What’s in Your Wallet?
Do you keep your keys in your wallet? Few people carry house, business or car keys in the wallet carried in their pocket or purse, unless the “key” is a key card. But when we are discussing Bitcoin and its friends, that is precisely what is in your wallet. As financial professionals, understanding this emerging world of cryptographic wallets and keys will become increasingly important, as the value represented by amounts or goods controlled by those addresses become more mainstream and only accessible with those keys, with limited backup and no backdoor.
For two decades, Capital One Financial Corporation, the American bank holding company with customers in the US and Canada, has run its “What’s in Your Wallet?” campaign. More recently, actors Samuel L. Jackson and Jennifer Garner have joined prior spokespeople, like David Spade and Vikings at the Grand Canyon. in looking up at us from the television screen in commercials and asking us, “What’s in Your Wallet?”.
Some of those customers found their private information was posted online, in a massive data breach, in which Capital One paid a hefty fine to the Office of the Comptroller of the Currency (OCC), an independent bureau of the U.S. Department of the Treasury. The OCC charters, regulates, and supervises all national banks, federal savings associations, and federal branches and agencies of foreign banks.
Breaches like this are one of the reasons some people want to manage their own currency, leveraging the emerging class of assets known as cryptocurrencies, and keeping personal information off the Internet. It’s not just survivalists (do/did you have plans for “Burt Gummer Day”, April 14?) and people on the fringe; increasingly, major corporations are investing in Bitcoin and other cryptocurrencies.
As financial professionals, therefore, the time is coming when you need to be very aware of “What’s in Your (Crypto) Wallet?” As people change roles, leave the Firm, or otherwise need to transition control over the related items of value. processes and controls need to be in place to protect access to and the value of the associated value.
There’s a lot of confusion, even amongst avid investors in crypto, in what a “wallet” is. They may think that amounts they have in an exchange such as Coinbase, Kraken or Binance is in a “wallet”. They may think an account with PayPal or Robinhood is in a wallet. But it’s not, although there is a distinction between the two groups of businesses.
The ISO defines a (cryptographic) wallet in ISO 22739:2020 as an “application or mechanism used to generate, manage, store. or user private and public keys[1]”. Unlike a traditional wallet used to store credit cards, currency, driver’s license and other identification, medical cards, four leaf clovers, and the like, a crypto wallet does not actually store value. That’s actually the idea – the value is measured on the blockchain at an appropriate “address”, the secrets that let you manipulate the value at a particular address are in the wallet.
As of this writing, neither Robinhood nor PayPal offer any means of submitting value to or withdrawing value to an address (e.g., you can’t transfer Bitcoin into these services, nor can you withdraw it as Bitcoin). In contrast, Coinbase, Kraken, Binance, and the like do permit the submission of value from or withdrawing information to an address. However, you do not have direct access to the values in those accounts with private keys (hence the slogan “Not your keys, not your coins”.) In either case, the good news is that you do not have to start learning about key management, just the traditional login name and password you would use with any investment account for basic activities. They control the amounts, and serve as your back door in case there is a problem on your end. The bad news is that you are reliant on a single intermediary, which conflicts with the goals as expressed in the original Bitcoin whitepaper of freeing you from a single, trusted, intermediary.
In contrast, a true wallet - whether online or on your computer, whether stored in an offline device or a piece of paper - is about complete control with the rights and responsibilities that come with it. However, whether online or offline, as long as there is software and a network involved, miscreants can attempt to fool you or take advantage of weaknesses, and any number of circumstances can conspire to disconnect you from your crypto.
Life is not so easy that one wallet fits all. That would be too easy. Bitcoin does things differently than Ethereum. Binance does things differently than Stellar. There are multi-currency wallets that can span some of these differences, but odds are your organization will require multiple wallets.
Then there’s the management of the wallets. Should your ERP be able to access a wallet to send funds? What kind of enterprise environment with appropriate control gives individual users the ability to send crypto from a wallet under their control? (And who monitors the amounts, and tracks when users change responsibility, and makes sure that people who are sick or on vacation or leaving are taken care of?)
It’s a fascinating area, and one we will cover further. But having read this, do you know any better, “What’s in Your Wallet?”
[1] https://www.iso.org/obp/ui#iso:std:iso:22739:ed-1:v1:en
Comments
- No comments found
Leave a comment