Are High-Security Checks Worth It?

by Christian Berecz
At SEON, we’re long-term cryptocurrency believers. This is why it pains us so much to see that our favorite platforms are constantly under attack from fraudsters.
So we wanted to put together some ideas on how you can reduce crypto fraud at your company, especially by focusing on a transaction and user identification security.
It’s been an up and down journey to date but it finally seems like crypto adoption is serious and the alternative payment method is here to stay but any new technology brings a level of risk and teething issues; crypto is no different.
Action Fraud, the UK’s national reporting center for fraud and cybercrime, saw cryptocurrency fraud reports increase by 116% between June 2020 and June 2021.
From market manipulation techniques such as pump-and-dumps to imposter websites and mining scams, since crypto transactions are irrevisable the chances of recovering any losses due to fraud are next to minimal.
The attractive nature of “getting rich quick” often creates a more pressured environment for investors, therefore people are acting more on impulse and not performing the right due diligence checks.
SEON itself was created after Tamas + Bence launched a crypto exchange that was attacked by cybercriminals!
Since cryptocurrency and blockchain are both new technologies, there are a variety of routes for fraudsters to initiate a form of cryptocurrency scam or conduct money laundering.
Some of the ways cybercriminals conduct cryptocurrency fraud include:
There are a bunch of ways fraud can take place within the crypto space from scam ICOs, pump and dumps as well as market manipulation.
More specifically, crypto exchange fraud counts every attack designed to extort value from a cryptocurrency exchange through illegal means.
Most of the attacks happen when buying crypto, where fraudsters use stolen credit cards for payment and fake IDs to bypass the KYC checks.
According to the Better Business Bureau, cryptocurrency fraud scams are the second-worst for businesses in North America, averaging $300 in losses for customers. (And if you’re curious, fake job posts topped the list.)
32% of these scams involved the trade of cryptocurrencies for goods, services, or fiat currency. Meanwhile, 23.4 % had to do with the purchase of digital assets as purported investment opportunities.
Crypto exchange fraud happens mostly at the stage where fiat is converted to crypto. Fraudsters use stolen credit card numbers to purchase cryptocurrencies, which triggers chargeback requests from the legitimate cardholer.
There is also the key issue of compliance for KYC and AML checks (Know Your Customer and Anti Money-Laundering). As crypto exchanges become increasingly regulated, fraudsters use stolen and fake IDs to bypass the checks in order to register to the platforms.
SEON’s anti-fraud tools are designed to detect suspicious usage and uncover hidden fraudsters
Book a Demo
Cryptocurrencies are some of the most attractive assets for fraudsters due to their nature:
So as we’ve seen, these coins trading places are inherently risky for consumers. But coin trading platforms have their own set of challenges, as it’s their job to:
Starting with the last point, storage, it’s easy to see why anyone with bad intentions would want to get in. Like online banks and loan providers, exchanges are highly targeted by fraud criminals because they are the fastest way to access what is essentially digital cash.
And the consequences of allowing bad users into your site, either as users or through backdoor hacking, can be disastrous. Just remember what bad security could do, as seen with the famous Mt. Gox incident, when the biggest exchange in the world at the time filed for bankruptcy after $473M worth of bitcoin was allegedly stolen by hackers.
Cryptocurrency exchanges must be able to receive payments safely and fast, and without much support from acquirers. Strict rules set by MasterCard and Visa (who might rightly see cryptos as direct competitors) mean only a few acquirers can actually work with exchanges.
In fact, the MCC (merchant classification codes) aren’t allowed by most acquirers. Those who still rely on them are essentially working without a safety net. They could lose their licenses for processing cards at any second, which doesn’t help grow a business with complete peace of mind.
This opens the door to transaction fraud, where a stolen credit card number is used to purchase crypto, which in turn means higher chargeback rates.
All of the above means that exchanges do not benefit from any support when criminals are involved and the cardholders request chargebacks. This makes it even harder for exchanges to deal with fraudsters than traditional retailers, as they don’t have an official way to challenge the chargeback disputes.
For users, the answer is always to check the platform’s history. Maturity is important, and so is a history of hacking and data breaches. However, even the most secure cryptocurrency exchanges can’t protect users from phishing and social engineering attacks, so it pays to be smart about your login and authentication details.
In terms of safety of use, all major platforms offer a secure process of KYC for cryptocurrencies, and since data cannot be altered or removed on blockchain as all transactions are on public record which makes money laundering somewhat difficult.
