How to Prevent Cryptocurrency Account Takeover

by Tamas Kadar
Customer risk assessment tools are mandatory for financial institutions. But more businesses should probably use them.
Failing to perform an adequate risk assessment can cost a lot. In 2019, US government agencies issued more than $19.8 billion in fines to organizations that made things too easy for financial criminals, whether knowingly or accidentally.
Let’s look more closely at what customer risk assessment is, how to do it, and when to use a tool for this.
A KYC or customer risk assessment is a standardized method of assessing the level of risk posed by a customer in order to conduct the appropriate level of checks and verifications to be able to do business with them without endangering the company or the economy as a whole.
As part of their anti-money laundering (AML) obligations, certain types of regulated companies are required to assess the risk a customer poses by verifying the person’s identity, their location, the source of their funds, the way they intend to use them, and similar information.
This data will in turn allow the organization to identify and manage whether:
Put simply, you want every customer to be ideal for your business. In a perfect world, it would mean only allowing people who intend to purchase your goods or services, but the definition can be extended by asking:
As we’ll see, there are different kinds of KYC checks, but all of them can be useful for online businesses.
Customer risk assessment isn’t just reserved for banks these days. Any business dealing with online transactions knows that not all customers have the same value to the business. Some will become loyal and repeatedly purchase your goods or services. Others will end up costing you more than you earn.
Fintechs, crypto exchanges, online casinos, loan companies, traditional financial institutions… These types of companies are all well aware of the importance of customer risk assessment.
In fact, they must comply with a number of regulations that put them under pressure to check user info, such as:
The goal is to prevent individuals from conducting fraud that would harm the company directly or indirectly, for example via:
Stop new fraud trends and enable your growth with SEON’s real-time data enrichment, whitebox machine learning, and advanced APIs.
Book a Demo
Risk assessment is a general practice that evaluates how likely a user is to break the law in the future. KYC verification is one of the methods used for those risk assessments. KYC focuses on gathering important info about people at the beginning of a relationship, for instance when onboarding new users.
Other key methods include CDD (Client Due Diligence) and EDD (Enhanced Due Diligence), which focus more on monitoring where funds come from in the context of anti-money laundering regulations (AML).
Note that these AML checks must be performed and reviewed continuously, at regular intervals, and that they cover both external and internal risks, meaning your customers as well as your employees.
Because KYC processes are a legal requirement, your risk management team should already know about them. But if you’ve never had to perform these checks, there’s no harm in employing the same methods to filter out bad customers.
At SEON, we tend to classify KYC into two different modes: light and heavy.
And ideally, your assessment process should be able to alternate between the two, based on the information you receive. This is what we call dynamic friction, and it can work whether you perform risk assessment manually, or automate it. This leads us to the question of how long exactly it takes to assess risk.
Ideally, you want to look at (1) the customer’s personal information (through KYC checks), (2) the amount of money processed (high transaction values), and (3) their geolocation, which can can be protective of customer identities (Switzerland), or known as tax havens, such as the Cayman Islands for instance.
This is probably the question that troubles most businesses that aren’t financial institutions. They understand that users want to move fast, whether it’s to sign up to a new service or to finalize a purchase. Churn, friction and obstacles are the enemies of online businesses, which leads companies to play a challenging balancing act between risk and security.
In fact, the words may conjure up memories of submitting a folder of personal information to open a bank account or to purchase a financial product like insurance protection or a loan. You’d sometimes have to wait for weeks before getting an answer.
But these days, it can actually be near-instantaneous, provided you’ve set up the right system in place.
As part of your risk assessment, you will want to consider a series of risk factors, monitor customers against them and have in place defined workflows when one is identified. Specifically, these are:
Whether you are a small business or a global leader, the steps will be the same:
A concrete example: let’s say you are a small online shop that sells physical goods. Your risks will probably be related to chargeback rates. You calculate that each chargeback ends up costing you up to $70. Paying too many of them each month could sink your business.
In that case, the risk vectors will mainly be user detail, credit card numbers, and shipping address.
Traditionally, a large merchant with the right ops and staff headcount would, therefore, have a team that performs manual reviews for these three points. For instance, they would contact the user for more information, or use any data they have to validate the purchase.
Luckily, in the digital age, it’s entirely possible to automate these steps and to scale your risk assessment without draining your team’s time and resources.
One of the biggest misconceptions about knowing your customer is that it’s a lengthy, resource-heavy process. This can be true if you’re doing it manually, for instance by verifying every new customer who joins your site with a phone call. For transactions, the typical manual workflow would include opening numerous tabs in a browser to gather customer info from different background check websites.
Risk assessment and fraud prevention tools nicely dovetail together as their goals are essentially the same: to gather data and use it to calculate risk. Here is how that process looks from the perspective of SEON’s fraud detection tools.
As soon as visitors land on your website, SEON can begin gathering information. It may be about:
Gathering data is one thing, but it’s not enough to really know who your users are – especially if they’re lying or using stolen IDs. This is why you have the extra step to confirm the data quality, or to get the bigger picture with:
The final step is to decide if all that data points to a risky user or not. In the past, fraud managers would have to use their expertise and instinct. While this is still the case today, the process is vastly improved thanks to risk scores.
Each score is calculated with a number of rules. These can be prebuilt for your industry, manually created, or even suggested by AI. A simple rule would be to increase risk if a customer’s IP address is different from the shipping address. A complex one could be a velocity rule, which looks at the number of login attempts per minute, for instance.
The key is that businesses should be in control of risk mitigation. Is it worth being more strict, even if it increases false positives? Or would you rather let a few fraudsters pass and eat up the costs? Make sure you have the choice when you choose your fraud prevention tool.
The risk of synthetic ID fraud fooling identity verification is on the rise. Are your current solutions up to date? See what else is out there.
IDV Solutions
In conclusion, we can see that organizations of all sizes have access to resources to assess customer risk – whether they are required to or not.
And while the manual review is a perfectly viable option, it does tend to be prone to human error, and unfortunately, it simply doesn’t scale in terms of numbers, or processes you can deploy.
Which is why automation is key. Whether you need to calculate the risk of one transaction or a thousand, you should have tools in place that can help assess risk in real-time, and with outstanding precision.
This is exactly the goal behind all our products at SEON. From our one-click data enrichment Chrome plugin to our all-in-one fraud detection service, we enable anyone to start doing business with the right customers only, and with complete peace of mind.
Sources
Showing all with `` tag
Click here
Tamás Kádár is the Chief Executive Officer and co-founder of SEON. His mission to create a fraud-free world began after he founded the CEE’s first crypto exchange in 2017 and found it under constant attack. The solution he built now reduces fraud for 5,000+ companies worldwide, including global leaders such as KLM, Avis, and Patreon. In his spare time, he’s devouring data visualizations and injuring himself while doing basic DIY around his London pad.
The top stories of the month delivered straight to your inbox