Connect with us

Banking

CRYPTOCURRENCY EXCHANGES MUST TACKLE THEIR CYBERSECURITY ISSUES

Published

on

By Andrew Shikiar, executive director of the FIDO Alliance

 

Cryptocurrencies are becoming mainstream. Despite recent dramatic price falls after bitcoin hit an all-time high of around $65,000 in April, interest in owning cryptocurrency has continued to grow this past year. A report from the Financial Conduct Authority released last month estimated that around 2.3 million UK adults now own some form of cryptocurrency, up 21% over 12 months, and that 78% of the population have now heard of cryptocurrency.

Andrew Shikiar

However, alongside this growing interest in cryptocurrencies is a significant increase in cybersecurity risks. Investors need to be aware of these risks and the industry must do all it can to make cryptocurrency safer.

The first main issue is rising crime, as new crypto investors are targeted by scam artists, fraudsters and cyber criminals.

Nearly $3.78 billion was stolen in 122 blockchain-related attacks throughout 2020, equivalent to $10 million a day. Meanwhile, according to the US Federal Trade Commission, nearly 7,000 people lost more than $80 million in scams between October 2020 and March 2021 — a 1,000% increase from the year before.

These scams range from fake currency exchanges to phoney giveaway websites offering free cryptocurrency. In March, scammers took advantage of the highly publicised appearance of Tesla CEO Elon Musk on US comedy show “Saturday Night Live” to steal around $10 million worth of various cryptocurrencies.

Investors are particularly vulnerable as there is virtually no way to protect their accounts from theft; in the world of cryptocurrency, there are no guarantees. Traditional banks will generally cover losses if you are the victim of fraud or identity theft, while the Financial Services Compensation Scheme will protect UK consumers when a financial firm fails, but there is no equivalent scheme protecting your crypto assets.

In order to prevent theft, it is essential to enable secure access to these cryptocurrency assets. However, this is where we encounter the other major cybersecurity issue concerning cryptocurrency: how do we enhance security while also that investors can always access their accounts?

 

Security issues and problematic passwords

Many accounts are initially set up using passwords or other knowledge-based authentication (KBA) – both of which are inherently unfit for purpose to protect high-value accounts.

Specifically, passwords simply aren’t suitable for securing high-value accounts, because they can be easily compromised, either through phishing attacks (a form of social engineering where a victim is tricked into divulging their personal information, such as login credentials) or outright theft by purchasing one of the 15 billion credential pairs that are readily available on the dark web.

Furthermore, if you forget your password, you may have trouble recovering access to your account. There are several high-profile news stories of cryptocurrency investors being locked out of a fortune after forgetting a crucial password, such as that of German bitcoin trader Stefan Thomas, who has lost the password to hard drive containing the key needed to access to a digital wallet containing 7,002 bitcoins, currently worth around $165 million.

Meanwhile, KBA suffers from several problems, such as a user’s inability to remember a key piece of information or the wide availability of personal information on the internet through social media or data leaks. It also is possible to buy huge amounts of personal data from the dark web for relatively little cost.

Even if an account is protected by traditional two-factor authentication, such as requiring a code sent via SMS, attackers use SIM swapping and other techniques to get the code sent to their phone instead of the intended recipient. These methods as well as dedicated authenticator apps are also vulnerable to replay attacks – where the cybercriminal injects themselves into the authentication flow, unbeknownst to the account holder.

Using these approaches, cryptocurrency account takeovers are occurring more and more frequently. Once inside an account, criminals can quickly empty its contents, as almost all transactions are finalised within minutes and not easily reversible. Cryptocurrency exchanges themselves are also commonly targeted; in 2020, there were 28 exchange breaches, totalling over $300 million in losses.

Unfortunately, there are few pre-established trust relationships between users and the exchange or wallet provider. Many users have experienced terrible customer support with these exchanges, often having to wait for weeks or even months to regain access to their accounts, simply because it is so difficult to prove that they are the rightful owner.

