You are on page 1of 33

1

Business Utilization of Bitcoins for Transaction Processing Chad Silva A Capstone Presented to the Information Technology College Faculty of Western Governors University in Partial Fulfillment of the Requirements for the Degree Master of Science in Information Security & Assurance 3/29/2013

2

Abstract Businesses of all sizes that perform transactions online are subject to having a significant percent of net sales be skimmed off by the Payment Card Industry in the form of merchant account fees (ranging from two to five percent of the transaction value), as well as being subject to other regulatory and process overhead. By utilizing the digital currency called bitcoins, businesses can take part in secure online transactions with no centralized organization adding to overhead or deducting from profit. Accepting bitcoins is not without risk, and the evaluation of this risk and associating mitigating factors are included in this investigation. Bitcoins fluctuate in value more than most currency, and the avenues for exchange are often subject to overhead. Bitcoins, however, are immune to the large amount of attacks carried out against credit cards, and transactions carried out using them are not reversible or disputable (Peck 2012). The implementation of a bitcoin acceptance method, required security, and associated legal and tax considerations must also be examined. When all factors are taken into consideration; it is believed that access to this market (currently valued at 113 million USD)(Mick, 2011) is not just attractive, but viable given the low barriers to access. The decision to implement bitcoins will be based on the proposed cost savings; growth and health of the bitcoin environment, and other business drivers - and the actual outcome success will be based on the realization of these projected benefits. The anticipated timeframe for an implementation for most companies would be mere hours, followed by a continual program of user acceptance promotion.

3

Table of Contents
Introduction Project Scope Defense of the Solution Methodology Justification Organization of the Capstone Report Systems and Process Audit Audit Details Problem Statement Problem Causes Business Impacts Cost Analysis Risk Analysis Detailed and Functional Requirements Functional (end-user) Requirements Detailed Requirements Existing Gaps Project Design Scope Assumptions Project Phases Timelines Dependencies Resource Requirements Risk Factors Important Milestones Deliverables Methodology Approach Explanation Approach Defense Project Development Hardware Software Tech Stack Architecture Details Resources Used Final Output Quality Assurance Quality Assurance Approach Solution Testing Implementation Plan Strategy for the Implementation Phases of the Rollout Details of the Go-Live Dependencies Deliverables Training Plan for Users Risk Assessment Quantitative and Qualitative Risks, & Risk Mitigation Cost/Benefit Analysis Post Implementation Support and Issues

4 Post Implementation Support Post Implementation Support Resources Maintenance Plan Conclusion, Outcomes, and Reflection Project Summary Deliverables Outcomes Reflection References Appendix A: Bitcoin Wallet Installation, on a Windows 7 Appendix B: Basic Bitcoin Wallet Interface Appendix C: Suitable Bitcoin Acceptance Programs

5

Introduction Project Scope The project will examine the current burdens placed on companies by traditional, popular online transaction handling methods such as transaction fees, required hardware and/or software, security requirements, and disputed transaction resolution. The position of a small to medium company will be used (one which does not have notable leverage with financial institutions). As a potential solution to these burdens, bitcoins (both the technology, and it‟s associated environment) will be examined. This will include the health and growth of bitcoins as a currency, ability for companies to easily accept bitcoins, and security of bitcoins as a system. The implementation of a bitcoin acceptance system will also be displayed, and the basic process for sending and receiving bitcoins shown. Some non-typical, but noteworthy and relevant methods for sending and receiving bitcoins will also be shown.

Defense of the Solution This solution is of significance, because successful companies are consistently looking to utilize emerging technology to gain a competitive edge. In a world of digital transactions, a very small number of companies and organizations, namely the Payment Card Industry, have a huge amount of control of the daily financial practices of companies and individuals. This has left a large need for an alternative/competing service. Bitcoins are the most widely used alternate currency, having passed numerous hurdles that other attempts at currency have failed at (Geere, 2011). Furthermore, their mobility is independent of a central organization while being incredibly safe (Peck 2012), positioning them to be used as a payment form that rivals credit cards. Given the success and health of the market,

