-
Cryptocurrencies
-
Exchanges
-
Media
All languages
Cryptocurrencies
Exchanges
Media
Share
Author: Ishita Source: hazeflow Translation: Shan Oppa, Golden Finance
Encrypted payments cannot achieve absolute privacy. If most people use cryptocurrency to complete on-chain payments in the future, transaction information will inevitably not be made public, and this type of data will be easily traceable.
When users in the crypto community transfer money to each other and know each other's wallet addresses, they usually do not have privacy concerns. However, ordinary consumers do not want third parties to spy on their shopping details when making daily purchases.
People often say "I have nothing to hide", but there is a misunderstanding in this idea. The necessity of privacy protection is reflected precisely at the moment when people need to hide information. This does not mean engaging in illegal activities or deliberately concealing your activities. The core is to protect personal data and prevent your consumption records from being tracked by outsiders.
In an ideal on-chain world, all behaviors will generate transaction records, and consumption behavior is no exception. A transaction will not only retain the consumption facts, but also expose these key information:
Consumption amount
Trading hours
Identity of the transfer party
Payee identity
Compared with the specific goods purchased, a more serious hidden danger is the leakage of personal real-time location. Nowadays, crypto payments have not yet become popular, and kidnapping cases caused by holding cryptocurrency have occurred frequently. Once the personal identity and wallet address are linked and exposed, the holder will easily become a target of criminals.
The well-documented number of people murdered and tortured is as high as hundreds, and the number of uncounted victims is even thousands. The co-founder of Ledger Wallet and his wife were kidnapped from their home in France.
From the perspective of merchants, risks remain high.
Companies that have not been listed or completed an initial public offering are not required to disclose financial data to the outside world according to law, and naturally they are unwilling to disclose revenue, profits and expenses. The wallet address on the chain will expose information that far exceeds the total revenue. Each transaction details, operation time and purpose will be clearly visible.
This directly brings physical threats to merchants. Whether it is a small street shop or a variety of shops, as long as the wallet balance is publicly visible, merchants are more likely to become targets of criminal attacks.
Cryptocurrency payments have distinct pros and cons. On the one hand, it has a very low threshold and is easy to use. Both buyers and sellers can save handling fees. There is no intermediary agency to intercept it. Anyone can create a wallet to complete transfer transactions without permission.
On the other hand, transaction information is fully open and transparent, giving rise to new security attack avenues. The risk of personal infringement is far more deadly than cyber attacks.
If encrypted payments want to become a mainstream settlement method and rely on stablecoins and various tokens to achieve fast and permissionless transfers, privacy protection must be included as a core consideration.
If it is impossible to hide some transaction data, the universal popularity of encrypted payments will ultimately be just a fantasy.
Even if there are handling fees for traditional payments, the public still prefers to stick to the familiar payment system rather than switching to a new payment method with zero handling fees. Many people are willing to pay fees in exchange for higher privacy protection. Privacy issues are essentially related to personal safety, and their importance far exceeds privacy itself.
The transaction records between consumers and merchants are open to the public, and the current accounts of merchants and suppliers, tax agencies and partners are also confidential.
Once an enterprise's business is uploaded to the chain, its financial data will be available on the entire network. Although all industry competitors face the same level of information transparency, the hidden dangers cannot be ignored. Commercially sensitive information is leaked, long-term cooperative supply chains are exposed, and past business gains and losses of companies are also disclosed to the public without permission. The payment system should protect privacy by default, and companies should independently decide the scope of information disclosure, rather than forcing full transparency.
To avoid privacy leaks, users will use multiple wallet partitions, but the correlation between wallets is still easy to track. Various on-chain analysis tools can decipher complex wallet layouts and lock address relationships. Companies with huge revenue are capable of building complex wallet systems, but small and medium-sized merchants cannot afford the related costs.
The blockchain itself is permissionless and open, and every transaction generates massive amounts of traceable data.
