Sri Lanka’s blockchain KYC platform to initiate Shortly Central Bank

Sri Lanka’s blockchain KYC platform to initiate ‘Shortly’: Central Bank

According to Daily Mirror Online, the Monetary Board has now finalized three software development firms to give the task of designing a proof-of-concept (PoC) know-your-customer (KYC) platform.

The Central Bank Director of Payments said that the final decision about the starting of development will be taken shortly. The KYC platform is planned to enable the banking sector and the government to share and update customer data on a blockchain. 

Kumaratunge stated that different banks have consented to join the project.

The open call was on a voluntary basis; 36 national and international candidates applied for the project last November. One of the three finalists in an international technology firm.

The system is expected to be developed in six to nine months. The project is expected to enable banks to onboard customers without delays for manual verification, as well as save costs linked with traditional methods of document verification.

Sri Lanka has been taking a number of steps to improve its financial sector to meet international standards. In 2019, the nation was removed from the FATF’s anti-money laundering/counter the financing of terrorism (AML/CFT) “strategic deficiencies” blacklist, to which it had been added in 2017.

UK court orders crypto exchange to shut down after clients lose $2M

UK court orders crypto exchange to shut down after clients lose $2M

In a recent statement, the U.K. government stated that 108 of their clients had lost a total of about £1.5 million ($1.9 million) through GPay.

Although clients had the option to deposit without completing know-your-customer (KYC) processes, GPay asked for various ID documents to stop clients from withdrawing funds. GPay also sold insurance to customers in order to protect them from trading losses, but the exchange did not always payout. GPay did not contest the dissolution order. 

A member of the U.K. Insolvency Service stated that GPay persuaded clients to part with large amounts of money to invest in cryptocurrency trading. This was a scam since GPay deceived its clients to use their digital platform under false pretenses. In 2018, the U.K.’s financial watchdog warned that GPay was offering financial services without its permission. 

GPay had first faced its first dissolution order in November 2018, but this was discontinued in January 2019. GPay extensively promoted itself on social media and falsely claimed to be supported by Martin Lewis, the founder of a popular finance website in the United Kingdom.

Lewis stated on the news: “I don’t know whether to dance a jig that these despicable scum have been shut down or cry that they managed to take so many people’s money.”

Fraudulent crypto exchange shut down by UK High Court

Fraudulent crypto exchange shut down by UK High Court

The UK High Court has designated the Official Receiver as liquidator of GPay Ltd, the cryptocurrency trading platform.

As per an announcement by the UK Insolvency Service, the cryptocurrency exchange displayed signs of being “nothing but a scam”.

The firm, also previously known as XtraderFX and Cryptopoint, promoted its services on the internet and through various social media channels. The Insolvency Service states that the adverts falsely accused that the service was recommended by entrepreneurs who appeared in an unnamed UK TV show and a high-profile money saving website.

After complaints by the local authorities, the Insolvency Service begun with confidential inquiries into GPay’s activities. These released that at least 108 clients had lost around £1.5 million ($1.84 million) while trading on the platform.

The Court was also reported that clients were refused withdrawal requests if they had not actively transferred their deposited funds within GPay. On June 23, GPay’s case was concluded with a petition given by the Secretary of State for BEIS.

Recently, the United Kingdom Advertising Standards Authority and the Internet Advertising Bureau started a new system to identify and remove fraudulent ads online.

The Financial Conduct Authority claimed that crypto investors in the country lost about $34 million because of cryptocurrency and forex scams between 2018–2019.

Ransomware attacks increase as more people work from home

Ransomware attacks increase as more people work from home

According to a study published by the cybersecurity firm, Proofpoint, there has been an increase in the number of email-based phishing attacks used to deliver ransomware over the past few months.

As per the report, first-stage deployments of ransomware are reportedly increasing and have mostly targetted the United States, France, Germany, Greece, and Italy.

The attacks seem to be capitalizing on the large number of people now working from home during the Coronavirus pandemic. Research indicates that the ransom demands are very low in comparison to the amounts usually noticed in these attacks.

