CryptoCurrency Security Standard to Define Bitcoin Best Practices

An industry group of developers, researchers and security professionals have come up with a set of proposed best practices that Bitcoin and cryptocurrency businesses should adhere to, in order to ensure the safest and easiest way to handle Bitcoin and cryptocurrencies. Called the CryptoCurrency Security Standard (CCSS), this is an attempt to standardize the various rules and software practices used by businesses such as wallets, exchanges, etc. to keep customer funds secure. CCSS was created as a collaboration between CryptoCurrency Certification Consortium (C4), and BitGo, Inc.

The major focus of this standard is towards Bitcoin security and transparency in handling customer funds, something essential for the further growth and adoption of Bitcoin and cryptocurrencies in the mainstream. This becomes especially important in light of recent events, such as stolen Bitcoins from Bitstamp or more recently the 7000+ BTC stolen from the Chinese exchange Bter. Security issues have plagued some of the major players in this space, and the creators of this new standard hope that by following these guidelines during development, the entire ecosystem can benefit by making security of Bitcoins more robust.

The CCSS framework itself has been broken down into three levels, giving a more granular rating to businesses. Getting to Level-III, which is what the major exchanges should hope to achieve, means that

"… there are formalized policies and procedures that are enforced at every step within their business, multiple actors are required for all critical actions, advanced authentication mechanisms ensure authenticity of all data, and assets are distributed geographically and organizationally in such a way to be resilient against compromise of any person or organization."
— – CCSS

Even to achieve Level-II, certain best practices for security are required, such as the use of multi-signature wallets.

The guidelines are issued based on ten criteria, which need to be followed for each level achieved within the CCSS framework. These are – key/seed generation, wallet creation, key storage, key usage, key compromise policy, keyholder grant/revoke policy and procedures, third-party security audits/penetration tests, data sanitization policy, proof of reserve and audit logs. To achieve any level, a company must prove its competence through an external audit.

These guidelines would also appeal to regulators who are not very tech-savvy but wish to protect consumers from unscrupulous or incompetent businesses. Several Bitcoin and cryptocurrency based businesses have had to be shut down after losing customer funds, and there is usually no recourse for the customers. These frameworks and guidelines will help businesses plan their security in a robust manner, so that the risks are minimized.