Bitcoin payments pose security challenges for brick and mortar merchants

Recent developments associated with Bitcoin, its silver-like sister Litecoin, and other crypto-currencies forced many merchants to start thinking seriously about accepting the digital alternative of cash and plastic cards. In fact, some businesses already accept Bitcoin. E-commerce merchants were first to adopt the innovative method of payment and money transfer since the online environment is the native habitat of the digital currency ecosystem. However, just as life once emerged from the ocean onto the land, Bitcoin slowly but surely is creeping out of its virtual cradle to the real world of brick and mortar merchants.

The benefits of cryptocurrency for consumers are well known. As are the downsides. But the question is whether the Bitcoin technology is capable of meeting the picky requirements and withstanding the tough conditions of the real retailers.

An uncertain mechanism of calculating transaction fees is one of the factors that may negatively affect the mainstream acceptance of cryptocurrency. In addition, there are security concerns which should be clarified and resolved before implementing Bitcoin payments on a large scale in brick and mortar stores.

As information security experts know, there are three security domains – confidentiality, integrity, and availability. If you compare the security of the Bitcoin ecosystem with credit cards, it is pretty obvious that the designers of the digital currency had a different order of priorities. Integrity is mainly taken care of (thanks to modern cryptography). Confidentiality is still problematic but manageable. Availability is just out of scope.

Transaction processing time is one of the main differences between online and brick and mortar cultures. While it is acceptable in most cases to wait several minutes, hours, and sometimes even days for shipment and delivery of the goods purchased online, customers in brick and mortar stores give up very quickly. Tough competition forces the point-of-sale hardware and software vendors along with the payment processors to wage the fight in milliseconds.

Now let's look at the Bitcoin timing. The average time of first confirmation (analog of pre-authorization in payment card industry) is 10 minutes. It is a huge delay comparing to several hundred milliseconds required for average online credit card approval. Yes, the initial validation of bitcoin transaction can be done by client software within seconds. But even a valid transaction record does not guarantee that the payment will be accepted by the entire network.

That's a result of Bitcoin design which prevents double spending and which works pretty well, but comes with a price: up to one-hour of waiting time for final confirmation. Delays of that magnitude are obviously not acceptable in regular merchant environments where customers usually walk out of the store right after payment is made.

Another factor that affects transaction processing time (and therefore the overall availability of the system) is scalability – the ability of the payment network to successfully absorb a very large number of transactions simultaneously.  On average, Visa processes 1,500 transactions per second (tps) in the U.S. alone. This is much higher during the holiday seasons so the maximum total capability of Visa network is more than 10,000 tps. If we add to this number all the transactions handled by other payment brands and private label processors, we get very serious load which is supported by sophisticated infrastructure. Now imagine that customers and merchants suddenly decide to abandon traditional payment cards and rush to spend and accept the cryptocurrency. The question is whether the Bitcoin network is scalable enough to process an equivalent of the current payment card networks' load without significant delays and failures.

The size of a typical Bitcoin transaction record is 500 bytes, while the maximum block size is set to 250,000 bytes, which means that an average maximum of 500 transactions can be added to a single block. The result: a maximum current capacity of less than 1 tps on Bitcoin network, which means that the initial confirmation of any over-the-limit payment will be backlogged. In addition, the size of the blockchain will grow significantly and will demand more computing power from processing nodes. Obviously, providing an adequate scalability required for big retailers requires serious design changes as well as software updates and hardware upgrades.

The risk of failure is less obvious but more dangerous. The networks of Visa and other card payment brands are supported by thousands of paid professionals who continuously design, develop, test, and maintain their systems. The Bitcoin network is supported by a community of cryptocurrency enthusiasts who do not report to any private company or state, meaning there is no accountability in case something goes wrong. We don't know how the mechanism of making decisions on code changes works exactly, or how secure the Bitcoin software development lifecycle is. A single bug or virus in Bitcoin client application can bring down the entire system as well as significantly affect the Bitcoin value. Perhaps, this is another reason for merchants to preserve diversity of payment methods and accept multiple cryptocurrencies.

With that said, I like Bitcoin for its brilliant idea, comprehensive design, cutting-edge technology, and taste of freedom. I believe that all of its problems eventually will be resolved in one way or another.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.