07/31/2018 | Episode 26
Daniel Sankey is the BSA Compliance Officer at Coinbase.
Evan: Welcome to Trust & Safety in Numbers presented by Sift Science. I’m your host, Evan Ramzipoor. Cryptocurrency has become more than just an alternative form of money, it’s a meme and depending on who you ask, it’s a harbinger of a dark future or it’s going to save the world. The reality is probably somewhere in the middle, but the road to that middle is paved with regulatory and fraud challenges. I’m here today with Daniel Sankey. The digital currency exchange company Coinbase recruited Daniel to help them build a program to ensure their compliance with the Bank Secrecy Act. That’s the law that requires banks to help the government prevent money laundering.
Daniel: Yeah, so I’ve been working in the financial services industry for over 10 years.
Evan: Daniel’s job is essentially risk management. He works to cut down on the risk of using digital currency so that it’s accessible to more people. Before we get to cryptocurrency, blockchain, and fraud though, let’s warm up with a quick fraud fact. Did you know that fraudsters are increasingly turning to above board tools like background checks to commit identity theft? To learn more, check three tactics fraudsters have learned from fraud fighters on the Sift Science blog. Now, on to the interview. All right, Daniel, tell me a little bit about your background.
Daniel: Originally, I was actually with Wells Fargo Bank for eight years, so really, kind of the bulk of my experiences in traditional financial services, you know, big banks. And I dipped my toe in the FinTech world working at Square for a year. And then now, I’m currently with Coinbase and have been for just over three years.
Evan: A lot of people are familiar with the term cryptocurrency, but less familiar with its meaning. Can you tell us in concrete terms what Coinbase does, and what’s your role at Coinbase?
Daniel: We are attempting to build an open financial system for the world. So, the idea being that it is a financial network that anyone can use and easily access whether they are in, you know, the so-called first world or the third world. And really financial services right now are very exclusive, very much cater to high net worth individuals, even globally speaking. And really the idea is to bring a financial system to people, to everyone.
What we do to facilitate that right now, we do a lot of things, but probably the most core important part of what we do is we provide an exchange service. So you can take fiat currency, you know, dollars, Great British pounds, euros and use them to buy virtual currency and vice versa. What I do here is I’m the compliance officer, so really, my job is to ensure that Coinbase is compliant with many and various regulations that impacted…
Evan: Let’s zoom out and talk about cryptocurrencies in general. Cryptocurrencies seem to pose a serious regulatory challenge there, a decentralized form of currency and an entirely new frontier. What are some of the regulatory challenges cryptocurrency firms are facing?
Daniel: I think one of the big challenges that’s faced in the regulatory space is really defining what it is that we are and that what crypto is. So, different regulatory bodies have put forth different interpretations of what we are, and have defined us in various ways. And so right now, there’s actually multiple, in some ways, conflicting definitions of what cryptocurrency is based on, which regulatory body is giving the pronouncement. You know, Coinbase very early on in its life decided that it would be regulated, that it would be as compliant as possible with every law and regulation, and it would be safe.
And so, we’re very eager to understand those regulations put forth by these different bodies, such as the Securities Exchange Commission, or the Commodities and Futures Commission, or Finsent [SP]. One of the challenges we’re having right now is they’re still kind of, I think, figuring out and defining this space and trying to understand what it is that we are. And so there’s a little bit of a gray area right now where we’re…the definition of what virtual currency is ambiguous, and so, therefore, the regulations around it can be ambiguous and complex.
Evan: Are fraudsters taking advantage of the decentralized nature of cryptocurrency to commit fraud?
Daniel: Yeah, I definitely think there’s a fraud risk for virtual currency no doubt about that. It’s really like electronic cash, you know, and so there’s definitely an opportunity for fraudsters to steal it and profit off of that. I don’t think that the decentralized nature of it makes it anymore or less risky than current financial products, so I think of, you know, like the Nigerian 409 scams where people would be deceived into sending wires abroad. Once those wires were sent, the money was as good as gone, you know, there was really no recovery process.
Virtual currency can be perceived as having a similar challenge where once the funds are sent, once the transaction is pushed forward onto the network, that really it’s irreversible and the money’s gone and that’s true as well. But, you know, if you compare it to wires which are heavily centralized, you know, they have an intermediary like swift, that risk is still present in that network as well, just as it’s present in our network. So, I think fraud is definitely a risk that we need to take very seriously and manage very carefully, but I don’t think the decentralized nature is what is particularly appealing to fraudsters.
Evan: So, when a business is trying to get people to buy into a new coin, they engage an initial coin offering or ICO. That’s when startup sell a percentage of their cryptocurrency to early backers in exchange for fiat currency or other cryptocurrencies like Bitcoin. According to a report from Static Group, about 80% of ICOs are scams. That seems like a very high level of risk for people buying into a new coin. Given that amount of fraud, is cryptocurrency a sustainable model?
