Consumers want to make payments with Bitcoin. Bitpay recorded over 46 million users who stated they would use crypto tokens to make a purchase in 2021. About 50% of Gen Z surveyed said they would prefer half of their salary via crypto. Even major payment service institutions such as Visa, Mastercard, Square, and Paypal all have cryptocurrency integrations.
Digital tokens continue to increase in popularity, so it is beneficial for merchants to accept payments via cryptocurrency. But as consumer demand increases, so does fraudulent activity. Bad actors are keen to take advantage of weak points in new financial systems, and fraudulent crypto transfers have increased. The Federal Trade Commission quoted $200.8 million in fraud losses in the third quarter of 2021 alone.
If you are interested in accepting cryptocurrencies at your ecommerce business but are unsure about the risks, read on to learn about different types of cryptocurrency fraud and how to protect against such illegal activity.
In this article:
- What Is a Cryptocurrency Exchange?
- What Are the Risks Involved With a Cryptocurrency Exchange?
- Common Types of Cryptocurrency Fraud
- How to Protect Your Business From Cryptocurrency Fraud
What Is a Cryptocurrency Exchange?
A cryptocurrency exchange is an online platform where users can buy and sell cryptocurrencies. An exchange is different from the payment service provider (Paypal, Coin Payments) that sets up the infrastructure your business needs to accept customer cryptocurrency transactions. Instead, a cryptocurrency exchange is the actual online marketplace where you trade for other digital tokens and convert crypto into fiat currencies.
Like any market, you need a wallet to buy and sell. All vendors need to own a digital hot wallet that stores, sends, and receives tokens through the cryptocurrency exchange. Many popular cryptocurrency exchanges such as Coinbase, Gemini, and Binance offer a free wallet with their services.
The entire exchange process from a customer transaction with a digital token into fiat money occurs between your service provider, the crypto market, and your hot wallet. And it is between these transaction stages where most bad actors attempt their scams.
What Are the Risks Involved With a Cryptocurrency Exchange?
The very nature of cryptocurrencies offers plenty of benefits: privacy, security, lower fees, and a decentralized community. But there are a few drawbacks as well that can put your business at risk:
- Digital: Transfers made with crypto are fast, especially for cross-border exchanges, but it also means that hackers can attempt to exploit your digital wallet.
- Community Operated: All crypto users help confirm if a transaction is legitimate. While that helps spread the labor among several users for enhanced security, it also means that there is no central authority that can refute or fight fraudulent actions.
- Irreversible: Once a payment initiates and the community confirms its authenticity, you cannot erase that public ledger. Such irreversibility means that you have little recourse if you are the victim of theft or fraud.
- End-points: The technology of the exchange offers good security, but end-points such as ATMs or online wallet storages have undeveloped compliance policies at this time.
- Volatile: There is no underlying asset for a digital token. You can think of it like a piece of digital gold. Without a value store, the price of bitcoin can fluctuate wildly, making payment acceptance a complex and risky endeavor.
Common Types of Cryptocurrency Fraud?
Bad actors use several techniques to access your identity and commit illegal activity through a cryptocurrency exchange. Let’s look at a few common fraud types:
Chargeback fraud is similar to the ploy used with fiat money.
- First, the hacker will obtain a victim’s personal identity information.
- Second, they create a hot wallet on a cryptocurrency exchange and fill it with fiat funds from the stolen credit card.
- Third, they will buy crypto and have it placed into a secondary wallet only they control, or they will make payments from your business.
Once the cardholder recognizes they have become a scam victim, they will ask for a chargeback of all illegal crypto payments made by the bad actor, leaving you to take the loss.
Since all cryptocurrency trades occur in digital markets, it is open to potential hacking. Most fraudulent hacking activity involves obtaining your authentication credentials or exploiting weak points at physical crypto ATMs.
Some hackers use cold emails as phishing scams to access your data. Others attempt to use default machines codes at ATMs (all cryptocurrency ATMs use QR codes as a physical representation of your digital money) to steal your hard-earned money right when you convert it into fiat cash. Some brave hackers will even attack less secure and unknown cryptocurrency exchanges, as they did with the $600 million theft from the Poly Network.
