canadian

First Canadian bank introduces digital ID verification

Digital Identity is progressing in Canada, with a new bank account opening process backed by digital ID documents, biometrics, and a new digital identity mobile application for residents of the most crowded Canadian province, Ontario.

Biometric Update tweeted:

RBC is the first Canadian bank to offer digital identity authentication services to customers opening a personal account in a branch for secure identity verification, fraud prevention, and smooth customer onboarding experience by scanning IDs or passports.

Peter Tilton, SVP, Digital at RBC stated, “As we make our clients’ everyday banking experience easier, we continue to be guided by the imperatives of trust and security. Verifying and protecting our clients’ identities is among the most important things we do,” He added, “The world-class technology underpinning these features will better protect clients from fraud caused by identity and document forgery and give them an unparalleled account opening experience.”

The RBC Mobile Application uses Artificial Intelligence technology to inspect government-based identification documents such as ID cards, driver’s licenses and passports, and Near-Field Communications (NFC) for analyzing ePassport use.

After the identity document is scanned through the mobile application, the customer data is registered in their account profile on an advisor’s computer, but RBC reassures customers that the information is used and protected in line with its strategy to guard personal information.

“Until now, our architecture limited our ability to quickly deliver the solutions our clients and advisors want,” continued Tilton. “A single digital platform gives us immense flexibility to reuse core capabilities that extend across the bank and design solutions with our clients and advisors in mind from the start. This means clients will enjoy a more consistent experience with RBC across our delivery channels.”

In the future, RBC plans on introducing a mobile account opening feature with live biometric selfies to verify identity against the identification documents on file. Since the introduction of advanced technologies for customer onboarding, RBC says it has increased the efficiency of the process to up to 70 percent because customers no longer waste time with data entry and document verification.

“We’ve spent the last two months piloting this in nearly 50 branches and the reaction from clients and advisors has been outstanding,” said Sean Amato-Gauci, EVP, Cards, Payments & Banking at RBC, in a prepared statement. “We are adding to the existing suite of digital identity solutions developed by the banking industry by providing clients with another option for securely verifying their identity with us.”

The new features are supported on both iOS and Android devices. They allow clients to have more control over their personal information and prevent them from disclosing more personal information than required. This option is already available in 100 branches in Canadian provinces Ontario and Quebec, but it will expand to more branches, channels, and partners this year. The processes are in line with Canada’s Know Your Client (KYC), Anti-Money Laundering (AML) and privacy regulations.

banks

Banks take measures to serve customers amid COVID-19

The banking industry is stepping up to serve customers as well as their employees as the Coronavirus pandemic puts instance pressure on customers, as millions of Americans are restricted to remain in their homes, and businesses are facing huge losses. A number of banks have started doing their part in this time of need.

Mobile Payments mentioned this in a tweet on 18th March, 2020:

Berkshire Bank in Boston has increased the daily spending limits for customers and penalties for early withdrawal have also been waived from Certificates of Deposits. Bank officials reported that clients have been seeking extra flexibility and coming into the bank with concerns that they might have to spend a greater period of time at home.

Tami Gunsch, Senior Executive Vice President & Director of Relationship Banking stated, “We did experience an increase in customer traffic into our branch locations late last week to ensure they had money on hand in case they were not able to visit a bank for a few weeks due to impact related to the Coronavirus. He added, “This gave us an opportunity to connect with customers and provide information on the various ways they can conduct their everyday banking without reliance on a branch location and in a way that promotes social distancing.”

Similarly, BBVA USA is offering penalty-free withdrawals from Certificates of Deposits, reimbursing ATM fees, and deferrals, extensions, and waivers on loans and lines of credit to its clients. Javier Rodriguez Soler, BBVA USA President announced in a press release, “We understand that this pandemic has put many of our customers in a position of uncertainty, and we are working to take some of that burden off of them,” Furthermore, “We know that this is a fluid situation and we will closely monitor any developments that could continue to negatively impact customers across our entire footprint.”

Webster Bank in Connecticut has also started offering various improvements in services to help small businesses and consumers. John Cuilla, President and CEO of Webster Bank said, “We recognize the emergence of COVID-19 and the dramatic steps we must all take to curtail its spread, will create financial and other challenges for our customers and communities,” He added, “Consistent with our long history of supporting our customers in times of need, Webster is committed to providing the financial flexibility to the individuals, small businesses and corporations we serve.”
Webster is offering the following options to customers:

  • Increased spending limits on debit cards.
  • Penalty waivers for early CD withdrawals up to $25,000.
  • Increased remote deposit limits.
  • Payment deferral options on mortgages, home equity or personal and
  • small business loans, based on the requirement.
americans work from home

Americans ‘work from home’ strategy present new targets for hackers

Coronavirus outbreak has forced organizations to let their employees work from home during the outbreak. A new wave of cyberattacks targeting such employees is emerging, warns the experts.