6

the time has come for a serious consideration and case to be made for widespread commercial acceptance of bitcoins. Bitcoins also are an interesting juncture of economics, cryptography, and privacy. Strong decentralized cryptographic controls provide an unbreakable pillar on which to base the value of this currency, while also allowing for the internal mechanisms to allow total anonymity. The security that lies beneath bitcoins is a wonder unto itself. Methodology Justification Bitcoins were selected for this initiative because they are the only digital currency which has shown widespread success, while also providing the features desired by profit-savvy businesses (Peck 2012). The value of bitcoins is also steadily rising, making their possession an investment in and of itself (Falkvinge, 2011). Top websites internationally are also adopting bitcoins, showing further proof of their acceptance, viability, and value - early in 2013, Reddit.com (a site in the U.S. top 100, and international top 200) began accepting bitcoins for its paid memberships (Olanoff, 2013). Bitcoins are also easy to implement; any company that utilizes even a smartphone can set up bitcoin acceptance. Appendix A shows the simplicity of the Bitcoin Wallet installation process; and Appendix B shows the Wallet interface. No special technical skills are needed for a company to accept bitcoins. Organization of the Capstone Report This capstone report will examine the situation of a small to medium businesses in regards to transaction processing, and present bitcoins as an option for accepting funds. The current state of transaction processing will be audited, and the core problem examined. The impact of these problems, and their associated costs will be reviewed.

7

Bitcoins will be shown to fit functional requirements and fill gaps. An example of how a project for implementing bitcoin acceptance will be outlined for an assumed business. The phases, timeline, dependencies, requirements, risks, milestones, and deliverables for this project will be laid out, and their methodology explained. The project will then be further broken down into subsections, detailed, and have a quality assurance scheme discussed. Its implementation and deliverables will be outlined, and an assessment of risk conducted. This capstone report finishes by summarizing the project, its outcomes, and a personal reflection from the author. Systems and Process Audit Audit Details Anyone who has ever utilized a non-cash transaction medium (to send or receive funds) has noticed some type of premium. Services like WePay or PayPal charge a percent of the total transaction. Money orders and preloaded credit cards have initial charges associated with purchasing them beyond their value. Even checks require that the physical medium be purchased, and may be linked to a checking account that requires a minimum balance lest it accrue fees. For companies who wish to accept non cash funds online, Paypal is a popular choice (as is WePay, which has an identical fee structure). Every PayPal transaction incurs a fee equal to 2.9% of the transaction, plus $0.30 (Paypal, 2013) . While the $1.75 lost on a $50 transaction may seem ignorable, on $50,000 worth of such transactions, the fees total $1,750. It‟s important to note that this cut is taken straight from profits; if of the theoretical $50,000 in income, $25,000 was cost - then the transaction fees represent a 7.0% loss. Paypal usage also incurs the chance for accounts to be frozen, sometimes seemingly without reason, and for weeks or months at a time.

8

“While PayPal says that only a small percentage of its customers run into such issues, there have been enough horror stories...to make some companies think twice about using PayPal, the most popular electronic payments service in the world. The victims range from individual sellers to start-up companies, and from creative artists to impromptu philanthropists. They all had to scramble when PayPal decided to hold onto their money longer than expected. PayPal, which is owned by eBay, remains the dominant global player in e-commerce, handling more than half of all Web transactions by some estimates, and it continues to grow. But some businesses who are frustrated by the company‟s aggressive antifraud measures are looking at other ways to accept payments” (Chen, 2012). Square is a popular new technology for accepting credit card payments. While the rate of 2.75% seems preferable to PayPal, it still would represent $1,375 in lost profits. This slight edge also comes at the requirement of having to swipe the physical card, making it only practical for in-person purchases. When used to accept a sale in which the card is not present, the rate increases to 3.50% plus $0.15 per transaction (Square, 2013). There is no simple overview of what it means to utilize a traditional merchant services account through a credit card company such as Visa. Their document on USA Interchange Reimbursement Fees is nine pages long, and contains numerous schedules of fees based on the type of business, type of card used, if the card is present. The most preferential rates are reserved for merchants with minimum volume of $3.0 billion dollars, and rates on less preferred transactions can go as high as 2.95% plus $0.10 per transaction (Visa, 2012). Square and Visa (as well as all other payment forms that accept credit cards) require merchants to perform a lengthy and complex process to verify their adhesion to PCI DSS (Payment Card Industry Data Security Standard). “PCI compliance is required for all businesses

9

that accept credit or debit card payments — even for businesses with very little volume. However, only larger merchants are required to have PCI compliance validated by a qualified security assessor (QSA)” (Dwyer, 2011). By comparison, cash does not have any associated charges, and there is no threat that money “given” will be chargedback, frozen, or otherwise deducted by a third party. No accreditation or compliance to any industry standards is necessary. What is given is exactly equal to what is received when two parties directly exchange currency. Bitcoins emulate this direct, nooverhead transaction between parties.