Previously, a ransomware application called “Mr. Robot” has successfully targeted numerous people and businesses across the United States. Findings imply that this has changed in previous months, however, with home users becoming the major victims of the attack. To display the software’s new utilization, ransom amounts have reduced to as low as $100 in Bitcoin (BTC).

Ransomware is known as Avaddon distributed over one million messages in a single week. It too is known to target U.S. companies and individuals.

The hackers behind Avaddon usually demand $800 ransom payments, that too, in digital currency. Surprisingly, this particular team provides a “24/7 support” service to its victims, offering them advice on how to pay the ransom and how cryptocurrencies work.

Recently, the Cybersecurity firm Symantec blocked a ransomware attack focused at 30 U.S.-based firms and Fortune 500 companies.


Ransomware gang failed to deploy an attack against 30 US firms

A ransomware attack was blocked by a group by the Cybersecurity firm Symantec known for demanding payment in Bitcoin (BTC) focused at 30 U.S.-based firms and Fortune 500 companies.

The cybersecurity firm states that the malware gang, Evil Group, that was behind the attacks, targeted the IT frameworks of the companies. Still, the firms were notified in time to block the deployment of the ransomware. The ransomware WastedLocker was selected to breach the security of the victims’ networks and unsuccessfully tried to lay the ground for conducting the attacks.

The Evil Group gang is reputed for requesting its victims to pay million-dollar ransom payments in digital currencies. It is reported that the group had been asking for a combined total of $10 from a number of U.S. companies that were recently attacked.

Symantec’s Targeted Attack Cloud Analytics team identified the WastedLocker attacks in the early stages via advanced machine learning to spot patterns of activity linked to recent targeted attacks. 31 companies were attacked in the attack, out of which one of the firms is a U.S.-based subsidiary of an overseas multinational.

The cybersecurity firm’s report stated that the manufacturing sector was most influenced, as the gang focused on five organizations relevant to that industry.

According to Symantec, if the attackers not been caught, “successful attacks could have led to millions in damages, downtime, and a possible domino effect on supply chains.”

Evil Group had stopped its operations until January 2020 because of the indictment of professed members, Igor Olegovich Turashev and Maksim Viktorovich Yakubets.

Italian banking

Italian banking association ready to accept digital euro

The Italian Banking Association (ABI) has disclosed that it is willing to support the introduction of digital currency from the European Central Bank.

An update on the ABI website claimed that the association had accepted directions to manage its stance on digital currency and central bank digital currencies (CBDCs). 

The ABI stated it was ready to “participate in projects and experiments regarding a digital currency from the European Central Bank […] to speed up the implementation of a European-level initiative.”

The digital currency has to be fully trusted by citizens. To this end, it is crucial that the highest standards of regulatory compliance, security, and supervision are adhered to, the group stated. The ABI mentioned monetary stability and following regulations related to a digital euro as two of its top priorities.

The association said that the introduction of a European CBDC may lead to a greater number of cross-border P2P transactions, reduce the clash of the interest and exchange rates, and overall just lessen the bureaucratic process for payments. 

ABI states that developing a digital currency in the European Union (EU) could replace the demand for cryptocurrencies. On May 20, France became the first country to successfully test a digital euro, functioning on a blockchain.

 The Dutch Central Bank is ready to play a leading role in CBDCs in the EU.

The ABI already uses distributed ledger technology (DLT) for its blockchain-powered inter-banking system. The project, called Spunta, is linked with Italy’s inclusion in a group of six other European nations—Malta, France, Cyprus, Portugal, Spain, and Greece—who consented to promote the use of DLT in the EU.

gambling dapps

Japanese financial watchdog frowns on gambling dapps

Regulators in Japan may be more likely to accept new digital currencies for trading if they have greater financial transparency and aren’t taking part in gambling Dapps.

As per a report, the country’s financial regulator, Financial Services Agency (FSA), has instructed that crypto firms will only be approved if they do not support decentralized applications (Dapps) with gambling or other such features.

