Security Experts:

The Virtual Currency Taking Over the World isn’t the One You Think

Currency is a technology that evolves according to the needs of the people who use it. Throughout history, the forcing function for an evolutionary step in currency has usually been to meet an efficiency gap such as arbitrage, auditing, or fraud control. In the 20th century, the most significant evolution occurred when all governments detached the value of their currencies from underlying precious metal reserves. Floating the currency was done for a myriad of reasons, but foremost to give central banks the ability to influence the issue and value (via inflation or deflation) of their national currency according to their own fiat.

With the rise of the Internet, the world may be on the verge of evolving a new currency—one that more closely lives in the digital world, and one that can be transmitted directly from one individual and received and processed by another as easily as an email or a text message. The world is looking for a virtual currency. Virtual means that the currency is not backed by a physical commodity, is not controlled by a government agency either, and is used and accepted among members of a specific virtual community (that is, the Internet).

Today, enthusiasts of virtual currencies fall into two camps. The first camp contains the crypto-currency enthusiasts. A crypto-currency is a medium of exchange based on cryptographic techniques that are used to control the audit and issue of new specie. The very first and by far the most popular of these crypto-currencies is called Bitcoin. This currency’s enthusiasts are typically a very libertarian-minded set of people who appear to be pushing their agenda as much out of a distaste for dealing with governments, banks, and middlemen as their actual need for a digital currency. These people have access to VISA and MasterCard and PayPal, after all.

Crypto-currency enthusiasts are also a very expressive group, blogging frequently about the currency and singing the praises of its benefits and the security of its protocol. However, as one would expect from contrarians, they disagree with each other quite often; as a result, there are now 80 virtual currencies—all based off of Bitcoin—with names like Dogecoin, Altcoin, and Primecoin. Of these, Bitcoin has the vast majority of mindshare and user base. For all the chatter generated by the crypto-currency community, you would think that Bitcoin is about to take over the world and become the de facto standard for all digital commerce.

But for all the noise, the actual number of Bitcoin users is very likely quite small. Brandon Hurst, a Bitcoin enthusiast himself, estimates the number of Bitcoin users at less than 1 million. Because the Bitcoin system is completely digital, the number of Bitcoin addresses (also called hybrid deterministic wallets) is a known quantity. And because the system is largely anonymous, it is difficult to map how many users this number of addresses translates to. My friend, a bitcoin enthusiast, says he has about a dozen wallets. If the popularity of Bitcoin is in question, so is its security as a currency. Bitcoin has had a rocky year in 2014, when 7% of all bitcoins were stolen in the infamous Mt. Gox exchange collapse. 7% is a surprisingly high percentage for a supposedly secure currency.

Stolen Bitcoins

Google Trends: Interest in Bitcoin (blue) vs M-Pesa (red)

The second camp of virtual currency enthusiasts is largely unknown, which is surprising considering that there are over 30 million of them. They wouldn’t even consider themselves as virtual currency enthusiasts, but just ordinary people in Africa using an SMS text-based currency called M-Pesa.

M-Pesa was invented as a virtual currency by mobile network provider Vodafone after it was discovered that its airtime minutes were being used and traded in by people in Africa in lieu of actual money. Partnering with the governments of Kenya and Tanzania, Vodafone launched the M-Pesa service, which would allow registered users to send and receive money using text messages. Tens of thousands of Point of Sale merchants, such as news agencies, grocers, landlords and government agencies were recruited to accept M-Pesa.

In Kenya, a critical mass was quickly reached, and today, over 70% of the 40 million Kenyans use M-Pesa to top up each other’s airtime minutes, pay their rent, utilities, and, in some cases, even their taxes. Mindblowingly, M-Pesa contributes to 40% of the national economy of the country. In the third quarter of 2014, Vodaphone launched M-Pesa in South Africa. In just three months, the number of South African M-Pesa users climbed to 650,000—likely tying the worldwide number of Bitcoin users.

M-Pesa transactions are limited to $500, which reduces the incentive for mischief. Fraud still occurs in the M-pesa system, but at very low levels compared with that of Bitcoin or any traditional currency. In fact, Safaricom, the operator of M-pesa in Kenya, reports a fraud rate less than 1%.

Forward Drivers in 2015

The forward drivers for Bitcoin and M-Pesa are completely different. Speculation will continue to be a primary force for Bitcoin in 2015. However, the poor return on Bitcoin in 2014 may deter adoption rates in 2015. In fact, for the first time ever, the challenge of Bitcoin mining (that is, computationally issuing new currency) has gotten easier as some early adopters have left the market.

Although M-Pesa has a toehold in EMEA with its presence in Romania, 2015 will prove to be about ensuring the launch in South Africa and increasing subscribers and agents in the developing world. Nearly a dozen countries are already participants in M-Pesa.

Will there be a winner?

The past two years have been full of hype about Bitcoin as the probable default global virtual currency. There are many today who still think it will be. But statistics might be telling us otherwise; that even if a currency revolution is happening, the winner might not be Bitcoin, or any crypto currency. It might be the alternative currency M-Pesa.

view counter
David Holmes, CISSP, is a security researcher and a low-rent technical evangelist. He has a background in cryptography, application security, architecture, and development. He has spoken at more than 50 conferences, including RSA, InfoSec Europe, the Australian CyberSecurity Conference, and Gartner Data Center. He researches and writes regularly about cryptography, the Internet of Things, malware, policy, vulnerabilities, technical solutions, and the security industry in general as an expert contributor at SecurityWeek. Holmes studied Computer Science and Engineering Physics at the University of Colorado at Boulder and has awards from Toastmasters International. On Twitter he is @capmblade.