 

How modern authentication can protect digital assets

So how do we address these issues? The answer lies in moving away from knowledge-based authentication to possession-based authentication. In this scenario, all cryptographic login credentials are stored on a physical device, like a smartphone or security key, that the account holder – and only the account holder – is in possession of.

This approach is proven to be resistant to phishing and account takeovers, and the technology is already embedded into billions of devices worldwide and available to anyone using a modern internet browser.

Crypto exchanges are already aware of these benefits and several have already added support for the FIDO(Fast IDentity Online) possession-based authentication protocols, including Coinbase, Binance, and STEX. Gemini was an early adopter of FIDO for both its smartphone app and web browser, with a growing percentage of its users protecting their accounts with FIDO authentication by purchasing FIDO Certified security keys.

However, standardised authentication alone cannot solve security issues unless it is adopted widely throughout the industry. A consistent approach to security and standardised authentication flows across exchanges, as well as for digital and physical cryptocurrency wallets, is desperately needed to protect investors and their assets – and these best practices should be universally encouraged to all users, across exchanges More can and needs to be done to take the onus of protection away from individuals and onto the institutions.

In conjunction with this push towards possession-based authentication, users should be required to have multiple authenticators to assist with account recovery for each cryptocurrency exchange – whether that is two security keys or a security key and a biometric authenticator. Having multiple account recovery keys for each exchange will reduce pressure on customer support and help users who lose a device. It would also offer users a choice of stronger authentication options.

Finally, exchanges should eliminate using less secure backup and recovery options such as using SMS or other knowledge-based factors. This will help improve overall security, especially for account recovery.

For the crypto industry to reach its full potential, exchanges must balance cryptocurrency’s anonymity and privacy with the security needed for accounts and assets. Following in the footsteps of exchanges like Gemini and enabling users to fully secure their accounts would help to protect customers from phishing attacks and account takeovers, without sacrificing convenience and privacy.

 

Banking

Digital Banking – a hedge against uncertainty?

Published

on

By

Ankit Shah, Head of Digital Banking, Apex Group

 

The story of the 2020’s thus far is one of crisis. First the world was plunged into a global pandemic which saw the locking down of people and economies across the world. Now we deal with the inevitable economic consequences as currencies devalue and inflation bites. This has been compounded by Russia’s invasion of Ukraine and subsequent energy politics.

And the outlook remains uncertain. Tensions continue to build between China and Taiwan and inflationary conditions are forecast to continue well into 2023. This uncertainty is impacting everyone, and every sector. And finance is no exception with effects being felt everywhere from commodity and FX markets to global supply chains.

But it’s not all doom and gloom. Rollercoaster markets and an ever-evolving geopolitical situation have made 2022 a tricky year far, but, despite the challenges, digital banking has proven resilient. In fact, the adoption of digital banking services has continued to grow over the last few years, and is predicted to continue.

So, what are the forces driving this resilience?

In an increasingly digital world and economy, digital banking comes with some advantages baked in, which have seen the sector continue to succeed despite the tumult in the wider world. In fact, the crises which have shaped the decade so far may even have been to the advantage of digital banking. Just as during the pandemic, technologies which could facilitate remote working saw a huge uptick in users, so to digital banking is well suited to a world where both people, and institutions demand the convenience that online banking services offer.

And while uptake of digital banking services is widespread amongst retail consumers, a trend likely to continue as digital first generations like Gen Z become an ever-greater proportion of the consumer market, uptake amongst corporate and institutional customers has been slower. This is largely down to a lack of fintech businesses serving the more complex needs of the institutional market, but, in a post-Covid world of hybrid working business, corporate clients are looking for the same ease of use and geographic freedom in their banking that is enjoyed by retail consumers.