After scammers, now hackers are exploiting the virus outbreak to prey on employees who are working from home. The evidence reports that working outside the office environment is not secure since it opens more doors to cyber vulnerabilities.

While giving a statement to ‘The Hill’ last Friday, the presidential cybersecurity commission server, Tom Kellermann said,

“There are nation-states that are actively taking advantage of the situation, particularly our Cold War adversaries, and we need to be keenly aware that they are aware of the lack of security that is presented by everyone telecommuting”

Reckoning the opinion of Kellermann, the department of Homeland security’s cyber agency – CISA – issued the statement on Friday highlighting the cyber threats associated with working from home as compared to the office. CISA pointed out the potential vulnerability around virtual private networks (VPNs).

Employees working from home are remotely accessing the organization’s file through VPN, which is paving roads for hackers to get into the network and exploit the files and data shared on the network.

In their statement, CISA wrote

“As organizations use VPNs for telework, more vulnerabilities are being found and targeted by malicious cyber actors. Update VPNs, network infrastructure devices, and devices being used to remote into work environments with the latest software patches and security configurations.”

Moreover, the agency highlighted that cybercriminals may increase phishing email attacks to steal employees’ credentials. Such emails may use corona fear to tempt users into opening emails and performing certain activities; downloading viruses.

Checkpoint stated that since January more than 4,000 coronavirus-themed websites domains have been introduced; some with the intention of running email campaigns to lure victims into clicking malicious links.

With the agencies indicating the vulnerabilities, Kellermann has recommended individuals to use separate and private networks to do their work and isolate the data to keep it secure from intruders.

Australia introduces new rules to tackle mobile identity theft

Australia introduces new rules to tackle mobile identity theft

Acma (Australian Communications and Media Authority) has introduced a new regulation to fight identity fraud, according to which users who want to change their mobile network while keeping the same number will have to verify that the number they plan to port belongs to them. 

Guardian news tweeted regarding the event:

It is normal for users to verify their identities through their mobile phones via two-factor authentication, especially on digital platforms. Nevertheless, it is still not considered a strong method of ID verification, since people can easily get hold of someone’s mobile number through number porting. 

In Australia, there are no checks involved when a change of mobile number is requested by a customer, apart from basic identity checks. Under the new regulation introduced by Acma on Friday, mobile companies will now have to verify identities in a number of ways. It can be done by a unique code sent through SMS or email to confirm the number that has requested the port or at a retail store by the sales representative calling the number with the person in the store to establish the identity of the owner. 

Fiona Cameron, the Acma Authority member, stated: “This new standard is a strong step forward in the battle against criminals who scam mobile phone users and will significantly reduce the prevalence of mobile fraud,” Teresa Corbin, the Chief Executive of the Australian Communications Consumer Action Network, appreciated the new regulation but expressed that SMS was not a secure method of two-factor authentication. 

“We’d like to see the Acma require telcos to use highly secure forms of verification, such as hardware or software authentication tokens, which are generated with a mobile app,” she said. “We’ve already seen some government services adopt this approach through the development of the myGov code generator app.”

The new rule will be effectuated by the end of April, and in the case of non-compliance, telecommunication companies will face fines of up to $250,000. Paul Fletcher, the Federal Communications Minister, said that some mobile service providers had already started following the new rule and he expects every provider to be compliant by the end of next month.

The United Kingdom implements new Anti-Money Laundering regulations

The United Kingdom implements new Anti-Money Laundering regulations

The United Kingdom’s finance and economics department has announced the incorporation of new Anti-Money Laundering (AML) regulations. The extra measures would diminish the chances of money laundering and other crypto-related crimes, according to the UK Finance and Economics Department. In a speech on March 6, the Director of Retail and Regulatory Investigations, Therese Chambers, stated that the new Money Laundering Regulations places the UK’s Financial Conduct Authority (FCA) as the Anti-Money Laundering supervisor for some crypto aims. 

Storm-7 Consulting tweeted regarding the news:

She further stated that the new regulations go beyond the 5th Anti-Money Laundering Directive (5AMLD) and encompass a wider set of activities, including initial coin offerings or ICOs, as advised by FATF the last year. The 5AMLD was implemented by the European Union last Summers and it was effectuated in January 2020.

According to Chambers, virtual currencies allow anonymous financial transfers. The FCA’s regulatory supervision mainly aims towards business dealings within the virtual space. The new regulations concern crypto exchanges that extend fiat pairings and deal in crypto pairings as well. Wallet service providers are also included. According to Pawel Kuskowski, the CEO of Coinfirm, the new regulations indicated that crypto can no longer be closed by banks. 

FCA risk assessment, customer due diligence, transaction monitoring, record-keeping as well as suspicious activity reporting are some of the things that crypto firms should possess to conduct business. Many Crypto firms have started evacuating the United Kingdom and European Union due to their ongoing stringent regulations.

