September 1 • 2023
Brazil announces Drex CBDC: CBDC’s what are the fraud risks and what to do about them?
Cybercrime is low risk, low investment, and high return. Not surprisingly, illegal financial gain is one of the biggest reasons for cyber-attacks. The result is a predicted USD 10 Trillion of damages by 2025. Our vision is to change that.
Central Bank Digital Currencies (CBDCs) are gathering pace across the globe. There has been recent proposed legislation in the EU, pilots in the UK and elsewhere and the recent announcement from Brazil about DREX. This blog will cover what a CBDC is at a high level, the key fraud risks and how CYBERA can help reduce these risks.
What is a CBDC?
A CBDC or Central Bank Digital Currency is a digital replacement for Central Bank Issued fiat currency, i.e. in notes and coins. The money in your bank accounts is a form of digital money, but it is Commercial Bank, i.e. private fiat money and not directly backed by a Central Bank. As such it is at risk if the bank goes bust.
The majority of central banks are investigating CBDCs in some form or other. A CBDC could be built on some sort of distributed ledger technology (DLT), similar technology to crypto currencies such as bitcoin. However, this is not a pre-requisite, they can be built on more traditional centralised technology models. Different central banks are reviewing the potential options for the best way to deliver their CBDC to achieve their aims.
The push from Central Banks to develop CBDCs is mainly in response to the rise of cryptocurrencies, whether decentralised or not. This response is to ward off the threat of financial instability that they may cause, which is also resulting in legislation to regulate different types of crypto assets, especially stable coins.
PIX (the Brazilian real time payment system) and other real time payment systems have a number of similarities with CBDCs and crypto, whilst there are also differences.
From a fraud and scam perspective there are a number of key risks across the types:
- Transactions are real time and irrevocable meaning the payments need to be stopped before they are sent as after it is hard to recover funds
- Impersonation is simple, so its easy to scam consumers and businesses
- KYC of account holders is important to help reduce fraud and mules
Key differences between them are:
- Public Ledger for Crypto can make tracing and freezing easier vs. fiat or CBDCs
- CBDC’s will have a central ledger to aid tracking, but it will be private, not open
- Fiat has private ledgers, but only the payment switch can see both sides of the transaction messages
As we have seen with real time payments and crypto, fraudsters are using these rails to commit scams and fraud against consumers and businesses. There are all sorts of scams as I’ve outlined int previous CYBERA blogs, and some are listed here, but most involve some form of impersonation getting the victim to transfer funds.
As such a CBDC which offers some of the same attributes, will likely also see these sorts of frauds and scams as they roll out.
What needs to be in place to help reduce the ability of CBDCs to be abused by scammers?
Central Bank Digital Currency (CBDC) whether based on DLT or some form of centralised infrastructure will have the following key areas for security related to payments:
- KYC of wallet holders for both initial and ongoing due diligence
- Payments screening to detect suspicious transactions for fraud or AML, including Travel Rule
- Dealing with fraudulent transfers after the fact to freeze and recover and repatriate funds where possible, including reporting to LEA
CYBERA can help here:
- CYBERA VSR allows victims to report transaction as fraudulent [expand re how improves victim support]
- The wallet provider &/or CBDC central infrastructure can integrate VSR to allow for fast reporting of frauds and scams to beneficiaries and law enforcement
- Helps speed up freezing, repatriation and recovery
- Need some form of integration directly to the CBDC operating entity
- Ensure Wallet Addresses are flagged to prevent further abuse
- CYBERA WATCHLIST runs as an overlay to the CBDC to allow the operating entity or wallet provider to screen transactions before confirmation of the transaction
- Matches can be made on Wallet Address, Account details, proxies such as email or phone number as well as beneficiary names
- CYBERA WATCHLIST is used by the operating entity and/or wallet providers to screen new and existing customers for potential fraudulent abuse.
- Strategies can include investigations, declining to open a wallet or closing an existing wallet.
Scammers target any fast-moving funds transfer systems and usually focus on the weak link, which is usually the consumer. There is no reason for CBDC’s to be any different to this, so expect to see frauds and scams here as they ramp up. The solutions are similar to those in other payment systems and require better, faster reporting and improved data sharing, which governments are legislating for.