Why exchanges must redouble their efforts

Crypto criminals are more adaptable and smarter than ever. But how can industry service providers keep up with their pace? If I say that the encryption industry is a high target for cybercriminals, especially organized criminals, I believe anyone who has been in this field for a few months will not be surprised. And there are valid reasons.

Due to the new technology and the nascent nature of the industry, criminals and fraudsters have long believed that cryptocurrency provides an excellent opportunity to profit through illegal methods. In fact, any “new” approach to the financial sector is welcomed by the criminal community as an opportunity for money laundering and finding new victims.

Although the situation has improved significantly since the early days of digital assets, pressure from the political and financial industries has led regulators to target their websites to the crypto industry, and their long-trusted methods may not be as effective in this innovative and non-traditional field. At the same time. , Market participants often underestimate the intelligence, innovation and adaptability of criminals who want to take advantage of the industry.

related: Bitcoin can no longer be regarded as an untraceable “criminal token”

KYC, or not KYC: How can criminals circumvent traditional security measures

Know your customer (KYC) One of the most widely used measures Between cryptocurrency exchanges. Although it can help service providers learn more about their customers—including their identity, residence, and source of funds—KYC is also a mandatory requirement for most digital asset businesses.

However, rapid technological progress and regulators’ attention to KYC are definitely not enough to eliminate bad actors on the platform. The Brotherhood of Crime can abuse this industry because they adapt quickly, do not have to follow the same rules as ours, are highly liquid and enjoy a lot of expertise.

Therefore, although traditional KYC tools can deter less mature and less professional criminals, those with extensive experience and the necessary skills can easily circumvent such measures. This is what they have been doing in traditional financial services for decades.

In practice, criminals can easily obtain false documents and use them to bypass KYC rules. They don’t even need comprehensive “Photoshop” skills. Fraudsters can enter the front door by paying passport data of decent people who want to take care of their families and taking selfies when needed. The use of mules is not a revelation, but in the digital space, the process becomes very easy.

In terms of fraud, cybercriminals mainly target users who do not know much about technology.Despite the large amount of money involved, criminals know that many people use crypto products and services Don’t even know the basics About how they work.

Malicious parties will definitely take advantage of this.That’s why you see so many-quite amateur- “Elon Musk Giveaway” Scam over there. Although experienced users can easily discover them, they effectively attract knowledgeable victims who are eager not to miss the opportunity in the encryption space.

Because they are harder to fool, fraudsters rarely target smarter people. In other words, we should never underestimate the intelligence and brazen actions of criminals. They learn quickly, and many of them have the necessary resources to bypass previously unbreakable security measures. A good example is the way fraudsters are hired to use social engineering and other cunning tactics to obtain detailed information and private keys, even for experienced encryption users.

related: The fundamental need to update the blockchain security protocol

Evolving regulations and exceeding standards are essential to protect customers

Innovative technologies in the financial services industry have brought advanced, tech-savvy fraudsters who can quickly adapt to major changes and new situations. Therefore, regulators need to continue to work with crypto industry participants to protect consumers. However, in terms of anti-money laundering (AML) and combating the financing of terrorism (CFT), the government has implemented traditional-style rules for the crypto sector, which is not always the most appropriate in such an innovative and sometimes different industry of.

As far as traditional KYC measures are concerned, money launderers believe that these measures are similar to the old problems solved before and can be easily pieced together to circumvent the AML measures of service providers. This is a problem they have been solving for years, and they are now very good at it.

Although it is important to protect their customers and systems from abuse, cryptocurrency companies must implement old-fashioned controls and comply with these sometimes outdated rules in order to maintain or gain their regulated status (thus maintaining business development). This is a critical stage where regulators and governments need to use their relationship with the encryption industry to better develop more appropriate control measures over time. For example, because external bad actors have long solved the KYC problem, a better system is needed to solve this problem. Perhaps using biological KYC and developing follow-up control measures, such as monitoring user activity after passing through the gate and detecting patterns or abnormal behaviors, would be helpful.

Although traditional AML controls have always been suitable for combating money laundering, the addition of network elements has brought new challenges, requiring us to protect customers, their funds and data in the digital space. We first saw that it started with the development of online banking. With the development of the payment industry and electronic money, it has indeed become a fast-paced development demand.

As far as network security is concerned, this does not mean that digital asset exchanges cannot better protect customers. On the contrary, industry service providers must redouble their efforts and spend additional resources to raise their standards by implementing best practices in cyber security internally to make them higher than required.

For example, cryptocurrency exchanges can become standards compliant with the Payment Card Industry Data Security Standard (PCI DSS), even if most regulators do not require them to do so. These rules are intended to guide the payment and card industries, but they may be an excellent place to start building a protection framework within the crypto industry. In addition to implementing such additional measures, service providers also need a dynamic expert network team, decent technology and correct processes to respond to threats quickly and effectively. In this regard, a lot can be learned from the payment and electronic money industries.

Combine these with high-quality customer support, and you have a good opportunity to keep up with the rapid development and progress of cryptographic cybercriminals’ strategies and tactics.

Fight a war on the front lines

Criminals who target the field of digital assets are shrewd and quick to learn. They will try to attack our customers, our systems and use our services to launder their funds, just as they have done in traditional financial services for decades.

However, the encryption business has a major advantage. Due to its innovative and complex solutions, the encryption industry already has a wealth of expertise and rich experience. For this reason, we are already technically minded and need to be recognized as a part of the leadership in the security and protection of our customers and their assets and information.

related: How can the DeFi protocol be hacked?

We are in the regulatory stage and are concerned about the cooperation between regulatory agencies and the industry. Now is the time to take the necessary steps to establish a framework that is more suitable for the crypto industry than traditional financial services. Only by achieving this harmony can we unite as a society and prevent our customers and financial services from being abused by criminal and terrorist companies.

The views, thoughts, and opinions expressed here are only those of the author, and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Mark Taylor He is the head of financial crime of the international cryptocurrency exchange CEX.IO. He has extensive experience in anti-money laundering and combating fraud. Mark also represents KYC and a more transparent relationship between the crypto industry and regulators. While in Gibraltar, Mark has been a member of the Gibraltar Association of Compliance Officers (GACO) for six years, and served as the chairman for the last two years. He was also previously a member of the Gibraltar Electronic Money Association (GEMA) and the Electronic Money Association (EMA).