How to Prevent Cryptocurrency Account Takeover

by PJ Rohall
Digital onboarding is one of the most important touchpoints for banks. Neobanks are largely responsible for the high numbers of digital onboardings, with user penetration predicted to hit 4.1% by 2026 – which means 318.72 million online bank users.
Let’s see how fraudsters complete the process so you can set up the right defenses.
In banking, digital onboarding is an automated process that gives customers access to financial products and services. This may include opening a bank account, taking out a loan, or simply creating an account with a digital bank or neobank.
The reason it is separate from the traditional onboarding process is that digital onboarding is done solely online. It is designed to be fast, frictionless, easy to do, and secure – but normally still needs to comply with the same laws and regulations that apply offline.
Digital onboarding is the decisive moment when a bank accepts a new customer. Unfortunately, not all of these individuals have the best intentions at heart. Fraudsters, cybercriminals, and other bad actors have every incentive to open fraudulent bank accounts online, aiming to launder money, take loans they won’t repay, or fund illicit activities.
To make matters worse, every failure to prevent bad customers from opening bank accounts is also a compliance risk. The banking sector has always been under heavy scrutiny from government agencies which impose strict KYC and AML due diligence checks and punish those organizations that don’t adhere to them.
This creates a double bind for banks and neobanks: On the one hand, they want to grow their customer base as quickly as possible, offering the most pleasant and smooth onboarding journey. On the other, being too lax at the onboarding stage will open the door to fraud, fines, and a damaged business reputation.
See how SEON’s data enrichment can elevate your digital onboarding to a frictionless tool to keep safe, streamline KYC, and better understand your customers to boost your growth.
Book a Demo
Compared to traditional customer account creation in a brick-and-mortar bank, online-only digital onboarding has both pros and cons.
In the pros section, you will find that digital onboarding can be faster, cheaper, and better at scaling. You can automate most of the processes with very little need for human intervention, which is why neobanks and challenger banks have built their entire business model on the practice.
It’s also much more convenient for customers – especially younger ones who grew up in the always-on economy. The lack of friction and 24/7 availability has proven to be a hit with Gen Z and millennials who eschew traditional banks for leaders like Monzo, Revolut, or Wise.
All of the above has inspired traditional banks to follow suit and increasingly move their operations online.
Downsides to digital onboarding include having to create an audit trail, ensuring your tech infrastructure is robust enough, and reconsidering your risk strategy – the latter of which we’ll cover below.
When it comes to banking digital onboarding, risk can be expressed by asking the following questions:
The first two questions are essentially what your KYC verification checks should answer. Because it is mandatory in banking, there is no avoiding these standard address and ID verification checks that must take place at the onboarding stage.
However, the third question, on whether this person has good intentions, is less tangible. It is very hard to prove bad intent, but you may still be able to measure risk using the following solutions:
The challenge is to gather as much data as possible to make an informed decision on the risk profile of the individual, without adding so much friction that the user wants to abandon the onboarding. The above solutions will allow you to do this, so let’s look at exactly how.
Of course, the efficacy of your risk prevention strategy at the onboarding stage is heavily reliant on the quality of your risk rules. Let’s look at concrete examples below.
In our day and age, it’s becoming increasingly rare to deal with people who have no social data. From GitHub to Airbnb or LinkedIn accounts, the sheer breadth and variety of online services that are considered social signals means that it’s unlikely your customer has never registered for any of them.
Would no social media presence mean they are a fraudster? Not always, of course. But an absence of online accounts also correlates to how fraudsters create online bank accounts: They find stolen IDs, create temporary email addresses, and don’t have the time to build a full online social identity.
Therefore, by looking at these data points in combination with more information, you can reach better conclusions. Uniquely in fraud prevention, SEON’s data enrichment modules check email addresses and phone numbers against 50+ social media platforms and online services to give you clarity on which users are provably legitimate customers – and which appear suspicious.
Learning how users connect to your banking platform is a great way to gauge what they want from you. Browser data can be so varied from one person to the next that it can effectively become a personal identifier.
This is useful to protect customer accounts from account takeovers, but also to understand if someone is trying to hide their data using one of the following browsers or emulators, for instance:
How can you know?
Many privacy-focused tools are well-known to fraud protection companies, and their technical specifications will be recognized instantly. This, combined with other useful browser information (age, cookies enabled or not, etc.) can help you calculate a risk score.
While such findings don’t necessarily mean that your customer is a criminal, you should have reasonable doubt to increase your suspicions.
On SEON’s platform, this will be reflected in a higher risk score, which can then automatically reject the application or send it for manual review.
The screenshot above shows the part of the platform where each user can set their own risk score, according to their appetite.
In this particular case, an account opening with a score of 10-30 is automatically allowed (green area). 30-50 is sent for manual review (orange area), and 50+ is automatically declined (red area).
We’ve looked at hidden customer data (social signals) and technical data (browser information). But the connection itself may also reveal important clues following an IP lookup.
Put simply, it’s about getting as much information as possible based on an IP address, a data point every user will have at the onboarding stage.
Firstly, you can use it for your KYC and AML checks, to ensure the customer is in the right location.
Suspicions may arise if:
The reason the latter point is particularly worrisome is that this is exactly what fraudsters do to open bank accounts with stolen IDs.
They create as many profiles as possible and rely on tools such as VPNs or proxies to change their connection details with each onboarding attempt, in order to make it look more legitimate, as well as to appear to be different people each time.
Here again, common sense applies. While a VPN may appear suspicious, it could also point to a customer who is legitimately concerned about data privacy. The key is to have the information at your disposal, so that you may choose your next onboarding step armed with more intelligence. For example, you can elect to ask them for additional information, thus applying dynamic friction to their user onboarding journey.
SEON is a full end-to-end fraud prevention system favored by neobanking leaders such as Revolut and Wise. Our frictionless integration is a perfect match for banking companies who need:
All of the above are available via easy-to-integrate modules, and complete pricing flexibility.
Partner with SEON to reduce fraud rates in your business with real-time data enrichment, machine learning, and advanced APIs.
Book a Demo
Sources
Showing all with `` tag
Click here
The top stories of the month delivered straight to your inbox