Home Technology Cybersecurity Opinion: Why financial institutes need to start taking crypto fraud seriously Behavioural biometrics can help financial businesses authenticate users without purchasing any extra hardware or negatively affecting their user experience by Saeed Ahmad February 18, 2023 There’s little question that the crypto era has begun. A third of UAE residents have invested in cryptocurrencies, and up to 67 per cent of UAE consumers have reported an interest in cryptocurrency trading. It’s safe to say that cryptocurrencies are now considered to be mainstream. Multiple financial institutions are now racing to develop decentralised platforms (DeFi) to capitalise on the growing interest in digital assets. However, this rising popularity is also fuelling a rise in fraud. In 2021, Crypto criminals stole a record $14bn in total, a staggering increase of roughly 80 per cent compared to 2020. Hacking was a close second to scamming as the most common type of crypto-related crime, and this wasn’t limited to individuals. For instance, a single criminal organisation broke into a cryptocurrency exchange or project more than 20 times last year, stealing at least $10m. While the UAE has put in place penalties that can reach up to Dh1mn and the possibility of jail time to fight this new type of crime, digital assets continue to rank among the most profitable targets for modern attackers due to their high value. Nevertheless, despite the massive amounts of capital at risk, the issue will only worsen unless significant changes are made to how these cryptocurrency exchanges run, and more importantly, how they verify customers. Read: Where is crypto headed in the next 5 years? Deep diving into the crypto ‘Wild West’ The nature of cryptocurrencies has always been incompatible with how most financial services organisations operate. It has always been difficult for regulators. financial services companies, and governments to successfully regulate blockchain technology effectively as it is a dynamic, decentralised technology (which is why many banks are still resistant to it). Despite the public’s increased interest in cryptocurrencies, many still find it challenging to comprehend the fundamentals of how blockchain functions, even though they are aware that it has the potential to make them wealthy. As a result of the confluence of low comprehension and strong appeal, crimes like the One Coin cryptocurrency scam are possible. However, leading a false financial revolution is far from the only way to steal a great fortune when it comes to cryptocurrency theft. This is because many of these crimes are enabled by existing systems, and most exchanges, rather than specific individuals. Combating contemporary crimes with antiquated arms Although cryptocurrency is a futuristic technology, hackers haven’t had to reinvent the wheel to access wallets and exchanges. This is because the majority of attack methods being deployed by criminals are scams those financial institutions have long been aware of, such as remote access trojans (RATs) and account takeover fraud (ATO). Although scammers have been utilising these strategies for a long time now, cryptocurrency exchanges, however, do not seem to have caught on. One of cryptocurrencies’ core weaknesses lies with authentication. Most crypto exchanges and platforms still employ passwords and usernames, supplemented by “possession factors” such as an OTP (one-time password) given to users’ phones through SMS to verify a user’s ID. On the surface, OTPs might appear to be a relatively secure method of authentication; however, it is important to note that SIM cards were never designed to be secure, which is why many banks have stopped using them to authenticate clients. Credit stuffing, SIM swapping and SS7 attacks, passwords, usernames, and OTPs all provide fraudsters with very convenient workarounds for all the additional layers of security that these platforms might have. Even though these old security flaws are being exploited, hackers aren’t resting on their laurels as frauds are becoming more elaborate and disastrous by the year. Simply put, it is time for this new generation of financial institutions to end the crypto fraud occurring under their watch. The only way to do that is to replace the outdated authentication system that is failing its users with one more appropriate for our digital age. The age of biometrics Regardless of the many transformations that usernames and passwords may have experienced, they are fundamentally still analogue solutions that are only utilized in a digital setting. As a result, the primary concept of digital identity is based on an essentially flawed system that was not designed for a truly digital world. Biometrics, on the other hand, offers a genuinely digital solution that can keep up with our ever-changing world. Unlike a login or password, which can be intercepted or stolen, behavioural biometrics can be tailored to an individual’s unique characteristics. It considers various factors, including how a device is handled, the pace and manner of keystrokes, and countless other difficult-to-imitate quirks. Thanks to behavioural biometrics, businesses can now authenticate users without purchasing any extra hardware (device agnostic) and without negatively affecting their user experience. The biometrics evolve as the user’s relationship with the business changes over time. As a result, given that cryptocurrency theft shows no signs of abating, these exchanges are now required to examine how they identify users and consider whether their security procedures endanger their customers. The sooner they can start restoring digital identities meaningfully, the better. The writer is the managing director, Middle East and North Africa, Callsign Tags behavioural biometrics Crypto fraud cybersecurity DeFi finance Technology 0 Comments Share Tweet Share Share You might also like Netflix tests idea of expanding gaming service to televisions These are the top 8 cybersecurity predictions for 2023-2024 Dubai Financial Market introduces ‘Omnibus Accounts’ for investors Does Apple’s pay later service require iOS 16.4?