Connect with us

Security

Cryptocurrency Security Standard (CCSS) And Who Needs It

startup

IT security startups naturally prioritize all-things security ahead of everything else, so customers’ personal information is safe.

Unfortunately, most startups don’t give security much thought initially, nor enough investment to do it right. Customer data is vulnerable, and the stakes are high when businesses without proper security measures are victims of cybercrime.

Entrepreneurs are recommended to read cybersecurity reports and statistics to realize the real risk of security threats to their new businesses. For example, TechTarget’s 34 Cybersecurity Stats is a sobering read for even high-risk-takers in business.

Plus, customers are worried about their privacy, and they don’t want their information to fall into the wrong hands. Today online shoppers are more aware of their privacy rights and the basic security measures sites require to keep their personal data safe.

If your business is experiencing good site visitor traffic but slow sales and high cart abandonment, now is the time to work on your IT security policies.  Make sure to include cryptocurrencies as they are not a fad.

Consumers can already make online payments using crypto.  They’re getting paid to play games and then exchanging it for USD.  It’s a big market yet crypto is still the wild west and ripe for regulation and compliance.

Crypto

DEFI

The world of cryptocurrency (“crypto”) is relatively young, but that has not stopped billions of dollars worth of funds and investments pouring into this new sector.

How familiar are you DEFI, NFT, Metaverse, Bitcoin, ETH, Smart Contract, Dodgecoin, and BAYC?

News of instant millionaires and investments that returned 10000% are not uncommon, causing a sense of FOMO (Fear of Missing Out).

Every day, people worldwide invest and trade in cryptocurrency and its endless range of products and services with little thought about the business and its commitment to keeping its data safe. Rekt.news is a website that tracks crypto scams and the security breaches suffered by sites and businesses.

With a new scam or breach added to Rekt News almost weekly, people lose money with no remediation.

Advertisement

Regulation

Like other financial regulations – it is slowly gaining a foothold in crypto, but it is a way off from becoming the law.

CCSS

CryptoCurrency Security Standard (CCSS) is a cryptocurrency-focused IT security standard in much the same way PCI DSS regulation works for cardholder data.

The businesses that want to be CCSS compliant need to meet IT security requirements for storing and protecting customers and their own cryptocurrency assets.

Example

For example, you decide to use a service that pays interest on cryptocurrency. First, you will need to deposit your crypto into the provider’s cryptocurrency wallet – (think of a cryptocurrency wallet as a bank account).

You assume that the business providing this service is legitimate and regulated, like a bank or financial institution dealing with fiat.

However, assumptions in the crypto world can be lethal as, more than likely, you’ll find there is no effective regulation of service providers in the industry.

Even if you get lucky and find a legitimate business, locating the contact details for the owners or anyone working for them will be challenging.

The entire team remains anonymous! Imagine your investment is with a business providing crypto services and millions in investment, remaining completely unknown and how scary it should the worst happen – they lose your investment! Unfortunately, this is real – hence the need for sites like Rekt News!

As mentioned earlier, the world of crypto is still the wild west. The lack of disclosure, transparency, and regulation is why cryptocurrency has some way to go before it, and its service providers can be trusted by the majority.

Chat app

Can you trust sites that only use a chat app for communication?

Advertisement

A common tactic for these businesses is to provide a chat channel on chat systems such as Discord or Telegram.

Project members often don’t provide their personal details, such as their real names, using a nickname instead. There have been many cases where startups have scammed people and immediately deleted the business chat channel, so the affected customers have no way to contact the business. The same people will often start up another company offering the same service and even use the same software code!

Pros for CSS

There is no anonymity with CCSS

Transparency

One of the core benefits of CCSS is that at least one representative of the business must be known to the external auditor conducting the CCSS audit and to the certification body for CCSS.

By becoming CCSS certified, the business provides critical contact information that includes accountability for anyone seeking contact information for the company.

External Auditor

For a business to become CCSS certified, it must be audited by an external auditor certified by the CCSS committee (known as a CCSSA) and does not have any business relationship with the business they are auditing.

Cryptocurrency wallet security

Another core benefit of CCSS is that someone looking to use the business’s crypto services can gain some assurance that at least the basics of IT security have been implemented with the cryptocurrency wallet. This action reduces the risk of the business being a scam or suffering a hack.

IT security standards – ISO27001 and PCI DSS

With CCSS, the focus is the security of the cryptocurrency wallet’s people, processes, and technology. The standard does not cover the basic IT security controls addressed in IT security standards such as PCI DSS or ISO27001.

The business should be investing in becoming certified in these types of IT security standards.

A business that is PCI DSS compliant as well as CCSS compliant will have a strong focus on IT security and provide a high level of comfort for customers that IT security is taken seriously.

Advertisement

Final Words

CCSS has been available for businesses to implement since 2015. Since then, some of the most influential people in the crypto space have contributed to the standard.

People such as Andreas M. Antonopoulos, Mike Belshe, Pamela Morgan, Vitalik Buterin, Charles Hoskinson, and Peter Todd, to name a few.

To become CCSS certified, a business must contact cryptoconsortium.org, which authored and maintains the CCSS via the CCSS committee. CCSS certification will be conducted by certified auditors known as CryptoCurrency Security Standard (CCSS) Auditors (CCSSA).

CCSS is a vital addition to the IT security standards that all businesses should implement if a cryptocurrency wallet is implemented.

Watch this space. We will provide more articles on CCSS – we want business people to have a basic understanding of this standard without the need to take a deep dive into the techie stuff.