Problem Statement Traditional transaction processing methods all utilize some pre-existing infrastructure, and charge a premium for it. These fees typically result in a two-to-five percent loss in the total value of money collected, and have traditionally been accepted as a simple (but significant) cost of doing business. These costs associated with running the business do not actually provide value to the customer. They plague any company that accepts (or desires to accept) payment in a non-cash form. It affects both for-profits and nonprofits, and companies of all sizes. Smaller companies stand to be effected to greater degree, due to their inability to leverage a large amount of transactions to gain favorable arrangements with merchant service providers, and inability to realize efficiencies on overhead by virtue of scale. Bitcoins represent the first viable opportunity to sidestep this overhead in a way that retains many of the desirable features, and even adds in new ones. They utilize cryptography and a decentralized verification process as a replacement for centralized transaction processing.

10

Problem Causes The services provided by the payment card industry and online transaction handling services is not free to provide; all are companies in and of their own right, and seek to make a profit. They generally provide support, infrastructure, and assurances that allow companies to accept money online where they (previously) otherwise could not. Bitcoins change these assumptions, by providing a way for companies and consumers to use an open, free system that eschews the need for infrastructure and most support, while providing ultimate assurances regarding the safety of transactions. As a currency (in addition to being a transaction model), bitcoins are produced at a mathematically limited rate, with their generation driving the transaction verification process. This mechanism is examined in depth, in the approach defense.

Business Impacts Increasing profits is a key driving factor for businesses, and those companies which become complacent in this area will be overtaken by innovative businesses which utilize emerging technology and possess a hunger for market share. Bitcoin acceptance does not only reduce overhead and increase market exposure; it shows that a company is current on technology and sensitive to the purchasing preferences of its customer base. These qualities are particularly applicable to business in the tech sector (or who interface directly with those in the tech sector), but are valuable to all businesses.

11

Cost Analysis Implementing a bitcoin acceptance methodology has no inherent cost, and no cost to maintain. An extreme low cost method for point of sale bitcoin acceptance, would be to have a printed QR code for a bitcoin wallet address, that customers could then access with their personal smartphone. A slightly more expensive version of this method would require an inexpensive (sub $200) smartphone capable of running an iOS or Android operating system, which would allow a QR code to be generated specifically for a given sale, and with a unique address. Adding Bitcoin acceptance to a website for purely online sales is entirely free, as it requires no software or hardware purchase.

Risk Analysis The risks associated with implementing and accepting bitcoins are minimal, and those that exist have reasonable and effective avenues for mitigation. They generally revolve around the qualities of bitcoin as a currency, versus the mechanics of bitcoins as a transaction. A full risk assessment, including a complete risk analysis, is included in the Risk Assessment section of this report.

Detailed and Functional Requirements Functional (end-user) Requirements End users require a bitcoin wallet, and bitcoins, to participate in this process; for the target audience (current bitcoin holders), this is a given. Point-of-sale purchases require that a user have some type of mobile device to manage their wallet. Other requirements for the enduser‟s mobile device depend on the chosen method for communicating the target of the funds

12

transfer. If QR codes are used, the device must be able to visually read and interpret them; a function offered by software such as Blockchain or Mt. Gox Mobile. If a NFC (near field communication) tag is used, devices used must also be NFC capable.

Detailed Requirements There are no official standards that must be met for accepting bitcoins, unlike the Payment Card Industry standards required for accepting credit cards. This alone slashes the amount of time overhead required for a bitcoin (vice credit card) payment solution. Some personal computer, smartphone, or tablet must exist at some location within the company, so that the bitcoin wallet can be maintained, payment transactions verified, and bitcoins then subsequently spent or exchanged for cash.

Existing Gaps Bitcoins also offer a pathway to reaching a new and growing economy, as they increase in popularity (for a number of reasons) and more and more consumers are finding themselves with a positive balance in their digital wallet. Without the ability to accept bitcoins, companies are closing themselves off over a hundred million dollars in currency (Mick, 2011).

Project Design Scope The scope for the basic bitcoin implementation project will be kept general, to maximize its applicability. While modifications to the design could be made to best fit a specific business model, the methods discussed will well suit any business model.

13

Two different overarching implementations will be discussed. One is that of a company with a physical storefront, that desires to accept bitcoins from customers using wallets accessible through their mobile device at the point of sale. The other implementation discussed is that which would be used by a company with an entirely online storefront, that wishes to accept payments over the internet.

