Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label KYC. Show all posts
Technology
Biometric Security Data Privacy Facial Recognition KYC Technology

Is Facial Biometrics the Future of Digital Security?

 



Within the dynamic sphere of digital technology, businesses are continually seeking innovative solutions to streamline operations and step up their security measures. One such innovation that has garnered widespread attention is facial biometrics, a cutting-edge technology encompassing face recognition and liveness detection. This technology, now available through platforms like Auth0 marketplace, is revolutionising digital processes and significantly enhancing security protocols.

What's Facial Biometrics?

Facial biometrics operates by analysing unique facial features to verify an individual's identity. Through face recognition, it compares facial characteristics from a provided image with stored templates for authentication purposes. Similarly, face liveness detection distinguishes live human faces from static images or videos, ensuring the authenticity of user interactions. This highlights the technology's versatility, applicable across various domains ranging from smartphone security to border control measures.

Streamlining Digital Processes

One of the key benefits of facial biometrics is its ability to streamline digital processes, starting with digital onboarding procedures. For instance, banks can expedite the verification process for new customers by comparing a selfie with their provided identification documents, ensuring compliance with regulatory requirements such as Know Your Customer (KYC) norms. Moreover, facial biometrics eliminates the need for complex passwords, offering users a secure and user-friendly authentication method. This streamlined approach not only strengthens security but also improves the overall user experience.

A Step-Up In The Security Measures

Beyond simplifying processes, facial biometrics adds an additional layer of security to business operations. By verifying user identities at critical junctures, such as transaction confirmations, businesses can thwart unauthorised access attempts by fraudsters. This proactive stance against potential threats not only safeguards sensitive information but also mitigates financial risks associated with fraudulent activities.

Embracing the Future

As facial biometrics continues to gain momentum, businesses are presented with an array of opportunities to bolster security measures and upgrade user experiences. Organisations can not only mitigate risks but also explore new possibilities for growth in the digital age. With a focus on simplicity, security, and user-centric design, facial biometrics promises to redefine the future of digital authentication and identity verification.

All in all, facial biometrics represents an impactful milestone in the realm of digital security and user convenience. By embracing this technology, businesses can achieve a delicate balance between efficiency and security, staying ahead of unprecedented threats posed by AI bots and malicious actors. However, it is imperative to implement facial biometrics in a manner that prioritises user privacy and data protection. As businesses work out the digital transformation journey, platforms like Auth0 marketplace offer comprehensive solutions tailored to diverse needs, ensuring a seamless integration of facial biometrics into existing frameworks.


Read more »
KYC
Blockchain Crypto Chain cryptocurrency Cyber Attacks CyberCrime Cybersecurity Illicit Funds KYC

Rising Tide of Illicit Funds: $4 Billion Washed Through Cross-Chain Crypto

 


Criminals in the cryptocurrency world use blockchain technology as one of the main means to launder money since it allows them to send digital assets across blockchain networks without being traceable or frozen by a centralized service. They do this with the help of so-called cross-chain bridges, and the dollar amount involved is getting larger and larger every year. 

Elliptic, a blockchain analytics firm specializing in blockchain monitoring and analysis, has conducted a comprehensive analysis of a few cross-chain bridges, including RenBridge, to determine how much bitcoin has been laundered each year since 2020, according to new research. 

There are several types of cross-chain crime, but the most obvious one is the swapping of crypto assets between different tokens or blockchains without any legitimate purpose - often in quick succession and frequently for the sole purpose of concealing their criminal origins. 

There is a growing trend, popularly referred to as "chain-hopping" or "asset-hopping", to launder crypto assets across different chains to minimize the risk of theft or loss. This was revealed in a recent report published by blockchain industry surveillance firm Elliptic, which found that $7 billion of "illicit or high-risk funds" have been laundered using decentralized exchanges (DEXs), cross-chain bridges, and non-KYC exchanges that do not require customer identification. 

In July this year, Elliptic had already reached the staggering $6.5 billion mark in terms of such activities, surpassing a prediction made last year that it would reach that sum by the end of 2023. According to the report, several illicit activities are becoming more complex as criminals take advantage of the growing complexity of cross-chain transfers, including derivative trading and limited orders on market exchanges, to conceal their money laundering activities. 

A report released by the United Nations said that approximately $2.7 billion worth of funds were laundered in these manners over one year, from July 2022 to July 2023. There are several different estimates made by Elliptic analysts of the amount of money that will be laundered through DEXs, bridges, and coin swaps by the end of the year 2023. 

By the end of 2025, the amount that will be laundered through DEXs, bridges, and coin swaps will be $10.5 billion. A mere $4.1 billion was laundered through these platforms at the time, with the amount of illicit assets just over $1.4 billion. 

Despite this, Elliptic's estimate to reach $7 billion has been exceeded, and as a result, the current figure will surpass it. In addition to the $2.7 billion laundered through cross-chain and cross-asset services, the company discovered that over the period July 2022 to July 2023, an additional $2.7 billion was laundered. 

