At SEON, we’re long-term cryptocurrency believers. This is why it pains us so much to see that our favorite platforms are constantly under attack from fraudsters.
So we wanted to put together some ideas on how you can reduce cryptocurrency fraud at your company, especially by focusing on transaction and user identification security.
Table of contents
- What is Cryptocurrency Exchange Fraud?
- How Crypto Exchange Fraud Works?
- The Inherent Risks of Working With Cryptocurrency
- Why Are Crypto Exchanges Are Under Attack?
- Crypto Exchanges and Chargeback Fraud
- Are Crypto Exchanges Safe?
- Most Popular Secure Crypto Exchange Sites
- 3 Ways to Protect Your Crypto Exchange from Fraud
- Cypto Exchange Fraud Software Solutions
- FAQ About Crypto Exchange Fraud Detection
What is Cryptocurrency Exchange Fraud?
Crypto exchange fraud counts every attack designed to extort value from a cryptocurrency exchange through illegal means. Most of the attacks happen when buying crypto, where fraudsters use stolen credit cards for payment and fake IDs to bypass the KYC checks.
According to the Better Business Bureau, cryptocurrency fraud scams are the second-worst for businesses in North America, averaging $300 in losses for customers. (And if you’re curious, fake job posts topped the list.) 32% of these scams involved the trade of cryptocurrencies for goods, services or fiat currency. Meanwhile, 23.4 % had to do with the purchase of digital assets as purported investment opportunities.
How Crypto Exchange Fraud Works?
Crypto exchange fraud happens mostly at the stage where fiat is converted to crypto. Fraudsters use stolen credit card numbers to purchase cryptocurrencies, which triggers chargeback requests from the legitimate cardholer.
There is also the key issue of compliance for KYC and AML checks (Know Your Customer and Anti Money-Laundering). As crypto exchanges become increasingly regulated, fraudsters use stolen and fake IDs to bypass the checks in order to register to the platforms.
The Inherent Risks of Working With Cryptocurrency
Cryptocurrencies are some of the most attractive assets for fraudsters due to their nature:
- Digitized: these coins are entirely digital so fraudsters only need a computer and Internet access to break into wallets and platforms, either through hacking, phishing, or preinstalled malware.
- Decentralized: nobody controls cryptocurrencies, which means nobody wants responsibility when fraud happens. This makes it harder to enter a legal battle.
- Irreversible: A BTC or ETH transaction, for instance, can never be reversed. Fraudsters have zero incentives to refund anyone once they get paid.
- Anonymous / Pseudonymous: Unlike bank accounts, you don’t need personal data to receive crypto. Coins can be tracked, but fraudsters, tax evaders and money launderers still create multiple wallets or use tumblers to muddy up their trail.
- Complex: Cryptocurrencies are hard to understand, and tend to attract get-rich-quick scams. This opens the door to scams like fake coins, fake trading platforms, and Ponzi schemes.
- Volatile: not necessarily a magnet for cryptocurrency fraud, but it is a challenge, as users want to buy and sell as fast as possible.
Why Are Crypto Exchanges Are Under Attack?Like online banks and loan providers, exchanges are highly targeted by fraud criminals because they are the fastest way to access what is essentially digital cash. Click To Tweet
So as we’ve seen, these coins trading places are inherently risky for consumers. But coin trading platforms have their own set of challenges, as it’s their job to:
- Onboard users safely
- Process fiat payments to buy crypto
- Secure storage and transactions
Starting with the last point, storage, it’s easy to see why anyone with bad intentions would want to get in. Like online banks and loan providers, exchanges are highly targeted by fraud criminals because they are the fastest way to access what is essentially digital cash.
And the consequences of allowing bad users into your site, either as users or through backdoor hacking, can be disastrous. Just remember what bad security could do, as seen with the famous Mt. Gox incident, when the biggest exchange in the world at the time filed for bankruptcy after $473M worth of bitcoin was allegedly stolen by hackers.
Crypto Exchanges and Chargeback Fraud
Cryptocurrency exchanges must be able to receive payments safely and fast, and without much support from acquirers. Strict rules set by MasterCard and Visa (who might rightly see cryptos as direct competitors) mean only a few acquirers can actually work with exchanges.
In fact, the MCC (merchant classification codes) aren’t allowed by most acquirers. Those who still rely on them are essentially working without a safety net. They could lose their licenses for processing cards at any second, which doesn’t help grow a business with complete peace of mind.
This opens the door to transaction fraud, where a stolen credit card number is used to purchase crypto, which in turn means higher chargeback rates.
All of the above means that exchanges do not benefit from any support when criminals are involved and the cardholders request chargebacks. This makes it even harder for exchanges to deal with fraudsters than traditional retailers, as they don’t have an official way to challenge the chargeback disputes.
Are Crypto Exchanges Safe?
For users, the answer is always to check the platform’s history. Maturity is important, and so is a history of hacking and data breaches. However, even the most secure cryptocurrency exchanges can’t protect users from phishing and social engineering, so it pays to be smart about your login and authentication details.
Most Popular Secure Crypto Exchange Sites
While the crypto landscape is constantly changing, at the time of writing the most popular crypto exchanges according to CoinMarketCap, are:
- Binance: founded in 2017 by Changing Zhao, a high-frequency trading software developer, Binance is now the largest exchange in the world in terms of trading volume. Its daily volume averages $30B.
