Tom, Harry, Dick, and your Aunt May are simply too easily tricked, led or pushed into sending all their life savings, and more, via cryptocurrency exchanges. Here are some ideas we believe could curtail even the very insidious social engineering in pig-butchering scams, short of simply naming their tricks.
Upon onboarding new customers:
Ask how much money do they plan on putting into exchanges or wallets.
Perform a financial background check (ask for average annual incomes, total amount of assets and cash, credit checks, etc).
These (self-reported) numbers can be used as baseline for a proactive transaction monitoring.
Survey why are they opening an account (for trading, sending, learning, HODLing, etc? for someone else or under their direction?)
Do a short quiz of how cryptocurrencies work, and even of the exchanges' terms and conditions, disclosures and disclaimers
Banks do this. Surprisingly, a few too many scam victims thought cryptocurrency exchanges are like credit card companies that can do chargeback or allow transactions only with verified merchants.
Enhanced due diligence on higher tiers, as when a user crosses a certain volume in their transaction history, say $10,000, and/or the thresholds they themselves set. Send prompts with leading questions, including open-ended ones:
"Did you intend to go over your limit? Why?"
When sending out cryptocurrency - "How will you find / where will you go / who will you look for if you have issues with your recipient?"
"Is anyone coaching you? If yes, where did you meet this person? Is it online only?"
Would implementing these be too onerous? Perhaps these can make customer experience too painful and introduce too much friction. But scams can be deathly painful. Most of the above are not too far off from the recommendations for customer due diligence in the latest FATF guidelines for cryptocurrency exchanges.
Aftercare
When scams happen, here are what exchanges could (be mandated to) do after acknowledging a reported scam, to facilitate the next steps for victims and law enforcement. It makes for less hard feelings.
Immediately hold all outgoing transactions to the reported address.
By default send or point to the victim the list of all their transaction IDs (TXIDs).
TXIDs are always, always asked by investigators anyway, but many exchanges make TXIDs difficult for users to find or learn about.
Provide basic tracing or attribution data of wallets one or two "hops" away, especially if there's an exchange-hosted wallet.
Information on the blockchain is NOT confidential with the many public attribution data out already, and this costs nothing for exchanges with transaction monitoring (so-called Know-Your-Transaction or KYT) that they all should have anyway .
Insurance is not only for the business
There may be no business case for a fraud insurance for customers, and this may have to come from the top. Irreversibility of payments is a feature of cryptocurrency transactions, but some insurance could go a long way to boosting consumer confidence. Below are some ideas to seriously consider if there is any hope for mainstream adoption of cryptocurrency:
Fraud insurance for victims new fraudulent schemes, 'honest mistakes' and 'blameless' situations.
Cost-sharing with recognized victims of scams, akin to the Contingent Reimbursement Model code in the UK.
Victims of scams come from all walks of life or at a vulnerable mental state, and fraudsters can be as patient, innovative and clever as anyone you might know. The most devastating scams today would not be possible without the digital and financial service providers facilitating them, yet victims bear the entire brunt of the losses. There would be very little incentive for these companies to invest enough in fraud detection this way until it is too late. Social media tech and telecom companies should also contribute to this insurance fund. What if their contribution could be made proportional to how many people were scammed through their platforms the previous year?