Assumptions The assumptions being made are that a company is utilizing merchant services for processing online payments, and that the service provider charges between two and five percent of the value of the transaction, and is enforcing PCI compliance. It also assumes that companies have the computational resources to hold a bitcoin wallet (a single smartphone or computer), and can train employees to accept bitcoins - a process that is arguably even simpler than accepting a credit card, albeit generally less familiar. The ability of a company to directly turn Bitcoins into valuable goods, services, or other currency is a factor in the degree to which a company will benefit from a bitcoin solution. Not all companies are positioned such that they could find enough ways to spend Bitcoins in ways that would fully realize the savings afforded by using them. It is assumed that a company would be able to find some ways to spend bitcoins directly, vice converting them entirely to cash through a service. Companies are also limited in part by the spending habits of their particular customer. This solution assumes that a business has customers that use bitcoins, or through advertised acceptance discover the advantage of bitcoins and choose to utilize them.

14

Project Phases The steps to bitcoin acceptance are minimal (despite the intricate computational and cryptographic processes that take part in it). 1 A bitcoin wallet must be created. 2 A specific method (or methods) for initiating transactions must be established. 3 User awareness of acceptance must be raised.

Timelines Wallet creation can be completed by a single person inside of a half-hour, including time to familiarize themselves with the wallet software. Establishing transaction initiation methods may take up to several hours, depending on the method used (utilizing commercial off the shelf software for QR generation being the fastest, NFC tags taking slightly longer, and integrating an online module for digital acceptance taking the longest). Raising user awareness is an ongoing phase, which may never be finished.

Dependencies It would be unwise to raise user awareness of accepting bitcoins before the associated acceptance methods were completed; fortunately this only means that the phase would be delayed a number of hours from project start (potentially days, if the implementation was stretched out that long).

Resource Requirements A single PC, tablet, or smartphone is required, at a minimum, to setup and manage a bitcoin wallet. Additional tablets or smartphones can be utilized to facilitate more interactive

15

point of sale purchases, though these may be added at any point. Free wallet management and transaction initiation (software appropriate to the resident OS) is required on the chosen device, at the time of setup and deployment.

Risk Factors A major shift in the value of bitcoins could cause a (theoretically temporary) decrease in the value of held bitcoins. The loss of all copies of the digital wallet (including digital backups) as well as physical backups (printouts of wallet addresses) would cause an irrecoverable loss of associated funds. Notable risk factors that are not present in this solution include the ability of a customer to cancel or dispute a charge, and the possibility that a transaction will have insufficient funds.

Important Milestones The rollout of a complete and customer ready bitcoin acceptance method is the only clear and distinct milestone for this solution. It is possible that a given business model may choose to also have the milestone of discontinuing traditional credit card acceptance, based on total (or near-total) customer acceptance and adoption.

Deliverables This solution would be considered complete when the virtual wallet was set up, transaction initiation software was installed on physical devices (if so desired), modules for accepting online were integrated (if so desired), staff was trained on assisting customers with the transaction process (including accompanying training material), and a plan for spending, saving, or converting received bitcoins was in place.

16

Methodology Approach Explanation
A number of factors are contributing to the increasing relevance of Bitcoins to businesses. These include the importance of retaining profits, and growth of a semi-captive market through ease of bitcoin acquisition and bitcoin-only business activities.

Higher profits are a constant source of pressure for all commercial ventures. In many cases, aspects of a business process can be outsourced at a cost savings. Online process transaction capability is traditionally one of these things; given its importance, the need for an extensive network of infrastructure, and the assurance provided to consumers by a trusted name such as Visa or Paypal. This capability is secured at a high cost, however - as a fixed rate of sales are lost to processing fees. Bitcoins are also a growing reality. As their market grows, more and more individuals will be in possession of this valuable currency, and seek to spend it. By becoming an early adopter of bitcoin acceptance, companies can establish themselves as a go to venue for spending bitcoins. This somewhat captive market promises increased sales even on top of reduced transaction fees. Recent development of physical ATM machines have made putting bitcoins into people‟s (virtual) wallets even easier, and more anonymous. “It's the opposite of a traditional automated teller that dispenses currency ... these Bitcoin ATMs will accept dollar bills -- using the same validation mechanism as vending machines -- and instantly convert the amount to Bitcoins and deposit the result in your account. „It's even easier than just using a regular ATM,‟ says Harvey, 33, who demonstrated the device to CNET this weekend at the Free State Project's annual Liberty Forum. „You could probably do it in about five seconds. The thing that would take the longest would be the bill validator taking in the dollar‟ (McCullagh, 2013).

