Cryptocurrency is one of the fastest-moving trends in the financial industry, with more than 6,000 different currencies on the market and a global projected value of $4.94 billion by 2030. Digital currencies are notorious for their extreme volatility, however. Its most well-known example, bitcoin, plummeted from $19,783 in December 2017 to $3,400 in 2018 before skyrocketing up over $40,000 as of January 2022. One of bitcoin’s competitors, ether, meanwhile went from $1,300 to $91 in 2018 and back to approximately $450 at the end of 2020. Cryptocurrency’s intense changeability, along with its confidential nature and loose regulations, has made it an intriguing choice for financial thrill-seekers worldwide.
These same factors make it an appealing target for fraudsters, however. The United Kingdom saw more than £146 million ($199 million) stolen in cryptocurrency heists in 2021, for example — up 30% from 2020. Five of the 10 largest cryptocurrency thefts of all time occurred in the past 12 months, including the largest attack in history, which cost more than $600 million. These thefts illustrate fraudsters’ increasing competency at leveraging numerous techniques to scam cryptocurrency exchanges and their customers.
Ironclad user authentication is one of the only effective solutions in curbing cryptocurrency fraud and protecting its owners. This month, PYMNTS explores the threats facing cryptocurrency and the authentication measures that can effectively stop them.
Fraud Threats Cryptocurrency Faces
The cryptocurrency market is disproportionately subject to fraud compared to other financial industries, with a net fraud rate of 7.4% in 2021. Identity fraud is the most common type in cryptocurrency, making up 44% of fraud incidents. There are dozens of variations on identity fraud, but many of them involve leveraging stolen or synthetic identities. The objectives vary, including money laundering, confidence scams and outright brute force attacks on other users’ wallets, but all are possible due to cryptocurrency’s fragmented regulatory framework. Cryptocurrency exchanges largely lack the know your customer (KYC) procedures that keep bad actors away from more established financial institutions. A 2020 study found that 56% of all exchanges had weak KYC processes or none at all.
Fraud’s impact on the cryptocurrency industry is not limited to stolen money and data, however: It also includes the opportunity cost of lost customers. A recent Visa study found that one of the top factors limiting cryptocurrency use is consumers’ fear of losing their money, cited by 46%. The limited recourse in the event of cryptocurrency hacking or stealing fueled this fear in 28% of respondents, as the lack of federal insurance or oversight means that stolen crypto is likely gone for good.
Cryptocurrency exchanges and merchants thus have powerful incentives to minimize fraud by implementing robust customer authentication. Fortunately, there are effective verification methods at exchanges’ disposal.
Authenticating Cryptocurrency Users
Many cryptocurrency exchanges already use multi-factor authentication (MFA) for the verification of users and purchases, but data breaches and other security incidents still occur. Coinbase suffered a significant security breach last year when hackers exploited a flaw in its MFA system. Fraudsters leveraged its SMS account recovery process to receive two-factor authentication tokens and enter user accounts. The bad actors managed to infiltrate more than 6,000 accounts in this manner, according to reports, stealing an unknown quantity of cryptocurrency and customer data.
Sensing the weakness in MFA systems, many exchanges and merchants are instead leaning on biometrics as a more secure alternative. One option they are deploying is selfie biometrics, which requires users to take pictures of themselves when making online purchases to confirm their identities. An artificial intelligence system compares these pictures to those already on file to ensure users’ authenticity. The Everest Foundation, a nonprofit DAO, offers a similar option, requiring only a 2-megapixel autofocusing camera, such as the one included in many smartphones, to verify users’ identities.
Hackers are undoubtedly hard at work to fool these biometric authentication systems, so exchanges and merchants will need to stay ahead of the game by proactively identifying security threats and developing new measures to counter them. Providing a more secure cryptocurrency payment experience could convince many more individuals interested in digital currency to embrace this payment method.