The EU passed new Anti-Money Laundering regulations in July 2018, called the 5th Anti-Money Laundering Directive (5AMLD). The 5AMLD regulations caused various crypto exchanges to leave UK and EU related countries. Two Crypto platforms, Simplecoin and Chopcoin, have closed down their services due to 5AMLD.

Simplecoin indicated that these requirements are against the fundamental motives of cryptocurrencies, such as privacy and decentralization.

Politically Exposed Person - An unsaid threat to Businesses

Politically Exposed Person – An unsaid threat to Businesses

A politically exposed person or PEP is the one who has been assigned to perform prominent public functions or the one who has a high profile role in society. Due to their position, they can commit money laundering offences and other related corrupt activities like terrorist financing. This thing has already been confirmed by many case studies and analysis reports. There is a proper list available that has all names of PEPs known as the PEP list. Such people are a high risk for the financial sector as they are more likely to become involved in financial crimes like money laundering and financing of terrorists than other people. PEP status highlights additional risk involved, so businesses must apply additional AML/CFT measures when establishing a business relationship with these persons. 

PEP status does not predict criminal behaviour but signals the businesses to be more vigilant. Businesses must conduct proper monitoring to ensure that they do not miss a change in PEP’s risk profile. PEP monitoring requirements are not indicative of criminal behaviour but are just preventive in nature. The evident potential risk factors associated with PEPs justify the application of additional preventive measures when it comes to establishing business relationships with PEPs. In order to avoid reputational and regulatory damages, organizations should understand how to recognize a politically exposed person (PEP) and their associates. 

Defining Politically Exposed Persons

This term first emerged as “Senior Foreign Political Figure ” in the wake of an Abacha Affair which was a money-laundering scandal in Nigeria, this case jolted global efforts to secure the abuse of financial institutes by the public figures. 

PEP, according to FATF Recommendation is defined as following

“Individuals who are or have been entrusted with prominent public functions in a foreign country, for example, Heads of State or of government, senior politicians, senior government, judicial or military officials, senior executives of state-owned corporations, important political party officials.”

According to EU Third Anti-Money Laundering Directive:

“Natural persons who are or have been entrusted with prominent political functions and immediate family members or persons known to be close associates of such persons.”         

Three Major Types of PEPs:

The AML and CFT Act identifies three major types of PEPs which are as follows:

Domestic PEP

A person who has a prominent public position or has a role in a government body.

Foreign PEP

Someone who holds a prominent public position or a role in some other country is considered as a foreign PEP. 

International organisation PEP

A person who has a high position in an international organisation, such as the United Nations (UN), the World Trade Organisation (WTO) or the North Atlantic Treaty Organisation (NATO).

List of PEPs- A Detailed Insight:

Financial institutions and businesses can categorize PEPs as:

Government Officials

Current or former government officials that are in domestic or foreign government positions including heads of states, individuals working in executive, administrative, legislative, military or judicial institutes in various elected or unelected roles.  

Political Party Officials

Officials that are appointed to senior positions in major political parties at home or in foreign countries. 

Senior Executive:

Individuals who are serving in senior executive roles, for instance, directors or board members in government owned or foreign organizations.

Family Members

Family member, the immediate one, of a political or government official, or of a senior executive. For instance, spouse, parents, children, siblings, or spouses’ parents or siblings. 

Categories of PEP

Categories of PEP

 

The Subjective Nature of PEPs:

To define politically exposed persons there is no single international standard so far. Subjective judgment has to be made in order to decide if an individual is politically exposed by taking into account the associated risks. These may be influenced by their seniority and time spent out of the office if they were ever in an eligible PEP position. In the same way, there is no defined objective on whether an individual qualifies as a family or a close associate. 

FATF Recommendations for PEPs:

There are confirmed risks associated with PEPs that justify stringent measures to be taken to put a halt on financial crimes such as money laundering, terrorist financing, and others. Businesses are required to take preventive measures before establishing a relationship with such persons. Businesses to perform a proper PEP list screening whenever a new customer is onboarded to check the criminal history and associated risks. FATF requires countries to ensure that financial institutions implement measures to prevent the money laundering through financial institutes by PEPs and to detect potential misuse whenever it occurs. The requirements are preventive and to be on the safe side. Moreover, businesses cannot refuse business relationships with PEP just because the client is in a PEP list. FATF measures extend on a broader spectrum to fight against financial crimes such as money laundering and not to put PEPs behind bars. 

Identification of PEPs:

To comply with AML regulations and to trace and tackle PEPs, businesses need to have a proper procedure in place. Any business entity should know when to check for a PEP and why to check for it. PEP record should be integrated in the system of every business so that the onboarding customer is screened against it and to nullify the associated risks and criminal activities. In this regard, strict Customer Due Diligence along with PEP screening must be performed before establishing a business relationship with any customer.  

