#Security16 Sep

Gate In, Gate Out: Crypto Deposits and Withdrawals Security

Alisa Tkach

How we keep your money safe and what you can do to help us.

How we keep your money safe and what you can do to help us.

Buying coins and getting back to fiat is still one of the biggest challenges newcomers face when getting into crypto. A simplified interface and practical functionality are only half of the solution. 

Security should always come first. After all, what is the point in investing if you can’t be sure your funds are well-protected at all stages? 

On the bright side, more companies have started thinking about crypto beginners and offer comprehensive and ultimately secure crypto on-ramps themselves or via a trusted third-party service. 

A part of financial literacy is to understand how a platform you trust your money with works, so this time we uncover how crypto deposits and withdrawals are made within the Mercuryo ecosystem. We will explain why they are safe and give a few tips on how to level up your security.

How Crypto Deposits and Withdrawals Work

Whenever a customer wants to purchase cryptocurrency with a credit or debit card using Mercuryo wallet or widget, we collect fiat through the acquiring bank and buy the necessary amount of crypto on the exchange. 

Then, if the customer uses our wallet, we send the coins to their Mercuryo account. In case they’ve made a purchase via our widget, the crypto will be deposited to their wallet on Mercuryo’s partner platform. A similar process is relevant for crypto withdrawals: we send fiat funds to the receiver’s card via our acquirer and sell the crypto on the exchange.

Security First: How We Ensure Safety

Mercuryo uses a native anti-fraud solution, a cross-channel platform for detecting fraudulent transactions. This solution allows to increase conversion and lower the risks simultaneously. The anti-fraud system analyzes transactions according to the scoring scheme based on the filters and a set of rules.


Our system checks all the Wallet and Widget transactions. Credit card payments are, in fact, double-checked as the acquiring bank also takes part in the process. However, that doesn’t affect overall conversion, and we keep its level among the highest on the market. 

Additionally, we use a third-party service, the leading verification and compliance company, to check a customer’s identity. This algorithm-based check includes all the basic procedures such as visual document check, detecting forgery or stolen credit cards. The system also reviews a person’s identity across over 20 sanctions lists, ensuring they aren’t related to government officials, terrorist organizations, or other restricted entities. 

As for the EDD (aka Enhanced Due Diligence), Mercuryo carries it out on its own. Whenever we detect anyone suspicious, we block or restrict them from performing certain operations. 

Mercuryo relies on a system of limits, restricting people from executing too many transactions on a daily, weekly, or monthly basis. For example, if the client exceeds the €25,000 monthly limit, we ask them to prove their intention. This proof could be a selfie holding a note that they wish to buy, say, €30,000 worth of BTC via Mercuryo. Such measures prove to be especially useful when dealing with older customers who statistically get scammed more frequently.  

If the total purchase sum exceeds €50,000, we are obliged by regulators to ask for quite a few documents such as the source of funds or an explanation of the deals’ economic substance. Often, this is a pretty standard trader’s behavior as they frequently deposit and withdraw large amounts of money repeatedly during a course of a month. However, sometimes it turns out to be related to illegal activities.


There are three key factors we look at when monitoring various transactions: 

  • Behavioral
  • Historical
  • Geographical 

Suspicious behavioral factors may include, for instance, trying to pay with three or more different cards per minute, which usually indicates using the software. Historical factors are based on the customer’s behavior over time: the longer the history, the fewer filters are implemented towards a particular user. Geographical factors are equally important. For instance, if a customer ID indicates Brazilian citizenship while using an Indonesian IP address and Ukrainian phone number, that raises a certain level of concern and asks for additional checks.

In some cases, when our system detects a scammer, we don’t block them straight away. Instead, we allow the fraudster to open an account to try to expose more credit cards they use or their other connections. Typically, we won’t let such users withdraw the funds and immediately inform the acquirer bank to return the money to the original owner. 

On top of that, we employ crypto analytics. If someone tries to deposit coins that have been stolen, compromised on dark markets, or related to any other illegal operations, Mercuryo will not accept this transaction. 

A Few Tips for Keeping Your Crypto Safe

Phishing is one of the most common scamming activities in the crypto space. Here are a few things you should be aware of.

  • Always check if the name of the website is entered correctly and try not to use any links and enter the name manually
  • Do not click on suspicious links even if they come from your closest friends or family, as their accounts could have been hacked
  • A con artist may call you, pretending to be your bank employee clarifying some personal data – do not engage in such conversations 
  • Never share any sensitive information such as passwords or other personal data with strangers
  • Only use official stores – Google Play and App Store – to download your apps and always check the number of installs and reviews 

Our partners from Gate.io consider security to be a key priority and have a couple of advice on keeping your money safe. “At Gate.io we pride ourselves on providing users with market-leading security. Millions of users trust us with their investments, and we take pride in ensuring their holdings are kept safe,” 

Common sense and attentiveness can help prevent the majority of fraudulent attacks.

“When it comes to deposits and withdrawals, users need to pay attention to the specified addresses and ensure everything is entered exactly as provided. 

In some instances, malware has been known to infect the ‘clipboard’ so even when you copy and paste an address, go over it and ensure it’s correct before continuing with the transaction.

Users often postpone enabling extra-security measures such as 2FA and eventually forget about it whatsoever. However, this precaution is not to be taken lightly. Enabling key security mechanisms such as 2 Factor Authentication is a must in the crypto world to ensure your holdings are kept safe,”

Marie, Gate.io CMO

The Bottom Line

Enhancing security is a complex, constantly evolving mechanism that needs to be continuously reviewed and perfected. Scammers advance their techniques, and businesses have to stay updated to protect themselves and their customers. At Mercuryo, we try to keep on top of the risk management game, educate our employees on financial security essentials, and keep up with the latest industry developments. That being said, users should not forget to do their part and help us protect them in the most effective way possible.  

More articles

#security29 Oct

Myth Busters: Does Crypto Fund Illegal Activities?

#security24 Sep

Monitorance #3

#security1 Sep

Monitorance #2