Sizing Up Crypto Wallet VulnerabilitiesJavelin's Al Pascual Reviews Findings of Report, Highlights Critical Security Features
While crypto wallets may be considered to be at the sharp end of payments innovation, the security vulnerabilities they face are much the same as those that already exist in digital banking and payments, according to a recent report by Javelin Strategy and Research. Al Pascual, Javelin's senior vice president and lead author of the research, discusses the report's findings in an interview with Information Security Media Group.
Digital wallets are designed for storing cryptocurrencies safely online or offline. The research looks specifically at the security capabilities of these wallets and assesses whether they are sufficiently secure for their purpose.
"If you think about what fraud looks like for these, and if you think about custodial wallets, they're very much like a bank account - you're the one responsible for their failure," Pascual says.
"These criminals have gotten really good; they cut their teeth on the banks and a lot of banks obviously have very good security. So with some of these wallets, their security isn't at the same level and it's pretty easy for them to manipulate users to potentially socially engineer to glean credentials and access accounts."
Critical Security Features
Crypto wallets that rank highest in fraud prevention, detection and resolution, Pascual says, have good authentication as well as alerts and notification capabilities.
"Like with banks, fraudster are going to test, see how much they can move and a lot of this is immutable", says Pascual. "If they leave with your crypto, that crypto is probably gone."
In the interview (see audio link below photo), Pascual discusses:
- The difference between custodial, noncustodial and multisignature crypto wallets and the threat profiles for each;
- The types of fraud schemes targeting crypto wallets that are the most prevalent;
- The similarities between crypto wallet security and digital banking and payment security.
Pascual is Javelin's senior vice president of research and head of fraud and security. Previously, he held risk management roles at HSBC, Goldman Sachs and FIS. He is a member of the Association of Certified Fraud Examiners, the International Association of Financial Crimes Investigators and the Federal Reserve Secure Payments Task Force.