Quantum (QTUM), the cryptocurrency recently added on Coincheck as a result of meeting the necessary requirements by the country’s regulatory group, is now named as the Japan Crypto Asset Exchange Agency (JVCEA). QTUM was reported to be transparent in its answers to the JVCEA, owned enough liquidity to be present on major exchanges, and was not included in “gambling or casino Dapps”.

Cryptocurrencies such as Huobi Token (HT), and Brave’s Basic Attention Token (BAT) listed on Huobi Japan and GMO Coin respectively, and were still among the projects whitelisted by regulators that had “proved their financial stability and complied with the national standards”. The digital currencies BAT, HT, and QTUM had successfully achieved financial transparency, compliance with regulatory requests, and technical stability.

A representative from Qtum said in an interview that its approval from the FSA might have been because of proving that it has authentic technology in its three-year history and having decentralized and transparent networks. 

Qtum representative claimed that the Japanese listing regulations are some of the most scrupulous guidelines in the world. These new listings depict that Japanese regulators are open-minded about digital currency but also quite strict with the rules to protect investors.

Online Fraud

Online fraudsters steal £17m over COVID-19 lockdown

About £17 million have been lost due to online fraud over the Coronavirus lockdown period with young shoppers being the most affected, as per Action Fraud.

According to the United Kingdom’s National Fraud and Cybercrime Reporting Center, online scams had trapped 16,352 victims with online shopping fraud since physical stores were closed on March 23.

That amounts to approximately £16.6 million in losses, with the largest number of victims (24%) between the age bracket of 18 to 26 and living in cities such as London, Birmingham, Manchester, Leeds, Sheffield, Liverpool, Bristol, and Nottingham.

In most of the cases, consumers bought items including cell phones (19%), vehicles (22%), electronics (10%) including gaming kit and laptops, and footwear (4%) but they never arrived. Fraudulent sellers were most likely to be found on eBay (18%), Facebook (18%), Gumtree (10%), and Depop (6%).

The Head of Action Fraud, Pauline Smith, informed that the increase in the number of younger consumers falling victim frequently existed long before Coronavirus.

She stated, “It’s important to shop on sites you know and trust. If you’re using a site you’ve not used before, do your research and check reviews before making a purchase.”

Online shoppers should always be aware of emails, texts, and social media posts that provide products for a considerably lesser price than normal  – this is a common practice used by scammers. It is advised to use a credit card to make online purchases as this will offer you greater protection if anything goes wrong.

New Bitcoin scam hits Canada

New Bitcoin scam hits Canada

According to a report, a supposed Bitcoin (BTC) scam is now targeting residents of Winnipeg, Canada. A local grocery store owner informed that a large number of customers were victims of scammers.

As reported by Global News, Husni Zeid pasted a large sign on the Bitcoin machine in his store, urging people to practice caution with respect to phone scams that ask for fake Bitcoin investments.

Zeid told the local media outlets:

“A lot of people are getting phone calls saying that they have to transfer the money to Bitcoin regarding CRA; we’ve had Manitoba Hydro as well.”

He emphasized that the scams have taken place multiple times a week and claimed that they continuously receive complaints from the victims.

Aura Morissette, an employee of the grocery store, spoke about a victim:

“Yesterday (a) mom was in here and she said she gave all her savings to them and she was just crying. It was heartbreaking that she fell for it; it was sad, and all she kept saying was ‘I have kids.’ (It) was awful.”

The employee also said that when people are buying bitcoin at their machine while on the phone, they often warn them that a scam may be happening.

Ransomware gang strikes three companies in the US and Canada

The well-known ransomware group REvil has initiated another series of attacks targeting three companies in the United States and Canada. They have already leaked data from two of the companies and threatened to reveal sensitive data from the third.

The companies include notable Canadian accounting firm, Goodman Mintz LLP, licensed real estate broker Strategic Sites LLC, and ZEGG Hotels & Store, a duty-free store.

The gang started the week off by revealing sensitive data from the Canadian accounting company, Goodman Mintz LLP. The leak consisted of company files, accounting and working documents of clients, databases, data for logging into client banks, and audit results of companies.