Splitting multi-address transfers is a common privacy protection method. A set of mnemonic words can generate countless wallet addresses, and only the holder knows the address affiliation. However, with the help of on-chain analysis tools, transaction behavior characteristics can still connect scattered addresses, and the multi-address model cannot completely maintain the privacy boundary.

Encrypting bank cards has become one of the solutions to alleviate privacy issues. When consuming in offline stores, small transactions will not be directly recorded on the blockchain, and the platform will separately manage the assets on the chain and offline consumption funds.
For example, after an account is recharged with USD 200 and spent USD 2, the balance on the chain will not accurately display the remaining USD 198, and the book value will deviate from the actual balance of the wallet. After verifying the deposit address and wallet asset amount, you will find that the two data do not match.
The point-to-point direct transfer of the wallet only has pseudonymous attributes and is not a truly private transaction. The address can always be traced and bound to the real identity, and the transaction traces of users and merchants can be traced.
Overall, the higher the convenience of payment, the lower the privacy and security.
Some payment channels support encrypted settlement without identity authentication. For example, stablecoins can be used to purchase tickets on Ctrip without submitting passport documents. However, when purchasing tickets, you still need to fill in personal information such as name, nationality, and date of birth. Although there are no access restrictions in the transaction process, the user's identity can still be locked, and it is not a truly anonymous transaction.
Stripe Payment has recently launched stablecoin collection services to help merchants access the encrypted payment system. However, this model does not substantially improve merchant privacy, and transaction fees will still be charged, weakening the original advantages of encrypted payments. Compared with encrypted bank cards, it retrieves less user data, but it still fails to overcome the core privacy problem.
This also raises a key issue: a completely authentication-free and zero-data retention payment model does not exist, and transactions will inevitably retain some information. So under the compliance framework, how to define the minimum amount of data that needs to be collected?
The core dispute is not how much information needs to be collected to use cryptocurrency legally, but how to minimize the scope of data collection under the premise of compliance.
Grafting cryptocurrency into the traditional credit card payment system still cannot get rid of privacy flaws, and will also transmit more user data to card issuers. The vast majority of crypto bank cards on the market are issued by Ryan Card institutions, and the new assets are still paired with the old traditional capital flow structure.
Data collection is a practical problem that cannot be avoided. Even if users resist submitting personal information and companies are willing to comply with their demands, this business model will be difficult to maintain in the long term.
Some companies have launched authentication-free encrypted cards exclusively for corporate employees, claiming that company founders can issue cards for employees in batches without having to verify their identities one by one. Many platforms have taken advantage of this loophole to illegally issue so-called "employee cards" to ordinary users.
Such illegal cards are quickly banned and frozen by payment institutions. Encrypted bank cards on the market that claim to be completely free of identity verification are basically illegal and fraudulent projects.
Many advocates of extreme decentralization advocate the complete abandonment of the centralized model and unilaterally believe that the centralized mechanism has inherent disadvantages. However, this view does not apply to the field of encryption privacy. Simply decentralizing the existing financial system cannot fundamentally solve the problem.
The root cause of transaction data leakage is that financial intermediaries independently analyze and retain transaction details. A large amount of information is repeatedly retrieved and verified, which is also an inherent design for the smooth progress of the transaction process.
The core role of the payment network is only to transmit information, while financial institutions are responsible for controlling transaction risks for buyers and sellers. The legal validity of funds and transactions needs to be verified by the entire network, which is also a shortcoming of the traditional financial system.
The Flexa team referred to the Bank Secrecy Act, the Anti-Drug Abuse Act and the Patriot Act to sort out the minimum data collection standards for global compliance transactions:
With a weekly consumption limit of US$750, you only need to register your email address, name, and date of birth to complete the transaction
No need to fill in mobile phone number, social security number and shipping billing address
US$750 per week is equivalent to US$3,000 per month, which is enough to cover daily basic living expenses (excluding rent). The data collected by most payment platforms, banks and even encrypted bank cards far exceeds the compliance bottom line, and the monthly consumption of ordinary users will basically not exceed US$3,000. Flexa conforms backwards to compliance rules and compresses data collection to legal minimum standards.