This is not just a pipe dream – with the recent roll out of Apex Group’s Digital Banking services, institutions can enjoy the kind of multi-currency, cloud-based banking solutions, with 24/7 account access that many of us take for granted when it comes to our personal banking.

Staying compliant

One significant difference between retail and business accounts however, for banking service providers, is the relative levels of compliance which are needed. While compliance is crucial in the delivery of all financial services, running compliance on multi-million pound transactions between international businesses brings with it a level of complexity that an individual buying goods and services online doesn’t.

For digital banking services providers, this situation is further compounded by guidance earlier this year from HM Treasury – against the backdrop of the Russia-Ukraine conflict- requiring enhanced levels of compliance and due diligence when it comes to doing business with “a high-risk third country or in relation to any relevant transaction where either of the parties to the transaction is established in a high-risk third country or with a sanctioned individual.”

So, can digital banks meet these standards while also providing institutions with the kind of easily accessible, mobile service which retail customers enjoy?

The answer is yes and again, once initial hurdles are overcome, digital banking brings with it features which give it the edge over traditional banking services. Paperless processes, for example, mean greater transparency and allow for better and more efficient use of data. This means AI can be employed to search documents, as well as provide verification. It also means compliance processes, often notoriously complicated, become easier to track. Indeed, digitising time intensive manual process means the risk of human error in the compliance process is reduced.

Digital banking can also better integrate transaction monitoring tools, helping businesses identify fraud and irregularity more quickly. This can be hugely important, especially in the times of heightened risk we find ourselves in, where falling foul of a sanctions regime could have significant legal, financial and reputational consequences.

Cross-border business

Our world is increasingly globalised, and so is business. For corporate and institutional banking customers, being able to operate seamlessly across borders is key to the operation of their business.

This brings with it challenges, which are again compounded by difficult geopolitical and economic circumstances. In recent weeks for example, we’ve seen significant flux on FX markets which can have real consequences for businesses or institutional investors who are buying and selling assets in multiple currencies and jurisdictions. The ability to move quickly then, and transact in a currency of choice, is vital. Advanced digital banking platforms can help – offering automated money market fund sweeps in multiple core currencies to help their clients optimise their investment returns and effectively manage liquidity.

Control admin uncertainty

In times of uncertainty, digital banking can provide additional comfort via customisable multi-level payment approvals to enhance control of what is being paid out of business accounts, with custom limits available for different users or members of a team. Transparency and accountability are also essential, with corporate clients requiring fully integrated digital reporting and statements and instant visibility with transaction cost and  balances updated in real-time.

Outlook

For some, the perception remains that digital banking is the upstart industry trying to offer the services that the traditional banking industry has built itself upon. Increasingly however, the reality is that the pressure is on traditional banks to try and stake a claim to some of the territory being taken by digital first financial services.

With a whole range of features built in which make them well suited to business in a digital world, digital banking is on a growth trajectory. Until now, much of the focus has been upon the roll-out of services to retail consumers, but with features such as automated compliance, effortless international transactions and powerful AI coming as standard for many digital banks, the digital offering to the corporate world looks increasingly attractive.

Continue Reading

Banking

Security vs online payment convenience: which one is tipping the scales for customers?

Published

on

 Chirag Patel, President of Digital Wallets at Paysafe.

 

While keeping their payment details safe is a top priority for customers when shopping online, they’re not willing to jump through endless hoops or accept poor user experiences as the inevitable price of greater security.

Online payment security has been top of mind for merchants since the very first internet purchase: a copy of Sting’s ‘Ten Summoner’s Tales’ CD. Even though payment technology has become more sophisticated over time, the eCommerce explosion has brought about an ongoing battle between increasing security and ensuring convenience.

Chirag

Customers are ever more aware about the risks of online shopping and concerned about their financial details falling into the wrong hands. Simultaneously, demand for a good user experience has also risen steadily. But greater security typically introduces friction into the checkout process, which continues to be one of the leading causes of cart abandonment.

