Outwitting crypto criminals: Why exchanges have to go the extra mile

Published at: Aug. 15, 2021

Crypto criminals are getting more adaptive and smarter than ever before. But how can industry service providers keep up with them? If I say that the crypto industry is highly targeted by cybercriminals and, in particular, organized criminals, I’m sure that no one who has spent a few months within the space would be surprised. And for a valid reason.

Due to the new technology and the nascent nature of the sector, criminals and fraudsters have long identified the excellent opportunity that crypto offers to profit via illicit methods. Indeed, any “new” approach to the financial sector is welcomed by the criminal fraternity as an opportunity to launder funds and find new victims.

While the situation has improved significantly since the early days of digital assets, political and financial industry pressure has led regulators to aim their sites at the crypto industry, and their long-trusted approach may not be as effective in this innovative and non-traditional space. At the same time, market participants often underestimate the intelligence, innovation and adaptability of criminals who wish to take advantage of the industry.

Related: Bitcoin can’t be viewed as an untraceable ‘crime coin’ anymore

To KYC, or not to KYC: How criminals circumvent traditional security measures

Know Your Customer (KYC) is one of the most widely utilized measures among cryptocurrency exchanges. While it helps service providers to learn more about their customers — including their identity, residence and source of funds — KYC is also a mandatory requirement for most digital asset businesses.

But rapid technological advancement and the attention regulators pay to KYC are definitely not enough to eliminate bad actors from the platform. The criminal fraternity is able to abuse the industry because they adapt rapidly, do not have to follow the same rules as us, have high liquidity and enjoy a great deal of expertise.

As a result, while traditional KYC tools can stop less established, less professional criminals, those with great experience and the necessary skills can easily circumvent such measures. It’s something they have been doing for decades in traditional financial services.

In practice, it’s very easy for criminals to procure fake documents and use them to bypass KYC rules. And they don’t even need comprehensive “Photoshop” skills. Fraudsters can get through the front door by paying decent people who want to take care of their families for their passport data and a selfie when required. The use of mules is no revelation, but the process has become immeasurably easier in the digital space.

In terms of fraud, cybercriminals primarily target less tech-savvy users. Despite the serious money involved, criminals know that many utilize crypto products and services without knowing even the basics about how they work.

Malicious parties definitely take advantage of this. This is the reason why you see so many — rather amateurish — “Elon Musk giveaway” scams out there. While veteran users can spot them easily, they effectively attract less-knowledgeable victims eager to not miss out on crypto space opportunities.

Because they are harder to fool, fraudsters rarely target more savvy people. That said, we should never underestimate the intelligence and brazen approach of criminals. They learn fast, and many of them possess the necessary resources to bypass previously unbreakable security measures. A great example is the way in which fraudsters are employed to leverage social engineering and other cunning tactics to acquire the details and private keys even of experienced crypto users.

Related: The radical need for updating blockchain security protocols

Evolving regulation and going above the standard are crucial to protect customers

The innovative technology in the financial services industry brings with it progressive, tech-savvy fraudsters who adapt quickly to major changes and new situations. For that reason, regulators need to continue to work in partnership with crypto industry players to protect consumers. However, where Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT) is concerned, governments have implemented traditional style rules for the crypto space, and in such an innovative and, at times, different industry, this isn’t always the best fit.

Where traditional KYC measures are concerned, money launderers see these as akin to an old, previously solved puzzle that can be easily pieced together to circumvent service providers’ AML measures. It’s a problem they have been solving for years and are now very adept at.

And despite the importance of protecting their customers and systems from abuse, cryptocurrency enterprises have to implement old-school controls and abide by these sometimes ill-fitting rules to retain or attain their regulated status (and, thus, stay in business). This is a key stage where regulators and governments need to utilize their relationship with the crypto industry to better develop more suitable controls over time. For example, with external bad actors having long solved the KYC puzzle, better systems are required to address this issue. Perhaps utilizing bio-KYC and developing subsequent controls, such as monitoring the activities of users once they are past the gates and detecting patterns or unusual behavior, would help.

While traditional AML controls have historically been suitable in the fight against money laundering, adding the cyber element brings with it new challenges, giving us a need to protect customers, their funds and their data in the digital space. We first saw this start to develop with online banking, and it really became a fast-paced development requirement with the evolution of the payments industry and e-money.

Where cybersecurity is concerned, this doesn’t mean that digital asset exchanges can’t do anything to better protect their customers. On the contrary, industry service providers have to go the extra mile and spend additional resources to raise their standards higher than required by implementing cybersecurity best practices internally.

