Incognia has published a new report that looks at security (or lack thereof) in the cryptocurrency industry. The Crypto Mobile App Friction Report – Onboarding is the first of several such reports the company has planned for 2022, and specifically looked at the onboarding procedures for 19 leading organizations (14 exchanges and five wallets) in the cryptocurrency space.
In doing so, Incognia found that many cryptocurrency exchanges are still relying on outdated security methods, while others are only doing the bare minimum with regards to identity verification. Half (nine of 19) of the apps did not even ask for basic details like name and date of birth, and the majority of the exchanges (nine of 14) are using SMS one-time passwords for multi-factor authentication, even though SMS passcodes are widely regarded as one of the weakest authentication factors.
The study also found that many exchanges are not taking steps to verify the little information they do collect. While 10 of the 14 ask users to input an address, only four asked them to upload a driver’s license to corroborate that claim. None asked for any other kind of proof of address like a utility bill, and none were using location-based technology to verify user identities during onboarding. Incognia is best known for its location authentication tech, which analyzes movement patterns to determine whether or not a transaction request is coming from a place that the user frequents on a regular basis (and is therefore more likely to be legitimate).
In terms of the actual user experience, Incognia’s report found that the Coinbase Wallet had the lowest amount of friction in its onboarding process. The average time needed for onboarding was one minute and 53 seconds, while the lowest time was a scant 37 seconds. The average onboarding session forced the user to navigate 11 screens and input information into seven fields, though the lowest tallies were five and zero, respectively. Only four apps supported the use of stronger authentication factors like email OTPs, magic links, and biometrics.
The report speaks to the somewhat cavalier approach to security that still reigns in the crypto space. Incognia noted that cryptocurrency crime was up 79 percent in 2021, and many exchanges will likely need to take steps to improve their security as regulation increases and more countries start to enforce Know Your Customer and Anti-Money Laundering requirements for cryptocurrency providers. Paypal, Venmo, Cash App, and the recently hacked Crypto.com were some of the apps examined in the Incognia report.
February 9, 2022 – by Eric Weiss