely and securely, shared only with those who have permission, and protected from any form of compromise, corruption or vulnerability.

While blockchain is bound to eventually make it easy for all crypto parties to effectively control their own data, the need for such a data privacy system to be balanced with the client evidence requirements of coming crypto legislation cannot be ignored. But irrespective of how the crypto data privacy landscape evolves in the coming years, the importance of ensuring that users have access to, and control of their own information, while also protecting them against security breaches by malicious parties, will always be paramount. 

Share