A deep dive into the problem of fraud for crypto exchanges – and of course, the solutions needed to reduce it.
At SEON, we’re long-term cryptocurrency believers. This is why it pains us so much to see that our favourite exchanges are constantly under attack from fraudsters.
So I thought I’d put together some ideas on how you can reduce cryptocurrency fraud at your exchange, especially by focusing on data enrichment and chargeback prevention.
But before I get ahead of myself, let’s start with the basics:
The Inherent Risks of Working With Crypto
According to the Better Business Bureau, crypto fraud scams are the second worst for businesses in North America, averaging $300 in losses for customers. (And if you’re curious, fake job posts topped the list.)
Now 32% of these scams involved the exchange of cryptocurrencies for goods, services or fiat currency. Meanwhile, 23.4 % had to do with the purchase of digital assets as purported investment opportunities.
In short: people get defrauded a lot when buying bitcoin.
And this has everything to do with the nature of these digital assets:
- Digitized: these coins are entirely digital so fraudsters only need a computer and Internet access to break into wallets and exchanges, either through hacking, phishing, or preinstalled malware.
- Decentralized: nobody controls cryptocurrencies, which means nobody wants responsibility when fraud happens. This makes it harder to enter a legal battle.
- Irreversible: A BTC or ETH transaction, for instance, can never be reversed. Fraudsters have zero incentives to refund anyone once they get paid.
- Anonymous / Pseudonymous: Unlike bank accounts, you don’t need personal data to receive crypto. Coins can be tracked, but fraudsters, tax evaders and money launderers still create multiple wallets, or use tumblers to muddy up their trail.
- Complex: Cryptocurrencies are hard to understand, and tend to attract get-rich-quick scams. This opens the door to scams like fake coins, fake exchanges, and Ponzi schemes.
- Volatile: not necessarily a magnet for crypto fraud, but it is a challenge, as users want to buy and sell as fast as possible.
Why Exchanges Are Under Attack
So as we’ve seen, crypto is inherently risky for consumers. But crypto exchanges have their own set of challenges, as it’s their job to:
- Onboard users safely
- Process fiat payments to buy crypto
- Secure storage and transactions
Starting with the last point, crypto storage, it’s easy to see why anyone with bad intentions would want to get in. Like online banks and loan providers, exchanges are highly targeted by crypto fraud criminals because they are the fastest way to access what is essentially digital cash.
And the consequences of allowing bad users into your exchange, either as users or through backdoor hacking, can be disastrous. Just remember what bad security could do, as seen with the famous Mt. Gox incident, when the biggest exchange in the world at the time filed for bankruptcy after $473M worth of bitcoin were allegedly stolen by hackers.
The Challenges of Fiat > Crypto Conversion
The second job of these trading platforms is even more challenging. They must be able to receive payments, safely and fast, and without much support from acquirers.
Strict rules set by MasterCard and Visa (who might rightly see cryptos as direct competitors) mean only a few acquirers can actually work with exchanges.
In fact, the MCC (merchant classification codes) for crypto aren’t allowed by most acquirers. The exchanges who still rely on them are essentially working without a safety net. They could lose their licenses for processing cards at any second, which doesn’t help grow a business with complete peace of mind.
And of course, it means zero support when criminals are involved, and the cardholders request chargebacks. This makes it even harder for crypto exchanges to deal with fraudsters than traditional retailers.
Going Around Acquirer Restrictions
While certain trading platforms partner with third-party solutions to take care of the fiat > crypto problem, an easier solution for exchanges is to accept payments via bank transfer. They are sometimes reversible, and cheaper to process than card payments.
However, this can be problematic since transfers for trade can take days. The volatility of crypto prices means people want to buy (or sell) in real-time, at the current market rate.
So exchanges often find themselves hacking solutions to accept payments legally. In the US, for instance, Coinbase lets users pay by using Plaid, the fintech that powers Venmo.
There are a couple of caveats with that method, however. Firstly, Plaid was recently acquired by Visa, which means it could become difficult for a bitcoin platform to keep using it.
Secondly, there are a number of privacy issues, as you essentially connect your bank account by giving Plaid or Trustly your login details, and they then issue a transfer on your behalf for the trade. The fintech harvests your past bank data, de-identifies it, and shares it with other companies, which some users weren’t too happy about when they looked at the terms.
One silver lining: it is possible that the PSD2 directive, designed in part to allow direct payments users and companies, could cut out the middle man. It could allow users to transfer funds directly to exchanges faster, and more safely thanks to SCA, or strong customer authentication methods, possibly with lower fees.
Balancing Anonymity and Security
Now let’s circle back to the first thing exchanges have to do: onboarding users. As we’ve seen by now, it could be the start of all your crypto fraud troubles. If you can stop fraudsters from signing up, you are essentially protecting yourself in the long-run.
But there are a few more challenges here:
- Crypto users don’t like giving away personal data: it goes against the principles of crypto, both for anonymity and decentralization
- Too much friction sends users to the competition: the more security hurdles you create for fraudsters, the more likely you are to turn away legitimate users who become frustrated with the signup process.
This is why certain exchanges tend to make it easy to sign up, but it’s harder to buy and transfer your coins. Coinbase, for instance, does require ID verification to withdraw funds, which they claim makes them one of the more trustworthy platforms.
At this stage, it’s also worth looking at the example of Revolut, the UK challenger bank. Their platform does allow you to purchase cryptocurrencies, but after ongoing a strong authentication process to create your initial account.
Dynamic Friction to The Rescue
So after highlighting all the challenges faced by crypto exchanges, what is the solution? Well, I believe it’s all about dynamic friction.
Essentially, this is an invisible layer of security, which helps you mitigate risk without affecting user experience. Here is how it works with our Sense platform:
The data enrichment part might need some explanation. We have full guide on data enrichment here, but the key takeaway is that you can use digital footprint to answer dozens of questions, such as:
- Is the user really in the location they say they are?
- Are they using emulators, VPNs or other suspicious methods for accessing the site that points t to crypto fraud?
- Does the email address use a disposable domain? Is it new?
- Has the user got social media accounts? Do they seem real?
- And a lot more…
In short, by using data enrichment, you can start getting a full picture of who users are – as soon as they land on your crypto exchange website. Only those who appear risky have to go through further authentication like ID check or selfie verification, which can be reviewed manually.
Zero Chargebacks and Crypto Fraud, Better Business
Your first goal might be to reduce the prohibitive costs of chargebacks for your crypto exchange. And I hope by now you’ve got a better idea of how a combination of data enrichment and dynamic friction can help you grow more safely by only onboarding the right users.
Best of all, you are using processes which meet crypto believers’ ideals of anonymity, by relying mostly on their digital footprint.
But there’s more: you can also use our data enrichment and fraud prevention tool when users login, deposit, or withdraw funds. This adds the same level of security to block fraudsters who somehow managed to onboard, or took over a real user’s login details via ATO (account takeover).
You get to stop them from entering your exchange, or monitor and prevent their operations at key points like transaction and withdrawal, to make sure they never burden you with chargeback charges.
In short, you can enable real-time, frictionless fraud prevention at any touchpoint with your users, to ensure your crypto exchange grows safely, and without wasting resources on kicking fraudsters out.