The Lazarus Group was responsible for $900 million of the total amount of illicit funds laundered through cross-chain bridges, making it the largest source of all the funding laundered through cross-chains in the world. 

Elliptic has identified the Lazarus Group as one of the largest sources of illicit funds that are laundered across chains through cross-chain bridges, according to its data. Elliptic's data shows that cross-chain crime is the third most prevalent source of a variety of crimes and that it accounts for approximately one-seventh of the total amount of cross-chain crimes reported. 

The criminals have probably come up with more sophisticated cross-chain methods to obscure their laundering activities nowadays, such as derivative trading and limit orders. A series of cyberattacks have been linked to the Lazarus Group dating back to 2010 that have been suspected of being carried out by a group that has links to the North Korean government. 

Although the exact number of these groups remains a mystery, their impact on the world of crypto money laundering cannot be denied, largely due to the sheer size of their membership. The DEXs are peer-to-peer exchanges where cryptocurrency traders can directly exchange assets and information; cross-chain bridges are protocols used to allow crypto traders to transfer assets and information between different independent blockchain networks using cross-chain bridges. 

Coin swaps, on the other hand, refer to a tool that allows users to convert a pair of coins directly into a different exchange rate without having to open an account with each of them. According to a research report published by blockchain analytics firm Elliptic, several criminal organizations have laundered more than US$4 billion worth of illicit crypto gains using decentralized exchanges (DEX), cross-chain bridges, and coin swap services.
Read more »
VCRT
AML cryptocurrency Cyber Attacks Cyber Criminals FBI KYC Ransomware VCRT

Cryptocurrency Exchanges Linked to Ransomware

 


Nine cryptocurrency exchange websites have been taken down by the FBI and the Ukrainian police in a daring joint operation. Cybercriminals and ransomware gangs use these websites to launder money for cybercriminals. This is because these websites facilitate money laundering by criminals operating online. Ukrainian prosecutors' offices and the Virtual Currency Response Team were also involved in the operation. 

Several virtual currency exchange services were seized by the FBI on Monday. These services may have been used by cybercriminals to launder money obtained through ransomware hacks. As a result of a collaboration between the FBI's Detroit Field Office and Ukrainian police, the Detroit FBI field office seized virtual currency exchanges used by criminals for anonymous transactions, the United States Department of Justice has announced. 

There is a press release that states that the FBI also received support from the Virtual Currency Response Team (VCRT), the National Police of Ukraine, and the regional prosecutors as a result of the 'crypto exchanges' operation. 

  1. 24xbtc.com 
  2. 100btc.pro 
  3. pridechange.com 
  4. 101crypta.com 
  5. uxbtc.com 
  6. trust-exchange.org 
  7. bitcoin24.exchange 
  8. paybtc.pro 
  9. owl.gold 
These websites allow you to anonymously buy Bitcoin, Ether, and other cryptocurrencies. They offer Russian and English exchange services with few Know Your Customer (KYC) or Anti-Money Laundering (AML) restrictions. In addition to online forums dedicated to criminal activity, websites are also advertised. 

These exchange servers have been shut down, and their domain names have been taken over by US authorities. Several exchanges were accused of offering anonymous cryptocurrency exchange services to website visitors. These visitors included cybercriminals, scammers, and many other bad actors, offering these services anonymously to site visitors. 

The FBI has accused these crypto exchanges of being used by cyber criminals, including scammers, ransomware operators, and hackers, for laundering money. Additionally, the FBI stated that these exchanges did not have a license. This acted as support for criminal activities under US laws. 

Two servers were confiscated. These servers were located in different parts of the world including the US, Ukraine, and several European countries. Cybercriminals used the exchanges to launder money from illegal activities, and the authorities are using the seized infrastructure to identify and track down those hackers.

It should be noted that both the English and Russian-language exchanges that offered similar services and avoided money laundering were censured by the FBI for the lack of anti-money laundering measures and the collection of Customer knowledge information, or none at all. The FBI claims that these sorts of unlicensed, rogue exchanges are one of the most critical hubs of the cybercrime ecosystem. 

Users have been able to convert their cryptocurrency into coins that are more difficult to track down on websites that have been seized anonymously. Hackers disguised the source of the money they stole and avoided detection by law enforcement agencies.

There is a lot of variety on these sites. Users can get live help and instructions in both Russian and English covering a wide range of cybercrime communities. 

The FBI's announcement indicates that noncompliant virtual currency exchanges that operate in violation of the United States Code, Sections 1960 and 1956, act as hubs for cybercrime. They have lax anti-money laundering programs and collect little information about their customers. These exchanges are significant cybercrime centers.

A search was conducted at the home of former FTX executive Ryan Salame early this month. This was part of the FBI's investigation into Salame's role as an advisor to Bankman-Fried at the time. 