Since crypto remains relatively unregulated, there is an argument that no exchange is “safe” however like any other investment, people should only get involved with the understanding their capital is at risk.
Arguably the safest exchange title could be given to Coinbase, one of the largest exchanges globally and is at least somewhat regulated in all the markets it operates in.
However it is worth noting that for example in the UK Coinbase complies with the FCA’s eMoney license, which is nothing directly linked to crypto regulation, more so focused on the fiat transactions.
While the crypto landscape is constantly changing, at the time of writing the most popular crypto exchanges according to CoinMarketCap, are:
As we’ve seen, two key strategies to protect crypto exchanges involve focusing on payments, and ID verification.
While certain trading platforms partner with third-party solutions to take care of the fiat > coin problem, an easier solution for exchanges is to accept payments via bank transfer. They are sometimes reversible, and cheaper to process than card payments.
However, this can also be problematic since transfers for trade can take days. The volatility of cryptocurrency prices means people want to buy (or sell) in real-time, at the current market rate.
So exchanges often find themselves hacking solutions to accept payments legally. In the US, for instance, Coinbase lets users pay by using Plaid, the fintech that powers Venmo.
There are a couple of caveats with that method, however. Firstly, Plaid was recently acquired by Visa, which means it could become difficult for a bitcoin platform to keep using it.
Secondly, there are a number of privacy issues, as you essentially connect your bank account by giving Plaid or Trustly your login details, and they then issue a transfer on your behalf for the trade. The fintech harvests your past bank data, de-identifies it, and shares it with other companies, which some users weren’t too happy about when they looked at the terms.
One silver lining: it is possible that the PSD2 directive, designed in part to allow direct payments users and companies, could cut out the middle man. It could allow users to transfer funds directly to exchanges faster, and more safely thanks to SCA, or strong customer authentication methods, possibly with lower fees.
In the meantime, it is worth looking at as many possible payment methods as possible, and weighing the pros and cons of each.
Onboarding the wrong users is often what creates trouble down the line. If you can stop fraudsters from signing up, you are essentially protecting yourself in the long-run.
But there are a few more challenges here:
This is why certain exchanges tend to make it easy to sign up, but it’s harder to buy and transfer your coins. Coinbase, for instance, does require ID verification to withdraw funds, which they claim makes them one of the more trustworthy platforms.
At this stage, it’s also worth looking at the example of Revolut, the UK challenger bank. Their platform does allow you to purchase cryptocurrencies, but after ongoing a strong authentication process to create your initial account.
They is to create an invisible layer of security, which helps you mitigate risk without affecting user experience. Here is how it works with SEON:
Data enrichment is the process of getting more info about your users, without asking them for it. We have a full guide on data enrichment here, but the key takeaway is that you can use the digital footprint to answer dozens of questions, such as:
At SEON, we provide data enrichment through various modules, which you can enable and disable at will. these include:
In short, by using data enrichment, you can start getting a full picture of who users are – as soon as they land on your cryptocurrency exchange website. Only those who appear risky have to go through further authentication like ID check or selfie verification, which can be reviewed manually.
The key to good crypto exchange fraud software is that it should help you improve security, while respecting cryptocurrency believers’ ideals of anonymity.
By relying mostly on users’ digital footprint and data enrichment to gauge risk, you can prevent fraudsters from entering your exchange, and monitor and prevent their operations at key points like transaction and withdrawal
In short, you can enable real-time, frictionless fraud prevention at any touchpoint with your users, to ensure your crypto exchange grows safely, and without wasting resources on kicking fraudsters out.
SEON offers a complete set of fraud fighting tools that grow with your business
Book a Demo
This comes to due diligence. Some signs of potential fraud include; promises of very high/guaranteed returns, vague founding team members and no official published code without explanation.
No. Cryptocurrency payments are irreversible by nature.
Crypto-related fraud is prevalent, but not token-specific. Most fraud cases happen when users are scammed, either by sending their crypto to the wrong place, via phishing attempts, or simply by being stolen.
You might also be interested in reading about:
Learn more about:
Browser Fingerprinting | Device Fingerprinting | Fraud Detection API | Fraud Detection with Machine Learning & AI
Sources used for this article:
Showing all with `` tag
Click here
Christian is the Business Development Manager of SEON, and the first point of contact for clients who need to solve challenges associated with fraud.
The top stories of the month delivered straight to your inbox