• Products

    Digital Trust & Safety Platform

    Fight fraud without sacrificing growth

    Learn more

    Platform solutions

    • Payment Protection
    • Account Defense
    • Dispute Management
    • Content Integrity
    • Sift Connect
    • Passwordless Authentication

    Sift innovations

    • PSD2 Solution
    • New Releases & Enhancements
  • Industries

    One solution, any industry

    Learn how Sift can work for your industry

    Learn more

    Featured Industries

    • Fintech
    • Payment Service Providers
    • Retail
  • Customers

    Case studies by industry

    See how leading brands succeed with Sift

    Learn more

    Featured Customers

    • DoorDash
    • Uphold
    • Paula’s Choice
  • Partners
  • Fraud Center
  • Resources

    Fraud-fighting resources

    Explore fraud trends and insights

    Learn more

    • Blog
    • Demos
    • Infographics
    • Ebooks & Reports
    • Videos
    • Podcasts
    • One-Pagers
    • Webinars
    • Trust & Safety University
  • Company

    Why leaders choose Sift

    Technology, community, and partnership

    Learn more

    Our mission: Help everyone trust the internet

    • About
    • Careers
    • News & Press
Request a demo
Products
  • Digital Trust & Safety Platform
  • Payment Protection
  • Account Defense
  • Dispute Management
  • Content Integrity
  • Sift Connect
  • Passwordless Authentication
  • PSD2 Solution
  • New Releases & Enchancements
Industries
  • Fintech
  • Retail
  • Payment Service Providers
Customers
Partners
Fraud Center
Resources
  • Blog
  • Ebooks & Reports
  • One-Pagers
  • Demos
  • Videos
  • Webinars
  • Infographics
  • Podcasts
  • Trust and Safety University
Company
  • Search Careers
  • Our Company
  • Contact Us
  • Engineering Blog
Request a Demo Sign In
  • Blog Home
  • Account Fraud
  • Digital Trust & Safety
< prev / next >
Share this article on LinkedIn
Tweet this article
Share this article on Facebook
SOCIALICON
Share this article via email

How Consumers—and Fraudsters—are Circumventing ID Verification on Crypto Sites

By Brittany Allen  / 

7 Jul 2021

As cryptocurrency trading gains momentum and becomes a mainstream investment strategy, we are naturally seeing many crypto trading sites become prime targets for fraudsters as well. Afterall, fraudsters follow consumer trends with eagle eyes and act quickly when certain types of merchandise (or currencies) rise in popularity. Our Q1 2021 Digital Trust & Safety Index bears this out as well: crypto exchanges across Sift’s network had the second highest attempted fraud rate of any vertical in 2020. 

The very nature of cryptocurrency—the ability to buy and sell it anonymously—is part of what makes it so attractive for fraudsters. By using either stolen credit cards or account credentials to trade anything from Bitcoin to non-fungible tokens (NFTs), cybercriminals can liquidate accounts and vanish into thin air. 

Businesses have successfully fought back against the wave of crypto-hungry scammers, however, by implementing fraud prevention solutions on both the back-end (with ML-based, fraud-prevention technology) and the front-end (with “Know Your Customer” technology). And just like a cat-and-mouse game, fraudsters appear to have found ways to get around these Know Your Customer (KYC) systems. 

KYC is largely defined as a process that businesses use to verify that a given customer is who they say they are. This includes verifying a customer’s ID but it also encompasses additional pieces of information that help determine customer legitimacy by ensuring the different pieces of information match up to the “true” user.

Our Trust and Safety Architect team has been following conversations taking place across the web, particularly on open forums on Reddit and Telegram, and found that frustrated consumers and fraudsters alike are using new tricks to bypass ID checks in order to gain access to crypto exchanges they normally would be barred from using. Many consumers are looking to beat KYC requirements for a wide array of reasons; some hold the belief that enforcing identification on these sites goes against the ethos of crypto trading; others are simply minors (not to be confused with crypto miners) who aren’t legally allowed to trade; still others want to avoid the tax obligations. 

