Sift Logo Several blue dots forming a sphere to the left of the word Sift in italic font.
  • Products

    Digital Trust & Safety Suite

    Fight fraud without sacrificing growth

    Learn more →

    Passwordless
    Authentication

    Account
    Defense

    Content
    Integrity

    Payment
    Protection

    Dispute
    Management

    Sift
    Connect

    PSD2
    Solution

    New Releases & Enhancements

  • Partners

    Sift Partner
    Program

    Join the leader in Digital Trust & Safety

    Learn more →

    Commerce platform partners


  • Industries

    One solution, many applications

    Learn how Sift can work for your industry

    Learn more →

    Featured industries


    Fintech

    Retail

    Food & Beverage

  • Customers

    See case studies by industry

    Sift works across every use case and region

    Learn more →

    Featured customers


  • Resources

    Explore our resources

    Access trends, guides, and insights from Sift

    Learn more →

    Blog

    Ebooks

    One Pagers

    Demos

    Videos

    Webinars

    Infographics

    Podcasts

    Trust & Safety University

  • Fraud Center
  • Company

    Why leaders choose Sift

    Technology, community, and partnership

    Learn more →

    Our mission: Help everyone trust the internet


    About

    Careers

    News & Press

Request a demo
Products
  • Digital Trust & Safety Suite
  • Passwordless Authentication
  • Account Defense
  • Content Integrity
  • Payment Protection
  • Dispute Management
  • Sift Connect
  • PSD2 Solution
  • New Releases & Enchancements
Why Sift
  • Salesforce
  • Magento
  • Shopify
Industries
  • Fintech
  • Retail
  • Food & Beverage
Customers
Resources
  • Blog
  • Ebooks
  • One Pagers
  • Demos
  • Videos
  • Webinars
  • Infographics
  • Podcasts
  • Trust and Safety University
Fraud Center
About
  • Search Careers
  • Our Company
  • Contact Us
  • Engineering Blog
Request a DemoSign In
  • Blog Home
  • Account Fraud
  • Digital Trust & Safety
< prev / next >
Share this article on LinkedIn
Tweet this article
Share this article on Facebook
SOCIALICON
Share this article via email

How Consumers—and Fraudsters—are Circumventing ID Verification on Crypto Sites

By Brittany Allen  / 

7 Jul 2021

As cryptocurrency trading gains momentum and becomes a mainstream investment strategy, we are naturally seeing many crypto trading sites become prime targets for fraudsters as well. Afterall, fraudsters follow consumer trends with eagle eyes and act quickly when certain types of merchandise (or currencies) rise in popularity. Our Q1 2021 Digital Trust & Safety Index bears this out as well: crypto exchanges across Sift’s network had the second highest attempted fraud rate of any vertical in 2020. 

The very nature of cryptocurrency—the ability to buy and sell it anonymously—is part of what makes it so attractive for fraudsters. By using either stolen credit cards or account credentials to trade anything from Bitcoin to non-fungible tokens (NFTs), cybercriminals can liquidate accounts and vanish into thin air. 

Businesses have successfully fought back against the wave of crypto-hungry scammers, however, by implementing fraud prevention solutions on both the back-end (with ML-based, fraud-prevention technology) and the front-end (with “Know Your Customer” technology). And just like a cat-and-mouse game, fraudsters appear to have found ways to get around these Know Your Customer (KYC) systems. 

KYC is largely defined as a process that businesses use to verify that a given customer is who they say they are. This includes verifying a customer’s ID but it also encompasses additional pieces of information that help determine customer legitimacy by ensuring the different pieces of information match up to the “true” user.

Our Trust and Safety Architect team has been following conversations taking place across the web, particularly on open forums on Reddit and Telegram, and found that frustrated consumers and fraudsters alike are using new tricks to bypass ID checks in order to gain access to crypto exchanges they normally would be barred from using. Many consumers are looking to beat KYC requirements for a wide array of reasons; some hold the belief that enforcing identification on these sites goes against the ethos of crypto trading; others are simply minors (not to be confused with crypto miners) who aren’t legally allowed to trade; still others want to avoid the tax obligations. 

And, of course, scammers in the ever-growing Fraud Economy trying to use stolen credentials or payment information are working together to gain access to valuable and easily laundered cryptocurrency. Their techniques range from selling photos of Driver’s Licenses and selfies to using cell phones to record rotating synthetic faces in order to pass facial recognition checks. Below are some examples of the KYC workarounds that we’ve discovered being shared in various forums: 

Driver’s License + Selfie: Many crypto sites require users to upload official identification/driver’s license as one of the steps to gain access to their sites. When paired with a selfie of the person, this step in the signup flow is designed to automatically accept or deny access. We found several examples of forged ID cards and selfies being sold to would-be crypto traders.


Synthetic Biometrics: Similar to the above, some crypto exchanges require more than a selfie, but a live, moving face in order to gain access. Fraudsters have been peddling digital rendering of faces to crypto enthusiasts looking to beat automated verification tools.

VPN: As we found in a Reddit forum called “Guide to crypto for USA under 18,” minors and fraudsters alike have been able to gain access to crypto exchanges through a relatively simple process that hinges upon using virtual private networks. By changing their IP addresses to ones originating in countries with fewer crypto-specific regulations, they may be able to bypass any KYC systems altogether. 

Fraud-as-a-Service: We’ve tracked fraudsters advertising their services to the “fraud-curious” across Telegram as a way to steal from businesses. Likewise, we now regularly see professional scammers offering their services as stand-ins who will agree to complete KYC on behalf of someone else, either using their own IDs and faces or those of a third party looking to make a quick buck.

While those eager to avoid ID checks have found workarounds to certain KYC implementations on crypto sites, these verification tools serve an important purpose: ensuring legitimate and of-age consumers can access the sites that they want to visit and do business on. As importantly, crypto exchanges leverage these tools to stay in compliance with government regulations.

While KYC technology can be effective, businesses should use it as part of a layered approach to prevent nefarious activity—particularly fraud. When combined with an ML-powered Digital Trust & Safety strategy, fintech businesses, and crypto exchanges, in particular, can stop bad actors both on the front end and with every transaction, all without disrupting the experience for legitimate transactions.

Related

AMLcryptocryptocurrencyDigital Trust & Safetyfraud detectionidentity verificationKnow Your ClientKnow Your CustomerKYC

Brittany Allen

Brittany Allen is a Trust and Safety Architect at Sift. She has more than a decade of experience combating e-commerce marketplace fraud at companies such as Etsy, Airbnb, 1stdibs, and letgo. Her current role focuses on trust and safety education, developing industry best practices and strategies, and representing the merchant's voice at Sift.

  • < prev
  • Blog Home
  • next >
Company
  • About Us
  • Careers
  • Contact Us
  • News & Press
  • Partner with us
  • Blog
Support
  • Help Center
  • Contact Support
  • System Status
  • Trust & Safety University
  • Fraud Management
Developers
  • Overview
  • APIs
  • Client Libraries
  • Integration Guides
  • Tutorials
  • Engineering Blog
Social

Don't miss a thing

Our newsletter delivers industry trends, insights, and more.

You're on the list.

You can unsubscribe at any time. Please see our Website Privacy Notice.

If you are using a screen reader and are having problems using this website, please email support@sift.com for assistance.

© 2022 Sift All Rights Reserved Privacy & Terms

Your information will be used to contact you about our service and subscribe you to our direct marketing communications. You can, of course, unsubscribe at any time. Please see our Website Privacy Notice.