by Avivah Litan | October 1, 2018 | Comments Off on Illicit Crypto Activity points to need for Fraud Detection
Saturday’s front page Wall Street Journal article (see How Dirty Money Disappears into the Black Hole of Cryptocurrency ) indirectly points to the emerging need for fraud detection for cryptocurrency and other blockchain transactions.
Despite the hype, and for the time being, criminal use of startup cryptocurrency exchanges for money laundering appears to be relatively small when compared to larger volumes of money laundering that already transpires across banks . According to the U.N. Office of Drugs and Crime (see https://www.unodc.org/unodc/en/money-laundering/ the estimated amount of money laundered globally in one year is 2 – 5% of global GDP, or $800 billion – $2 trillion in current US dollars.
At the same time, the percentage of transactions at startup cryptocurrency exchange ShapeShift AG (investigated by the WSJ article) that represented money laundering was just .2% of the exchange’s overall volume over the time period examined, according to the exchange’s CEO Erik Voorhees. (see Eric Voorhees Tweet) Still, as more assets move into cryptocurrency, so too will the relative volumes of suspect, criminal and fraudulent transactions.
The good news is that there are plenty of fraud detection services that can weed these transactions out in the future. Despite the continuing lack of clarity in regulations for cryptocurrency transactions, some exchanges are starting to successfully adopt these fraud detection services.
We pointed out the need for fraud detection and risk assurance services as one of the 8 scalability hurdles that must be overcome for blockchain platforms to reach their potential. See The Shortsightedness of Blockchain Disillusionment .
Here’s what we wrote in our scalability research:
- …. Independent technology companies are starting to emerge that will score the risk of each transaction. This type of risk assessment service is maturing more quickly in cryptocurrency payment applications, where exchanges like Coinbase and Binance or vendors like Chainalysis, Neutrino and DeepCyber are performing or offering fraud and money laundering scoring services either for themselves (i.e., in the case of exchanges) or for third parties, which for now are primarily banks (in the case of vendors).
- We expect more than 100 companies to offer fraud and money laundering scoring services on cryptocurrency transactions by 2021, as many of those serving fiat currency payment fraud transaction migrate their capabilities into the growing cryptocurrency space….
- As in the fraud and security analytics markets, the companies who produce these risk scores will not be legally liable for any losses if their detection scores, which are voluntarily used, are off the mark.
Nothing New Under the Sun
As was aptly stated in the Book of Ecclesiastes “The thing that hath been, it is that which shall be; and that which is done is that which shall be done: and there is no new thing under the sun.”
So is the case with criminal activities and fraud detection, whether it is used for dollar or cryptocurrency transactions. The most effective fraud detection uses a five layer architecture we defined back in 2011. (See The Five Layers of Fraud Prevention and Using Them to Beat Malware)
While much has changed in financial services since that architecture was articulated, including the advent of cryptocurrency, the fundamental methods used by the criminals have not.
Organizations simply need to invest in these fraud detection services if they are serious about fighting crime, whether or not they are being regulated. Unlike KYC processes used for anti-money laundering — which are a different matter and are dictated by regulators — fraud detection services need not need rob individuals of their anonymity. They are often based on non-PII data and instead use digital fingerprints and behavior analysis. Implementing fraud detection should not compromise anyone’s trust in exchanges, unless of course said individuals are intentionally ripping others off.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.