Some usernames and passwords belonging to clients are also visible on REvil’s blog, along with security questions from the leaked login details. There is no official confirmation from the company yet, but it seems that they have not paid the requested ransom. The group often asks for ransom payment to be made in Monero (XMR) or Bitcoin (BTC).

Documents belonging to the duty-free store, ZEGG, were also reported to be revealed, as per a message addressed to one of the store’s owners, Oliver. REvil warned about leaking data from the third company, Strategic Sites LLC, if they are unable to reach an agreement with the hackers.

Recently, a US-based independent advisory firm specializing in the consumer and retail sectors that were also attacked by the ransomware gang, Maze.

US Drug Agency Failed To Properly Oversee Crypto Investigations

US drug agency failed to properly oversee crypto investigations

It was published in the IG report, which is an audit of “income-generating, undercover operations” – featured the federal government’s key drug controller and frequent cryptocurrency cop as an agency whose efforts to prevent a supposed outburst in digital currency money laundering went ahead of its own ability to monitor itself.

Issues permeated across the DEA’s “Attorney General Exempt Operations,” the IG wrote, but problems were present in its handling of crypto. The DEA’s management of digital currency was inadequate due to improper management from the headquarters, lack of policies, insufficient internal control procedures, poor supervision, and lack of training for digital currency activities.

Some of those problems exhibited in the comparative uniqueness of crypto laundering, which carries with it “unknown fees and spontaneous currency fluctuations” – complex factors beyond the scope of traditional schemes.

But the DEA failed to adapt itself to these new challenges. As per the report, its record-keeping was so inadequate that investigators struggled to match up the transaction data with activities. Even its own agents’ wrong actions did not provoke the DEA into action. 

Former DEA agent Carl Mark, Force IV stole $700,000 in bitcoin during the investigation and takedown of the Silk Road dark market. Even after two years, the agency still did not have proper crypto controls.

UK watchdogs launch ad scam alert system-to-control-online-fraud

UK watchdogs launch ad-scam alert system to control online fraud

The United Kingdom Advertising Standards Authority (ASA) and the Internet Advertising Office (IAB) initiated a new system on the 16th of June to find and eliminate online fraud adverts.

As per Telegraph, the system will let people report fraudulent ads, especially those that appear in paid-for spaces.

According to the authorities, one of the major motives behind the alert system is ongoing concerns about the increase in ad scams that are mostly linked to crypto-related fraud, said both authorities. The ASA quoted figures published by the UK’s Financial Conduct Authority (FCA), where it was disclosed that in 2018, victims of digital currency and other investment-related frauds such as Forex lost about £197 million ($255 ​​million) in total.

Guy Parker, Executive Director of the ASA, stated:

“The vast majority of ads responsibly inform and entertain their audience, but a small minority are published with criminal intent. Our scam ad alert system will play an important role in helping to detect and stop these scams.”

It is reported that both the internet watchdogs will be supported by digital advertising platforms and tech giants like Google and Facebook. Jon Mew, IAB’s CEO, clarified that though the system is not going to completely eliminate scam advertising on the internet, it will assist in having better regulation on the issue:

UK watchdogs, like the FCA, have been regularly announcing measures to supervise the country’s crypto environment. It was reported in January that the FCA will be analyzing the anti-money laundering (AML) and counter-terrorist financing (CTF) for firms carrying out cryptocurrency-related activities.

Crypto exchange owner admits laundering $1.8M in online auctions fraud

Vlad-Calin Nistor and 14 other accused, including the owner of a car wash, have all entered guilty appeals at the Eastern District Court of Kentucky for their participation in a cyber fraud plot that swindled millions of dollars from U.S. residents by trading goods that did not even exist.

Starting in 2013, the alleged started sharing false advertisements on sites like eBay and Craigslist for items such as cars. Often involving the use of stolen identities, the group pretended to be U.S. military personnel who had to sell their belongings before starting a tour of duty. Even a fake call center was set up to answer any concerns victims had regarding the advertisements.

After the payment was sent by the victim, the group would start laundering the money out of the U.S. and back to Romania. Mostly, this was done by converting unlawful funds into crypto, usually bitcoin, and sending it to Nistor and his crypto platform CoinFlux, where it would then be turned into the local currency.

