Security
Cryptocurrency Security Standard (CCSS) And Who Needs It
IT security startups naturally prioritize all things security ahead of everything else so customers’ personal information is safe.
Unfortunately, most startups don’t give security much thought or enough investment to do it right. Customer data is vulnerable, and the stakes are high when businesses without proper security measures are victims of cybercrime.
To realize the real risk of security threats to their new businesses, entrepreneurs should read cybersecurity reports and statistics. For example, TechTarget’s 34 Cybersecurity Stats is a sobering read for even high-risk business-takers.
Plus, customers are worried about their privacy and don’t want their information to fall into the wrong hands. Today online shoppers are more aware of their privacy rights and the security measures sites require to keep their personal data safe.
If your business is experiencing good site visitor traffic but slow sales and high cart abandonment, it is time to work on your IT security policies. Make sure to include cryptocurrencies, as they are not a fad.
Consumers can already make online payments using crypto. They’re getting paid to play games and then exchanging it for USD. It’s a big market, yet crypto is still the wild west and ripe for regulation and compliance.
Crypto
The world of cryptocurrency (“crypto”) is relatively young, but that has not stopped billions of dollars worth of funds and investments pouring into this new sector.
How familiar are you with DEFI, NFT, Metaverse, Bitcoin, ETH, Smart Contract, Dodgecoin, and BAYC?
News of instant millionaires and investments that returned 10000% are not uncommon, causing a sense of FOMO (Fear of Missing Out).
Every day, people worldwide invest in and day trade cryptocurrency and its endless range of products and services with little thought about the business and its commitment to keeping its data safe. Rekt. news is a website that tracks crypto scams and the security breaches sites and suffercompanies.
People lose money without remediation with a new scam or breach added to Rekt News almost weekly.
Regulation
Like other financial regulations, it is slowly gaining a foothold in crypto but is a way off from becoming the law.
CCSS
CryptoCurrency Security Standard (CCSS) is a cryptocurrency-focused IT security standard in the same way PCI DSS regulation works for cardholder data.
Businesses that want to be CCSS compliant must meet IT security requirements for storing and protecting customers and their cryptocurrency assets.
Example
For example, you decide to use a service that pays interest on cryptocurrency. First, you must deposit your crypto into the provider’s cryptocurrency wallet – (think of a cryptocurrency wallet as a bank account).
You assume that the business providing this service is legitimate and regulated, like a bank or financial institution dealing with fiat.
However, assumptions in the crypto world can be lethal as, more than likely, you’ll find there is no effective regulation of service providers in the industry.
Even if you get lucky and find a legitimate business, locating the owners’ contact details or anyone working for them will be challenging.
The entire team remains anonymous! Imagine your investment is with a business providing crypto services and millions in investment, remaining completely unknown, and how scary it should the worst happen – they lose your investment! Unfortunately, this is real – hence the need for sites like Rekt News!
As mentioned earlier, the world of crypto is still the wild west. The lack of disclosure, transparency, and regulation is why cryptocurrency has some way to go before it and its service providers can be trusted by the majority.
Chat app
Can you trust sites that only use a chat app for communication?
A common tactic for these businesses is to provide a chat channel on chat systems such as Discord or Telegram.
Project members often don’t provide personal details, such as real names, using a nickname instead. There have been many cases where startups have scammed people and immediately deleted the business chat channel, so the affected customers cannot contact the business. The same people often start another company offering the same service and even use the same software code!
Pros for CSS
There is no anonymity with CCSS
Transparency
One of the core benefits of CCSS is that at least one representative of the business must be known to the external auditor conducting the CCSS audit and to the certification body for CCSS.
By becoming CCSS certified, the business provides critical contact information that includes accountability for anyone seeking contact information for the company.
External Auditor
For a business to become CCSS certified, it must be audited by an external auditor certified by the CCSS committee (known as a CCSSA) and has no business relationship with the business they are auditing.
Cryptocurrency wallet security
Another core benefit of CCSS is that someone looking to use the business’s crypto services can be assured that at least the basics of IT security have been implemented with the cryptocurrency wallet. This action reduces the risk of the business being a scam or suffering a hack.
IT security standards – ISO27001 and PCI DSS
With CCSS, the focus is the security of the cryptocurrency wallet’s people, processes, and technology. The standard does not cover the basic IT security controls addressed in IT security standards such as PCI DSS or ISO27001.
The business should invest in becoming certified in these IT security standards.
A business that is PCI DSS compliant as well as CCSS compliant will have a strong focus on IT security and provide a high level of comfort for customers that IT security is taken seriously.
Final Words
CCSS has been available for businesses to implement since 2015. Since then, some of the most influential people in the crypto space have contributed to the standard.
People such as Andreas M. Antonopoulos, Mike Belshe, Pamela Morgan, Vitalik Buterin, Charles Hoskinson, and Peter Todd, to name a few.
To become CCSS certified, a business must contact cryptoconsortium.org, which authored and maintains the CCSS via the CCSS committee. CCSS certification will be conducted by certified CryptoCurrency Security Standard (CCSS) Auditors (CCSSA).
CCSS is a vital addition to the IT security standards that all businesses should implement if a cryptocurrency wallet is implemented.
Watch this space. We will provide more articles on CCSS, like Compliance – we want business people to understand this standard without needing to dive deeply into the techie stuff.
