In March 2025, Sam Altman — CEO of OpenAI and World Network — disclosed that World Network and Visa were in talks regarding a potential collaboration. If an agreement is reached, Visa card features will be added to the Worldcoin World Wallet. This would allow Worldcoin holders to perform stablecoin payments at merchant locations accepting Visa and would permit crypto/fiat exchanges and foreign exchange services.

The goal of this potential partnership would be to merge the traditional finance (TradFi) and Decentralized Finance (DeFi) spaces, creating a “mini bank account”. However, this proposed partnership also has potential security implications for the platforms and their users.

Worldcoin’s name comes from the fact that Altman’s goal is to create a global, blockchain-based identity and financial network. Users’ identities are verified using retina scans, which are taken when they register for an account using one of the project’s Orb scanners. A user’s World ID can be used to identify the user for various purposes, and the associated WLD cryptocurrency is intended to be used to provide universal basic income.

One of the limitations of Worldcoin is that it exists solely in the Web3 space without ties to TradFi infrastructure. This limits its potential applications since many merchants won’t accept crypto as a form of payment.

The proposed partnership with Visa helps to close this gap by giving Worldcoin users access to the Visa payment network. This would unlock access to over 130 million merchants, making the cryptocurrency a viable option for purchasing goods and services.

The proposed integration between the World Network and Visa platforms has several positive benefits for the Web3 industry. Allowing users to leverage Visa’s payment network expands the applications of the cryptocurrency and may bring new users into the space. However, this proposed partnership also comes with significant security considerations.

The potential partnership between Worldcoin and Visa requires integrating the two organizations’ platforms. If an agreement is made, features from Visa’s payment network will be built into the Worldcoin digital wallet.

As a result, both organizations’ digital attack surfaces will be expanded. For example, Visa’s risk exposure will not only include potential threats to its own systems but also those that target Worldcoin or the bridge between them to slip past its defenses.

History has demonstrated that these types of integrations are often a weak point and prime target in the blockchain space. Many of the most expensive DeFi hacks to date targeted cross-chain bridges. Those that weren’t — Bybit, DMM Bitcoin, WazirX, etc. — were mostly centralized exchanges, which isn’t dissimilar from what a Worldcoin/Visa partnership would create.

One of the defining features of Worldcoin is that it uses retina scans when creating user accounts. While this has potential benefits for enhancing authentication, it also carries significant data security and compliance risks. 

If the dataset of retina scans — which the platform needs to retain for authentication purposes — is exposed, there is no way for users to change their retinas. The existence of such a dataset is already a significant target for cybercriminals, and the proposed Visa integration is intended to onboard additional users onto the platform. This increases the value of the potential target and may put less technical users who are new to the space at risk.

Additionally, Worldcoin has already been sanctioned by the EU for improper collection of this data. If World Network refuses to delete retina data in accordance with the orders from EU regulators, this may negatively impact both organizations’ abilities to provide services in the EU, especially via Worldcoin.

Using retinas for identification is potentially good for KYC/AML compliance since it reduces the risk of potential fraud. However, the fact that Worldcoin has already engaged in practices that regulators find dubious indicates that a partnership may introduce more challenges for both companies as World Network becomes more integrated into the highly regulated TradFi space. 

Decentralization is one of the founding tenets of the blockchain space. Many of the most significant crypto hacks in history have targeted organizations with centralized control. Additionally, putting too much power in the hands of a single organization opens the door for potential abuses of this power.

The potential partnership between World Network and Visa is concerning from a centralization perspective since it involves combining the resources of two already powerful entities. World Network has collected a significant database of retina scans that can be used to identify individuals and track their activities on-chain. Visa has a massive payment network that the organizations are considering using to integrate the fiat and crypto spaces.

Combining these resources under the aegis of Tools for Humanity creates an extremely powerful entity bridging the two spaces. This partnership has the potential to create a monopoly in the space, with Visa’s power and first mover advantage allowing them to onboard users and block potential competitors.

Many of the security challenges and risks associated with the proposed Worldcoin Visa partnership are also applicable to other projects trying to bridge the gap between TradFi and DeFi. While other projects may not have the same data security and compliance risks associated with storing retina scan data, they do need to navigate the compliance requirements of the TradFi space and build bridges to securely interconnect systems and provide the necessary functionality.

History has shown that cross-platform integrations are a prime target for attack in the DeFi space, with small errors leading to high-value and damaging hacks. Minimizing a project’s risk exposure requires considering security early in the design process when there is ample opportunity to implement security best practices and identify and address potential vulnerabilities.

Halborn offers a range of security services, including advisory support throughout the Software Development Lifecycle (SDLC) to help projects bake security into their designs and comply with applicable laws and regulations. To find out how Halborn can help your project, get in touch.