In our latest Lost In Transaction report, we surveyed 11,000 consumers in 10 countries across Europe and the Americas regarding the balance between security and convenience in online payments.
Here are the key take-aways for online merchants moving forward.

 

How concerned are consumers about online fraud?

According to our research, customers continue to grow increasingly worried about online fraud.
59% of respondents are more concerned about it today than they were 12 months ago. Not feeling comfortable sharing financial details online has increased from 49% in 2021, to 70% in 2022.
More to the point, our research shows that, when they have a choice, 44% of respondents will invariably pay with the method they perceive as safest while only 21% will choose the most convenient payment method, and even fewer (14%) will choose the fastest one.

These findings aren’t surprising considering that fraud has become more frequent and more serious during the COVID-19 pandemic. For example, in 2021 the average US fraud victim lost $500 and the average UK victim lost £806.

However, what merchants need to keep in mind is that, even though security typically dictates the choice of payment method, there’s a limit to how much friction customers are prepared to tolerate. And our research suggests this limit is close to being reached, with 42% of customers reporting that they would prefer more payment security but only 19% open to accepting whatever measures are necessary for increased protection against fraud. The other 23% would only accept a minimal increase in inconvenience.

 

A fine line to walk

If you’re a merchant, the situation is positive but challenging to navigate.
Fortunately, 44% of consumers think merchants are getting the balance between security and convenience right — up from 26% in 2021 – and trust is also high. 53% think online payments are more secure than they were twelve months ago. And 64% of respondents are more likely to shop from merchants who already have their payment details on file, compared to 54% in 2021.

The challenge is that security risks are ever evolving. Cybercriminals are constantly refining their techniques, which means measures that are highly effective today can become inadequate tomorrow. And regulation is constantly developing, at times at odds with consumer sentiment. The introduction of Strong

Customer Authentication rules, for instance, sparked fears that the deliberate friction they required would hurt sales, which, admittedly, has had less of a negative impact than anticipated.

Consequently, while security enhancements are inevitable if merchants are to continue meeting high standards, there’s margin for error now that more consumers are reaching the limits of their tolerance for friction.

For every new security measure they introduce, merchants must be increasingly mindful of the impact on the streamlined payment experience customers expect.

 

Finding a common ground: boosting security with trust and technology

While maintaining – or even improving – the current balance between security and convenience might seem impossibly tricky, payment technology has evolved to a point where it’s doable.

With embedded payments, for instance, the consumer pays through a user-friendly interface at the point of need. And because financial details are stored securely in tokenized format, there’s no need to share them every time you make a purchase.

eCash is another such solution that enables customers to buy online quickly, securely, and privately.
A unique barcode is generated at the checkout which customers can then get scanned at one of one million points of sale in 55+ countries to pay in cash. Which means they can buy online without having to share or even store any financial details.

This presents a great opportunity for merchants to take advantage of the high levels of trust these payment solutions enjoy. While our research shows that there’s still a significant knowledge gap, particularly in embedded payments, consumers are becoming more open to both technologies. So now is the time to explain the benefits clearly to customers and, more importantly, address concerns.

 

Online payment security is crucial, but not at all costs

Keeping their financial details safe is the most important element of the payment process for most customers. But while fraud protection may be winning the battle against convenience hands down, merchants need to carefully navigate the process of increasing security without adding too much inconvenience.

As critical as it is for merchants to protect customers’ data, a zero-fraud strategy would also likely cause way more friction than most customers are prepared to tolerate. A smooth, seamless payment experience remains as important as ever.

 

 

Continue Reading

Magazine

Trending

Business3 days ago

Know Your Business (KYB): Exceeding KYC

Victor Fredung, CEO at Shufti Pro   Money laundering costs the UK more than £100 billion pounds a year, according...

Finance1 week ago

Mini-Budget 2022:

Tax giveaway is a boost for business, but will it drive growth or fuel inflation?   Chancellor Kwasi Kwarteng has...

