It’s getting hard to keep good fraudsters down as they are now turning to social engineering techniques to trick users and gain access to crypto accounts. In this month’s Digital Onboarding Tracker, Konstantin Anissimov, executive director of cryptocurrency exchange CEX.io, explains how exchanges are using blockchain tech to protect their platforms from bad actors.
Cryptocurrencies and the blockchain technology that enables them have become a hot commodity in the financial world over the past several years, with their dramatic value spikes and falls attracting enthusiasts with a penchant for high-risk investments. There are currently more than 4,000 different cryptocurrencies in circulation, ranging from household names like bitcoin to obscure deep cuts like vertcoin, IOTA and cardano.
These cryptocurrencies can also be enticing to fraudsters, money launderers and other bad actors who seek to exploit digital finances in the same ways they target traditional banks and payments providers. Much has been made of cryptocurrencies’ use in cybercrime, but in many ways, virtual currencies are little different from their more entrenched financial counterparts.
“Before digital systems, fraudsters were able to still overcome the traditional methods by impersonating somebody else or forcing someone to sign over their will,” said Konstantin Anissimov, executive director of cryptocurrency exchange CEX.IO. “But innovation accelerates with digital systems, and it allows fraud to evolve much quicker as well.”
Protecting cryptocurrency exchanges against these fraudsters is the role of secure onboarding systems, Anissimov said in an interview with PYMNTS, and CEX.IO deploys an internal artificial intelligence (AI)-enabled threat database to this end. Exchanges will need to be cognizant of growing fraud threats on the horizon, however, and may find use in leveraging the blockchain technology that made their business possible in the first place.
How CEX.IO Leverages Onboarding to Protect Against Fraud
Onboarding is critical for all financial organizations to ensure that their customers are who they say they are, and cryptocurrency exchanges are no different. CEX.IO, for its part, leverages a know your customer (KYC) system that checks customer-provided documents against a database of known threats.
“You submit a selfie or a picture of your passport, for example, and we take that and cross-check it against our internal AI driven database, which has well over 4.5 million entries by now,” said Anissimov. “What tends to happen is we keep seeing the same bits of information [again]. Fraudsters often use the same computer or do everything from one location, or it’s the same person who tries to impersonate 10 different people by using stolen identity documents. We’re able to quite easily locate those correlations, tackle that potential breach, blacklist what happened and next time react to this automatically.”
This system is driven by an AI-enabled engine, which is common among traditional financial institutions (FIs) but is rarely available off-the-shelf for cryptocurrency businesses. CEX.IO instead built one itself.
“When we started doing this, there weren’t many crypto KYC companies around, so we had to build our own engine from scratch,” he explained. “As we did this, we realized very quickly that we needed to create a database of frauds and various fraud patterns, so we started building that out too.”
Systems like these are effective for stopping many of the common fraud methods currently deployed, but fraudsters are always innovating. Cryptocurrency exchanges and other financial businesses will need to react quickly to developing threats.
The Future of Onboarding in the Cryptocurrency World
One of the positive developments in fraud prevention is the rapidly improving capabilities of AI, Anissimov said, with these systems soon becoming so advanced that fraudsters will be hopelessly outmatched in automated techniques. This means that they will likely turn to more old-fashioned schemes that exploit human weaknesses rather than artificial ones.
“AI, machine learning, RFID and biometrics are moving so quickly that very soon, it will not make sense for organized fraud to actually try and find a vulnerability there,” he said. “It would be far easier to do social engineering. Rather than trying to trick a bank or cryptocurrency exchange, which have automated onboarding services, it would be way easier to go to a bank branch and trick a person because a person would be much more open-minded, and it is easier to find weaknesses.”
Automated onboarding tools are unlikely to ever work against this type of fraud, as willing or unwitting staff can find ways to bypass them for a bad actor. Stringent employee training is always useful, but one promising technology for cryptocurrency exchanges comes in the form of nonfungible tokens (NFTs). These tokens are currently making waves in the art world but could have massive potential for customer verification, using the very same blockchain technology that makes cryptocurrencies possible in the first place.
“It’s a unique token which was generated one time, and you have 100 percent — or very close to 100 percent certainty — that this token is authentic, and nobody was able to mess with it,” Anissimov explained. “There’s a lot of talk within the crypto community that governments will start using this technology for things like issuing house deeds, wills and stuff like that. In this way, the whole idea of verifying documents will go away because you’re able to verify it via the blockchain.”
It will be some time before this application is readily available, but cryptocurrency exchanges could do well to be forward-thinking. The fraudsters are constantly innovating, so cybersecurity staff should be too.