During an operation conducted by the FBI and Ukrainian police, the FBI and Ukrainian police took down nine websites known as 'crypto exchanges'. These websites were well known for serving as money launderers for ransomware groups and cyber criminals. As part of an organized campaign, the daring action was undertaken by a cybercriminal who wanted to destroy the digital infrastructure that allows him to make money from his malicious actions by “interfering” with it and using it for his malicious goals. 


Read more »
User Privacy
Data Breach KYC Upstox User Data User Privacy

Hackers Expose Contact and KYC Details of Upstox Clients

 

Upstox, India's second-biggest broking firm in terms of the number of active customers, disclosed that its databases, including contact details and know-your-customer (KYC) details, may have been breached. The Delhi-based discount brokerage firm, anyway thought that it has improved its security systems at its servers manifold recently, on the suggestions of a global cyber-security firm against a suspected data breach. 

The organization has guaranteed the customers that their funds and securities are protected and remain safe. Sources propose that Upstox has endured a huge information breach that has uncovered some significant information like Aadhaar, PAN, bank account numbers, canceled cheques, signatures, and photographs apart from other personally identifiable information like passport, mobile numbers, and email addresses.

“On receipt of e-mails claiming unauthorized access into our database, we have appointed a leading international cyber-security firm to investigate possibilities of breach of some KYC data stored in third-party data warehouse systems. This morning, hackers put up a sample of our data on the dark web,” a company spokesperson said in an e-mailed statement. 

The spokesperson added that as a proactive measure, the organization has started numerous security upgrades, especially at the third-party warehouses, continuous 24x7 monitoring, and additional ring-fencing of its network. 

“As a matter of abundant caution, we have also initiated a secure password reset via OTP for all Upstox users. Upstox takes customer security extremely seriously. Funds and securities of all Upstox customers are protected and remain safe. We have also duly reported this incident to the relevant authorities,” the spokesperson said. The spokesperson further said that at this point, “We don't know with certainty the number of customers whose data has been exposed.” 

Upstox, upheld by investors like Tiger Global and Ratan Tata, has more than 3,000,000 clients. In an announcement note on the organization site, Upstox co-founder and CEO Ravi Kumar said funds and securities of customers are protected and remain safe. 

“Funds can only be moved to your linked bank accounts and your securities are held with the relevant depositories. As a matter of abundant caution, we have also initiated a secure password reset via OTP. Through this time, we have also strongly fortified our systems to the highest standards,” he said.
Read more »
Mobikwik
10 crore Data Breach Data Leak KYC Mobikwik

Data Leak of 10cr Users: ‘The Largest KYC Data Leak in History’

 

According to cybersecurity researcher Rajshekahar Rajaharia, mobile payment app Mobikwik came under attack after the data of 10 crores of its users was posted for sale on a hacker website on the dark web. The alleged data breach was conducted by a group of hackers known as the ‘Ninja Storm,' who have also been selling the ‘leaked' details online since March 26. 

The data is being sold for 1.5 Bitcoins, which is nearly Rs 63 lakhs, as per a post by the hacker community. Ever since tens of thousands of people have taken to Twitter to share screenshots of their personal information being exposed. It is the ‘largest KYC data leak in history,' according to cybersecurity researcher Elliot Laderson. 

Personal information of merchants who obtained loans via Mobikwik is also said to be available for purchase in exchange for bitcoins. Over 4 crore Mobikwik customers' card details and hashes are reportedly included in the leak. 

The Gurugram-based fintech firm has maintained a denial of its involvement in the breach, accusing the researchers who made the infringement public of being "media-crazed" and offering "concocted files" as evidence. "We thoroughly investigated and did not find any security lapses. Our user and company data are completely safe and secure," said a spokesperson from Mobikwik. 

On January 20, a hacker named 'Jordan Daven' took over 8 terabytes (TB) of private user data from Mobikwik's main server and posted it on dark-web websites, according to Rajaharia. “Regular keys and passwords should have been changed and logs should have been monitored to prevent this kind of security compromise,” he said. 

Furthermore, in February, Rajaharia claimed that a hacker was selling Mobikwik user data, including PAN card numbers, Aadhar numbers, debit/credit card numbers, phone numbers, and other personally identifiable information that is typically exchanged mostly during Know Your Customer (KYC) process. 

To complicate things, Mobikwik claims that its technology has not been hacked. In a statement, it said, “Some media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organization as well as members of the media.“ 

It isn't the first time Mobikwik has been the target of a cyber-attack. The business witnessed another information security incident in 2010. 

According to reports, the Reserve Bank of India is keeping an eye on such security breaches and has enacted many new regulations, along with the upcoming payment aggregator and payment gateway guidelines, that will limit customer data exposure to a few databases of approved gateways.
Read more »
Subscribe to: Posts (Atom)