For example, crypto exchanges can become Payment Card Industry Data Security Standard (PCI DSS) qualified, even though most regulators don’t require them to do so. These rules are in place to guide the payments and card industry, but they could be an excellent place to start to build a protective framework within the crypto industry. In addition to implementing such extra measures, service providers need a dynamic and expert cyber team, decent technology and the right processes to respond to threats in a quick, efficient way. A lot can be learned from the payments and e-money industries in this respect.

Combine these with high-quality customer support, and you have a good chance at keeping up with the rapidly evolving and advancing strategies and tactics of crypto cybercriminals.

Fighting a war on the front lines

Criminals targeting the digital asset space are savvy and learn fast. They will attempt to attack our customers, our systems and utilize our services to launder their funds just as they have been doing in traditional financial services for decades.

However, crypto businesses have one major advantage. Due to its innovative, complex solutions, the crypto industry already possesses great expertise and extensive experience. For that reason, we are already technologically minded and need to be recognized as part of the vanguard in the security and protection of our customers as well as their assets and information.

Related: How DeFi protocols get hacked?

We are in a regulatory phase, with eyes on regulators and the industry working together. Now is the time to take the necessary steps to establish a framework more suited to the crypto industry than traditional financial services. Only when this harmony is achieved can we come together as a society to stop our customers and financial services from being abused by criminal and terrorist enterprises.

The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Mark Taylor is the head of financial crime at international cryptocurrency exchange CEX.IO. He has experience in Anti-Money Laundering and fighting against scammers. Mark also stands for KYC and more transparent relationships between the crypto industry and regulators. While in Gibraltar, Mark was a member of the Gibraltar Association of Compliance Officers (GACO) for six years, with his last two years in post as chairperson. He has also previously been a member of the Gibraltar E-Money Association (GEMA) and the Electronic Money Association (EMA) in the United Kingdom.
Tags
Aml
Kyc
Related Posts
The new episode of crypto regulation: The Empire Strikes Back
The latest news has left the decentralized finance community in a collective fetal position. Responding to the threat of increased regulatory oversight, leading decentralized exchange Uniswap recently restricted the trading of certain tokens. Earlier in July, Dan M. Berkovitz, chairman of the Commodity Futures Trading Commission (CFTC), said that DeFi derivatives platforms might contravene the Commodity Exchange Act (CEA): “Not only do I think that unlicensed DeFi markets for derivative instruments are a bad idea, but I also do not see how they are legal under the CEA.” Most worrisome of all is the initial version of the United States …
Technology / Aug. 27, 2021
DeFi regulation must not kill the values behind decentralization
Cryptocurrency brought us peer-to-peer payments that continue to elevate participation in the global economy for millions of people without access to traditional banking services. The rise of decentralized finance (DeFi) promises to further expand access to financial services, including savings, lending, derivatives, asset management and insurance products. This innovation, which empowers financial inclusion, should be allowed to flourish in a regulated environment where individuals and institutions are protected and suspicious activity is identified and reported. But how do you regulate these decentralized products without completely removing the core attributes of financial inclusion and decentralization? Know Your Customer (KYC) procedures are …
Technology / Aug. 22, 2021
Digital intelligence must overcome challenges to solving crypto crimes
While the value of cryptocurrencies has varied wildly in the last year, this has not diminished crypto’s attractiveness to criminals. Many of them are moving their illegal activities underground and outside the view of law enforcement. Because of the public nature of most blockchains, however, this rapid movement shouldn’t be a major concern to law enforcement agencies. With the right tools and training, following the proceeds of crypto-enabled crime is actually not as difficult as it may seem. However, intelligence agencies must have a cryptocurrency investigation plan that includes the right tools to lawfully collect digital evidence and the properly …
Technology / Aug. 20, 2021
Cybercrime task force monitoring the global digital financial system
The United States faces a growing threat of transnational cybercrime, particularly against its financial system. In what may be the largest prosecution of its kind in U.S. history, the U.S. Department of Justice has charged Texas tech billionaire Bob Brockman in a 39-count indictment with evading $2 billion in taxes. The businessman used encrypted devices and code words to conceal his wire fraud, tax fraud and money laundering within a network of offshore entities and bank accounts. As the CEO of Reynolds and Reynolds Co., Brockman contributed 6.4% to the United States’ current annual deficit of $3.1 trillion — more …
Technology / Oct. 24, 2020
Are crypto and blockchain safe for kids, or should greater measures be put in place?
Crypto is going mainstream, and the world’s younger generation, in particular, is taking note. Cryptocurrency exchange Crypto.com recently predicted that crypto users worldwide could reach 1 billion by the end of 2022. Further findings show that Millennials — those between the ages of 26 and 41 — are turning to digital asset investment to build wealth. For example, a study conducted in 2021 by personal loan company Stilt found that, according to its user data, more than 94% of people who own crypto were between 18 and 40. Keeping children safe While the increased interest in cryptocurrency is notable, some …
Adoption / Feb. 26, 2022