The recent flurry of news regarding cryptocurrency spotlights the growing pains that the ecosystem must endure on its path toward maturity and eventual consumer adoption. One of those growing pains involves increasing security and mitigating fraud prevention.
The anonymity that currently exists in cryptocurrency creates an environment that is rife with fraudsters. One particularly insidious and dangerous source of attacks is the blockchain, the mechanism upon which crypto is built. For the uninitiated, a blockchain is a shared, immutable ledger that enables the process of recording transactions and tracking assets in a peer-to-peer network using cryptography. Each blockchain connects with the previous block of information and includes a timestamp and transaction data.
Blockchain technology is designed to prevent manipulation of the contents of the chain to preserve the integrity of the transactions via a consensus model. Problem is, if the information initially inserted into the chain is not legitimate or accurate, subsequent transactions on the chain simply secure and perpetuate false data. That’s where sophisticated fraudsters are focusing their attention.
To fund a crypto account, users must link it to a sourcing account that ultimately requires a connection to a non-crypto financial instrument or account. The exception is when users are simply mining crypto.
Whether through the blockchain or one of these accounts, fraudsters’ primary modes of attack involve one of the following:
- Use stolen account credentials from a traditional bank or credit card to connect a victim account to a crypto account, then siphon off the funds. This is referred to as account takeover, or ATO.
- Set up fake accounts for the purposes of money laundering; in these cases, fraudsters control both the source account and crypto accounts.
- Run scams that convince people to make payments to crypto accounts with a promise of delivering goods or services, then making off with the funds.
- Take advantage of the crypto exchanges, attacking vulnerable or poorly designed code, to siphon off funds as they transfer between the different crypto wallets.
- Perform basic ATO attacks where fraudsters steal the credentials to crypto wallets, then siphon off the funds.
With all of these entry points for attack, multiple, integrated lines of defense that work together are required to optimally protect crypto users. Fortunately, multi-layered security technologies of this kind already exist in the traditional financial services and ecommerce markets today; they represent a great opportunity to also solve some of these challenges in the cryptocurrency ecosystem. The following layers represent the leading lines of defense and are increasingly including digital signals, behavior and biometric solutions:
- Identity verification tools that leverage authenticated identity to ensure that users are who they claim to be.
- Device intelligence and recognition which, when used in conjunction with personally identifiable information (PII), identify anomalous behavior (e.g., detecting a device in southeast Asia that is opening accounts using UK-based identity data). Fraudsters tend to open multiple accounts in short bursts of time, which can easily be spotted with sophisticated and proven device intelligence.
- Network analysis that includes a combination of IP intelligence, ISP (internet service provider) intelligence, traffic pattern observation and more.
- Behavioral biometrics that capture how users are interacting with their devices. Isolating how devices navigate apps or websites can help detect fraud, especially when paired with strong device intelligence.
- Document verification with selfie and liveness testing that can authenticate users during onboarding or as a step-up function for high risk events.
- Leveraging mobile phone number data and signals that can streamline both onboarding and authentication processes.
- Link-analysis technology that identifies ring activity or broader, organized attack activity.
- Identity-graphing capabilities that can stitch together digital and non-digital data about a consumer, including a histogram of their activity across crypto ecosystems.
Connecting these various layered solutions can be challenging, as businesses try to figure out how and when to use each one. Deciding which of these lines of defense to deploy depends on the user journey. It requires finding the right balance between serving the necessary prompts to mitigate fraud and using identity data to verify users without making them stop to authenticate themselves, thus sacrificing convenience and their brand experience.
Smart orchestration and machine-learning decisioning technologies can help reconcile which identity and fraud solutions to activate. These technologies will choreograph the required workflow and perform the complex work of reviewing the raw data from the above systems to come up with a single, best answer at every moment across a user journey and detect bad actors in a privacy-compliant manner. These solutions can also optimize the right solution set for better cost management.
What does this mean for the global biometric technology market? Behavioral biometrics and non-biometric information already factor into identity and fraud-prevention modalities for decentralized finance (DeFi) today. As increased regulation and security requirements enter the DeFi ecosystem, more opportunities will exist for enhanced biometric inputs (facial, fingerprint, iris, voice) to augment a consumer’s identity data to help authenticate individuals and businesses that conduct transactions.
That biometric data that is integrated into corporate, government, law enforcement, and banking and financial institution identity-decisioning systems can ultimately enable safer, personalized interactions with consumers and an accelerated user experience, and “choice” certainly matters. In this way, biometric technology will play a vital role in helping to instill greater consumer trust in the DeFi ecosystem.