Crime-as-a-Service: pay-as-you-blow with #bitcoin

So I’ve talked about Banking-as-a-Service for some time, but what about Crime-as-a-Service?  It does exist on a pay-as-you-blow basis.

Europol were one of the first to note this trend, in a report published late last year (from ITPro):

According to the organisation’s 2014 Internet Organised Crime Threat Assessment (iOCTA), the model allows cybercriminals to develop sophisticated malicious products and services before selling them on to the less experienced to use via the “digital underground” world.

As a result, it’s getting easier for less technically-minded criminals to engage with cybercrime, putting companies at even bigger risk.

“In a simplified business model, a cybercriminal’s toolkit may include malicious software, supporting infrastructure, stolen personal and financial data and the means to monetise their criminal gains,” the report states.

“With every aspect of this toolkit available to purchase or hire as a service, it is relatively easy for cybercrime initiates – lacking experience and technical skills – to launch cyber attacks not only of a scale highly disproportionate to their ability but for a price similarly disproportionate to the potential damage.”

Many of these transactions take place on the “Dark Net”, which the report states has fuelled evolution of cybercrime in recent years.

They followed this up on Tuesday with an assessment that cryptocurrencies are becoming the value exchange of choice for Crime-as-a-Service (from Coindesk):

Digital currencies are increasingly serving as a money laundering platform for “freelance criminal entrepreneurs operating on a crime-as-a-service business model”, according to a new Europol report.

The EU’s law enforcement agency said that the decline of traditional hierarchical criminal networks will be accompanied by the emergence of individual criminal entrepreneurs, who come together on a project basis.

The report, which identified the key driving factors affecting the EU’s criminal landscape, predicted that the role of freelance crime organisers is expected to “become more prominent”.

It added that individuals with computer expertise are very valuable to criminal organisations and that people with such skills are expected to advertise their services in exchange for payment in cryptocurrencies.

The report continued:

“Virtual currencies are an ideal instrument for money laundering. In addition to traditional layering methods, cryptocurrencies use specialised laundering services to obfuscate transactions to the point where it is very resource-intensive to trace them.”

This gets interesting as I attended a policy forum last week where the UK’s National Crime Unit were saying that they’ve spent “an inordinate amount of time investigating cryptocurrencies”.  I asked what they meant by that, and they clarified that it was time spent understanding them.  When I then asked if they saw much criminal activity in cryptocurrencies, they said not yet.  The National Crime Unit see most money laundering crime in cash (€500 notes being the launderers note of choice).  They only use cryptocurrencies if the payee demands payment that way.

However, this is because cryptocurrencies are still minor league compared to cash markets, and they are being studied as some of the action in cryptocurrency exchange is for illicit activities on the dark net.  Note cryptocurrency guys that I say some, not all.

For example, in a further Europol study produced in February, they find that bitcoin is the preferred currency of paedophiles (from Coindesk):

http://www.coindesk.com/europol-bitcoins-popularity-growing-in-illicit-online-markets/

Bitcoin is increasingly being used to pay for livestreams of child sex broadcasted over illicit Internet sites, according to a new Europol report.

Produced by Europol’s EC3 cybercrime centre, the report sheds new light on the commercial sexual exploitation of children online, while providing evidence that individuals with a sexual interest in children are becoming more entrepreneurial.

“Live streaming of abuse for payment is no longer an emerging trend but an established reality”, the report said.

It continued:

“There is a clear shift from traditional credit card payments to the ones providing the most anonymity, namely alternatively payment options, including virtual currency.”

In line with the International Centre for Missing and Exploited Children’s (ICMEC) findings, the report said that “there is apparent migration of commercial child sexual exploitation, along with other criminal enterprises, from the traditional payments system to a new, largely regulated digital economy made up of hosting services, anonymising Internet tools and pseudonymous payment systems”.

Add to the above the use of bitcoins for terrorism.  According to Bitcoin News, the United States Central Commands have been studying the alternative payment methods terrorist organisations raise and transfer money around the globe to support their activities. Digital currencies proved to be of the most efficient mechanisms for the transfer of funds due to their decentralized nature that facilitates anonymous donations as opposed to traditional banking transactions with the use fiat currency. Recently, an Israeli analyst has come up with concrete evidence that the ISIS is raising funds in Bitcoins, most likely in the United States, to fund their operations.

This is not even to mention the use of cryptocurrencies for drug dealers.

