Prevent account takeovers by cryptocurrency scammers

A new criminal target.

Credit unions are under constant pressure to prevent fraud, and the latest threat comes from the world of cryptocurrency and blockchain. For new insiders, crypto is a digital currency designed to function as a medium of exchange – buying, selling, and transferring – through a computer network. Crypto has been around for years, and despite recent media coverage to the contrary, it is not going away. In fact, consumer research conducted by Fiserv indicated that 61% of Gen Z and Millennial survey respondents want their bank or credit union to hold cryptocurrency.

And therein lies the risk associated with crypto and the scammers who operate in this environment. To fund a crypto account, users must link it to a funding account which requires a connection to a non-crypto financial instrument or account. In this case, it would be a credit union member’s account.

It is this connection between the funding account and a credit union account that gives fraudsters an opportunity. What is extremely important is to understand the different ways in which they can attack.

The most common fraud is the traditional account takeover, or ATO. Fraudsters use stolen account credentials from a bank, credit union, or credit card to connect a victim account to a crypto account, then siphon off the funds. For members of credit unions who have crypto wallets, a variant of the ATO involves fraudsters outright stealing a member’s crypto wallet credentials and then withdrawing the funds.

Arguably the most publicized form of fraud are scams where bad actors convince people to make payments to crypto accounts with the promise of delivering goods or services. To compound the problem, when people do this, they make themselves vulnerable to future ATOs unless they take the proper precautions.

With these different points of attack, how does a credit union protect itself and its members against crypto fraud? Given the highly sophisticated nature of these attacks, credit unions can benefit from several built-in layers of security technology that together can help prevent fraud, even when it involves corrupting the blockchain itself. The main lines of defense against fraudsters now include a choreographed mix of digital signals and behavioral and biometric solutions.

To ensure users are who they say they are, identity verification tools that leverage authenticated identity are the first step.

Looking at the characteristics of scammers, they frequently open multiple crypto accounts in short periods of time, which can easily be spotted with sophisticated and proven device intelligence. When used in conjunction with personally identifiable information, device intelligence and recognition tools can spot this type of behavior and identify anomalous behavior, such as the detection of a device in Southeast Asia that opens accounts using UK-based identity data.

Additionally, behavioral biometrics capture how users interact with their devices. Isolating how devices navigate apps or websites can help detect fraud, especially when paired with strong device intelligence. More advanced biometric tools involve document verification with selfie and liveness tests that can authenticate users during onboarding or as a scalable feature for high-risk events.

Other analytical tools to prevent fraud include network analysis which uses a combination of intellectual property information, Internet service provider information, observation of traffic patterns and more; leverage mobile number data and signals to streamline onboarding and authentication processes; link analysis technology that identifies ring activity or broader organized attack activity; and identity graphing capabilities that assemble numeric and non-numeric data about a consumer, including a histogram of their activity in crypto ecosystems.

Deciding which of these lines of defense to deploy depends on each credit union’s unique user journey; the level to which this credit union has embraced crypto and, if so, what partnerships are in place; customer service standards; and more. Either way, connecting these layered solutions can be tricky, as credit unions determine how and when to use each one. This requires striking the right balance between delivering the prompts needed to mitigate fraud and using identity data to verify members without requiring them to constantly authenticate, which sacrifices convenience and jeopardizes their experience. brand.

The good news for credit unions is that machine learning technologies can help orchestrate which identity and fraud solutions to activate and when to activate. These technologies will coordinate and manage the required workflow and perform the complex work of reviewing the raw data from the above systems to produce a single, best response to every moment of a member’s journey and detect bad actors with respect. of privacy. These technologies can also optimize the right set of solutions for better cost management.

Behavioral and biometric data are already used for identity resolution and fraud prevention in the crypto ecosystem today. This information is integrated into the identity decision systems of businesses, governments, law enforcement, and banking and financial institutions to enable more secure and personalized interactions with consumers and an accelerated user experience.

The call to action for credit unions that currently offer crypto to their members, entertain it, or provide services to members funding their crypto accounts from their credit union accounts is to assess their readiness to prevent fraudsters from finding attack entry points and securing their infrastructure with multiple, intelligently orchestrated layers of security technology. This way, credit unions can do everything in their power to mitigate risk and preserve the brand experience of members.

David Breton David Breton

David Britton is Vice President of Strategy for Global Identity and Fraud at Experian.