Daniel: I definitely think it’s a sustainable model. I think the technology is here and even though there are instances of fraud and abuse, the technology remains and will continue to be developed and used. Right now, given the high rate of fraud in those products is why regulatory bodies and companies like Vinson [SP] that are willing to partner with companies like Coinbase, that are willing to partner with them are so important. Because really I see my role and the kind of larger role of the company is legitimizing the space.
So, when we talk about a large degree of fraud in ICOs, what we need are, you know, experts in the space that can ensure there’s high-quality information available to potential investors, that there are vetting processes, that there are trusted bodies that can provide this information to them, so that the consumer can make intelligent informed decisions about what they invest in. And so that things like scams are, you know, exposed and become visible so that they’re not able to easily take advantage of them.
And then there’s, of course, the enforcement angle where right now those regulatory bodies are really grappling with these different forms of scams. And the more effectively they’re able to take them down, prosecute them, you know, census are put down, the more that will be cut into in those spaces as scammers consider moving elsewhere to an area that’s less under pressure or under the scrutiny.
Evan: What kinds of cryptocurrency fraud are you seeing?
Daniel: Probably the biggest one that hit the headlines is related to CryptoLocker scams. So, what that means is someone unwittingly downloads a virus onto their computer, usually through an email where they click on a link that they shouldn’t. And what it does is it encrypts all the files on their computer, so they can’t access any of the files on their computer. And then the virus demands a payment of Bitcoin to unlock all those files.
So, it gives the person that payment address and says send X amount of dollars in Bitcoin and then we’ll allow you to unlock your computer. You know, there was some very high profile, you know, headline-grabbing instances of it, like the WannaCry virus, which temporarily shut down the health services in the United Kingdom. And, unfortunately, these scammers go after companies that cannot afford to be locked out of their files.
So, you and I on a personal computer might, you know, eat it and say, well, forget it. There’s not enough on here for me to pay, you know, $1,000 in ransom. But for these big companies, that’s not an option, right? You know, people can’t gain access to their health records, people can get sick people can die. So, those companies are willing to pay quickly and pay large amounts, and unfortunately, these crypto ransomers are targeting different businesses like that.
Evan: What are some methods businesses are using to fight cryptocurrency fraud?
Daniel: I think, really, the biggest one is first in the cybersecurity space, right? Information security is so important, and more and more you hear this. It’s a challenge because a lot of…it’s a cost center, right? It’s expensive to have high-quality cyber security. And so some companies might be tempted to, you know, sort of ignore the headlines, or it’s a little bit of, you know, chicken little saying this guy’s falling and might be willing to scrimp in that area. And I think that’s a big mistake because the cost can be tremendous.
You know, I think at Coinbase, you know, our senses all it takes is one security breach, one hack, and then our trust is completely lost and our product essentially becomes far less useful, far less attractive to consumers and potentially puts us out of business. So, we just have a zero tolerance policy for any sort of information security vulnerabilities or risks.
I think that’s a big part of what other companies can do, and then as it relates to like scams and fraud around ICOs, is that really consumers really need to be very careful when they invest any of their money, whether it’s an ICO or any financial product. And do research and make sure they really understand what they’re getting into. Make sure that there is perhaps a trusted individual or source that they can get their information from, and really be very careful where you’re putting your money.
Evan: Fraud fighters have begun to explore blockchain-based technology to reduce risk and fight fraud. For example, a pair of engineers at Square recently developed crypto anchors, which are an advanced system for encrypting database contents. What are your thoughts on how similar technologies might be used for fraud-fighting in the future?
Daniel: Yeah, I think that would be really exciting. I mean, really, blockchain allows you to share information in a trust list way, right? And that’s a huge advantage. So Coinbase, we have our own visibility into suspicious activity and the criminal activity, but we don’t share our peer’s vision, right? We don’t have necessarily the same vision or visibility that another exchange does. These sort of blockchains would allow us to share information with one another in a really trust list seamless way. And also in a secure way where it’s encrypted on these chains, so that customer data is not at risk.
I think that could be a huge advantage to us as a community, keeping the network safe and working together to share information so that we can protect one another and our mutual consumers. I also I’m really excited about identity verification apps and services that allow customers to verify the identity via blockchain as opposed to more traditional ways, which are usually involving a credit bureau and some combination of social, date of birth, name. I think that, you know, given the recent compromises of companies I’ve experienced that there’s a huge security risk because of how much data that’s been lost in that way. And I’m excited about blockchain solutions that would allow customers to be verified in a way that doesn’t rely on that information.
Evan: Thanks for joining me on Trust and Safety in Numbers. Until next time, stay vigilant fraud fighters.
Learn more about what sets Sift Science’s machine learning apart.
With billions of compromised credentials already in criminals’ hands, how do you protect your users’ accounts, your brand, and your bottom line?