Four recent stories about digital payment crime highlight the changing profile of financial crime from payment cards to cryptocurrencies.
The first relates to ‘traditional’ card crime and how the dark web is being used to sell card details. The second looks at how an instant payment scheme, in this case Brazil’s, has led to a rapid increase in kidnapping. The third story is about losses experienced by a crypto exchange. The final piece, perhaps, throws light on one of the reasons why it is happening, the pace and breadth technology change is so rapid it is creating loopholes and uncovered risks.
Bitmart, a crypto exchange is estimated to have had $100 million stolen due to two of its ‘hot wallets’ have been compromised by the theft of a private key. Bitmart’s chief executive says the company will cover the loss and compensate users.
A bill has been put forward in the São Paulo Legislative Assembly to suspend Brazil’s instant payments system Pix in the state until the Brazilian Central Bank introduces mechanisms to ensure consumer safety.
This proposal is a reaction to the increase in so-called lightning kidnappings, where consumers are forced to make instant transfers to criminals while being held ransom. The bill’s proposer argues the central bank did not anticipate how the ease and convenience offered by Pix would be used by criminals, not helped by the leak of 395,000 Pix keys in October 2021. A Pix key is a ‘nickname’ associated with a user’s full account details, for example a mobile phone number, email address, QR code, a random password etc.
Pix, introduced in November 2020, has 104 million registered users and processed over 1.6 billion transactions since its launch, 75% of those person-to-person.
The dark web remains a favourite place to buy and sell illicit goods, including payment cards. NordVPN reports that some four million from 140 countries are sold there. By number of cards the countries with the most cards sold are the US, Australia and UK. On a per capita basis Hong Kong, Australia and the UK are worst. Prices per card ranged from $20 (Hong Kong and the Philippines) to $1 (Mexicans, Americans and Australians) with the average price being $9.70.
The speed of adoption of digital payments is reported to be moving faster than the ability of banks in the Asia Pacific region to protect themselves properly against cyber threats. Banks have been moving over to the cloud and Fintech players are challenging traditional financial institutions. IT infrastructure is having to be upgraded and renewed as a result.
A 2021 Checkpoint report found 75% of firms had serious concerns about their public cloud infrastructure.
Analysis by the Financial Services Information and Analysis Center (FS-Isac) identified strengthening regulatory oversight of cyber risk management, organisational responses to threats and an acute cybersecurity talent shortage as major challenges. The shift to digital increases the risk of ransomware and supply chain attacks, as well as a resurgence of banking trojans and distributed denial of service (DDoS) threats.
FS-Isac says financial firms must re-work their cybersecurity policies and procedures, so they are suitable for today’s hyperconnected cyber threats. Intelligence sharing will be key to help understand new and emerging tools, techniques, and procedures used by cyber criminals and how to defend against them.
A CoinDesk columnist, J P Koning, has bravely made five predictions about the future of money.
1. Decentralized finance won’t eclipse centralized finance. Eventually, they’ll just blur together.
As the CEPR has argued, there much talked ability of Decentralised Finance (DeFi) products to carry out automated programmable activities are already possible with today’s payment systems. No doubt DeFi will accelerated their development. Equally DeFi products will also emulate what regular finance does today, albeit this will require them to work within the regulatory framework in order to get acceptance and, therefore, scale, ie. they will choose to comply voluntarily. In time users won’t care, or even be aware, of whether their financial activity is on a DeFi or traditional banking platform.
2. El Salvador won’t be known as a watershed moment. It’ll be known as a reality check.
Volatility is an anathema to most people. Cryptocurrencies are inherently volatile and so, if there is an alternative that is not volatile, people will choose that.
3. Cash will fade away. So will CBDCs.
This is an interesting take from the author. He argues that central bankers are jealous of the huge interest and energy devoted to cryptocurrencies and stablecoins. CBDCs are their reaction to this to ensure they are part of the story.
He argues that citizens will turn out to be disinterested in CBDCs since their existing digital solutions actually do what they need. On the other hand, he argues that cash will continue to decline, ‘If millennials don’t know how to write a check in 2011, Generation X won’t know how to use cash in 2031.’ He suggests that since all financial tools rely on the central bank settlement system, central banks should not worry about this change.
4. If governments don’t force KYC across the entire internet, MasterCard and Visa will.
Processing payments for illegal online goods constitutes money laundering. Visa and Mastercard have to ensure their networks are legal to avoid potential conviction. The author points out that in October 2021 Mastercard introduced a requirement for internet sites that host user-generated pornography to adopt identity verification rules and vet all content for illegal material. If they don’t, they are dropped from the Mastercard network. Since losing card access means commercial death, most sites have fallen into line.
He believes that in future this will be extended to sites using user-generated content, YouTube, Rumble, Twitter, Facebook etc.
5. Along comes a universal stablecoin standard.
Theoretically Stablecoins are not volatile in the same way as cryptocurrencies. Clearly the author sees them as having a future. He argues that because people find having too many different stablecoins to choose from, stablecoin issuers will have to build an interoperable standard so that coins are interchangeable on a 1:1 basis.
He thinks the stablecoin industry will go through a series of rounds of failure, growth and merger leaving fewer, bigger coins, which will make the creation of an interoperable standard easier. At the end of all this, stablecoins will no longer be seen as speculative but be in a position to challenge the dominance of card networks for online commerce.
That assumes, of course, that Account-to-Account payments haven’t already swept all before them!