According to the U.S. Department of Justice (DOJ), the ringleader was Bogdan-Stefan Popescu, the owner of a car wash in Bucharest, Romania. He gave instructions for Nistor and Coinflux to transfer the illegal funds out of bitcoin and into selected bank accounts, which were usually set up under the names of his employees and family members.

Michael D’Ambrosio, assistant director at the U.S. Secret Service’s Office of Investigations claimed, “Through the use of digital currencies and trans-border organizational strategies, this criminal syndicate believed they were beyond the reach of law enforcement.” 

Nistor was detained on an international warrant on allegations of money laundering, fraud, and involvement in organized crime, in December 2018. He, along with the other defendants, was quickly deported to the U.S. the following month. During the time of his arrest, Nistor’s lawyer insisted on Romania’s Court of Appeal that there was no way of knowing that the bitcoin in question came from criminal proceeds.

Under the United States law, those found responsible for racketeering can impose a fine of up to $25,000 and face up to 20 years in prison, as well as give up all their ill-gotten gains. A guilty plea can lower the penalty to 10 years. All 15 defendants now await sentencing.


Ransomware attack targets Victoria Beckham’s personal data

Maze, the Ransomware gang strikes again. It seems that the victim this time is a US-based independent advisory firm specialized in consumer and retail sectors. They have a big number of clients including businesswoman and former Spice Girl, Victoria Beckham.

Maze’s official web blog has enlisted Threadstone Advisors, LLC as one of their victims following an attack during the last 24 hours. Threadstone Advisors, LLC has worked with Victoria Beckham in order to establish an investment liaison with NEO investment partners. Charles S. Cohen, Pittsburgh Brewing Co., and Xcel Brands are few of the many.

According to the press, Maze has leaked information belonging to Joshua Goldberg who is Threadstone’s managing director. The group stated that proof of data being stolen is “coming soon,” as told in the announcement.

A threat of this magnitude is most likely to mean that the company has not paid the ransom that was demanded by the gang, however, there is also no information on how much money in cryptos was asked for.

Brett Callow, the thread analyst at malware lab Emsisoft, claimed:

“The fact that other ransomware groups have adopted Maze’s encrypt-and-exfiltrate double-whammy style of attack likely proves that the strategy works and, consequently, it will probably eventually be adopted by those groups which do not currently steal data. Of course, the strategy will be more effective in some cases than in others. Companies that hold highly sensitive information relating to their clients – such as an M&A advisory – may be more inclined to pay to prevent their data being posted online than other businesses.”

The cybersecurity expert alerts that the tactics employed by ransomware groups like Maze are becoming “ever more extreme”. He also states that hackers are weaponizing stolen data via threats against business partners, clients so that they can harm companies ’reputations.

As reported by Maze, ST Engineering Aerospace’s US subsidiary has also recently suffered a ransomware attack that was able to extract around 1.5TB of highly sensitive data from the firm and its partners.

The gang also asserted to have hacked Sparboe, US egg producers in a post on its website. The post includes sample data that the group claims was stolen from the company.

Digital Yaun

South Korean merchants open to accepting digital yuan

According to the South Korean media, the local merchants could accept the upcoming digital yuan as a payment method after the Coronavirus outbreak passes and Chinese tourist flow restores in the country.

According to a news agency, local merchants have been increasingly taking advantage of China’s upcoming digital currency, referring to some tourist shops in their examples.

As per reports, in Seoul’s Myeongdong district, some stores have been receiving payments using Alipay, thus developing interest in consumers from China.

Reports depict that the Coronavirus calamity has caused damages to about $2 billion in tourism income. Due in part to this fact, merchants have started considering the digital yuan as a payment method as soon as it launches.

However, the article warned about accepting digital yuan as a method of payment. They quote privacy issues and the oversight of “Big Brother”:

“If people from other countries make widespread use of the ‘digital yuan,’ centrally managed by the People’s Bank of China, it is likely that the user will be exposed to Chinese authorities.”

The author states that the Chinese digital currency has a “completely different philosophical and technological base from blockchain-based bitcoin (BTC) technology.”