Coronavirus outbreak exploited by internet scammers

Coronavirus outbreak exploited by internet scammers

Americans are advised to stay watchful of cybercriminals’ attempts to misuse the life-threatening Coronavirus epidemic by the U.S. Secret Service. According to the agency, internet fraudsters are taking advantage of the terror caused by the unconventional Coronavirus, COVID-19, including the goodwill of individuals towards helping the affectees.

The U.S. Secret Service, in a press release, stated, “Criminals are opportunists, and as seen in the past, any major news event can become an opportunity for groups or individuals with malicious intentions. The Coronavirus is no different,”

One type of internet scam involved a large number of scam emails containing malicious attachments that purposely damage the computers of individuals that open them. Another type involves cybercriminals asking for donations on social media platforms for fake causes supposedly involving Coronavirus.

It was also noted that since the outbreak, a substantial number of people have started working from home, which has further increased their dependence on the internet for communication. 

The U.S. Secret Service advised that the recipients of emails involving the COVID-19 should keep themselves from attachments or links present in the messages from senders they are unaware of. It is emphasized that individuals should practice enhanced vigilance and care when considering donating to charitable organizations.

According to the World Health Organization, more than 109,000 cases of COVID-19 have been confirmed globally since the disease was discovered in December. As of Monday, the U.S. Centers for Disease Control have placed the number of domestic infections at 423 and counting.

Cryptocurrency brought under AML rules in Singapore

Cryptocurrency brought under AML rules in Singapore

Coinpip, the Singaporean cryptocurrency provider, has closed down its operations, in spite of declaring strong growth potential after the launch of its crypto-to-fiat system. It has suspended its operations since February 2020, claiming that it plans to focus on analyzing licensing requirements under the Singapore Payment Services Act. 

Crypto Mak tweeted regarding the event:

A note on Coinpip’s website states that they will not be entertaining new transactions, but will be completing the remaining ones until further notice. CoinPip is a cryptocurrency transfer platform that assists users to purchase, sell and use virtual currencies as payment for remittances, aiding businesses to transfer money to their employees, freelancers, and contractors across the world. 

It exhibits its returns and exchange portal crafted in such a way to ease the process of regular payouts and remittances while avoiding bank transfer fees and forex charges. Coinpip had been working on launching various projects prior to shutting down. Recently, it incorporated the crypto to fiat ability in the system and also extending its services to more than 40 countries. 

Coinpip also facilitated its customers by allowing payment in Bitcoin through mobile devices in Hong Kong and Indonesia, ultimately introducing it throughout South-East Asia. CoinPip’s shutting down happened as a result of the Monetary Authority of Singapore (MAS)’s step to update its regulatory framework for crypto-related activities, including digital payments. The law quoted in its statement, Payment Services Act (PSA), covers all virtual currency businesses and exchanges based in Singapore, bringing CoinPip and its peers under anti-money laundering and counterterrorist-financing rules.

It is mandatory for crypto businesses to first get registered and then apply for a license to function. Operators are forced to divulge their dealers’ identities in dubious activities. With Singapore shaping its cryptocurrency regulation, there was no choice for many cryptocurrency service providers but to close down their operations. 

Singapore’s PSA law is related to Europe’s Fifth European Anti-Money Laundering Directive (AMLD5), which went into action earlier this year. The legislation is remarkable since it represents the European Union’s first attempt to regulate cryptocurrency activities at EU-level explicitly.

Legal Entity Identifier (LEI) — what it means and how it helps financial institutions?

Legal Entity Identifier (LEI) — What it means and how it helps financial institutions?

The need for trusted digital communication in this age is crucial due to increasing cybercrimes. The digital world is prone to several challenges among which data protection is the one more prevalent and disastrous. With the flow, the incoming regulations come up with the need for stringent security measures for the protection of customer data, digital surveillance, business identification, and a clean clientele. Legal Entity Identifiers (LEIs), therefore, are in place, that help businesses introduce transparency in the system as well as onboard a clean customer base.  

Today, financial companies are active in introducing various financial services and products in the market without disclosing the relationship and associations with the companies. The ambiguity in company bonds, their names, and affiliations can lead to several unfortunate regulatory issues. Therefore, an independent UK’s financial regulatory body, the Financial Conduct Authority (FCA) was established that regulates the financial enterprises, provides services to consumers as well as maintain integrity among the financial markets in the UK to ensure transparent trading. 

In 2011, the LEI system was developed in response to the financial crisis in 2008. Supervised by the LEI Regulatory Oversight Committee (LEI ROC), central banks and other financial regulators, the Global Legal Entity Identifier Foundation (GLEIF) was put in place to support the global adoption of LEI. In December 2012, LEIs were issued for the first time and till September 2018, about 1.2 million entities registered around the world.