17

Another driving force in the bitcoin universe, is online gambling. This $127 billion dollar industry (IBISWorld, 2012) is mired in legal complications, particularly in the United States. As it stands, bitcoins exist in a legal area which allows interested parties to avoid breaking US law. “The federal government says online gambling is a no-no. In the last few years, the Justice Department has made it very clear: You can't just open up an offshore casino online and start taking bets using actual money from the United States. But last year, a couple of entrepreneurs asked themselves — what if you were only betting with Bitcoin? „What Bitcoin does is that it totally circumvents that... [SatoshiDice] says it made the equivalent of over half a million dollars in profits in just six months of operation in 2012, accepting bets in Bitcoin” (Farivar, 2013). SatoshiDice is one of many companies drawing individuals into bitcoin ownership, and increasing the pool of potential customers.

Approach Defense Online process transaction capability is an increasing requirement for all types of businesses, as sales continue to shift online, and mobile technology brings the internet to every corner of our daily lives. It is at this point that the ability for a company to not just use technology to keep up, but utilize it in such a way that it produces a competitive advantage is critical. Bitcoin offers a method that is intrinsically safe, widely used, and has a type of infrastructure which is free to participate in (Falkvinge, 2011). The safety of bitcoin is the sum of its design mechanisms. Any given wallet is composed of an unlimited number of alphanumerical addresses, each of which can hold its own balance, and can be removed from a wallet or handled on its own. This division of funds means a single address being compromised would only compromise the balance on it. Public key encryption (provided by the wallet software, based on each individual address) allows transaction requests

18

to be signed by an individual wishing to send funds, then broadcasted on the network. Bitcoin “miners” (anyone participating in the network) bundle these broadcasts into “blocks”. A block of transactions is then appended the previous cycle‟s hash, then miners begin adding nonces and hashing the results. This final step is repeated until a miner happens upon a hash with a required number of leading zeros; an unpredictable, uncommon occurrence. The lucky miner is then rewarded with an address containing bitcoins as a reward for participating in the network, and new coins enter the economy. The “winning” hash can be easily verified by other miners; who then all begin working on the next hash (which contains the hash of the previous transactions; ensuring that no one can go back and change them). The details of a transaction are then virtually set in stone; modification would require that a rogue entity find a winning nonce for the hash of their modified block, then go on to greatly surpass the combined computational power of all other network resources in forging a new set of nested successful hash/nonce combinations including all following blocks. Privacy is also an increasingly scarce commodity that bitcoin provides as added value. By their nature, bitcoin transactions are anonymous, assuming a fresh address is used (though means of initially getting them may not be entirely). This will allow shoppers to spend more comfortably in areas that they normally may find embarrassing or wish to obscure for other reasons. Physical ATMs will provide unprecedented ability to take cash and spend it (entirely anonymously) online. Transferring cash into a form usable online is currently a major barrier for individuals who have credit complications or do not belong to a bank. Methods such as purchasing prepaid credit cards are currently a last resort, and their accompanying fees are high in reflection of that.

19

Project Development Hardware In a business model which requires hardware (physical store), an ideal setup for a small business would include a PC running windows software as part of an office setup, and a tablet computer (Android or iOS) at the point of sale. A digital setup would require no hardware beyond the solution already hosting the site, and the computer used to manage that.

Software No software must be developed. There are several bitcoin wallets available for use, free in this scenario, MultiBit is recommended based on its cross-platform presence, lightweight install, and simple interface. A company wishing for higher amounts of features may choose to use Bitcoin-Qt, with the option to add an installation of Armory on top.

Tech Stack The concept of a technical stack does not apply to this solution. Architecture Details Any physical point of sale terminals or workstations need to be connected to the (presumably) existing, secure wireless network. No additional architecture is needed; and in fact, some protections required by the Payment Card Industry Data Security Standard may be removed if so desired (and credit card acceptance is entirely phased out).

Resources Used A single PC, tablet, or smartphone will need to be available for use; though it can be part of an existing checkout system. A minimal amount of training (less than one hour) is required for

20

any employee who will be assisting customers in completing point of sale transactions. Transactions accepted online require no special training, unless technical support is provided for customers; in which case similar training as a cashier is necessary. It‟s important to note that training does not need to include the (admittedly complex) workings of bitcoin technology; only the customer-facing transaction process.

Final Output The final output will appear similar to existing, familiar payment infrastructure. In a digital rollout, a button for payment using bitcoins will be present. In a physical rollout, a smartphone or tablet will be in the relative proximity to where customers are use to finding a PIN pad or signature device.

