Security of digital payments on EXMO
In general, it is not easy when dealing with online payments. Payments often do not go through for various reasons and before depositing or withdrawing money, users normally need to pass various confirmation steps and verification processes.
All these methods are in place to prevent fraudulent transactions and money laundering. And of course these are extremely important to follow, but also can sometimes be quite annoying for the users.
So one of the questions that we started working on has been how to make payments safe without overcomplicating the user experience when trading on EXMO.
So what is it all for?
All financial institutions and businesses in one way or another are at risk of fraud and/or money laundering.
Majority of fraudulent transactions take place because of stolen bank details or identity. Fraudsters use stolen data to withdraw money from the bank cards and in order to prevent that identity and card verifications are needed, that is why it is so important that the name in the identity documents matches the name on the cards used.
Know your customer
One of the practices to prevent fraud and money laundering is KYC. Which stands for ‘Know Your Customer’ and these are the guidelines created for financial services to verify user identity when they create accounts and to make sure that the users are indeed who they claim to be. This is what identity verification is for. In order to make this process as fast as possible, we rely on automatic identity verification provided by Sumsub.
Solutions like this allow the verification process to be swift and ensure that saved data is securely stored. It also allows our users to almost seemingly pass through the onboarding process and get straight to trading.
Other methods to prevent fraud and make deposits and withdrawals more safe include the following:
Implementing 3DS protocol
3DS stands for 3D Secure and it adds another layer of protection for online payments.
It is a multi-factor authentication that confirms digital payments are made by the person that owns the card. The main idea behind it is to authorise payments with something the user is, has, or knows. For example, your bank login details, password, data stored locally on your device or biometrics.
Making the security system flexible
We’ve built a system that allows us to easily apply extra levels of protection depending on user segments. To offer greater flexibility, we use different security methods based on the region that our traders are located in. This allows us to add an extra security measure if the system believes there are higher risks associated with the user. It also works the other way — if the user is located in a region that generally witnesses lower fraud levels, the system can decide that it is not necessary to double check the ownership of the card, since all banks in that region implemented 3DS2 and transactions are not possible without user confirmation, for instance.
Other security measures used to protect user funds and payments on the platform include:
- Automatics risk management & AML solutions
- Not storing any sensitive data
- Email confirmation + 2FA
- Safe coin storage
Dealing with withdrawal delays
While this can be annoying, is it an effective measure to prevent fraud?
In some cases, the opportunity to instantly withdraw money from a balance might be suspended for a particular time from after a deposit. These measures are implemented in case the funds were deposited from more risky regions where not all banks might support 3DS yet. So in order to prevent fraudulent activity and unsolicited deposits from bank cards, this form of protection might be implemented.
Withdrawal delay is also applied if changes are made in the security settings of an account, in order to protect user funds in case the account is hacked.
Conclusion
Our goal is to build and make our platform seamless to use for our traders. Therefore, we constantly undertake research in the market to offer better solutions. We will keep you posted on new developments and our journey of creating the safest environment for payments. Stay tuned!
