#Security26 Mar

How Mercuryo Handles Cyber Threats

Nikolay Bocharov

Everyone dreams of such a present.

Everyone dreams of such a present.

Can you imagine your daily routine without the ability to buy or order things online? It’s hard to remember what life used to be like without digital money, credit or debit cards, and other payment methods available for us today. 

And the cryptocurrency market is catching up with them at full speed. People are no longer considering crypto only as an investment tool but use it as a cross-border payment solution to purchase goods and services.

Breaking Stereotypes: Not a Tool for Criminals

This market is still considered to be a breeding ground for the illegal activities of dark web merchants, criminals, and scammers. However, this is nothing more than a stereotype, and here’s why.

Mandatory regulations

All the major cryptocurrency market players are holding qualifying licenses. At the same time, regulators strictly monitor cryptocurrency-related companies making sure that they comply with AML procedures, conduct proper identity verifications, and apply necessary anti-fraud measures. There are, of course, companies that do not comply with these requirements, but they are in the minority, and their payment traffic is insufficient. 

Cybercrimes and law enforcement

Law enforcement became a lot more interested in the cybercrimes conducted using digital money. When it comes to their awareness in this area and catching criminals, we can witness a qualitative improvement.

Leaders’ support

Card schemes such as Visa or MasterCard treat cryptocurrency purchases using fiat just as seriously as they handle other services. Crypto merchants must provide a mandatory set of documents proving that a legitimate exchange has carried out the service. That’s why market players with shady reputations cannot assist cardholders who haven’t received their service and want to use chargeback to get their money back.

Cutting-edge anti-fraud systems

Modern-day anti-fraud systems, including crypto analytics, are significantly more effective than those we used to implement 5 years ago. So most of the scammers have no chance to succeed. 

New Threats

Nonetheless, threats for companies that work in the crypto space are still quite real. The risks might be shifting in one direction or another and yet remain present. The only thing that’s changing is the scamming schemes trend development. 

Not long ago, the lion’s share of fraud activities accounted for billing information discredit and illegal use through malicious software, skimming, or interception of the credit card data due to non-compliance with PCI DSS standards. With the introduction and development of two-factor verification, 3D-Secure protocol, and toughening of the KYC policy requirements, these scamming methods are gradually being replaced by phishing, ID forgery, and the forthcoming of more complex and high-quality websites for deceiving users.

It’s not that rare when legal and illegal activities are mixing and over time leaning towards the second option. We can also notice an increased interest in electronic money in general and cryptocurrencies, particularly as the most convenient method for withdrawing funds from compromised cards or money laundering.

Why buy a relatively expensive mobile phone only to sell it afterward or deposit stolen funds on Forex or a gambling site, imitating trading or gaming for onward withdrawal, if you can buy crypto and withdraw it instantly? Obviously, the second method is more convenient. But due to the preceding reasons for keeping the market within the legal framework, it turns out to be more financial and labor-intensive.

For example, phishing is not known for exploiting false documents, but social engineering’s labor costs are high. If we look into the development of phishing attacks, it is worth noting the trend of targeting older and younger people with remote services going mainstream.

Phishing techniques have changed as well. Combined schemes with two different time-separated scammers are quite common. Also, new non-classical client engagement schemes are being invented. For example, we’ve seen many scenarios involving a forex industry company or binary options. Other popular phishing methods include implementing services to gain remote access to one’s computer and filling out payment forms together with the victim. Remote access helps carry out the manipulations independently, and staying online with a client allows for getting critical data, such as registration, 2FA, or 3DS codes in time.

Mercuryo vs. Scammers

Building and managing a global payment network implies strict security measures. The key is to stay up-to-date with new technology developments and ever-evolving fraudulent techniques. 

What are the risk management techniques we use in Mercuryo?

  • Continuous development of the anti-fraud system and transaction monitoring capabilities
  • Full compliance with all the instructions from regulators, Card schemes, and organizations such as the FATF (Financial Action Task Force).
  • Regular checks of merchants and partners 
  • Conducting claims work according to the rules of Card schemes to minimize financial and reputational losses.
  • Undetected fraudulent transactions’ analysis and maintaining statistics on fraudulent and disputed transactions
  • The use of crypto analytics and address check for their relationship with the dark web and other illegal activities
  • Work with customer requests and inquiries from law enforcement agencies, banks, and partners

When figuring out the improvements to be made to advance the risk department’s work in general, a few of them come to mind.

First, it is necessary to improve both the anti-fraud system’s quality and functionality and the entire process to identify suspicious or fraudulent transactions.

Secondly, we need to always keep in mind that the world of fraud is rapidly evolving. Moving forward, it starts using more sophisticated deception schemes and coming up with a better quality of forgery or payment tools such as bank cards. Therefore, the technology for detecting these types of activities should also be constantly evolving.

And finally, automation of business processes plays a huge role in risk management. The human factor is inevitable: people tend to make mistakes, get tired, and take breaks. And this is especially critical for anti-fraud systems that operate around the clock. Also, automation of the processes allows businesses to scale faster without increasing the staff.

The Bottom Line

Summing up, cryptocurrency is often subjected to excessive criticism and skepticism from representatives of traditional payment systems. Nevertheless, it justifiably includes increased risks that require a proper approach to minimize them.

The cryptocurrency market is growing bigger and stronger. Chances are that in a few years a lot more people will be using crypto daily. This also means that the cybercriminals won’t stand still too. The scamming schemes will be developing alongside countermeasures, and this battle will hardly ever end.

More articles

#Security16 Sep

Gate In, Gate Out: Crypto Deposits and Withdrawals Security

#Security1 Sep

Monitorance #2

#Security18 Aug

Monitorance #1