LEI 20-characters are divided into three parts. In the number, 0-4 characters contain the identification number of issuing organization, 5-18 contain a company identification number, and 19-20 are the check digits. The LEI helps financial institutions, policymakers, and regulatory authorities to trace the connections in the financial system. It provides a unique identifier for the entities that participate in financial transactions. It is accessible in the publicly available updated databases. LEI generates the following substantial benefits for financial businesses:

  • Clear regulatory reporting 
  • Accurate identification of adverse party exposures 
  • Increased operational efficiency
  • Free of charges database management 
  • Improved business risk management 

It also generates efficiencies for financial companies in internal reporting, risk management, and in collecting, cleaning, and aggregating data. In addition, the LEI is expected to ease companies’ regulatory reporting burdens by reducing overlap and duplication with respect to the multiple identifiers reporting firms must manage.

What kind of legal entities can register an LEI number?

The companies that want to register with an LEI are required to contact the LEI issuing organization. Companies then need to provide the required information to issuers and pay the fees. The information is validated by them against an authentic source, for example, business registers and if verified, LEI is assigned. To register an LEI number, most commonly the issuers ask the company to provide the name and address of legal entity as listed in the official business registers, country and subdivisions codes, date when first LEI was assigned, and date of latest updates in LEI information. 

The following are some legal entities that can register an LEI number: 

  • Financial institutions
  • Registered companies
  • Registered subsidiaries
  • Non-profit organizations
  • Sole proprietors
  • Credit rating agencies
  • International business branches
  • Funds and trust

An international branch office belonging to the same country in which there is the head office of an organization does not need to register again because one LEI is issued per country.

Who needs LEI?

The use of LEI is in the process of implementation by regulatory authorities such as EU, Canada, the US, and the Asia Pacific. LEI is required by the following EU regulations as well as directives:

  • Market Abuse Regulation (MAR): Financial instruments issuers and the reporting of entities involved in suspicious transactions
  • European Markets Infrastructure Regulation (EMIR): Brokers, beneficiaries, CCPs, and counterparties
  • Securities Financing Transactions Regulation (SFTR): Groups involved in financial transactions, securities and beneficiaries 
  • Prospectus Regulation: Securities issuers that are admitted for trading purposes in the EU regulated market as well as offered to the public
  • Markets in Financial Instruments Directive II (MiFID II) and Markets in Financial Instruments Regulation (MiFIR) 
  • Alternative Investment Funds Directive (AIFMD): Real-estate funds and managers
  • Capital Requirements Regulation (CRR): Credit institutions and banks
  • entities
  • Solvency II: Insurance groups and firms, financial resources and pension funds
  • Credit Rating Agencies Regulation (CRAR): Credit rating agencies
  • Central Securities Depositories Regulation (CSDR): CSDs and their participants

How does LEI help financial institutions?

The banks and financial institutions are facing challenges while monitoring high-risk entities. Especially the borrowers that are located out of the state or country and have borrowed a huge loan becoming a high-risk entity for the bank. Tracking these borrowers is difficult as they do not have a unique identifier. When the registry started growing up, legal firms and sole proprietors started borrowing huge amounts from the banks, if that amount is above the one specified by the banks, the entity is obliged to register an LEI number to help institutes trust them and trace the ultimate beneficial owner. 

The borrower companies whose clients are not located in the region they operate in, for example, credit rating agencies, banks, and other financial institutions, they can access the publicly available database to gather credible information related to the clientele. Therefore, it deters the risk of fraud the legal entities can bring for the financial businesses. Moreover, verification of beneficial owners can be done that on the other hand is a benefit as well as a regulatory requirement. This helps financial institutions actually know who they are dealing with.

The global business infrastructure is getting complex so is the tracking of fraudulent entities. To combat the risk of fraud, demand for business identification is growing. Therefore, LEI helps businesses identify the legal entities in the publicly available updated databases to perform identification in a clear and quick manner. LEI is becoming a business development and growth tool internationally.

australia sues

Australia sues Facebook for $525 billion

A lawsuit was filed against Facebook by Australia’s privacy regulator, blaming the social media platform of giving out personal details of more than 300,000 users with Cambridge Analytica, without their consent. In a Federal court proceeding, Facebook was accused of breaching privacy law by revealing personal information of more than 311,127 users for political profiling through a survey product, “This Is Your Digital Life,” on its website.

TechCrunch tweeted:

Angelene Falk, the Information Commissioner said that Facebook was designed in a way that users were incapable of exercising reasonable choice and control over how their personal information was revealed. “We’ve actively engaged with the OAIC over the past two years as part of their investigation,” a Facebook spokesperson claimed, pointing to the modifications the social media giant has made in discussion with international regulators but refusing to comment on the current indictment.

The lawsuit sought unspecified documents, adding that each privacy law breach could bring out maximum retribution of 1.7 million Australian dollars ($1.1 million USD). If the court granted a maximum penalty for each of the occurrences, the penalty would amount to 529 billion Australian dollars ($343 billion USD). 

Last Summer, Facebook was imposed a fine of $5 billion by the U.S. Federal Trade Commission after an investigation was initiated by the same user personality quiz from 2014 to 2015. The FTC’s fine was just a fraction of Facebook’s annual revenue. However, the potential penalty Facebook is facing in Australia is about five times its annual revenue. 

