The security of cryptocurrency exchanges is hotly debated as digital assets attract more attention from consumers, investors, regulators and scammers. The values of cryptocurrencies are known to be volatile and users can trade certain tokens anonymously or using pseudonyms. These combined factors can attract privacy-conscious investors looking to bet on favorable cryptocurrency market trends as well as scammers hoping to hide their identities while committing financial crimes. The current cryptocurrency frenzy continues to create a lucrative environment for cyber criminals to carry out their plans.
The abuse of cryptocurrency by fraudsters is not a new phenomenon. Criminals operating globally between 2011 and 2021 reportedly defrauded users with nearly $ 5 billion worth of cryptocurrency and stole an additional $ 3 billion through security breaches. The regulatory requirements for exchanges making it easier to buy and trade these tokens have evolved over the past few years, in part in response to growing concerns about the fraudsters’ efforts. For example, US stock exchanges were subject to the provisions of the Bank Secrecy Act to combat money laundering (AML) and know-your-customer (KYC) until 2019. FinCEN is currently seeking comments on a proposed directive that seeks to tighten anti-money laundering measures by requiring financial institutions and exchanges to comply with stricter reporting requirements for certain convertible virtual currency transactions.
However, many crypto exchanges around the world still have relatively lax security measures that could put them and their users at greater risk. A 2020 study found that 56 percent of the world’s virtual asset service providers (VASPs) allow users to withdraw or add funds up to certain values without going through KYC procedures or just passing through volatile procedures. Statistics like these can make exchanges appear unsafe trading environments, discourage honest users from interacting with them, and lead regulators to propose stricter KYC and AML requirements for these platforms to tackle crime. Many consumers are interested in cryptocurrencies for legitimate reasons, but they may be wary of platforms that expose them to the risk of inadvertently trading with scammers.
Crypto exchanges face a careful balancing act as user verification procedures that are too laborious or invasive can discourage customers – especially those interested in cryptocurrency because of its much advertised anonymity. This deep dive examines the security risks and privacy concerns associated with crypto exchanges, as well as strategies to improve security without compromising the customer experience.
The security challenges of the cryptocurrency sector
Transactions in digital assets are tracked and recorded on the blockchain. However, the users themselves remain anonymous by trading under pseudonyms and usernames. This opacity can make it easier for criminals to bring ignorant victims on board and cheat or laundering.
Cryptocurrency transactions are also irreversible, meaning victims may have no recourse if they are tricked into sending digital tokens to scammers. Factors like this – plus the current high value of many cryptocurrencies – make the space alluring for bad actors.
Exchanges looking to gain the trust of legitimate users need to prove that transactions are secure without the friction that shuts customers off, and each platform needs to find an approach that suits its respective customer base. Some platforms may feel that they cannot simply copy the KYC playbooks of their traditional, regulated FI counterparts without changing the nature of their offerings. As a result, users may be reluctant to share much of the personally identifiable information that is normally collected in FI’s customer verification processes.
Exchanges recognize that many cryptocurrencies are also subject to rapid fluctuations in value and that customers often want to be able to act quickly to take advantage of current prices. This places a duty on the platform to complete its reviews and security reviews quickly to avoid users suffering from painful delays. Security arrangements can be critical to customer recruiting for a platform, but too much friction can chase them away, and users can prevail over competitors who are able to strike a more attractive balance between seamlessness and security.
Crypto platforms pursue a variety of strategies to confirm customers’ identities while delivering compelling experiences. Some exchanges may ask new customers to go through light initial onboarding processes, but then require more in-depth ID verification before taking more financially risky action, increasing the amount of identifying information customers must provide when the value of their investment and payouts are increasing.
Platforms can use contextual onboarding, which allows customers to board without identity verification, but enables very limited functionality, while customers who provide photo IDs may be allowed to make low-level withdrawals and deposits, and full KYC compliance allows users to transfer can deposit or withdraw significant amounts.
Other exchanges are trying to build trust by requiring all new customers to immediately go through robust KYC procedures, including background scans, sanctions list checks, government-issued ID checks, and even live phone calls. Each platform needs to determine the customer verification approach that best fits their business model and conforms to local regulations.
Cryptocurrency platforms can also keep an eye out for red flags, which if detected and acted upon, will enable them to nip fraud in the bud. Recognizing when a customer signs in with one name while uploading money from bank accounts with a different name can ring alarm bells, as can recognizing users with IP addresses that have been linked to suspicious activity in the past. Such occurrences can lead the crypto exchange to step in or monitor the accounts more closely to determine if criminal activity is ongoing or if the events are simply false positives. Platforms can work to improve the precision and accuracy of their fraud detection measures by monitoring and analyzing transactions for fraud indicators in real time. Automation solutions can help make this quick analysis possible and help companies identify potential fraud even earlier.
Interest in digital currencies continues to grow, prompting central banks around the world to look into their own digital currency projects that could offer a virtual tender as an alternative to cash. China has already started testing a digital version of the yuan while the Saudi Arabian Monetary Authority is working with the Central Bank of the United Arab Emirates to use cryptocurrency to facilitate cross-border transactions between their nations.
Developments like this focus on how identity verification and data protection will be balanced in the digital currency space in the coming years, including the extent to which the anonymity offered by cash transactions will be replicated and maintained through virtual alternatives. China’s digital yuan is supposed to allow users to remain anonymous when transacting with each other, but it would also make the data of participants accessible to the central bank, for example. However, this approach will not meet the needs of all users or the attitudes prevailing in all countries, and some consumers and businesses may continue to request more anonymous options.
Proponents of cryptocurrency seeking wider adoption of private tokens must also consider the balance between fraud prevention and user anonymity. Kurt Nielsen, president of the blockchain infrastructure organization Partisia Blockchain Foundation, wrote that the expansion of cryptocurrency uptake depends on the tokens, which provide both security and confidentiality. Nielsen said researchers are currently working on projects designed to use both blockchain and a form of cryptography known as secure multiparty computation (MPC), and that work could lead to promising results. Together, these technologies can enable cryptocurrencies to meet regulatory requirements to manage transactions while preserving user privacy through MPC’s ability to “compute”[e] directly to encrypted data without the data being known. “According to Nielsen, MPC builds on a similar idea as knowledge-free technologies that, as mentioned by other authors, allow users to privately verify their identity by proving they have a driver’s license without actually revealing certain identification details. Such discussions about providing reviews while minimizing personal data disclosure could become increasingly important as 83 percent of consumers in a 2020 global survey said they want more control over their own data. These requirements could lead to a closer look at how crypto exchanges and other businesses can verify customer identity without having to view more details than is strictly necessary for the particular transaction.
To meet the security and convenience needs of cryptocurrency users now and in the future, an exchange may be needed to investigate the overhaul of their customer authentication toolkits. Powerful automated identity verification tools can help platforms move forward seamlessly and detect and thwart potential fraud, building trust with regulators and legitimate users. New ID verification strategies and technological developments are likely to continue to drive innovative ways to meet regulators ‘security needs and users’ privacy needs.
AML, au10tix, Crypto Exchanges, Cryptocurrency, Data Breach, Deep Dive, Scam, Future of Identity Reporting, Identity, KYC, News, Regulations, Security