October 25, 2021
Authentication demonstrates a highly important security issue for online companies of any type, with unauthorized access representing 43% of successful data breaches at businesses in the US in 2020. Customer losses from identity fraud added up to $56 billion in 2020, and 53% of United States federal, state and local government bureaus have seen an increase in account takeover fraud in the past couple of years.
Cryptocurrency exchanges and digital wallets are a hot spot for many kinds of fraud and therefore have a deep need for secure authentication to protect their platforms from online grifters. Cybercriminals ran off with approximately $300 million from crypto accounts in 2020 through phishing scams, phone number hijacking, and phony crypto exchanges. Exacerbating the problem is the fact that exchanges traditionally have remained nearly entirely unregulated, but increasing fraud threats are pulling them under growing regulatory scrutiny.
A primary reason that regulatory agencies are monitoring cryptocurrency exchanges closely is their part in cybercrime and money laundering. Identified crypto transactions to and from illegal entities dropped by about 50% last year but still added up to $10 billion, with several scams representing $2.6 billion of the total. Known ransomware payments also spiked 311%, but such scams usually go underreported and the true uptick is likely much higher.
Financial sector regulators across the globe have reacted to this growth in online fraud by cracking down on crypto exchanges and digital wallets with insufficient know your customer (KYC) and anti-money laundering (AML) processes.
The UK recently blocked crypto heavyweight Binance from regulated operations after the company declined to register with the Financial Conduct Authority (FCA), and Barclays and Santander banned customers from transacting with Binance as a result.
On the other hand, Crypto exchange Kraken enhanced their KYC requirements for margin trading for United States based accounts to be aligned with Securities and Exchange Commission (SEC) regulations. Crypto Exchange, Coinbase, monitors changing regulations and authentication requirements in the ever developing crypto exchange and digital wallet space.
The European Banking Authority’s (EBA’s) strong customer authentication (SCA) directive has shaken up the whole financial sector since it took hold as part of the new Payment Services Directive (PSD2).
The revised SCA regulations require multi-factor authentication (MFA) by payment service providers (PSPs) to protect card-based online payments and various consumer-initiated digital transactions. A recent report from the EBA demonstrates significant advancements on the SCA front, with 99% of European Union merchants now capable of supporting SCA and 94% of all payment cards in the EU being SCA-qualified.
One way for crypto exchanges and digital wallets to meet these requirements is to authenticate their users using the FIDO/FIDO2 platform for strong authentication. LoginID offers FIDO/FIDO2-certified passwordless authentication and payments authentication tools that are ideal for the crypto space.
With just a couple lines of code, a crypto exchange or digital wallet can utilize LoginID’s passwordless authentication platform. This powerful fraud prevention tool pairs the end user with their biometric (fingerprint or face ID) and creates a private key/public key pair. The private key never leaves the secure area on the end user’s device and no additional app download is required.
Once registered, the user simply taps their finger or shows their face to access their digital wallet. This is both a better experience for the user and meets the multifactor authentication standards set forth by PSD2.
As an added layer of security, a digital wallet provider could integrate LoginID’s Transaction Confirmation with Digital Signature API and provide their end users with payment authentication. When a customer wants to trade or transfer their crypto, they will first be prompted to provide their biometric, which once confirmed will authenticate the payment and create a digital receipt.
With the dual fraud prevention provided by passwordless authentication, when users log into their digital wallet, and payment authentication, when transferring crypto, an investor can rest assured that a fraudster is not stealing their crypto.
The EU has also made known their plans to institute a digital identity verification framework that could be a game-changer for the existing eKYC space.
A convenient way for crypto exchanges and digital wallets to prepare themselves for upcoming eKYC regulations would be to utilize LoginID and authID’s digital identity verification solution. This eKYC portal recognizes and verifies over 9,000 documents from hundreds of countries, thus simplifying the digital identity verification process. The solution works perfectly well on phones, allowing for easy mobile identity verification as well.
Cryptocurrency is making an impact all across the planet, with even old school financial behemoths starting to pay close attention to the sector. However, regulators are also paying more attention to crypto and more closely scrutinizing the industry in an attempt to halt illicit activity.
Cryptocurrency exchanges and digital wallets must create the infrastructure to cope with the increasing amount of regulations in the sector and details why strong customer authentication is necessary to keep consumers protected from fraud and satisfied.
By utilizing LoginID’s suite of strong customer authentication, payment authentication, and digital identity verification tools, crypto exchanges and digital wallets can take a giant leap in the direction of fraud prevention.
This article was adapted from PYMNTS