Facebook was indicted for inappropriately disclosing user information belonging to 87 million individuals worldwide with the survey tool of now-defunct British firm Cambridge Analytica. According to the Information Commissioner, Facebook was unaware of the nature of data it shared with Cambridge Analytica’s “This Is Your Digital Life” initiative, but it was unsuccessful in taking favorable steps to protect users’ personal information.

According to the court filing, the Australian users’ personal information was exposed to the risk of disclosure, monetization and use for political profiling purposes. It stated, “These breaches amounted to serious and/or repeated interferences with the privacy of the Australian affected Individuals.” 

Regarding the lawsuit, Facebook officially stated: “We’ve actively engaged with the OAIC over the past two years as part of their investigation. We’ve made major changes to our platforms, in consultation with international regulators, to restrict the information available to app developers, implement new governance protocols and build industry-leading controls to help people protect and manage their data. We’re unable to comment further as this is now before the Federal Court.”

two foreign nationals

Two foreign nationals charged with Cryptocurrency laundering

The United States Department of Justice has charged two Chinese nationals with laundering $100 million in cryptocurrency that was part of $230 million hacked from a virtual currency exchange by North Korean co-conspirators. Tian Yinyin and Li Jiadong were conspiring to hack a cryptocurrency exchange and launder money assets while operating an unlicensed money transfer business.

The accused did business in the United States but their business was not registered with the Financial Crimes Enforcement Network (FinCEN). They conducted business using independent accounts and provided cryptocurrency channeling services to the customers for a fee. 

“The hacking of virtual currency exchanges and related money laundering for the benefit of North Korean actors poses a grave threat to the security and integrity of the global financial system,” according to the US Attorney Timothy Shea. The North Korean co-conspirators outwitted multiple cryptocurrency exchanges’ controls by submitting forged images and manipulated identification documentation, according to the complaint. A segment of the laundered funds was used to pay for infrastructure used in North Korean spamming campaigns against the financial industry.

Don Fort, the Internal Revenue Service-Criminal Investigation (IRS-CI) Chief stated: “We will continue to push our agency to the forefront of complex cyber investigations and work collaboratively with our law enforcement partners to ensure these nefarious criminals are stopped and that the integrity of the United States financial system is preserved.”

Calvin Shivers, the Assistant Director of the FBI’s Criminal Investigative Division also commented that the FBI will actively collaborate with the domestic and foreign enforcement agencies to detect and inhibit the illegal exchange of currency. He stated: “Today’s indictment and sanctions send a strong message that the United States will not relent in holding accountable bad actors attempting to evade sanctions and undermine our financial system.”

There were more than a hundred named virtual currency accounts and addresses used by Yinyin and Jiadong. Penalties have been imposed on the two Chinese nationals and a number of cryptocurrency addresses involved by the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC). The suspects have to hand over any assets and funds involved in the plot. 

According to Acting Executive Associate Director, Alysa Erichs, “This indictment shows what can be accomplished when international law enforcement agencies work together to uncover complex cross-border crimes,”

Ex-Microsoft engineer accused of digital currency scam

Ex-Microsoft engineer accused of digital currency scam

Ukrainian citizen, Volodymyr Kvashuk, has been accused of six counts of money laundering, five of wire fraud,  two of identity theft, two of filing false tax returns, and one count each of mail fraud, access device fraud, and access to a secure computer following a five-day trial, according to the US Department of Justice.

He worked as an employee and contractor at Redmond Giant. He worked as a software tester for Microsoft’s online retail platform from August 2016 to June 2018, where he misused his restricted access to embezzle digital assets including currency and gift vouchers. Kvashuk used his personal accounts and the email addresses of his co-workers to transfer digital assets. 

Initially, the software engineer stole relatively smaller amounts, reaching about $12,000 in value. However, the thefts soon proliferated to substantial percentages and Microsoft was ultimately swindled out of over $10 million over a period of seven months. With the amount stolen, the engineer purchased a lakefront home worth $1.6 million and a Tesla automobile.

Kvashuk was very cautious about concealing his trails. He used others’ accounts to reduce his chances of getting caught. He even employed cryptocurrency mixing services to clean his dirty funds before depositing them into his financial account, including $2.8 million in Bitcoin (BTC). This specific deposit was disguised as a fake gift from a relative through the filing of a fraudulent tax return. 

The scam was exposed and the engineer was instantly fired, leading to the criminal complaint. During the lawsuit, Kvashuk rejected any intention to defraud Microsoft; rather, he claimed he was “working on a special project to benefit the company.” This defense was termed a “house of lies” by the Prosecution officers. The jury also rejected Kvashuk’s explanation and sentenced him to 20 years in prison, which is set for June. 

