Educause Security Discussion mailing list archives
Re: New York State Department of Financial Services proposed rule on Virtual Currency.
From: Leon DuPree <duprleo () GMAIL COM>
Date: Fri, 8 Aug 2014 10:45:26 -0400
Excellent question.. but the answer is A. Don't accept these currencies B. Outsource the process to a vendor C. Become PCI compliant and deal with this at your own peril. On Aug 7, 2014 1:55 PM, "H Morrow Long" <morrow.long () yale edu> wrote:
New York State's Dept of Fin Svcs recently proposed a regulatory rule on Virtual Currency businesses. Yesterday (8/6/14) the Bitcoin Foundation asked for an extension of the comment period ( http://dealbook.nytimes.com/2014/08/06/bitcoin-foundation-seeks-more-time-to-address-virtual-currency-rules/?_php=true&_type=blogs&_r=0 ). Yes, it's starting to happen -- state governments are taking note of the Bitcoin economy (and ecosystem) as well as some of the financial dangers (see: Mt Gox) and the potential loss of fees and taxes due to a subterranean economy based on untraced digital coinage. NY is often a pioneer and sets precedents in financial industry regulation (and enforcement) -- because of Wall Street and other NYC based financial services companies. An examination of the proposed rule shows NY is definitely looking at having businesses which deal in crypto currencies (such as Bitcoin) to have them track transactions as well as secure both transactions and customer's financial holdings and information. Such tracking and security as written would also appear to attempt to defeat some of the somewhat (note not 100% at any rate anyway) anonymous nature of Bitcoin since the rule states that customers cannot hide or obfuscate their identity in order to evade the laws on limits on currency trades and reporting, etc. Many of the proposed measures under the rule would require that "exchanges" implement information security programs similar to those for the highest tier credit-card handling enterprises under PCI/DSS. Is it left less well-defined as to what regulations would fall upon organizations accepting Bitcoin (e.g. would campus organizations, centers and Labs which now state that they "Accept Bitcoin" be required to protect these transactions and virtual currency under PCI/DSS-like requirements?). http://www.workplaceprivacyreport.com/2014/08/articles/data-security/ny-department-of-financial-services-proposes-virtual-currency-rule/?utm_source=Jackson+Lewis+P.C.+-+Workplace+Privacy+Report&utm_campaign=41c71050b8-RSS_EMAIL_CAMPAIGN&utm_medium=email&utm_term=0_4a1c27c942-41c71050b8-70242157 http://www.workplaceprivacyreport.com/wp-content/uploads/sites/162/2014/08/pr1407171-vc.pdf
Current thread:
- New York State Department of Financial Services proposed rule on Virtual Currency. H Morrow Long (Aug 07)
- Re: New York State Department of Financial Services proposed rule on Virtual Currency. Leon DuPree (Aug 08)