Since bitcoin and the blockchain popped up nearly ten years ago, cryptocurrencies have experienced a startling evolution: from a fringe investment to a mainstream medium of exchange. Enterprising fraudsters have been following this evolution closely. In the first two months of this year, cryptocurrency fraud resulted in losses of $9 million a day.
People who participate in cryptocurrency exchanges are using a decentralized system. Unlike standard banks, which are subject to government oversight, cryptocurrencies rely on a public ledger called a blockchain. Users rely on each other to maintain the blockchain, validating and timestamping transactions. At the same time as fraudsters are using bitcoin to carry out their scams, businesses and innovators are turning to the blockchain as a potential fraud-fighting technology.
Even if you’re not mining bitcoin or buying into the latest ICO (initial coin offering), it’s vital to understand how cryptocurrency is changing the face of trust & safety on the internet.
The Spread of Cryptocurrency Fraud
Your business doesn’t allow your customers to pay in cryptocurrencies. That means you and your customers are safe, right? Not so fast. In May of this year, fraudsters hacked into more than 400 business, government, and university websites, surreptitiously turning them into cryptocurrency mining platforms. Crypto mining is a huge investment of electricity and computing power, so the fraudsters drained their victims’ CPU resources before moving onto their next victim. That’s right: drive-by data mining.
Fraudsters have become adept at targeting vulnerable users, organizations, businesses, or government entities that don’t have sophisticated malware filters, but that do have money. Especially worrisome: they tend to target entities like hospitals or government agencies, which desperately need access to their files, and then they hold the files ransom for bitcoin.
Our Next Line of Defense?
But some have turned to the technology underpinning cryptocurrency as a potential fraud-fighting solution. Security engineer Diogo Mónica has put a name to an IT architecture idea that may help safeguard user data. “Crypto Anchors,” which Mónica and his colleague Nathan McCauley developed at Square, encrypt database contents using a key stored on a single-purpose computer called a Hardware Security Module, or HSM. If a fraudster tries to access that database, the HSM acts as a gatekeeper that decrypts each record one-by-one. Businesses can configure the HSM to throttle its decryptions so the data can’t be unscrambled faster than a fixed rate. So even if a hacker takes over a computer on a corporate network that has access to a database, they can’t just do a hit-and-run, stealing the data and fleeing.
Mónica and McCauley aren’t the only ones looking to cryptocurrencies and the blockchain for innovative fraud solutions. Vinny Lingham, CEO of Civic, aims to leverage Bitcoin’s blockchain to create an offline model of identity management. When a user signs up for the Civic app, Civic collects the user’s PII (personally identifiable information). The PII is passed through a verification service, usually a government agency or third party, to make sure it’s legitimate. Then Civic takes a cryptographic hash of that information, and inserts that hash into the public blockchain before erasing the user’s personal data from their servers. If the user needs to verify their identity before making a purchase on an e-commerce site, their PII is sent through Civic’s algorithm and checked against the hash on the blockchain.
Your To-Do List
- If you accept cryptocurrencies as payment, make sure you know exactly how you’re storing your crypto and set up defenses accordingly
- Be transparent and communicative with your users when you decide to introduce crypto as a payment method
- To make sure your crypto isn’t passing through (or from) the hands of fraudsters, consider using a vendor that analyzes signals to detect fraudulent behavior
Download our ebook to discover the 5 trends redefining fraud!