Kaspersky’s Expert Take on KYC and AML: Stock vs Crypto Exchanges

Matthew Lam   Dec 30, 2019 09:00

Exclusive Interview with Yeo Siang Tiong, Kaspersky: Part Two (Link: Part One)

In Part Two of our interview, Yeo Siang Tiong, General Manager for Southeast Asia, Kaspersky shared how Kaspersky provides cybersecurity solutions for stock and crypto exchanges to address KYC and AML concerns. He also walked us through the Kaspersky Application Security Assessment and explained its significance in safeguarding assets in crypto exchanges.


What are the main differences in cybersecurity solutions for stock exchanges and crypto exchanges, in terms of KYC and AML?

The term “know your customer” originally came from financial services. Banks needed to identify their customers, make sure they didn’t cheat, and be able to check their credit history. In 2017, according to a Thomson Reuters survey, KYC procedures took an average of 32 days, up from 28 days in 2016.

The use of digital signatures, once viewed as a possible solution to these problems, cannot obviate the authenticity checks of documents required by KYC procedures. And digital signatures can be forged or stolen.

To safeguard businesses from AML schemes, Kaspersky’s Automated Fraud Analytics helps businesses minimize fraud-related costs and reduce the risk of fines for non-compliance from regulating organizations. It adds an extra level of knowledge of industry-specific fraud and money-laundering scenarios, through access to fraud intelligence, combining this knowledge with advanced technologies that automatically detect serious incidents at early stages.

With the help of machine learning algorithms, the solution then correlates these findings with the patterns of account takeover, new account fraud, and money laundering, via Kaspersky Fraud Prevention Cloud and global fraud intelligence based on big data. Due to the linking and mapping functionality, the solution can also automatically identify cross-organizational money laundering schemes by looking for correlations between typical profiles, devices used, behavioral patterns and many other details of the sessions that are known to be involved in similar operations.

Can you walk us through the Kaspersky Application Security Assessment for crypto exchanges? What are the differences between, black-box, grey-box and white-box testing?

Kaspersky’s Application Security Assessment Services uncover vulnerabilities in applications of any kind, from large cloud-based solutions, ERP systems, online banking and other specific business applications, to embedded and mobile applications on different platforms (iOS, Android and others).

Kaspersky Application Security Assessment Services help application owners and developers to:

i) Avoid financial, operational and reputational loss, by proactively detecting and fixing the vulnerabilities used in attacks against applications

ii) Save remediation costs by tracking down vulnerabilities in applications still in development and test, before they reach the user environment where fixing them may involve considerable disruption and expense.

iii)  Support a secure software development lifecycle (S-SDLC) committed to creating and maintaining secure applications.

iv) Comply with government, industry or internal corporate standards covering application security, such as PCI DSS or HIPAA

Applications assessed can include official web sites and business applications, standard or cloud-based, including embedded and mobile applications. The services are tailored to your needs and application specifics, and may involve:

i) Black-box testing – emulating an external attacker

ii) Grey-box testing – emulating legitimate users with a range of profiles

iii) White-box testing – analysis with full access to the application, including source codes; this approach is the most effective in terms of revealing numbers of vulnerabilities

Stay tuned for Part 3 of the interview on the latest mining malware for 2020!


Read More