Malawi draws up new cyber security guidelines to protect finance

Batten down
the hatches

Malawi to better
protect finance sector.

Tuesday, Feb 18th

Crypto exchanges under security spotlight

Crypto exchanges under security spotlight

Online cryptocurrency exchanges are the latest target of fraudsters taking advantage of significant holes in security. Many crypto exchanges are using dated authentication systems which put these transactions at risk.

The risk associated with trading cryptocurrencies is increased because the technology used to authenticate transactions is decades old.

Digital currencies, like bitcoin, are traded on exchanges – and many of them are using security technology that leaves them vulnerable to attack. These safeguards simply don't hold up under current conditions.

As many as six million people are estimated to have a bitcoin wallet, and more than US$3 billion worth of the currency is traded every 24 hours.

Exchanges that still rely on traditional methods of verification - like username and password - are open to methods of attack like phishing, middlemen and bots.

This is one of the reasons attacks on these exchanges are on the rise.

Last year, Japanese crypto exchange Coincheck was hacked and US$530 million was stolen from some 250 000 users. In another heist, the NiceHash marketplace was taken for US$64 million.

This is against the background of a hype cycle that's seen a huge growth of investor interest in cryptocurrencies and huge swings in their value. At the same time, security concerns have been raised by consumers and exchange operators.

There are three things crypto exchanges can do to protect members: minimise risk, simplify transactions, and achieve regulatory compliance.

Risk can be minimised by implementing a solution that offers solid app security and strong customer authentication for all transactions.

In terms of simplifying transactions, a convenient and user-friendly trading platform will attract and retain customers. Crypto exchanges need to mimic a real-world trading scenario: if you were a trader, would you want to open an app, copy a one-time password (OTP), switch apps, and then paste it? Or would you prefer to simply open an app and scan your fingerprint? The choice isn't difficult - and the easier option also happens to be the safer one.

New financial regulatory requirements like PSD2 (Revised Payment Service Directive) stipulate strong customer authentication. Third-party apps often only authenticate logins, not transactions, and so are not compliant with these requirements - nor are OTPs.

Exchanges should be employing a more robust and convenient authentication solution that does not rely on mobile networks. They should look for a solution that offers authentication based on public key infrastructure (PKI) and transaction signing directly from the mobile phone, which will eliminate fraudulent transactions and build trust in cryptocurrency trading practices – all while providing a seamless user-experience.

Investors want to know that they have chosen an exchange that values their money and takes security seriously. With all the hacks out there, this will become a key feature differentiating the serious exchanges from the also-rans, and customers will increasingly choose exchanges accordingly.

* By Schalk Nolte, CEO of Entersekt.

ALSO ON ITWEB AFRICA

Zimbabwe launches first computer plant Published on 20 January 2020

Project is a joint venture between TelOne and Chinese firm Inspur.

Africa's chance to shine at UK-Africa Summit 2020 Published on 23 January 2020

Twenty-one heads of state from the continent are expected at the investment-focused event on 20 January 2020.

Online publishing platforms - local accounting journal provides a case in point Published on 14 February 2020

SAJAAR, the official scientific research journal of the Southern African Institute of Government Auditors, found a reliable and practical online publishing solution in Sabinet.