From Microsoft to AT&T to Home Depot, more companies are accepting cryptocurrency as a way to pay for products and services. This makes perfect sense as crypto coins are a viable revenue source. Perhaps the time is ripe for businesses to learn how to receive, process and convert crypto payments into fiat currency.

Still, many questions remain. How can you safely enable customers to pay with Bitcoin or other digital currency? What are the security risks that come with cryptocurrency? Let’s find out.

Who accepts payment in Bitcoin?

Some of the biggest brands on earth (Microsoft, PayPal, Mastercard, Starbucks, AT&T and Amazon) now accept cryptocurrency as payment. Also, up to a third of small businesses accept payment in Bitcoin. Now, you can’t go up to the counter at Starbucks and pay for your latte in crypto. But you can link the Bakkt crypto application to your Starbucks app and pay from there.

Meanwhile, Microsoft lets you redeem Bitcoin to fund your account balance to make purchases online.

How to accept payment in Bitcoin

There are two ways to accept cryptocurrency, and each method has its own security risks. Crypto wallets are like real-world wallets. That is, they are a place to privately store your cash. Cryptocurrency exchanges or payment gateways are third-party platforms that enable crypto transactions. Let’s look at each one, crypto wallets and crypto exchanges, separately.

Cryptocurrency wallet

A cryptocurrency wallet is an app or device that enables you to store and retrieve all your cryptocurrency. The software version of crypto wallets goes by the name ‘hot’ wallets. You can also purchase a ‘cold’ wallet device (USB stick). To receive a crypto payment, you simply direct the sender to the unique public cryptographic address issued by your wallet. You can enable payments by QR code or by entering the crypto coin address.

Crypto wallets are freestanding apps or devices that do not always require an exchange to store or receive funds. Setting up your crypto wallet involves selecting a password and receiving a wallet-generated ‘seed phrase.’ If you forget your password or lose your wallet device, the seed phrase can recover on-chain funds. But if you also lost or forgot the seed phrase, your coins could be lost forever.

Crypto wallet security issues include:

  • Forgetting passwords and seed phrases could lead to the permanent loss of all funds
  • Theft or damage of wallet devices or computers with wallet software could lead to loss of currency
  • While difficult, it is possible to break into hardware crypto wallets
  • Payments remain anonymous as the transaction occurs on the blockchain only
  • Phishing attacks trick victims into giving up credentials on fake software wallet platform sites. If a hardware wallet is plugged in, compromised credentials could also lead to theft of funds.
  • Malware can detect saved cryptocurrency addresses on a computer and replace them with an attacker’s wallet addresses. This leads to a diversion of funds to the attacker’s wallet.

Seed phrase security

Seed phrase security is a big deal. Imagine if you have millions of dollars stored in your wallet. If anyone stole your seed phrase, they could empty your wallet. Some say to write it on a piece of paper and lock it in a safe deposit box. Others say to secure your seed phrase in encrypted files online. However, an attacker can exfiltrate your online files if they steal your credentials.

What are burner crypto wallets?

For those very concerned about security, some set up crypto burner wallets that could be used for an individual or group of transactions. These simple, less technical apps are fully functioning wallets with no seed phrases. Burner wallets can be used for trade shows, conventions or even for daily business. The funds can then be transferred to your main wallet, and the burner wallet could be discarded at the end of the day.

Cryptocurrency payment gateway and exchange

A cryptocurrency exchange is a digital platform that enables users to sell or buy digital currency or convert fiat currency into digital currency. Exchanges may also offer a web-hosted crypto wallet. Many exchanges enable you to link your physical wallet or third-party wallet application to your exchange account. One component of a cryptocurrency exchange is the payment gateway, which is a payment receiving and processing app.

The main advantage of a crypto exchange is convenience. For example, to receive funds in a crypto wallet it must have the capability to accept each type of coin. So if someone wants to pay you in Ether, but your wallet only accepts Bitcoin, you’re out of luck. Plus, crypto wallets can’t convert one currency to another. But exchanges can accept payment from many types of coins, then convert them instantly to another coin or fiat currency. Exchanges also provide API and e-commerce integration solutions.

Some security concerns associated with crypto exchanges include:

  • If the exchange gets infected with malware, the attacker potentially has access to all the wallets on the exchange
  • Exchanges have a wider attack surface. For example, any employee of an exchange could have their credentials compromised, thus exposing the entire exchange.
  • Threat actors posing as customer service could lure targets into giving up wallet access
  • The U.S. government could sanction the cyber currency exchange if it has been linked to ransomware payments
  • Crypto exchanges are open to any software vulnerabilities hidden in their APIs or integrations
  • Embedded in legitimate-looking apps, crypto Trojans let attackers steal sensitive cryptocurrency information, including user credentials, personal information and current balance.

How to get paid in cryptocurrency safely

Upon reviewing the risks, you might be apprehensive about accepting cryptocurrency payments. However, conventional online banking is not immune to risk either. For example, the crypto Trojan mentioned earlier infected banks as well. Plus, phishing attacks can occur nearly anywhere online. In all cases, strong security, which includes encryption and multifactor authentication, should be standard for any crypto platform you use.

For maximum cryptocurrency protection, a physical wallet may be the way to go. You could even use a crypto exchange to manage daily business, like a burner wallet, and then transfer funds to your cold wallet at the end of the day. Meanwhile, ongoing developments in regulation are also helping to identify cyber currency threat actors.

More from Risk Management

How will the Merck settlement affect the insurance industry?

3 min read - A major shift in how cyber insurance works started with an attack on the pharmaceutical giant Merck. Or did it start somewhere else?In June 2017, the NotPetya incident hit some 40,000 Merck computers, destroying data and forcing a months-long recovery process. The attack affected thousands of multinational companies, including Mondelēz and Maersk. In total, the malware caused roughly $10 billion in damage.NotPetya malware exploited two Windows vulnerabilities: EternalBlue, a digital skeleton key leaked from the NSA, and Mimikatz, an exploit…

ICS CERT predictions for 2024: What you need to know

4 min read - As we work through the first quarter of 2024, various sectors are continuously adapting to increasingly complex cybersecurity threats. Sectors like healthcare, finance, energy and transportation are all regularly widening their digital infrastructure, resulting in larger attack surfaces and greater risk exposure.Kaspersky just released their ICS CERT Predictions for this year, outlining the key cybersecurity challenges industrial enterprises will face in the year ahead. The forecasts emphasize the persistent nature of ransomware threats, the increasing prevalence of cosmopolitical hacktivism, insights…

How I got started: Ransomware negotiator

4 min read - Specialized roles in cybersecurity are proliferating, which isn’t surprising given the evolving threat landscape and the devastating impact of ransomware on many businesses.Among these roles, ransomware negotiators are becoming more and more crucial. These negotiators operate on the front lines of cyber defense, engaging directly with cyber criminals to mitigate the impact of ransomware attacks on organizations.Ransomware negotiators possess a unique blend of technical expertise, psychological insight and negotiation skills that allow them to navigate the high-stakes environment of ransomware…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today