Consumption above the limit requires a complete identity verification. Global car purchase transactions require the presentation of valid documents, and the payment method does not change the rigid requirements for identity verification.
For merchants, the platform will strictly implement identity verification, overseas asset control and sanctions list screening to avoid compliance risks from the source. The platform only retains the necessary information required by law and uses this as a basis to expand various payment functions.
In the transaction settlement process, the Ampere Token pledged by the asset guarantee pool is the core guarantee. Mortgage assets can provide security for transactions. Buyers and sellers do not need to wait for the final confirmation of the block on the chain to complete settlement. The platform guarantees the payee's income and the payer's fund performance in advance.

The asset mortgage mechanism also simplifies the identity verification process. Since each transaction is fully guaranteed by the locked Ampere Pass, there is no need to use traditional credit card billing address verification, credit assessment, biometric behavioral identification and other identity credit methods.
Identity verification and risk control screening are completed at the network and trading platform levels. User information is no longer retrieved during offline consumption. Personal data is only kept by Flexa and its partner trading institutions and will not be transferred or leaked among multiple intermediaries.
Mortgage assets replace personal identities and become transaction trust certificates. Ampere Token can realize decentralized mortgage distribution. After the assets are locked on the chain before the transaction, the merchant does not need to know the payer information, and only needs to confirm that the transaction funds are fully guaranteed.
This mechanism reduces the need for companies to retrieve personal information from the source. Blockchain technology supports nodes to independently verify transaction status, reducing verification costs and effectively curbing fraud and other irregularities. Blockchain technology alone cannot guarantee privacy, but relying on the underlying architecture of the blockchain and superimposing the asset mortgage mechanism, a privacy protection system can be built.

Consumer funds are first transferred to the transaction transfer address and are not directly connected to the merchant account. The merchant funds are settled separately. The rules of the Ampere Token smart contract are fixed and cannot be tampered with, and the asset custodian can only perform entrusted management operations.
The payment model with front-end asset mortgage ensures transaction security without collecting users’ personal information, and there is no need to track the whereabouts and equipment usage habits to determine the validity of the transaction.
Even if asset mortgage is introduced, the payer can still be traced and locked through transaction amount and timestamp comparison. Flexa uses technical design to eliminate transaction related traceability issues.
Merchant cannot judge transactions in different time periods as the same user operation, and there is no fixed mark that can be used for identification throughout the transaction. Each consumption is an independent single record, and merchants cannot obtain related information such as general pass, card number, and wallet address.
When the platform expands its online consumer business, it will continue to use this privacy protection architecture. Flexa Payment integrates blockchain security features and Ampere Token mortgage guarantee, taking into account transaction finality and privacy security.
Users can freely choose the payment currency, and merchants can also receive the corresponding settlement currency on demand. The mortgage mechanism ensures that transactions are received immediately and contract performance is worry-free.
The current payment system is dominated by card issuers. Banks and card organizations control transaction links, infrastructure, identity systems and customer resources. Merchants only serve as transaction terminal nodes.
Physical bank cards will eventually be eliminated, and encrypted wallets can better undertake payment functions with their lightweight architecture.
Fraud risks, information monitoring, data leaks, privacy theft and other common problems in the payment industry are all based on the use of personal data as the basis for transaction security. As long as this logic remains unchanged, privacy cannot become a standard feature.
The Cypherpunk Manifesto proposed decades ago that privacy needs to be protected by a dedicated system, which is also a core element missing in the current payment field. Only by reconstructing the system from scratch can we truly realize private payments.
The industry structure will gradually shift from being dominated by card issuers to being dominated by merchants. The right to speak will be transferred from banks, which control card issuance business and customer resources, to merchants, who independently control the payment experience.