WASHINGTON, D.C. – Today, the Financial Crimes Enforcement Network (FinCEN) of the U.S. Treasury released an urgent alert, urging banks and financial institutions to increase their vigilance in response to a significant surge in scams that are taking advantage of cryptocurrency ATMs, referred to as convertible virtual currency (CVC) kiosks.
FinCEN Director Andrea Gacki emphasized the threat: “Criminals are relentless in their efforts to steal money from victims, and they’ve learned to exploit innovative technologies like CVC kiosks. The United States is committed to safeguarding the digital asset ecosystem… Financial institutions are a critical partner in that effort.”
Key Findings in the Notice:
Explosive Fraud Surge: In 2024, the FBI’s Internet Crime Complaint Center (IC3) documented 10,956 complaints related to CVC kiosks, with reported victim losses totaling $246.7 million. This represents an astonishing 99% rise in complaints and a 31% increase in losses compared to the previous year.
Elderly Individuals Targeted More: Individuals aged 60 and above were over three times as likely to report losses through CVC kiosks compared to younger adults, making up more than two-thirds of the total amount lost via this method. Common scams include tech/customer support fraud, government impersonation, romance scams, and fabricated emergencies.
Scam Operations: Criminals typically reach out through unsolicited calls, pop-ups, or emails. They pose as tech support, banks, or government entities, persuading victims that their devices or accounts are at risk. Victims receive detailed instructions to withdraw cash and deposit it into designated CVC kiosks, often utilizing QR codes supplied by the scammer to transfer funds directly to criminal wallets.
Beyond Just Scams: CVC kiosks are increasingly being utilized for laundering drug money, with international criminal organizations such as the Cartel Jalisco Nueva Generación using cryptocurrency for swift global transfers. Non-compliant kiosk operators, who fail to adhere to Bank Secrecy Act (BSA) requirements like customer verification and reporting suspicious activities, heighten the risk.
Operator Non-Compliance as a Significant Concern: FinCEN has pointed out the extensive non-compliance among kiosk operators. A 2021 investigation in New Jersey revealed that more than a third were not registered as mandated. These operators frequently lack anti-money laundering measures, evade reporting thresholds, and may provide inaccurate information to banks or cryptocurrency exchanges managing their accounts.
Red Flags for Financial Institutions:
FinCEN outlined critical warning signs, including:
- Customers (especially elderly) withdrawing large cash sums while on the phone and mentioning crypto kiosks.
- Multiple payments just below the $2,000 Suspicious Activity Report (SAR) threshold.
- Structuring cash deposits below the $10,000 Currency Transaction Report (CTR) threshold.
- Transactions linked to crypto wallets known for fraud or drug trafficking.
Kiosk operators not registered with FinCEN, not collecting customer ID, or advertising “no ID needed” transactions.
Reporting Requirements:
FinCEN mandates that financial institutions file SARs for suspicious activity related to CVC kiosks. Institutions must include the key term “FIN-2025-CVCKIOSK” in SAR Field 2 and the narrative to help FinCEN track this specific threat.
This Notice underscores the Treasury’s intensified focus on illicit finance within the rapidly growing crypto kiosk sector and the critical role financial institutions play in identifying and reporting suspicious activity to protect consumers, particularly vulnerable seniors, and combat money laundering.
Questions regarding the Notice should be directed to FinCEN’s Regulatory Support Section via www.fincen.gov/contact.
