Voice of the Industry

How to manage crypto merchant risks

Tuesday 7 April 2020 08:11 CET | Editor: Mirela Ciobanu | Voice of the industry

Christian Chmiel, CEO of Web Shield, explains how acquirers and payment service providers (PSPs) manage the risks of the crypto space to grow and prosper

Bitcoin may have fallen from its December 2017 high of USD 20,000, but cryptocurrencies are still doing brisk business. In the first six months of 2019, more than USD 2.5 billion had been raised from about 150 new tokens, according to the tracking website CoinSchedule.

A cryptocurrency is a decentralised digital currency that utilises cryptography for security and usually a blockchain as a ledger to record transactions. Cryptocurrencies challenge fundamental assumptions about money. They neither require banks to create money, nor serve as trusted intermediaries in financial transactions.

The principal actors involved in the sale or purchase of crypto-assets are no different to those in a standard four-party card transaction. The consumer purchases a product or service from a crypto exchange merchant. These parties are supported by an issuer and acquirer respectively, who must comply with applicable laws and card scheme regulations.

New money

Crypto-assets represent the traditional functions of money – a medium of exchange, unit of account, and store of value – digitally. They work across national borders via direct asset transfer. No clearing, settlement, intermediaries, and central infrastructure makes the market more efficient by stripping out cost.

‘Virtual currency has the potential to improve payment efficiency and reduce transaction costs for payments and funds transfers’, said a 2015 FATF report. The European Parliament agrees. ‘Transactions in virtual currencies can be cheaper, faster, more secure and more transparent’, it said in 2016.

Crypto-assets are a classic case where opportunities and risks are intertwined. The irrevocability of transactions could increase risk and fraud. Criminals also value the relative untraceability of such assets to monetise crimes, launder money, and finance terrorism. Crypto-assets may be used for illicit activity, yet in comparison to cash transactions the overall impact is still low: less than one percent of Bitcoin transactions has been spent on the dark web in 2019, according to a Bloomberg article.

In the case of Bitcoin, the blockchain provides a public ledger of each transaction which, in combination with good know-your-customer (KYC) procedures, may actually improve anti-money laundering checks.

Managing onboarding risks

Good background research is key to the successful onboarding of crypto-asset merchants. Acquirers and PSPs are advised to research the specific merchant or exchange. Have there been warnings around hacked accounts, stolen wallets or previous initial coin offerings (ICOs)? How did they fail? Were they considered scams?

Merchant activities before the crypto-asset launch can also be a strong risk indicator. Is this their first crypto venture? Are the people behind the business known for fraudulent schemes in other areas, like binary options? Examining a merchant’s website and online footprint is critical as much of the publicity for purely digital businesses is generated via online forums and social media.

Aside from doing their own KYB on prospective merchants, acquirers and PSPs must validate that end-customer KYC procedures are adequate. Customer identification and verification can be done at the time of sign-up or first deposit, depending on applicable law (e.g. by implementing an ID/video verification process).

Identity verification is usually only required when fiat money is transferred into digital currencies. Thereafter, the use of cryptocurrencies is anonymous (or technically speaking, pseudonymous) for the parties involved, as the buyer and seller are not connected directly during the transaction.

Breaking down card scheme requirements

Mastercard added cryptocurrency merchants to its BRAM programme and since 12 October 2018 has required registration of both new and existing cryptocurrency merchants. As part of the registration process, acquirers must provide:

  • Evidence of legal authority – including copies of the merchant’s licence and registration to operate in each country where their cryptocurrency activity will occur or be offered to cardholders.
  • Legal opinion – including reasoned legal opinion from a reputable law firm about the merchant’s business and activities.
  • Effective controls – including certifications that the merchant’s systems are designed to remain within legal limits.
  • Notification of changes – including the ability to notify Mastercard within 10 days of any changes to the information previously provided around applicable law, merchant activities, and systems.
  • Acceptance of responsibilities – affirmation that the acquirer will not submit restricted transactions for authorisation.

It can be difficult for acquirers and PSPs to fulfil these and other requirements effectively. This is partly because there is no consistent global approach to crypto-assets or ICOs yet. Some jurisdictions impose an outright ban. Others bar their citizens from engaging in crypto activities locally but permit it outside their borders. Others place restrictions on financial institutions from facilitating crypto transactions. Acquirers and PSPs must monitor any regulatory changes regarding crypto-assets, but also monitor their merchants – this is no different to any other merchant.

The complex regulatory requirements can make onboarding and monitoring crypto merchants a daunting task. Fortunately, service providers can assist here. Web Shield’s own Regulatory Monitoring solution, for example, is operated in connection with partner law firms from around the world to lessen the burden on acquirer’s and PSPs.

The article was first published in the Digital Onboarding and KYC Report 2020, which offers insightful editorials on topics such as digital onboarding best practices and key challenges, financial crime and how to fight it, crypto, and more.

About Christian Chmiel

Christian A. Chmiel, the CEO and founder of Web Shield, is responsible for the development and implementation of investigation techniques to identify fraudulent or brand damaging online merchants. He is also a lecturer at the Web Shield Academy and published several books in the fields of fraud, investigations, and accounting.



About Web Shield

Web Shield equips the payments industry with tools that protect businesses from merchants involved in illegal or non-compliant activities. Their highly precise solutions provide acquirers, PSPs, and other financial organisations with the information they need to make valuable decisions about prospective clients, and alert them when existing clients behave dubiously. With Web Shield, you keep your business out of risky situations, saving time and money.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: ICOs, crypto-asset, crypto-asset merchants, acquirers, PSPs, Christian Chmiel, KYC, BRAM, merchant onboarding
Categories: Blockchain & Cryptocurrencies | Cryptocurrencies
Countries: World
This article is part of category

Blockchain & Cryptocurrencies