Finance1 week ago

A zero trust environment is critical for financial services

Boris Bialek, Managing Director of Industry Solutions at MongoDB Not long ago security professionals were still focused on protecting their...

Banking1 week ago

Digital Banking – a hedge against uncertainty?

Ankit Shah, Head of Digital Banking, Apex Group   The story of the 2020’s thus far is one of crisis....

News1 week ago

Union Bank of India goes live with RuPay Credit Card on UPI with Kiya.ai as a technology partner

Nitesh Ranjan, ED Union Bank of India with Rajesh Mirjankar, Managing Director & CEO, Kiya.ai at the launch   Kiya.ai,...

Finance1 week ago

Anyone Can Become an R&D Tax Expert with the Right Foundations

Ian Cashin is a Customer Success Manager at Fintech company and R&D tax software provider WhisperClaims   For accounting firms,...

Business1 week ago

Addressing the ongoing global pilot shortage issue

By Bhanu Choudhrie, Founder of Alpha Aviation   The Covid-19 pandemic brought the aviation industry to a halt, causing vast...

Business1 week ago

How exporters can mitigate risks and operate smoothly in stormy, post-Brexit waters

By Morgan Terigi is Co-Founder and CEO of Incomlend   The past few years have presented a series of hurdles...

Business1 week ago

From employees to customers, workforce management can benefit the entire banking ecosystem

Michael Cupps, SVP of Marketing of ActiveOps explores the significant impact workforce management can have on the employees and customers...

Business2 weeks ago

Redefining the human touch with digital transformation

Simon Kearsley, CEO of bluQube   It may not be a new phrase, but digital transformation is still inducing anxiety...

Finance2 weeks ago

CFOs – the forgotten ally in the fight against ransomware

Justin Vaughan-Brown, VP Market Insight at Deep Instinct   Ransomware attacks have nearly doubled in the past couple of years....

Technology2 weeks ago

7 cost benefits of cloud accounting software

By Paul Sparkes, Commercial Director of iplicit, an award-winning accounting software developer   Is your accounting software having a laugh...

Business2 weeks ago

How does Identity Access & Privileged Access Management help in PCI DSS Compliance?

Narendra Sahoo is a director of VISTA InfoSec. Introduction The Payment Card Industry Data Security Standard also commonly referred to...

Finance2 weeks ago

Listed private debt deserves a closer look from investors

By Michel Degosciu, Managing Partner, LPX AG Over the past few years, the private debt asset class is attracting serious...

Banking2 weeks ago

Security vs online payment convenience: which one is tipping the scales for customers?

 Chirag Patel, President of Digital Wallets at Paysafe.   While keeping their payment details safe is a top priority for...

Business2 weeks ago

The Tool and Tips to Truly Get Started with No-Code Development

Author: Chris Obdam, CEO of Betty Blocks   Throughout the legal industry, firms and in-house departments are leveraging legal tech...

That’s where Netcall’s Liberty Create came in. Create is a new breed of low-code software solution, built for both business users and professional developers That’s where Netcall’s Liberty Create came in. Create is a new breed of low-code software solution, built for both business users and professional developers
Business3 weeks ago

How ReFi Will Transform Finance

– by Ransu Salovaara, CEO of carbon platform Likvidi   Humanity faces a multitude of threats, many of which are...

Business3 weeks ago

THE NEXT WAVE OF FINTECH IS HERE

Much has been made of the ‘second generation’ fintech movement recently, but what have these businesses learned from those entering...

News3 weeks ago

UK leaves Europe trailing in its embrace of digital banking

People in the UK have embraced digital and online banking in a way that those across the rest of Europe...

Business3 weeks ago

The rise of automation and its impact on the CFO & CIO

By: Gert-Jan Wijman, VP Europe, Middle East and Africa at Celigo   On the back of the pandemic, organisations have...

Trending