Quality Assurance Quality Assurance Approach Quality assurance is of minimal impact to this solution. When implemented as an addition to payment methods, bitcoin acceptance cannot fail to bit fit for purpose. Only when bitcoin acceptance is used as a total replacement for accepting payment cards can it possibly fail to not satisfy the needs of customers; but this is remedied by offering both methods in tandem until the discontinuation of payment card acceptance proves viable. The accuracy of transactions is also designed into the system, as the transaction suggested by the chosen business system must then be initiated by the customer, and then verified again by the business.

21

Solution Testing Prior to deployment, wallet-to-wallet test transactions can be performed ad nauseum, due to the zero per-transaction charges. Any employee wishing to practice transactions can do so to their contentment, and perform transactions as proof of proficiency.

Implementation Plan Strategy for the Implementation For a physical implementation, a device aided transaction setup is far preferable to a fixed QR method. Utilizing a device allows for transaction specific codes to be generated, which contain a unique destination wallet address, as well as suggesting an amount. The whole process of implementation can be performed outside of business hours, due to the short timeframe of hardware and software configuration. If not for needing to physically secure the device at the point-of-sale, the implementation could even be done invisibly. A digital implementation can be done entirely invisibly, assuming the chosen website hosting solution allows for site changes to be performed, configured, and tested offline (in a nonproduction environment).

Phases of the Rollout The phases of testing and acceptances are minimal. Testing for the system is complete following the first successful transaction performed. Acceptance on the part of the business is complete when all employees using and supporting the system show the ability to perform a transaction. User acceptance will be an ongoing phase, with adoption ideally increasing over time, but with no specific goal being desired (unless the removal of payment card acceptance is a goal, in which case the attainment of that goal would mark the end of the user acceptance phase).

22

Details of the Go-Live The project will be considered fully implemented when customers are able to utilize bitcoins as a payment method. It is not necessary for a customer to actually utilize this option for the project to be considered a success, but a live utilization may be the cause for celebration.

Dependencies The wallet must be established before any transactions can be initiated, or testing performed. Installation of software on terminal and test hardware is not dependent on wallet establishment, however.

Deliverables Tangible deliverables include the successful implementation of a bitcoin acceptance button on a digital rollout, and the installation of physical hardware for a point-of-sale implementation. Intangible deliverables include an increased awareness of bitcoin as a medium, and an aura of being up to date on payment method technology.

Training Plan for Users Training on the use of bitcoin payment methods will be provided by the employees assisting with point-of-sale transactions, or by a digital FAQ. It is highly unlikely that customers possessing bitcoins are unaware of how to use them, however; and impossible that customers completely unfamiliar with bitcoins will choose to convert their purchase to bitcoins on the spot. This allows users to become only aware of bitcoins at the point of sale, and pushes off actual

23

training to an individual on their own time. If so desired, literature pointing to online resources on bitcoins education may be distributed, should it be possible at an attractive price point.

Risk Assessment Quantitative and Qualitative Risks, & Risk Mitigation There is no cost for setting up a Bitcoin wallet and beginning to accept funds. Software for managing wallets is free, and addresses to accept coins at are both free and anonymous. Addresses (unique strings of letters and numbers) contained in a wallet do need to be protected; much in the same way that any other credentials for accessing money need to be stored. Reasonable security should be set in place to protect the digital wallet; but this will be of no additional cost to a company which has reasonable security for their other networked assets. Wallets can even be backed up (or entirely stored) as physical printouts of their associated addresses. The risk of possessing bitcoins in a wallet format is equivalent to the risk assumed by keeping funds in a bank account which can be accessed online - ranging from Perhaps the biggest area of risk, is that of turning around and redeeming collected bitcoins. Ideally, they are used to directly pay for goods or services required by the business - a practice which supports a large and growing network of Bitcoin trading. If it is necessary to immediately convert bitcoins into USD, a paid conversion service such as Bitpay.com or Coinbase (which collects a 1.7% or 1% fee for converting bitcoins into USD and depositing them, respectively) may be utilized.. It is worth noting that even if this risk is realized, the fee paid is still lower than any traditional transaction processing fee. Excess bitcoins which are held become a type of currency investment (the value of Bitcoins fluctuates, but is trending upward)(Gustke, 2011). It is possible for a company holding a large sum of bitcoins to see a reduction in their value due to a market shift. This can be

24

minimized by either a close following of the market (which can even serve as a profit generating activity, if the value of bitcoins increase), or by deciding to hold on to coins until the market rebounds. Historical market records can be viewed at http://bitcoincharts.com/. It‟s worth noting that bitcoin acceptance is not mutually exclusive of traditional transaction processing methods. Adding bitcoins as an accepted method does not interfere with or (necessarily) replace other non-cash payment methods; but the full effects of overhead reduction are limited to companies that are able to eliminate the necessity of PCI compliance.