What is intriguing in all of this is that the cryptocurrency community believe they are unassailable in all of this.  Money is decentralised by bitcoin and they believe (or hope) it is therefore immune to governmental and regulatory control.  Anyone who disagrees is a statist.

Conversely, for the reasons given above – terrorism, drug running, extortion and sex trafficking – this idea of a decentralised market that governments are excluded from controlling may be wrong.  To be clear however, bitcoin and cryptocurrencies are not the problem here.  You have massive use of cash for terrorism, money laundering, drug running and paedophilia.  It is the reason why the US dollar has more physical stores outside the USA than inside, and is the reason why it’s the currency of choice for people like Saddam Hussein.  Equally, it should be born in mind that cryptocurrencies are not anonymous, are traceable and are available in a form that can be identified, so governments do have ways to deal with them.

The most likely start will be on the cash-in and cash-out moments of cryptocurrency usage.  You may be able to use cryptocurrencies in a revolving credit and debit scheme bilaterally but, as soon as you try to cash out or put cash into the scheme, the national jurisdictions will make the transaction subject to national laws.

Over time they will then get other regulatory structures put in place.  A whole raft of papers have already been issued on these themes, with the latest iteration of the New York Department of Financial Services (NYDFS) cryptocurrency regulation – or the BitLicence if you prefer – providing clear requirements for cryptocurrency usage.  Issued last month, the NYDFS BitLicence requires any trading firm to adhere to a collection of rigid rules.  There’s a raft of requirements for capital provision, record-keeping, and even oversight of new or planned features, such as:

  • The BitLicence application itself costs $5,000
  • Firms must keep detailed records of customer names, addresses, dates, and transaction amounts for at least seven years
  • Audits will be made every two years by the NYDFS
  • Firms must get written approval before changing products or services, or creating new ones
  • Mandatory internal anti-money laundering programs must be implemented, including enhanced oversight of foreign customers and those who transact in amounts greater than $10,000
  • Firms must have an internal cybersecurity program to protect personal and financial information from hackers
  • Firms must show a clear disaster recovery plan in the event of attempted or successful theft

These BitLicence rules make cryptocurrency trading firms, for all intensive purposes, banks.

Equally, it means that for every step the cryptocurrency markets innovate ahead of the curve, the lawmakers review, analyse and try to keep up.  Whether they can keep up or not is a different question.

 

Powered by WPeMatico

The Finanser Interviews: Soner Canko, CEO of BKM, Turkey

Following on with our regular weekly interview, the Finanser talks this week with Soner Canko, CEO or BKM (Bankalararası Kart Merkezi), the ACH for Turkey. 

Soner Canko

 

BKM was established in 1990 as a partnership of public and private banks. Today, all the banks that issue a card and own a POS are members of BKM.  The ACH is notable for being a key promoter of contactless payments and, more recently, launching its own mobile payments wallet for the banks to leverage to their clientele.

How do banks and BKM interplay?

Among BKM’s main fields of activity are to develop procedures to be applied among  banks for credit/debit cards, to perform operations for ensuring standardization, to establish domestic rules, to carry out interbank authorization, clearing and settlement transactions, to establish relations with foreign entities and, if necessary, to represent its members with these entities and to carry out transactions that are already being made by any bank in a more secure, faster and cost-effective manner from a single centre. 

BKM works synergistically with its member banks.  Therefore I believe that Turkish Card Payment Systems Market is very lucky, because the needs as well as the actions that must be taken to improve the industry are discussed and determined by the committees, which meet regularly and in which the representatives of banks take a place, and also by one-to-one discussions. This is a great opportunity that many other countries do not have.

We experienced the benefits of this opportunity in the project for migration to Chip&PIN. All banks have decided their migration dates, acted together, and harmonized all credit cards, POS devices and ATMs in compatible with EMV in a very short period under the leadership of BKM and we achieved a highly successful migration, which is considered as a model throughout the world.

What motivated BKM to promote contactless in Turkey?

Turkey met with contactless cards in 2006. Turkish cardholders have always been the first to meet with many new contactless products until today. Today, as of the end of 2014, 23 percent of all credit cards and 4 percent of all terminals have contactless features. We can argue that these figures are very low for a country that has met with contactless cards very early.

But I believe that transition to the new generation of payment systems will be much more difficult until the users get used to contactless cards. Users must get used to the speed and practicability of contactless in order to have an easier adaptation to new generation of payment systems.

On the other hand having contactless terminals widespread is very important to have the infrastructure of technologies, such as NFC and HCE.

