In the light of recent events highlighting less reliable bitcoin retailers, we at Safello wish to help customers both new and old to the bitcoin industry in making a well informed decision regarding who they entrust with their money. Safello believes that the bitcoin phenomenon as a whole is here to stay. However, one vital step in this process is that you, the customer, entrust your money to serious bitcoin retailers. This blogpost is designed to help you do just that. Here is a short list of points Safello believes you as a customer should consider when picking who to entrust with your money.
Almost all nations in the world have laws in place to prevent money laundering and illegal activities. AML is used in many nations worldwide. An effective AML program criminalizes money laundering by giving the authorities in the nation the power and tools to investigate money laundering. It also requires financial institutions (your bitcoin retailer) to identify customers, keep transparent records and report suspicious customer activities to the authorities.
Part of this process is called KYC (Know-Your-Customer), in short KYC means the company (your bitcoin retailer) knows the identity of its customers. The bitcoin retailer or exchange is required to know who it is dealing with. If they do not ask you for appropriate verification, alarm bells should be ringing in your head as this company risks being shut down by the authorities. This may cause the money you have in their system to be frozen, along with the company’s other assets. Any serious company which is looking to maintain a long term service will follow the laws and guidelines set up in its country.
By making sure all companies you do business with follow these guidelines and regulations you help yourself by keeping your money safe, as well as the bitcoin community as a whole by weeding out less serious companies adding legitimacy to the currency/community as a whole.
Some bitcoin companies use private bank accounts to circumvent regulations and compliance requirements. While this may seem like a tempting solution, it is a long term risk as it usually goes against bank policies and sometimes even the law. Picking a bitcoin company which has an appropriate bank account as well as good relationships with local authorities, financial regulators and banks ensures you can be confident in that the company will not get shut down or have its bank account seized or locked.
In case your bitcoin company is hosting your bitcoins in a wallet, it should also separate their own funds from the clients’ funds. This protects your money should the company go bankrupt and also prevents the company from tampering with your money.
If the company has a financial license, that means they have gone through the local authority/financial regulators to make sure that they are compliant and that they are following all the necessary regulations. In our case we are registered with the Swedish financial authority Finansinspektionen.
23% of exchanges since 2009 ended up getting hacked. Online wallets, retailer and exchanges all have shown lack of security, which has led to hacking and loss of funds. This is due to poor security, often with faulty integration with the bitcoin client making it easy for hackers and thieves to steal your money. Centralized wallets where all bitcoins are stored on the same server in the same wallet file has the problem that if someone would manage to get access to the server and the private keys, the company and customers would risk losing all their bitcoin funds. By making sure that the company has at least some of their bitcoins in offline wallets, you ensure that if someone gets access to the companies hot wallet (the wallet connected to the internet) then the thief can only steal a portion of the funds as the rest are in cold wallets (wallet not connected to the internet). Another safe solution is to let each customer have their own wallet file with their own encryption (for example blockchain.info) this ensures that even if someone gets access to the private keys the hacker can’t access them without using the users password to decrypt them.
The best way to prevent hackers and thieves from getting into the service wallet is to run the bitcoin client, the backend and the frontend separately on different servers, this reduces the area of exploitation.
As for the security of your funds as a customer, only use services which support two factor authentication, such as Google Authentication. This protects you from a lot of exploits, viruses and trojan as they cannot get access to your funds, even if they get your login details.
A fast, coherent and consistent support is something which most serious companies take pride in. Support might seem like a trivial topic to security, however this often hints at the longevity of a bitcoin company which in turn affects how secure your money is. Any serious company will host dedicated local staff with multiple paths of contact. Less serious players may for instance only have the CEOs private number and have slow response times.
If an error occurs in a company’s service the highest strain is placed on support. If the support has another “main” job this may cripple part of the company, e.g. the CTO also handles support on the side, if something goes wrong with the service neither tech nor support will function to its fullest capacity as the CTO is trying to handle both at once.
A serious bitcoin company should provide the same excellent service every time. Inconsistencies in a service response time or inconsistent ease of withdrawing or purchasing currency may be symptoms of an unhealthy company which is having problems under the surface. Be cautious if you see any signs of technical issues such as lack of communication, errors with bitcoin deliveries or delay in bank transfers beyond originally arranged time. These may be symptoms of a company with internal problems.
However, do not discredit a company the moment there is a fluke, hiccups do happen and a quick message to any serious bitcoin company’s support will help you greatly. Either your problem is resolved and all is well or a larger flaw in the bitcoin company’s service is revealed to them and you.
Just because bitcoin is digital doesn’t mean the bitcoin company is. If the company you are dealing with has a physical office the risk of them scamming you decreases significantly. If the company is not serious enough to have an office or lies about the office location you should be cautious in doing business with such a company.
The bitcoin company’s nationality matters. Consider the legal and financial landscape in the company’s country. If the country seems unstable juridically or financially you may struggle in bringing the company to justice as well as getting your money out should you be in a legal dispute or any similar issue. You should also consider the nation’s financial situation, some nations have poor financial infrastructure with weak and decaying banks which may present a problem for the company’s operations which in turn affects you.
These are some of the pointers that should help you make an educated guess about the validity and intentions of any bitcoin company you choose to work with. At Safello we try to uphold these standards the best we can and we aim to be an example for the industry doing so. If you have any suggestions of how we can further improve ourselves please contact our dedicated support via firstname.lastname@example.org.
-The Safello Team