Cost/Benefit Analysis Benefits shortfalls are virtually non-existent with bitcoin implementation, particularly an
online acceptance scheme. In the short term, with zero processes being transferred, visible acceptance of bitcoin still contributes to awareness and long term health of the bitcoin economy. This is a no cost wager in the future of bitcoin.

The risk of a cost overrun is similarly low. Any hardware failure experienced would take place on hardware also used for other, existing business processes that we presume warrant replacement. Utilizing bitcoin acceptance on any given piece of hardware does not contribute to failure rate in any specific or meaningful way.
The biggest fixed cost, is time. The time spent implementing bitcoin acceptance is not recoverable, but can be expected to be recovered through avoiding activities associated with accepting payment cards. Providing PCI compliance, as well as maintaining the specific security posture associated with it; can be prohibitively burdensome for companies with few employees. Bitcoin not only avoids PCI compliance, but entirely removes the concept of fraud, disputed transactions, chargebacks, and frozen accounts. These last benefits are realized even if payment cards are still accepted, in that the problem transactions are in some amount avoided.

25 If at any point bitcoin acceptance becomes undesirable, or problems arise, acceptance can be halted or rolled back. At this point in time, accepting bitcoins is not as expected as accepting payment cards, so stopping it suddenly would result in minimal backlash. For point-of-sale purchases, this is as simple as removing any signage, and instructing employees which process transactions. Stopping online transaction would require disabling a portion of the webpage; a slightly more complex task, but one which can be performed rapidly through a rollback. If part of a sudden halt to acceptance also requires the liquidation of bitcoins to cash, services may be utilized to transfer bitcoins to USD at the current exchange rate within a day, minus a small (approx 1%) fee.

Post Implementation Support and Issues Post Implementation Support Very little ongoing support is needed for bitcoin acceptance. There is no official, industry certification that must be attained. Employees entering the company will need to be trained in its usage, but the simplicity of the process would allow any other employee to perform a suitable knowledge transfer.

Post Implementation Support Resources It may be desirable to produce a guide to facilitating bitcoin transactions, if person to person knowledge transfer is not desirable. In this event, documentation on the process specific to the business can be produced and made available. Maintenance Plan The software that facilitates transactions should be added to the businesses operating procedures for keeping other software patched and current. There is no special maintenance which must be added to the hardware hosting the software.

26

Conclusion, Outcomes, and Reflection Project Summary If Bitcoin is not brought on as a method for accepting payment, business will seemingly continue much the same for the near future. It is likely that other companies that do utilize lowto-no overhead, emerging technologies will gain a competitive advantage, however. Early adopters will capture customer loyalty, associate their brands with bitcoin acceptance, and gain proficiency in efficient and low-risk bitcoin usage. Late (or non-) adopters will experience a shrinking market, and presumably be looked at tomorrow as cash-only establishments are today: antiquated, inconvenient, and irrelevant. The timeframe for this potential future would of course vary by sector. Ultimately, what bitcoins do offer, is a no-cost, additional avenue for accepting transactions which yields a maximum amount of profits. Offering this option both promotes customer familiarity with Bitcoins, increases the value of all bitcoins by expanding the amount of merchants which accept them, is keeping with current financial and technical trends, and is low risk. Different business models will call for different bitcoin acceptance methods (QR codes utilized via smartphones, physical bitcoins, online transactions), but the core mechanisms remain (wallets, addresses, and verification through encryption and hashing). The technology behind bitcoins is complex in nature, but simple in usage.

Deliverables A list of suitable programs for bitcoin acceptance is attached (Appendix C).