Ryan Korner, the Special Agent Incharge IRS-CI, said that besides stealing from Microsoft, Kvashuk also robbed the government by concealing his fake income and filing false tax returns. He stated, “Criminals who think they can avoid detection by using cryptocurrency and laundering through mixers are put on notice… you will be caught and you will be held accountable.”

estonian cryptocurrency exchange

Estonian Cryptocurrency Exchange charged for concealing hack

Crex24, an Estonian cryptocurrency exchange, is accused of hiding a hack from its customers after terminating trade for altcoin pairings. There has yet been no explanation provided regarding the suspension by the exchange. The deposit and withdrawal services have also been discontinued.

Kohei Kurihara tweeted regarding the news:

Despite the issues and concerns of the people, the exchange has been primarily focusing on highlighting new listings on social media, rather than addressing the concerns of its users.

According to a report by the Brazilian crypto press, Livecoin, an anonymous Crex24 user claims to have noticed suspicious activities of the alternative cryptocurrency Htmlcoin, which points to cheating on the part of the exchange. The user had to face a loss of $32,000 in cryptocurrency in mid-February, as the exchange froze his reserves.

Crex24 later announced that 200 million Htmlcoins, worth $11,200, were stolen from its wallets and that they plan on collaborating with the Htmlcoin team to recompense the investors. 

However, it was identified that on Feb 12, 1.3 billion Htmlcoins were taken out from Crex42’s wallet, worth $72,800. The funds were transferred to the Hitbtc exchange. Htmlcoin, which holds a large Brazilian customer base, was added to the exchange at the beginning of the year. In less than two months, its pairings are offline. 

Following the circulation of allegations regarding Crex24, the exchange has enhanced its KYC (Know Your Customer) requirements for processing transactions, further obstructing the customers’ ability to remove funds from the platform. 

Coin360 stated that Crex24 hosted roughly $2.62 million in trade over the past 24 hours, ranking it 137th by daily volume.

How machine learning changed facial recognition technology?

How machine learning changed facial recognition technology?

We are entering a new era of fast and secure authentication clubbed with a perfect storm of digital transformation. The convergence of AI and biometrics is a part of this transformation and as with many technological breakthroughs, this transformation is not down to the advancement in a single technology. 

The implementation of face recognition has seen many iterations starting from its origin in the 1960s when it was manually implemented with a RAND tablet (a graphical computational device). The technology was incrementally refined during the last century. However, adoption of facial recognition on a large scale became possible, thanks to the breakthrough of deep machine learning in the early 2010s. In this article, we will try to elaborate how machine learning has changed facial recognition technology and the impact it has on the development of robust authentication systems.

The facial recognition market is expected to grow to $7.7 billion by 2022 and it’s because the technology has all kinds of commercial applications. From airport security to healthcare and customer authentication, face recognition is now widely adopted around the globe. 

What part does machine learning play in face recognition mechanism?  

Deep machine learning or deep neural networks are about a computer program that learns on its own. The fact that it is called “neural” or “neural network” comes from the basis that the technology is inspired by the human brain’s properties to transform data into information. It is a variant of the more general concept of machine learning, which in turn is part of a more comprehensive concept called artificial intelligence.

With deep machine learning, an algorithm serves training data and delivers results. But in between input and output, the algorithm interprets the signals – i.e (training data) – in a number of layers. For each new layer, the degree of abstraction increases.

Say, you want to build a deep neural network that can differentiate different faces or that can determine which faces are identical. Training data should then be a large number of images of the faces. The larger the dataset, the more accurate the network, at least in theory.

A computer does not “see” a face in the image, but several values ​​representing different pixels. With the pixels as a background, the deep neural network learns to find patterns. For each layer passed in the network, some patterns become more interesting (stronger signal between the “neurons” in the network) while others are nonchalant (weaker signal). During training, the “weights” of the various signals are varied to produce the desired result better and better.

The first, second and hundredth time the algorithm performs this procedure, the results are usually not as good, but eventually, the network can achieve impressive results. In a way, one can say that the network has learned to abstract and generalize, from raw pixel values ​​to the classification of different people’s faces.

But that is perhaps not what we humans think of when we use terms such as generalization; it is rather the network has worked out some metrics that are unique to each face. If the pre-trained network is served a new image on a face, the network can match its measurement values ​​to the faces on other images. If the network generates roughly the same values ​​for different images, it is likely the same person on both images.

It is called deep machine learning because such a model can use multiple – sometimes a hundred layers. This is symbolic; humans cannot understand how the computer program finds patterns. It operates in different layers.

Although the algorithms are developed and refined as they are, there are two other reasons behind the breakthrough of the deep neural networks: access to large datasets and cheap computing power, especially in the form of graphics cards that were most often associated with computer games.

It may also be borne in mind that the method described above for classification purposes is only one of many but is commonly used. 

Anti spoofing techniques for face recognition

While converging machine learning algorithms with face recognition makes it more accurate and fast, there is another feature that makes machine learning a must-have for face authentication – Anti Spoofing. This innovative technology shows a lot of promise and has the potential to revolutionize the way we access sensitive information.

