Payment Security in Blockchain (Part2): On-off Ramp and Settlement

The process of connecting real world assets with cryptocurrency begins and ends with on-off ramps and settlement. Any mistakes during these processes could result in significant asset losses for users. There are various methods for on-off ramps, such as crypto ATMs, over-the-counter markets, exchanges, and other services. Settlement includes the trading of cryptocurrencies with fiat currencies and other cryptocurrencies, which is crucial for institutional investors. Settlement on most public blockchain networks is almost real-time, but the speed may vary based on the platform and blockchain in use. There are security risks associated with counterparty, centralized parties, and off-chain risks. When we use third-party custodian services, we are entrusting our assets to them.

To protect user assets during on-off ramps and settlement, service providers use various security measures such as anti-money laundering legislation, KYC verification, authentication, session handling, and access control. We can evaluate service providers’ security levels by examining the safety methods they employ. User locks, amount limits, stronger passwords, and multi-factor authentication are typical methods for ramp + settlement. Access control mechanisms are important for safeguarding both user privacy and their funds. For instance, server-wide authentication or 2FA could be implemented for sensitive operations like large money transfers.

MoonPay is a market leader of on-off ramp that enables users to buy cryptocurrencies using fiat currency. MoonPay offers a user-friendly platform where users can purchase over 200 cryptocurrencies using bank transfers, Apple Pay, or debit/credit cards. The platform is registered with the UK Financial Conduct Authority (FCA) and adheres to AML and KYC regulations. Users must complete KYC verification by providing their name, address, date of birth, and a government-issued ID such as a passport or driver’s license before making a purchase. MoonPay uses advanced fraud detection and prevention measures such as real-time transaction monitoring and machine learning algorithms to detect and prevent fraudulent activities. Overall, it has all the necessary security checking processes.

In 2020, IOTA, which leveraged Moonpay’s previous CDN infrastructure, was attacked due to the inherent risks of CDN. Moonpay is using a much safer infrastructure NPM (Node package manager) currently, but we still need to vet and audit the partner carefully especially when it relates to money transfer activities.