27

Outcomes This process was not carried out in any actual business as part of its composure, but it is my goal that this document be used to persuade small businesses of the viability and desirability for bitcoin acceptance in their business. Its success in that regard would be a point of personal pride for myself, as I both believe it could positively impact small and medium businesses, as well as promote a technology that I believe in. Reflection Defending the merits of a new technology is hard; particularly one that flies in the face of existing, accepted business processes. At their core, bitcoins seem too good to be true; free to accept, free to transfer, no special hardware or software to buy, and somehow still secure and valuable. The benefits end up overshadowed by the reality that so few people are aware of their existence. Bitcoins themselves are difficult to explain based on their dual nature of a currency and transaction process rolled together. The marvel of their design is sadly difficult to showcase. I did not get to include a fraction of their technological complexity, as it is not a selling point for them from a business standpoint. Conversely, the relatively simple business benefits needed to be repeated a number of times. In the process of composing this written report, I‟ve had the opportunity to connect with individuals who are eager to learn more about this emerging technology. I hope that this completed report will be able to meet their desires for understanding how bitcoins can be a part of their lives. I do truly think that bitcoins will be a significant factor in the economy of tomorrow, and hope to be seen as an influential early promoter.

28

References Chen, B. (2012, August 01). Some paypal users criticize antifraud measures. Retrieved from http://www.nytimes.com/2012/08/02/technology/paypal-antifraud-measures-are-extremesome-users-say.html?pagewanted=all&_r=0 Dwyer, B. (2011). Pci compliance is required. Retrieved from http://www.cardfellow.com/blog/pci-compliance-is-required/ Geere, D. (2011, May 16). Peer-to-peer currency bitcoin sidesteps financial institutions. Retrieved from http://www.wired.co.uk/news/archive/2011-05/16/bitcoin-p2p-currency Falkvinge, R. (2011, May 29). Why I'm putting all my savings into bitcoin. Retrieved from http://falkvinge.net/2011/05/29/why-im-putting-all-my-savings-into-bitcoin/ Farivar, C. (2013, February 06). Is online gambling legal if bitcoins, not dollars, are at stake?. Retrieved from http://www.npr.org/blogs/alltechconsidered/2013/02/06/171182974/isonline-gambling-legal-if-bitcoins-not-dollars-are-at-stake Gustke, C. (2011, November 23). The pros and cons of biting on bitcoins. Retrieved from http://www.cnbc.com/id/45030812/The_Pros_And_Cons_Of_Biting_on_Bitcoins IBISWorld. (2012, November). Global casinos & online gambling: Market research report. Retrieved from http://www.ibisworld.com/industry/global/global-casinos-onlinegambling.html McCullagh, D. (2013, February 23). Need bitcoins? this atm takes dollars and funds your account. Retrieved from http://news.cnet.com/8301-13578_3-57570925-38/needbitcoins-this-atm- takes-dollars-and-funds-your-account/ Mick, J. (2011, June 12). Cracking the bitcoin: Digging into a $131m usd virtual currency. Retrieved from http://www.dailytech.com/Cracking the Bitcoin Digging Into a 131M USD Virtual Currency/article21878.htm Olanoff, D. (2013, Febuary 13). Reddit starts accepting bitcoin for reddit gold purchases thanks to partnership with coinbase. Retrieved from http://techcrunch.com/2013/02/14/redditstarts- accepting-bitcoin-for-reddit-gold-purchases-thanks-to-partnership-with-coinbase/ Paypal. (2013). How to sell online. Retrieved from https://www.paypal.com/webapps/mpp/howto-sell-online Peck, M. (2012, June). Bitcoin: The cryptoanarchists’ answer to cash. Retrieved from http://spectrum.ieee.org/computing/software/bitcoin-the-cryptoanarchists-answer-tocash/0 Square. (2013). Costs and fees. Retrieved from https://squareup.com/help/en-us/article/5068costs-and-fees Visa. (2012, June). Visa u.s.a. interchange reimbursement fees. Retrieved from http://usa.visa.com/download/merchants/visa-usa-interchange-reimbursement-feesjune2012.pdf

29

Appendix A: Bitcoin Wallet Installation, on a Windows 7

30

31

32

Appendix B: Basic Bitcoin Wallet Interface

33

Appendix C: Suitable Bitcoin Acceptance Programs
Bitcoin-Qt : http://bitcoin.org/en/download

The original, standard software wallet. Available for PC, MAC, or Linux.

Multibit : https://multibit.org/

A simpler, lightweight software wallet. Available for PC, MAC, or Linux.

Armory : https://bitcoinarmory.com/

An add-on to Bitcoin-Qt, that adds advanced features, such as offline wallets.

Electrum : http://electrum.org/

A client that offers notable speed, and wallet recovery through a secret phrase.

Bitcoin Wallet : https://play.google.com/store/apps/details?id=de.schildbach.wallet

A mobile wallet for the Android or Blackberry OS, supporting QR codes and NFC.

Blockchain : https://blockchain.info/wallet/

A wallet for the iOS. It has restricted features to fit within Apple policies.