Therefore we pay significant efforts to popularize contactless terminals and ensure that users experience it.  

What does BKM see its mobile wallet now and in the future?

BKM Express is a digital wallet, developed in 2012 together with the banks in order to increase the volume of e-commerce. We did a lot in the last 2 years in this process. We initially worked hard to expand the acceptance network and today BKM Express is one of the payment methods accepted by e-commerce companies, which produce more than 50 percent of e-commerce transaction volume. 99% of the cards in Turkey can be included to the system thanks to our online integration with 17 banks.

We also added P2P money transfer functionality to BKM Express in 2013. Users of BKM Express can immediately send money to a mobile phone number 7×24 thanks to our database.

We also began to allow our users to use BKM Express for face-to-face payments in 2014. Our users have begun to use their digital wallets in more areas like fuel stations and restaurants.

We are well aware that time and practicality are very important for users in today’s digitalized world. Therefore we believe that payments must be invisible and complementary for shopping experiences of users. For this purpose, we search and try what we can do to improve our user’s experiences everyday and make our developments accordingly. We aim to make BKM Express a digital wallet that can be used by its users everywhere and everytime. 

How will payments change in Turkey over the next ten years?

As BKM, our main objective is to have a society that makes payments without cash in 2023. We have already started our works both to develop the infrastructure and increase the awareness of society for this purpose. For instance, we began to explain the benefits of transition to digital payments with our Goodbye Cash campaign in 2010.

Turkish banking system has a strong infrastructure, which will certainly help us in transition to digital society. On the other hand, banks are competing with each other with their innovative products. All kinds of products and services that will meet the needs of end users are offered.

Today, approximately 40 percent of payments are made with cards in our country. 10 years later, we will have a country, in which all of the payments are made in digital environment.

What are the key things that you focus upon?

The position of our payment systems is very strong. Users meet with many payment system products for the first time in our country throughout the world thanks to valuable managers in the industry and their innovative perspectives.

We, as BKM, pay a lot of attention to adopt quickly to changes, follow up the new technologies and developments throughout the world and experience all innovations as much as possible since we are operating in a field, in which the expectations and competition are very intense.

Being a member of many different platforms to exchange knowledge is one of those very important issues for us. This allows us not only to monitor different markets but also to establish strong relationships.

How are you innovating?

We believe in internal entrepreneurship. As a part of this belief, we expect from all our employees to make contributions to the innovation.  While trying to reinforce this strategy with the trainings we receive, we are also paying a lot of attention to open communication in our job. We support all our employees as much as possible to clearly communicate their ideas and recommendations and implement them regardless of their current jobs.    

For this purpose, we established a R&D center, named BKMLab, within our company. We are testing new technologies and proactively completing our preparations before launching them.

Thanks to BKMLab, we can test and observe new products and services before they are introduced to the market and, if they are found suitable, we can continue on our works or, end them. For example, we have completed our first project in this center for integration of BKM Express and GoogleGlass. After getting the results of this project and integrating new wearable technologies, we intend to achieve the most suitable solution.

BKMLab will also soon be open for other entrepreneurs in our ecosystem. Start-ups will have an opportunity to benefit from the center at any time of the day.

Will ApplePay and PayPal Here, for example, make BKM more or less relevant?

One of the main duties of BKM is to grow the ecosystem of payment systems. For this purpose, all innovations throughout the world are monitored closely and analyzed. BKM prepares common platforms for the most suitable and fastest penetration of products, which assist in the growth, development and/or improvement of payment systems, to Turkish market and sometimes it assumes new roles in adaptation to new technologies.  

Therefore BKM is very open for new products and services throughout the world as well as for collaboration with them and provides the utmost support for development of the ecosystem.

Any innovation in payment systems is introduced quickly to Turkish market thanks to BKM’s organization that closely monitors new technologies and adopts swiftly to changes, which is also valid for all local or international players!

About Soner Canko

Dr. Soner Canko graduated from Istanbul University, Faculty of Political Science, Public Administration Department. He also received master¹s degree and Ph.D from Istanbul University, Faculty of Economics.

Dr. Soner Canko¹s career has commenced in 1990, where he performed in sales, management and consulting roles at Procter & Gamble, Citibank, Hewlett Packard. He was the founder and Country Manager of First Data Turkey, and lastly Assistant General Manager of Ziraat Bank.  Today, Dr. Canko is the CEO of BKM (Bankalararası Kart Merkezi).

 

Powered by WPeMatico