Even though face recognition is promising, it does have some flaws. Simple face recognition systems could easily be spoofed by using paper-based images from the internet. These spoof attacks could lead to a leak of sensitive data. This is where the need for anti-spoofing systems come into play. Facial anti-spoofing techniques help prevent fraud, reduce theft and protect sensitive information.

Presentation attacks are the most common spoofing attacks used to fool facial recognition systems. The presentation attacks are aimed to subvert the face authentication software by presenting a facial artefact. Popular face artefacts include printed photos, replaying the video, 2D and 3D facial masks.

AI-based anti-spoofing technology has the ability to detect and combat facial spoofing attacks. With features like 3D depth perception, liveness detection, and microexpression analysis, our deep learning based facial authentication system could accurately analyze the facial data and identify almost all kinds of spoofing attacks. Shufti Pro detected 42 different spoof attacks in 2019. Among these 3D face mask attacks were in high volumes – almost 30%.

Machine learning-based presentation attack detection algorithms are used to automatically identify these artefacts to improve the security and reliability of biometric authentication systems.

Machine learning-based face verification systems rely on 3D liveness detection feature for successful detection of spoofing attacks including 3D photo masking, deep fakes, face morphing attacks, forgery, and photoshopped images. Liveness detection verifies whether a user is present or is using a photo to spoof the system.

What to expect in the future for facial recognition?

The human face has already become a perfect means of authentication and will have more impact on the digital transformation in the future. By using the face as an identifier, we are already able to open an online account, make online payments, unlock the smartphones, go through checking control at the airport or access medical history in the healthcare sector. 

In general, facial biometric technology has widespread potential in four categories: law enforcement and security, online marketing and retail sector, health sector, and social media platforms. AI-empowered face recognition technology has the potential to become predominant in the future. 

One of the future implications of technology is identifying facial expressions. Detecting emotions with the help of technology is a difficult task but machine learning algorithms have the promising potential to automate this task. By recognizing facial expressions, businesses will be able to process images and videos in real-time for better monitoring and predictions hence saving the cost and time.

Although it’s hard to predict the future facial recognition technology with the rapid growth and adoption of technology, it will become more widely adopted across the globe with more sophisticated features.

fatf issues

FATF issues new guidance on Digital Identity systems

A guidance paper has been issued by the Financial Action Task Force (FATF) to assist governments, financial institutions, VASPs or virtual asset service providers, and other regulatory bodies to decide whether such systems are relevant for CDD or customer due diligence purposes or not.

The guidance paper was introduced last month at the FATF meeting and follows the previous draft guidance which was issued in 2019. Although it is focused to be technologically neutral, it still sets a decision process to establish whether a digital identification system meets the FATF requirements for Customer Due Diligence.

According to the FATF, authentic digital identification can make it simple, inexpensive and safe to authenticate individuals in the financial sector. Furthermore, it can also assist with transaction monitoring requirements and reduce weaknesses in human control procedures. 

Customer verifications and transactions that depend on authentic digital identity systems with suitable risk minimization protocols in place present an ordinary or low level of risk, according to the guidance paper. It is also highlighted that the use of digital Identity verification systems in customer onboarding can help support financial inclusion targets. 

The FATF offers directions for local authorities, specifically to develop explicit guidelines or rules allowing the relevant, risk-based use of reliable, independent digital ID systems by regulatory institutions for AML/CFT purposes. According to the guidance, the risk-based approach depends on consensus-driven assurance models and standards that are constantly polished and modified to develop an extensive worldwide standard for digital identification systems.

For regulated institutions, the guidance says dependence on digital ID systems for customer due diligence should be enlightened by an interpretation of their assurance levels, especially for identity proofing and validation, and whether said assurance levels are suitable for the ML/TF risks associated with the customer, product, jurisdiction, geographic reach, and other factors.

The UK plans to levy on banks to prevent money laundering

The UK plans to levy on banks to prevent money laundering

According to Reuters, Britain plans to announce a new levy on banks and other financial institutions to generate 100 million pounds for the prevention of money laundering.

Corrupt foreign money has been laundered to London multiple times from Russia, Nigeria, Pakistan, former Soviet states and Asia. It is estimated by the police that around 100 billion pounds of laundered money is moved through or into Britain every year.

Rishi Sunak, the Finance Minister, plans to reveal an Economic Crime Levy to generate money for a new law enforcement technology and to hire more investigators.

The levy is likely to be implemented in 2022/23 and the Treasury will consult in the Spring about the firms that will be asked to contribute. According to Sunak, Criminals will have no place to hide their illegal earnings in the future. He stated, “We’re going to put more financial investigators and better technology on the frontline to fight against money laundering.”

Last year, an Economic Crime Plan was introduced by the government and business leaders to tackle illegitimate money with more cash for police to handle scammers and money launderers and a more useful exchange of information.

More posts