How to Detect Identity Theft in the Cryptocurrency Sector
Published on October 4, 2022 by Bence Jendruszak
The anonymous and pseudonymous nature of cryptocurrencies has long attracted fraudsters. And as crypto businesses increase identity verification (IDV) due to ever-shifting regulation and fraud concerns, criminals turn to stolen or synthetic identities more and more.
How can you balance security, identity verification, and respect for customers’ privacy? Alternative data may be the answer.
Why Is Identity Theft a Challenge for Crypto Companies?
Crypto companies are under increasing pressure to verify their users’ identities. This may be at odds with the crypto data-privacy ethos but, nonetheless, is a legal requirement in the vast majority of cases.
This requirement takes the form of KYC – Know Your Customer – checks, which, in practice, involves sorting real identities from:
- Stolen identities: On the darknet, it is entirely possible to purchase someone’s digital ID, full name, and even social security number.
- Synthetic identities: They are profiles made by combining real ID data and made-up information. Synthetic identities can be created by the fraudster themselves or be created by someone else, then bought.
- Fake personas: Criminals might also attempt to “invent” personas to try their schemes with, completely from scratch.
Verifying identities (IDV) is challenging, as it creates obstacles for everyone. On the one hand, you want to block fraudsters as soon as possible, but you also don’t want to stop legitimate customers from accessing your services.
In fact, balancing security and friction is one of the key challenges of identity verification for crypto businesses.
Failing to meet KYC requirements isn’t an option either, as it will make your company liable for hefty compliance fines or even lose you your licensing, in extreme cases. With fines, the negative press that may ensue can result in a loss of consumer trust, too.
Learn how CoinCash deployed SEON to detect multi-accounting and reduce manual review time by 90%.
Read the Case Study
Why Is Identity Verification Important for Crypto Companies?
Confirming you are dealing with a legitimate customer is the key to preventing several different types of fraud attacks on your crypto business.
Cryptocurrency fraud is rampant, and it is in your best interest to protect yourself and:
- avoid KYC or AML fines from regulating bodies
- maintain a good reputation with customers
- stay out of legal trouble to remain operational across multiple markets
However, not all forms of ID verification are created equal. Document checks, for instance, are notoriously high-friction, which isn’t ideal in the highly competitive world of crypto exchanges.
Indeed, new customers can be hesitant about scanning or showing to the camera their personal documentation, but even when they genuinely are not worried about this, the act of having to locate these documents and go through the motions will affect the experience for them, and possibly cause churn.
What’s more, KYC checks are expensive, which can become a budget challenge when so many fraudsters attack crypto businesses.
A much more flexible solution is to look at alternative data and customer behavior to deploy pre-KYC checks. This allows you to pre-filter junk leads and bad agents, only sending medium and low-risk users through to the next KYC stage.
This means that you don’t have to run KYC checks on every single fraudster trying to attack you; only customers who are much more likely to be legitimate are let through to the KYC stage.
3 Top Custom Rules to Improve Identity-Proofing in Crypto
As it is so important to keep friction as low as possible in order to keep customers happy and build loyalty, the rules we have selected do not interrupt the customer journey.
#1: Email Has Not Been Registered on Social Media
The simplest data points you can get from a new user are an email address and/or a phone number. Online, people are used to providing such information.
And it is often enough to detect fraudsters.
Here is how it works: SEON looks at whether the phone number or email address has an online footprint – in other words, whether they are registered on social media platforms, crowdsourced websites, listed on data leak lists and so on.
Why can this help? Because a legitimate user will almost always have some type of online activity.
Fraudsters, on the other hand, create disposable phone numbers and new email accounts for every one of their personas. They do not have the time to build convincing digital footprints – and even if they tried, this would not scale.
In other words, a complete absence of social media profiles is a red flag. It’s a great place to start asking more questions, or at least to question whether that user should carry on to the KYC stage.
#2: Evidence of a Spoofed Browser
Sure, some data-privacy-oriented users have good reasons to hide behind spoofed browsers. But just like with a lack of social profiles, this is an indicator that you should look into the person further. Chances are you’re dealing with a fraudster.
Bad agents almost always rely on spoofing and other emulation software to avoid detection when creating multiple profiles or making multiple attempts.
The device fingerprinting module at SEON will query dozens of different aspects of the customer’s hardware and software to get a better sense of whether they are using suspicious tools to appear as someone they’re not.
What’s more, a device cache and other elements will alert the software as to who is a returning user even when they are trying to hide this fact.
Most fraud attacks are only profitable at scale, which is why fraudsters must create multiple profiles to target crypto businesses – and their device or browser data is the clearest indicator that you’re not dealing with the average user.
#3: Card Country and IP Do Not Match
Another good time to catch fraudsters is at the deposit stage. If your crypto platform allows coin and token purchases, chances are that credit cards are a preferred payment method.
That’s exactly where fraudsters will strike, using stolen card data that might result in chargeback requests from the cardholder – which you will have to pay for out of pocket.
But a simple data comparison rule can help you stop this type of abuse by spotting suspicious users.
What we’re looking for here are simple discrepancies between where your user says they are and where they appear to be. You can also easily add rules to flag specific countries or country/issuing country combinations.
Part of how this is done is via BIN lookups combined with IP address analysis and other technology.
As a simple example of how this works, you can try SEON’s BIN lookup by entering the first six digits of any card below.
This will tell you where it was issued, which bank it’s linked to, and more useful yet anonymous information – all useful when deciding whether the customer is suspicious.
Free BIN lookup!
Enter the first 6 or 8 digits of a card number (BIN/IIN)
Of course, with such customers, it doesn’t make sense to automatically jump to conclusions and flag them as fraudsters.
But combining multiple rules like the above can help build a comprehensive profile to understand if you should block these customers, ask them for more proof of who they are, or even allow them on your crypto platform without any added friction.
Partner with SEON to reduce fraud rates in your business with real-time data enrichment, whitebox machine learning, and advanced APIs.
Book a Demo
How SEON Can Help Detect Identity Fraud for Crypto Businesses
It is almost certain that your crypto KYC process should include some form of ID verification, subject to applicable legislation. SEON can streamline this and reduce your KYC spend.
SEON looks at user data to better understand their behavior and intentions, sourcing additional information in real-time, without asking the customer for it.
This is a tremendous advantage for crypto businesses, especially as synthetic IDs are challenging to detect with IDV software, and as customer satisfaction is key to growth.
With alternative data, you can study someone’s digital footprint to reach (or automate) a decision, all based on concrete information relating to location, devices, browsers, and online presence.
The key is to leverage the wealth of insights to customize and deploy rules according to your risk appetite – all in order to make your crypto business safer for you, your partners, and your customers. As well as more profitable.
Showing all with `` tag
AML & CFT: Combating Money Laundering & Financial Terrorism Financing
What You Need to Know About KYC for Online Lending
How to Detect Money Laundering in Ecommerce
What Is Layering In Money Laundering & How Does It Work?
See a live demo of our product
Bence Jendruszák is the Chief Operating Officer and co-founder of SEON. Thanks to his leadership, the company received the biggest Series A in Hungarian history in 2021. Bence is passionate about cybersecurity and its overlap with business success. You can find him leading webinars with industry leaders on topics such as iGaming fraud, identity proofing or machine learning (when he’s not brewing questionable coffee for his colleagues).
Sign up for our newsletter
The top stories of the month delivered straight to your inbox