If there’s one thing standing in the way of mainstream bitcoin adoption, it’s cyberfraud.
So says the team at HyprKey, the startup aiming to protect digital currency users from fraud by utilizing the HYPR-3 three-factor authentication protocol.
HyprKey works by creating a biometric authentication bridge between the user and the mobile wallet built on top of it. It auto-converts bitcoin in real-time so users can spend it without ever even touching the digital currency by linking their debit cards, thereby authenticating transactions at the point of sale.
“The reason that [cyberfraud] struck me as the main problem is bitcoin is inherently an irreversible system of payment,” chief executive George Avetisov said in an interview with CoinDesk, explaining:
“The problem with fraud is we can’t use reversible digital payment systems like debit cards and credit cards and the current banking system that we have, which is reversible, to transact with irreversible digital currency.”
While people in the bitcoin community are racing to create or discover the killer app that will make bitcoin more mainstream, HyprKey holds that it won’t be an app, but rather, a protocol.
“We’re missing a device,” Avetisov said. “That device is off-device authentication.”
Security pitch to VCs
On Tuesday, HyprKey, which just closed $350,000 in private investment, competed for a $10,000 seed investment alongside 35 other startups in a series of speed-pitching rounds at the Empire Startups Summit at New York City’s Webster Hall.
At the summit, the team presented an example of using of a debit card to purchase a $500 item from Dell, which recently offered a 10% discount to customers making purchases with bitcoin. The item would cost $500 to the customer paying with a debit card and checking out the traditional way, but would cost $450 to that same customer using the same debit card through the HYPR-3 platform.
“The important thing for us was to hear from an otherwise skeptical outsider that if they were able to save money during a purchase by using our platform, they would,” said Avetisov. “That was everything we needed to hear.”
A side effect of cyberfraud
The HYPR-3 token is a sticker, roughly the size of a price tag or a large sticky bandage, that gets placed on the back of the user’s phone, or phone case, and communicates with it via Bluetooth. When the user swipes his or her finger on the device, it reads the fingerprint, registers the static discharge from that finger motion and authorizes the transaction.
The reader introduces a third step in security, after users’ PIN codes and the sticker itself.
“Three-factor authentication basically renders your wallet unhackable,” Avetisov said. “You would need to have me physically authenticate this transaction for it to go through.”
HyprKey’s CTO Bojan Simic explained that having the biometric TOTP (time-based one-time password algorithm) token generator is what eliminates fraud from the equation, allowing the conversion to bitcoin in real time.
“By eliminating fraud we can basically eliminate interchange fees as well and determine that the person making the purchase is 100% that person,” he said.
An intermediary gateway
The base problem of authentication schemes, Avetisov said, is that some consumers won’t feel safe using it while others simply don’t want to be bothered adding another step to their payment process.
For merchants, a major appeal of digital currencies is in the irreversibility of transactions. Consumers, on the other hand, are heavily focused on usability and can be dissuaded by the complexities involved with using bitcoin. This remains a sticking point for potential everyday users, and according to Avetisov, the addition of an extra level of security measures can worsen the situation.
“If we could solve the issue of authentication then we could let them use it in real time without ever actually knowing what it is, or touching it, or understanding it, or being exposed to its volatility or risks or security problems.”
HyprKey went through a number of alpha stages before landing on the biometric sticker. For now, according to the team, this is the simplest deployment method because using the sticker separates the authentication process from the user’s operating system.
“We’ve done it in a way that doesn’t make you feel like you’re wearing or having to walk around with another thing,” Avetisov said. “All the contents of our wallet are going to be in the phone, in the tablet, soon enough. This is an archaic thing, the wallet. It’s going to be completely digital in the next couple years.”
The company plans to manufacture 25,000 units and have them ready this coming May, when it runs its beta.
HyprKey intends to keep consumer transaction fees in the range of 0.02% to 0.03%. Aside from its high-level risk model working to ensure seamless auto-conversions, another way HyprKey is able to keep fees so low is by bundling them – a strategy it believes has been preventing micro-transactions.
The company holds that it’s the merchant platforms in the bitcoin space that need it – not only to help take bitcoin into the mainstream, but because merchants in any payments system stand to lose the most from cyberfraud.
Implementing the HYPR-3 protocol doesn’t require any sort of merchant-side integration, Avetisov explained.
“Mr Bob in Bosnia could have a HyprKey and Alice here doesn’t even need to know what HyprKey is,” he said. “If she accepts bitcoin, that gateway is complete. HyprKey has no merchant-side integration nor does it require any. We feel that the consumer is being ignored in this whole bitcoin revolution for some reason.”
He added: “It’s the platforms and the merchants that are suffering – never the banks, never the card companies. They never lose.”
This article included additional reporting from Stan Higgins.
Fingerprint security image via Shutterstock