How we manage user security and privacy with the non-custodial Payger Wallet

No matter whether it’s with paying at a point of sale or mobile banking: security is major priority when dealing with money and payments. Mobile payment users who are dealing with crypto currencies even face higher risks to either lose their passwords and keys or getting hacked. The makers of Payger think about these pains a lot too.

Security constitutes the base for trust, success and customer satisfaction. With the continuous growth of online shopping and instances of online fraud in mobile commerce, the need for reliable processes and standards that minimize the risks for both sides, is increasing among customers and retailers. Since we are entering now the age of cryptocurrency commerce, the question of data protection is now omnipresent. Nobody wants to lose his digital currencies because they were hacked through a key logger in a malicious app or by simply forgetting their account passwords.

Our established security standards and the account recovery feature protect the privacy of Payger users and increase their account security. We at Payger rely on the latest encryption standards for maximum user security. And, despite this, more and more questions arise how we can increase user security and privacy with the Non-Custodial Payger Wallet. We are going to pick up the most important ones in this blog post.

Why does Payger request user information for opening a new account?

Although Payger provides a non-custodial cryptocurrency wallet infrastructure, Payger requests personal user information for a planned regulatory complaint KYC (know your customer) account registration and verification. We are doing this because we want to simplify the access to buying and selling cryptocurrencies like Bitcoin, BitShares, and others in the future.

In our vision buying 100 Euro worth of Bitcoin should be as simple as ordering a pizza online – instant, cheap, and secure.

Where is the Payger user data stored?

All personal data is kept in Germany, in the AWS Frankfurt computer center to be precise. The stringent requirements of the General Data Protection Regulation (GDPR) therefore apply. These state that the collection, processing, and use of personal data is prohibited. It is only permitted if the data subject has given their explicit consent to the collection, processing, and use of their data, or if there are clear legitimate grounds. Payger, furthermore, has complete control and fully encrypts the data.

What happens to the data?

Payger stores the user data in a separate, encrypted database that includes personal information, such as name, address, and date of birth. Particularly sensitive data, such as user passwords, PIN and security questions, and responses, are encrypted and stored separately. The same applies to personal documents that were required for the KYC verification and during registration. Last but not least, the data records with the contact details are double encrypted on another server, as well as the uploaded identification documents that are also encrypted twice.

What certification and encryption techniques are used?

Payger relies on a number of techniques for the encryption:

● SHA256: even though SHA-2 was developed by NSA, the standard is considered to be very secure. Using the hash function SHA-256 applied by Payger, the hash values are 256 bit long.
● Amazon Cognito for the registration: the service provides the option to authenticate, authorize and for the user to manage the app. Amazon Cognito complies with SOC 1-3, PCI DSS, ISO 27001, also with HIPAA-BAA.
● SSL encryption between the browser wallet and the Payger backend.

How does Payger ensure that data will not get into the wrong hands?

Payger uses the SSL encryption standard throughout communication between frontend and backend. All blockchain account information is encrypted in our identity service and stored separately. The personal user data is encrypted both in the AWS S3 database in the computer center and in our backend. User sessions expire after a short period of time or once the browser is closed. All access data and user private keys that are on the user site are automatically erased after the end of the user session on the user page.

How are blockchain private keys managed?

The protection of user private keys is particularly important to us at Payger. Compared with hosted wallets, such as Coinbase or Circle, Payger users manage their private keys exclusively themselves and therefore have 24/7 access to their account. Payger has neither access to user accounts nor to the digital assets.
To make the Payger Wallet more user-friendly, Payger has opted for a username + password + PIN account model that simplifies how private keys are handled. Private keys are therefore encrypted and stored with Payger in the backend individually, separately from the other account information and asymmetrically encrypted.

For transactions, the users receive their encrypted private keys and authenticate the transactions with their matching keys before the keys get erased on the user site – again protecting the keys on every step. In the future, users will be in a position to create additional backups of private keys and to store them separately.

To summarise, Payger offers comprehensive protection for a user’s private keys, combined with the user-friendliness of PayPal or Coinbase.

“What happens if I lose my password/pin?“

People make mistakes; people forget passwords, that is totally normal. Such mistakes are expensive, especially, for a personal wallet which holds a couple of hundred euros in value. This is why Payger introduced the option of password recovery, which enables both passwords and a PIN to be reassigned to users.

Users are able to reset both with the help of two security questions and answers. At the same time, the security questions, security answer, PIN and password are encrypted asymmetrically just like private keys. Payger also has no access to this information at any time. They remain the uses most important secret.
This does also mean that anyone who loses their password together with the responses to security questions has no chance of accessing their account ever again! Given the security structure, there is no possibility for Payger to reset passwords or to access accounts.

In other words, any coins and tokens in that account would be lost. To avoid such a worst-case scenario, Payger recommends the use of a password manager, such as KeePass (https://keepass.info), Dashlane (https://www.dashlane.com) or Truekey (https://www.truekey.com) .

“What happens if my account has been hacked?“

If anyone suspects irregular access to a Payger account, Payger recommends to first change the password immediately, then create a support ticket with the details.

How does Payger protect the privacy of its users?

Blockchain-based financial systems, such as Bitcoin, Dash or BitShares, use public account addresses, also known as public keys. The public key is like an IBAN account number, and its purpose is the identification during a payment transactions. Unlike financial institutions and banks, however, the transactions and accounts of each public key are transparent and publicly visible. Anyone is able to see account balances and view transactions with a block explorer, as soon as they know a public key. At Payger we call this the “transparency dilemma”, which has many advantages and disadvantages. We will go into this subject in more detail in a separate article.

As the user privacy is particularly important to Payger, we have decided to develop an extra layer of security for Payger accounts. Unlike many other walls, the Payger ID is not registered directly in the BitShares blockchain, but a name is generated at random. The user with the Payger ID “johndoe42”, for example, is registered with the blockchain public key “Payger-123456789”. That has several advantages straight away: firstly, the Payger ID can therefore be changed like a twitter handle. Secondly, the user is harder to identify by third parties in the blockchain with the Payger ID “johndoe42”. This security function is worth its weight in gold, particularly for companies and retailers who want to protect themselves from financial espionage.

How many people have access to the data?

Only a few selected Payger admins have access to the personal user data and only for regulatory, moderation and account-checking purposes. We rely on the principle of dual control here when handling personal data. The KYC user verification is still a manual process, and we are working towards automating these processes.

Where is the transaction data stored?

Transaction data is anonymous in the BitShares blockchain, a special digital finance system. It is considered particularly secure, as hundreds of selected, locally handled witnesses who validate each transaction ensure the necessary security. That makes it difficult to impossible to hack into and manipulate a user account.

“We simplify the access to crypto currencies and develop user-friendly wallets for the daily use, with the primary focus on user security,” says Payger founder, Christoph Hering. “This is why factors, such as trust, security, and control play the most important role in the development of our Payger ecosystem.”