- Coinbase: founded in 2012, Coinbase Global, simply known as Coinbase, is registered in America, but a fully remote operation. It is the most popular exchange in the US, with a global trading volume of $6.8B per day.
- Huobi: originally founded in China, Huobi is a key player in the APAC region with offices in Hong Kong, South Korea and Japan, but also the United States. It allows more than $6B to be traded on its platform daily.
- FTX: FTX Exchange is a cryptocurrency exchange that specialises in derivatives and leveraged products. It was founded in 2018 by former ETF trader Sam Bankman-Fried, and provides over 100 trading pairs.
- KuCoin: launched in September 2017, KuCOIN has grown into leading global crypto exchange, offering 400+ digital assets to 8M+ users.
3 Ways to Protect Your Crypto Exchange from Fraud
As we’ve seen, two key strategies to protect crypto exchanges involve focusing on payments, and ID verification.
Consider Alternative Payment Methods
While certain trading platforms partner with third-party solutions to take care of the fiat > coin problem, an easier solution for exchanges is to accept payments via bank transfer. They are sometimes reversible, and cheaper to process than card payments.
However, this can also be problematic since transfers for trade can take days. The volatility of cryptocurrency prices means people want to buy (or sell) in real-time, at the current market rate.
So exchanges often find themselves hacking solutions to accept payments legally. In the US, for instance, Coinbase lets users pay by using Plaid, the fintech that powers Venmo.
There are a couple of caveats with that method, however. Firstly, Plaid was recently acquired by Visa, which means it could become difficult for a bitcoin platform to keep using it.
Secondly, there are a number of privacy issues, as you essentially connect your bank account by giving Plaid or Trustly your login details, and they then issue a transfer on your behalf for the trade. The fintech harvests your past bank data, de-identifies it, and shares it with other companies, which some users weren’t too happy about when they looked at the terms.
One silver lining: it is possible that the PSD2 directive, designed in part to allow direct payments users and companies, could cut out the middle man. It could allow users to transfer funds directly to exchanges faster, and more safely thanks to SCA, or strong customer authentication methods, possibly with lower fees.
In the meantime, it is worth looking at as many possible payment methods as possible, and weighing the pros and cons of each.
Improve ID-Proofing Without Adding Friction
Onboarding the wrong users is often what creates trouble down the line. If you can stop fraudsters from signing up, you are essentially protecting yourself in the long-run.
But there are a few more challenges here:
- Crypto users don’t like giving away personal data: it goes against the principles of crypto, both for anonymity and decentralization
- Too much friction sends users to the competition: the more security hurdles you create for fraudsters, the more likely you are to turn away legitimate users who become frustrated with the signup process.
This is why certain exchanges tend to make it easy to sign up, but it’s harder to buy and transfer your coins. Coinbase, for instance, does require ID verification to withdraw funds, which they claim makes them one of the more trustworthy platforms.
At this stage, it’s also worth looking at the example of Revolut, the UK challenger bank. Their platform does allow you to purchase cryptocurrencies, but after ongoing a strong authentication process to create your initial account.
They is to create an invisible layer of security, which helps you mitigate risk without affecting user experience. Here is how it works with SEON:
Deploy Data Enrichment Tools
Data enrichment is the process of getting more info about your users, without asking them for it. We have a full guide on data enrichment here, but the key takeaway is that you can use the digital footprint to answer dozens of questions, such as:
- Is the user really in the location they say they are?
- Are they using emulators, VPNs or other suspicious methods for accessing the site that points t to crypto fraud?
- Does the email address use a disposable domain? Is it new?
- Has the user got social media accounts? Do they seem real?
- And a lot more…
At SEON, we provide data enrichment through various modules, which you can enable and disable at will. these include:
- Reverse email lookup: a powerful way to build a risk profile based on an email address only.
- Reverse phone lookup: a tool designed to not only verify if a number is legit or not, but also gather information about connected social media profiles, eSIMs and more.
- Reverse social media lookup: knowing if your customers have social media profiles can greatly help your manual review process, especially for KYC checks.
- Device fingerprinting: this tool allows you to understand how users connect to your platform, so that you may identify risky VPNS, proxies, and spot account takeover attempts.
In short, by using data enrichment, you can start getting a full picture of who users are – as soon as they land on your cryptocurrency exchange website. Only those who appear risky have to go through further authentication like ID check or selfie verification, which can be reviewed manually.
Cypto Exchange Fraud Software Solutions
The key to good crypto exchange fraud software is that it should help you improve security, while respecting cryptocurrency believers’ ideals of anonymity.
By relying mostly on users’ digital footprint and data enrichment to gauge risk, you can prevent fraudsters from entering your exchange, and monitor and prevent their operations at key points like transaction and withdrawal
In short, you can enable real-time, frictionless fraud prevention at any touchpoint with your users, to ensure your crypto exchange grows safely, and without wasting resources on kicking fraudsters out.
You might also be interested in reading about:
FAQ About Crypto Exchange Fraud Detection
No. Cryptocurrency payments are irreversible by nature.
Crypto-related fraud is prevalent, but not token-specific. Most fraud cases happen when users are scammed, either by sending their crypto to the wrong place, via phishing attempts, or simply by being stolen.
Learn more about:
Sources used for this article:
See a live demo of our product
Business Development Manager
Christian is the Business Development Manager of SEON, and the first point of contact for clients who need to solve challenges associated with fraud.