In April, screenshots of a supposed pilot version of a wallet app for China’s upcoming digital yuan were circulating on social media. The application was being tested in four Chinese cities.

On May 6, the Former People’s Bank of China President, Li Lihui, stated that the launch of the digital yuan could indeed replace money if critical conditions are met.

Card Not Present Fraud

Card-Not-Present (CNP) Fraud – How to Prevent False Chargebacks?

The eCommerce industry continues to grow rapidly, so are fraudulent activities. According to Statista, eCommerce sales in 2019 were amounted to be $3.53 trillion and e-retail revenue is expected to grow to $6.54 trillion by 2022. The bad actors in the digital space are roaming to exploit vulnerabilities and target online users. There are a variety of malevolent activities that are becoming part of the streamlined eCommerce activities. Among those, Card-Not-Present (CNP) fraud and false chargebacks are on the top. In the U.S federal reserve report 2018, the amount of CNP fraud in 2016 was estimated to be $4.57 billion. This fraud projection rate is sky rising due to a lack of preventive measures that help combat an array of digital financial frauds. 

The digital transactions in the eCommerce are categorized as CNP. There are serious risks associated with the CNP fraud in which online merchants are liable for bearing the costs.

With the rapid invasion of individuals in the digital world, eCommerce sales and eventually CNP frauds are rising. Online merchants are required to be vigilant when it comes to the adoption of appropriate security measures over the platform. The cost of false chargeback claims from the fraudulent entities is received from online merchants, even merchant would be liable for the additional assessments and fees associated with the chargebacks. In case of a high chargeback rate, the merchant could be at risk of its account terminated. A study predicts that digital CNP fraud can cost retailers $130 billion dollars by 2023.


Detection and Prevention of CNP Fraud

Risk mitigation measures need to be taken into consideration by detecting and preventing the CNP fraud. These measures can be ensured by first understanding the fraudulent tricks and attempts of bad actors. The fraud prevention system requires a dynamic approach to fight against CNP fraud and its evolving techniques. 

It is forecasted that by 2023 all the companies that support retail transactions will spend about $10 billion every year for the purpose of fraud detection and prevention. 

KYC Verification

Just the way financial institutes used to verify their customers to mitigate the risk of financial crimes, the eCommerce industry can adopt the Know Your Customer (KYC) requirements to assess the risks. When it comes to open an online account, it is crucially important to perform the identity verification process on each onboarding customer. Identity checks can help determine if customers are legitimate or not. The process of KYC verification is secure and aligns well according to the demands of customer experience. 

KYC verification ensures that no fraudulent entity is allowed to take part in the financial system. The AI-powered identity verification solutions help verify customers digitally in mere seconds. Through innovative solutions and advanced AI-based algorithms, individuals can be verified and false chargebacks can be mitigated in the eCommerce industry. The following are some methods through which online identity verification can be ensured in a streamlined manner:

  • Document Verification of online customers against official ID documents such as ID card, passport, or driving license can be done. AI-powered Optical Character Recognition (OCR) technology can help extract the information from the document in real-time which can be verified. 
  • A biometric facial recognition system can help identify and verify the facial biometrics of the legitimate users against the ones uploaded at the time of account registration. Also, the face on the ID document can be matched against the one which is captured in real-time. 
  • Address Verification System (AVS) verifies the user-entered address against the one present on the ID document. The customer will be verified if both addresses match. 
  • Verification of customers at the time of account registration through video-KYC. The KYC expert connects the customers and verifies their identity through a video call in which other than ID document verification checks, experts take into account behavioral verification through a customer’s body language. Other than this, the liveness detection checks in video-KYC ensure the physical presence of customers through their minor facial movements. 
  • Anti-money laundering (AML) screening of customers against updated global watchlists, sanction lists, and PEP records can help the eCommerce industry mitigate financial crimes such as money laundering by the high-risk profiles.

Implementation of these measures can help online merchants prevent CNP fraud and false chargebacks. These practices can help organizations protect themselves from high-risk profiles that can become the reason for high-scale financial crimes that ultimately ends up giving harsh fines.

More posts