Crypto criminals are becoming more adaptable and intelligent than ever. But how can industry service providers keep up with them? When I say that the crypto industry is under severe attack from cyber criminals and organized criminals in particular, I am sure that anyone who has spent a few months in this area would be surprised. And for good reason.
Due to the new technology and the emerging nature of the sector, criminals and scammers have long recognized the excellent opportunity that crypto offers to profit through illegal methods. Indeed, any “new” approach to the financial sector is welcomed by the criminal brotherhood to launder money and find new victims.
While the situation has improved significantly since the dawn of digital assets, pressure from politics and the financial industry has led regulators to target their websites towards the crypto industry, and their long-trusted approach may not be in this innovative and nontraditional area so effective. At the same time, market participants often underestimate the intelligence, innovation and adaptability of criminals who want to take advantage of the industry.
Related: Bitcoin can no longer be viewed as an undetectable “crime coin”
To KYC or not to KYC: How criminals circumvent traditional security measures
Know Your Customer (KYC) is one of the most widely used measures among cryptocurrency exchanges. While it helps service providers learn more about their customers – including their identity, location, and source of money – KYC is also a mandatory requirement for most digital asset companies.
But the rapid advancement of technology and the regulatory attention to KYC are definitely not enough to eliminate bad actors from the platform. The criminal brotherhood can abuse the industry because it adapts quickly, does not have to follow the same rules as us, has a high level of liquidity and has a lot of know-how.
While traditional KYC tools can stop less established, less professional criminals, those with great experience and the necessary skills can easily bypass such measures. This is something they have been doing in traditional financial services for decades.
In practice, it is very easy for criminals to obtain falsified documents and thereby circumvent the KYC rules. And they don’t even need extensive “Photoshop” knowledge. Scammers can get through your front door by paying decent people who want to look after their families for their passport details and a selfie if necessary. The use of mules isn’t a revelation, but the process has just gotten a lot easier in the digital space.
When it comes to fraud, cyber criminals mostly target less tech-savvy users. Despite the large amount of money, criminals know that many use crypto products and services without even knowing the basics of how they work.
Malicious parties are definitely taking advantage of this. This is why you see so many – rather amateurish – “Elon Musk Giveaway” scams. While seasoned users can easily spot them, they are effectively attracting less knowledgeable victims eager not to miss out on the possibilities of crypto space.
Because they are harder to fool, scammers rarely target more savvy people. Even so, we should never underestimate the intelligence and brazen approach of criminals. They learn quickly and many of them have the necessary resources to bypass previously irrevocable security measures. A great example is the way scammers use social engineering and other nifty tactics to get the details and private keys out even to seasoned crypto users.
Related: The radical need to update blockchain security protocols
Evolving regulation and exceeding the standard are critical to protecting customers
The cutting edge technology in the financial services industry brings with it advanced, tech-savvy fraudsters who are quick to adapt to big changes and new situations. Because of this, regulators must continue to work with players in the crypto industry to keep consumers safe. However, when it comes to Anti Money Laundering (AML) and Combating the Financing of Terrorism (CFT), governments have put in place traditional rules for the crypto space, and in such an innovative and sometimes different industry, this is not always the best Fit.
As for traditional KYC measures, money launderers see them as an old, previously solved puzzle that is easy to piece together to circumvent service providers’ AML measures. It is a problem that they have been solving for years and are now very adept at it.
And while protecting their customers and systems from abuse is important, cryptocurrency companies need to implement old-fashioned controls and comply with these sometimes ill-fitting rules in order to maintain or achieve their regulated status (and thus stay in business). This is an important stage where regulators and governments need to leverage their relationship with the crypto industry to develop more appropriate controls over time. For example, since outside bad actors have long solved the KYC conundrum, better systems are needed to address this problem. Perhaps using Bio-KYC and developing follow-up controls, such as monitoring users’ activities once they have passed the gates and identifying patterns or unusual behavior, will help.
While traditional AML controls have been useful in combating money laundering in the past, adding the cyber element brings new challenges as we need to protect customers, their funds and their data in the digital space. We saw this development for the first time in online banking, and it has become a fast-paced development requirement with the development of the payments industry and e-money.
As for cybersecurity, that doesn’t mean there is nothing digital asset exchanges can do to better protect their customers. On the contrary, industry service providers must go the extra mile and expend additional resources to raise their standards higher than necessary by implementing cybersecurity best practices internally.
For example, crypto exchanges can qualify the Payment Card Industry Data Security Standard (PCI DSS), although most regulators do not require it. These rules are meant to guide the payment and card industry, but they could be an excellent starting point for building a protective framework within the crypto industry. In addition to implementing these additional measures, service providers need a dynamic and competent cyber team, decent technology and the right processes to react quickly and efficiently to threats. A lot can be learned in this regard from the payments and e-money industries.
Combine this with quality customer support and you stand a good chance of keeping up with the rapidly evolving and advancing strategies and tactics of crypto cyber criminals.
Wage a war on the front lines
Criminals targeting the digital asset space are savvy and quick to learn. They will try to attack our customers and systems and use our money laundering services, just as they have been doing for decades with traditional financial services.
However, crypto companies have one great advantage. Due to its innovative, complex solutions, the crypto industry already has great expertise and extensive experience. Because of this, we are already technology-oriented and need to be recognized as a frontrunner in keeping our customers safe and secure, as well as their assets and information.
Related: How Are DeFi Logs Hacked?
We are in a regulatory phase where regulators and industry are working together. Now is the time to take the necessary steps to create a framework that is better suited to the crypto industry than traditional financial services. Only when this harmony is achieved can we as a society come together to prevent our customers and financial services from being misused by criminal and terrorist companies.
The views, thoughts, and opinions expressed herein are solely those of the author and do not necessarily reflect the views and opinions of Cointelegraph.
Mark Taylor is the head of financial crime at the international cryptocurrency exchange CEX.IO. He has experience in combating money laundering and fighting fraudsters. Mark also stands for KYC and more transparent relationships between the crypto industry and regulators. During his time in Gibraltar, Mark was a member of the Gibraltar Association of Compliance Officers (GACO) for six years, the last two as its chairman. Previously, he was also a member of the Gibraltar E-Money Association (GEMA) and the Electronic Money Association (EMA) in the UK.