If you’ve got a metal payment card in hand, you’re likely familiar with the “plunk” factor.
There’s a certain satisfaction inherent in removing the tangible card from your wallet, presenting it for payment and plunking it down at the sales counter — or wielding one, increasingly, for online transactions. And then there’s the added peace of mind that comes from knowing your card is on your person, keeping the financial information it unlocks away from the prying hands of fraudsters.
Cryptocurrencies, and by extension, all manner of digital interactions, are readying for their own such moment.
As Jon Wilk, CEO of payment card maker CompoSecure, told PYMNTS’ Karen Webster, metal cards can serve as passports to a more secure, connected digital world across a variety of use cases. There’s potential, too, for the metal cards to make inroads within the cryptocurrency space, making users more comfortable about how they manage the cryptographic keys that provide access to exchanges, digital wallets and — ultimately — trading and commerce across blockchains using bitcoin and its brethren.
The urgency to protect those private keys, which access “hot” digital wallets, is critical. Just this week, for example, stolen private keys allowed fraudsters to steal $196 million in funds from crypto exchange BitMart. In general, fraud and theft are on the rise within the cryptocurrency space — and mobile devices are a key point of vulnerability. In recent months, for example, hackers stole approximately $600 million from a decentralized finance (DeFi) platform. This attack affected tens of thousands of crypto members across multiple blockchains.
PYMNTS research has shown that about 18% of the U.S. population would be interested in paying with crypto, and helping them feel secure enough to do so would logically be top of mind. At the same time, noted Wilk, consumers want a streamlined set of technological tools in place with which to access, and use, their digital assets.
“Consumers don’t want to carry a separate dongle,” he said. “They don’t want to carry a YubiKey.”
But if they’re already used to using digital wallets, and tangible, tap-to-pay cards, the comfort factor is vastly improved, he said.
Earlier this year, CompoSecure debuted its Arculus Key card, a tap-to-pay metal card that stores users’ crypto keys. At a high level, users transact by tapping the card on their mobile devices.
The Arculus announcement comes after, over the summer, CompoSecure said it would be working with Gemini on a new crypto rewards card that would allow users to get 3% back on purchases in bitcoin or several other cryptos. The company said the card “demonstrates how the blockchain and cryptocurrency market category is being supported by banks with innovative financial products.”
The Gemini card offering would come with a metal credit card and include features like crypto rewards for purchases, a security-focused design and give holders immediate access to a virtual card if they’re approved. As for the security that users want, at least when it comes to crypto: CompoSecure said the card is “air-gapped,” which means that it is not connected to the internet at all.
Wilk went on to note that linking the Arculus Key card, which has the same dimensions as any other credit card, to the Arculus Wallet app promotes greater security through three-factor authentication. Those three factors include something the user is (i.e., through a fingerprint or facial recognition); something the user knows (via a six-digit PIN); and something the user has. On that latter point, the Key card itself contains an Evaluation Assurance Level (EAL) 6+ embedded chip that holds the user’s encrypted private keys.
The same features that make a card ideal for securing crypto also make it attractive for other applications in which security is paramount. As a B2B service, the company unveiled its Arculus Business Solution in October, which can be white-labeled across a number of verticals. Wilk told Webster that the offering turns the Arculus card into a virtual key for authenticating almost any digital service.
“The card is a turbocharger for improved security and authentication,” he told Webster, as so much of daily life is becoming digital and, as a result, moving to the blockchain. Arculus users use biometrics to open the app, then use the PIN, and then tap the card to the back of the phone.
“This is the same process that I would use at the point of sale,” he said.
The Order of Priorities
Moving forward, CompoSecure’s first priority for the card deployment rests with crypto and cold storage of crypto keys, although Wilk said Arculus can play a role in making hot wallets more secure, as well. As he stated, “if an exchange wants increased security on a ‘hot wallet,’ we can do that.”
Wilk said that Arculus can be extended to use in strong customer authentication (SCA) within financial services. Users, he said, would be able to “lock down” their investment accounts with various brokerages, with the trio of authentication methods in hand. FinTechs would find value in using CompoSecure’s technologies for new opportunities within or outside of crypto, which in turn might spur greater trust in open banking.
The conversation between Wilk and Webster came as CompoSecure prepares to go public Dec. 23, following a merger with Roman DBDR, a special purpose acquisition company (SPAC).
He noted that the existing owners and founders will still own 60% of the company afterward — a signal that they are “very bullish about the future,” given that the company’s existing core business will see as much as $270 million in sales in the current year and remains highly profitable, he said.
As he told Webster, “The industry is just starting to realize that with the adoption curve of crypto and digital assets accelerating, … the market opportunity for these new areas and for three-factor authentication is just massive.”