Written by Mark Taylor, Head of the Financial Crime Department at CEX.IO
With the rapid evolution of the crypto industry, the financial system offers more digital options for consumers. However, crypto criminals are gaining new opportunities as well, demonstrating adaptation and ingenuity.
It comes as no surprise, even to newcomers, that the industry is heavily attacked by cybercriminals, in particular, those involved in organized crime. And there are valid reasons for this.
Cryptocurrencies are a relatively new technology, and the nascent nature of this sector attracts criminals and fraudsters. When a new, little-studied approach to the financial sector emerges, bad actors see many opportunities to launder money and find new victims.
The question is, how can industry service providers keep up with them? Should crypto platforms follow the traditional finance experience in combating criminals, or do they need an innovative approach, specially developed for the digital sphere?
The situation has improved compared with the early days of cryptocurrency, when the industry was out of the regulatory spotlight and relatively few were watching. Still, as the industry matures, political and financial pressures grow more intense. Current developments suggest that long-trusted regulatory approaches may not be as effective in this innovative space.
Meanwhile, crypto users often underestimate the intelligence of criminals and their ability to innovate and adapt. As a result, market participants remain under threat of becoming scam victims of scammers or unwitting participants in money laundering. Thus, as an ethical service provider, we need to do more to protect our customers and systems from abuse.
How criminals bypass classic security measures
During the ICO boom and bull market in 2017, many crypto platforms realized the need for comprehensive Know Your Customer (KYC) and anti-money laundering (AML) measures. Thus, AML/KYC has become a top priority for these bodies.
Today, KYC is one of the most widely utilized measures among cryptocurrency exchanges. It helps service providers receive necessary information about their customers, including identity, residence, and source of funds. Additionally, this is a mandatory requirement for regulatory compliance. Without successful regulation adherence, a crypto service will not be able to operate in most countries including the U.S., Canada, South Korea, and the European Union.
However, ongoing criminal activity indicates that KYC practices are not enough to eliminate bad actors from crypto platforms. The criminal fraternity adapts to change. With high liquidity and expertise in what they do, scammers and frauds remain maddeningly successful
With less established, professional criminals, traditional KYC tools can successfully combat unwanted activity. Some have done so for decades in traditional financial services. However, more advanced fraudsters learn to avoid security measures and spoof customer identities. No need for comprehensive Photoshop skills when it’s easy to find decent people who need funds to care for their families. The sad truth is that many people are willing to be paid for sharing their personal data. This is the most common way fraudsters receive the authentic passport data and selfies necessary for KYC checks.
Your power against criminals: education
When it comes to digital assets, the main targets of cybercriminals are less tech-savvy users. Criminals know that many people use crypto products and services without the knowledge basics. Indeed, many newcomers don’t understand that every crypto wallet is unique, and if you make any mistake in entering the recipient address, your funds go nowhere. While large sums of money are typically involved in crypto transactions, people usually spend very little time researching the industry.
Malicious parties easily take advantage of this lack of information. You may have seen many Elon-Musk-giveaway scams on Facebook or Twitter. While they can be easily spotted by experienced users, they effectively attract less knowledgeable victims.
That is why education is power. Scammers rarely target informed people as they are harder to fool. That being said, we should never underestimate the intelligence and invention of criminals. They learn quickly and are innovative when they feel a need to bypass previously “unbreakable” security measures.
Think about it: scammers rely on other fraudsters who practice social engineering and tricks to obtain the data and private keys of crypto users. Even criminals need help in order to succeed. But we can make it much harder for them to do so.
Evolving, innovative regulation is a must for protecting customers
When the finance industry offers new technologies, they attract more customers willing to take advantage of them. At the same time, innovation entices progressive fraudsters who can quickly adapt to the changes and find new, less savvy victims. That’s why regulators need to develop robust relationships with all crypto industry players to help protect consumers.
It’s been common practice for governments to use traditional approaches to maintaining the security of crypto space. However, these may not be the best fit for an innovative, quickly-evolving industry.
Transforming classic KYC
Money launderers view traditional KYC as akin to an old, previously solved puzzle that can be easily disassembled and circumvented. It’s a problem they have been overcoming for years and are now very adept at it.
Still, it’s often the case that cryptocurrency businesses must use these old controls and sometimes inadequate rules in order to achieve or secure regulated status. This is a key opportunity for regulators and governments to leverage their relationships with the crypto industry to better protect customers and systems from abuse. By collaborating and sharing expertise, they can work together to create more relevant controls over time.
Perhaps, we can leverage biometric KYC options. These may be widely-used facial recognition procedures. Various industries are also using hand geometry to grant people physical access to buildings. Banks are leveraging face and voice scanners to allow customers to access bank accounts, and finger scans for spending money on online purchases. If you are wearing a bracelet, you may even be able to use your heartbeat to confirm payments.
Additionally, there is a need to develop post-account authentication controls, such as monitoring, to better understand the effectiveness of new measures in detecting patterns or unusual behavior. Collectively, we need to focus on developing industry innovations specifically for the digital assets space.
AML systems development
The addition of cyber elements to the finance industry brings new challenges to traditional AML systems. They began with online banking systems, and quickly evolved to the development of Internet payments and e-money industry. With the rise in ubiquity, there is a corresponding need to protect customers, their funds, and data in the digital space.
What can digital asset exchanges do to better protect their users? Simply put, they need to go the extra mile and spend additional resources to raise their standards higher than required. This is possible through the internal implementation of cybersecurity best practices.
For example, while most regulators do not require it, crypto exchanges can obtain PCI/DSS qualification. These rules are mostly applicable to card payment providers, but also provide an excellent starting point for building a reliable security system in the crypto industry. In addition, crypto service providers need dynamic and experienced cyber teams, top technology, and consistent processes to respond quickly and efficiently to threats. There is much to learn from the payments and e-money industry in this regard.
Add high-quality customer support to the mix and you have a robust platform able to keep up with the fast-paced, progressive strategies of crypto cybercriminals.
Fighting a war on the front lines
In our industry, criminals behave just as they have done with traditional financial services for decades. They are quick-witted and will try to attack clients, systems and launder funds using our services.
However, the crypto business maintains a big advantage. The industry is innovative and requires complex solutions. With experience providing top services to customers around the globe, crypto platforms are well prepared to lead the way. This is why they must be part of the forefront in securing and protecting systems from advancing intruders.
The regulation of the crypto industry is currently undergoing a historic transformation. Regulators and service providers are working together to create new structures more suited to digital assets versus legacy financial services. We owe this harmony to the clients and customers we serve.