And, of course, scammers in the ever-growing Fraud Economy trying to use stolen credentials or payment information are working together to gain access to valuable and easily laundered cryptocurrency. Their techniques range from selling photos of Driver’s Licenses and selfies to using cell phones to record rotating synthetic faces in order to pass facial recognition checks. Below are some examples of the KYC workarounds that we’ve discovered being shared in various forums: 

Driver’s License + Selfie: Many crypto sites require users to upload official identification/driver’s license as one of the steps to gain access to their sites. When paired with a selfie of the person, this step in the signup flow is designed to automatically accept or deny access. We found several examples of forged ID cards and selfies being sold to would-be crypto traders.


Synthetic Biometrics: Similar to the above, some crypto exchanges require more than a selfie, but a live, moving face in order to gain access. Fraudsters have been peddling digital rendering of faces to crypto enthusiasts looking to beat automated verification tools.

VPN: As we found in a Reddit forum called “Guide to crypto for USA under 18,” minors and fraudsters alike have been able to gain access to crypto exchanges through a relatively simple process that hinges upon using virtual private networks. By changing their IP addresses to ones originating in countries with fewer crypto-specific regulations, they may be able to bypass any KYC systems altogether. 

Fraud-as-a-Service: We’ve tracked fraudsters advertising their services to the “fraud-curious” across Telegram as a way to steal from businesses. Likewise, we now regularly see professional scammers offering their services as stand-ins who will agree to complete KYC on behalf of someone else, either using their own IDs and faces or those of a third party looking to make a quick buck.

While those eager to avoid ID checks have found workarounds to certain KYC implementations on crypto sites, these verification tools serve an important purpose: ensuring legitimate and of-age consumers can access the sites that they want to visit and do business on. As importantly, crypto exchanges leverage these tools to stay in compliance with government regulations.

While KYC technology can be effective, businesses should use it as part of a layered approach to prevent nefarious activity—particularly fraud. When combined with an ML-powered Digital Trust & Safety strategy, fintech businesses, and crypto exchanges, in particular, can stop bad actors both on the front end and with every transaction, all without disrupting the experience for legitimate transactions.

Related

AMLcryptocryptocurrencyDigital Trust & Safetyfraud detectionidentity verificationKnow Your ClientKnow Your CustomerKYC

Brittany Allen

Brittany Allen is a Trust and Safety Architect at Sift. She has more than a decade of experience combating e-commerce marketplace fraud at companies such as Etsy, Airbnb, 1stdibs, and letgo. Her current role focuses on trust and safety education, developing industry best practices and strategies, and representing the merchant's voice at Sift.

  • < prev
  • Blog Home
  • next >
  • Company
  • About Us
  • Careers
  • News & Press
  • Partner With Us
  • Blog
  • Support
  • Help Center
  • Contact Support
  • System Status
  • Trust & Safety University
  • Fraud Management
  • Developers
  • Overview
  • APIs
  • Client Libraries
  • Integration Guides
  • Tutorials
  • Engineering Blog
  • Social

Don’t miss a thing

Get industry trends, insights, and actionable fraud-fighting tips.

You're on the list.

You can unsubscribe at any time. Please see our Website Privacy Notice.
Do Not Sell My Personal Information

If you are using a screen reader and are having problems using this website, please email support@sift.com for assistance.

© 2022 Sift Science, Inc. All rights reserved. Sift and the Sift logo are trademarks or registered trademarks of Sift Science, Inc.
Privacy & Terms

Secure your business from login to chargeback

Stop fraud, break down data silos, and lower friction with Sift.

  • Achieve up to 285% ROI
  • Increase user acceptance rates up to 99%
  • Drop time spent on manual review up to 80%
Your information will be used to contact you about our service and subscribe you to our direct marketing communications. You can, of course, unsubscribe at any time. Please see our Website Privacy Notice.