Stolen Cold Wallets
Another common fraud method is to steal cryptocurrencies with a direct assault on your digital wallet. The crypto community can verify and ensure each transaction on the exchange is safe, but your wallet is your responsibility. Even if you host your fund with a third-party service, any coins online are open to attack, and you must foot any losses.
Hot and cold wallets (cold wallets are a piece of hardware like a USB that can hold your digital money offline) became a new product market as crypto enthusiasts wanted access to exchanges. High demand led to a wide range of low-quality offerings with limited security.
For example, the Roll crypto platform lost $5.7 million of its supply after hackers initiated a hot wallet breach.
False Apps or Websites
With social engineering scams, bad actors create web pages that look and perform like authentic websites. Often, the false design will use familiar logos and site setups that mimic official government pages to convince people of their legitimacy.
Once a connection with a victim is established, the hackers request or blackmail the user to pass over personal information or data about their cryptocurrency accounts.
Over the first six months of 2021, the FBI reported over $133 million in cryptocurrency losses due to romance scams, where hackers poised as potential dating suitors and demanded payments in bitcoin. Your business could receive plenty of fake site requests once you accept crypto payments, and there are even false crypto exchange sites that could take your tokens.
Cryptocurrency exchanges have given open access to new coins, tokens, and Decentralized Autonomous Organizations (DAO’s). Anyone can build or create additions to the initial cryptocurrency technology, and that has led to all sorts of direct tokens schemes.
A common scam is a Pump and Dump, where fraudsters create a coin and “pump” its value online. Once enough people have traded or invested, the original owners take all the money and convert it to USD—they “dump” it without any notice to investors. As a result, the coin loses its value, scamming each investor out of their capital.
Another payment scam is called a Rug Pull, where DAO’s (communities of crypto engineers) build a new protocol that offers lower fees or better financial opportunities for those who help build or invest in the underlying structure. If the treasury for the organization builds up high enough, the DAO “pulls the rug” and closes down the project, taking with it the money from any investors.
$SQUID coin left off with over $3 million in assets from its pump and dump scheme, and Coindesk reported over $2.8 billion lost in Rug Pulls in 2021.
How to Protect Your Business From Cryptocurrency Fraud
While crypto fraud is prevalent, most cryptocurrency payments are safe and secure, if not safer than fiat transactions. As more major payments players enter the cryptomarkets and as governments include more compliance requirements, fraud instances will decrease. But there are some steps you can take to protect your business if you start to accept crypto payments.
The more advanced your security and authentication services are, the safer your crypto transactions will be. Follow all standard Know Your Customer (KYC) and Anti-money Laundering (AML) practices and include multi-factor authentication. Crypto payments can benefit from even more safety measures, and there are services you can download that record IP addresses, QR codes, and phone numbers for better identification.
Use Cold Wallets
Avoid storing all of your fiat or digital tokens in a hot wallet. Instead, transfer a majority of your value share into an offline cold wallet. If you own the authentication keys, you own all the digital money held in that cold wallet. Keep only the minimum required amount of liquidity online or with your payment service provider.
Use Trusted Brokers
Do your research and use third-party services vetted by the larger crypto community. Popular cryptocurrency exchanges have a good history of customer service and security. Major payment service providers also have insurances for your fiat money, and even sometimes for your crypto accounts. Third-party services may involve more fees, but you earn peace of mind.
Mitigating the Risks of Cryptocurrency Fraud
Cryptocurrency payments are here to stay. It is a good idea for merchants to set up a digital wallet, log in to an exchange, and create payment acceptance gateways with a service provider for stable digital tokens.
But, crypto markets are volatile and attract bad actors, so it is in your best interest to defend against the several fraud types common to digital tokens.
If you take steps to protect your digital wallets, use trusted exchanges, and follow standard ID procedures, you can help mitigate fraud losses or illegal activity with your crypto payments.