Crypto ATM fraud controls: what operators and merchants should prepare

Crypto ATM fraud controls matter more now because regulators are moving from warnings to hard rules. In the past week, Delaware lawmakers advanced House Bill 441, a proposal that would prohibit cryptocurrency kiosks and require existing machines to be removed if the bill becomes law. A Delaware House update said the bill is aimed at scams involving cryptocurrency kiosks and in-person cash-to-crypto flows: Delaware House Democrats release.

For merchants and operators, the lesson is simple. A crypto ATM, counter desk, or POS terminal should not be treated like an open cash drawer that sends funds to any wallet. It should work like a controlled checkout flow: one customer, one order, one amount, one clear payment request, and a record that support teams can review later.

Why crypto ATM fraud pressure is rising

Crypto ATMs are useful for some customers because they make crypto access physical and familiar. But that same physical flow can be misused. A scammer can call a victim, create fear, tell the victim to withdraw cash, and guide them to a kiosk. The victim scans a QR code, deposits cash, and the money moves to the scammer's wallet.

The FTC has warned that Bitcoin ATM fraud losses rose sharply from 2020 to 2023 and topped $65 million in the first half of 2024. The same report said many losses came from government impersonation, business impersonation, and tech support scams. These are not normal checkout situations. They are pressure situations.

The pattern is also showing up around high-demand events. Cointelegraph reported that scammers are using crypto around fake World Cup ticket and betting schemes: crypto scammers exploit World Cup ticket demand. That does not mean crypto payments are unsafe by default. It means merchants should expect scammers to look for any fast payment path where the customer is rushed.

What a safer in-person crypto flow should include

A safer crypto ATM or counter payment flow starts before the customer scans anything. The payment request should show the merchant name, order purpose, fiat amount, crypto amount, network, expiry time, and a support reference. The customer should not be asked to scan a random wallet QR code from a phone call, text message, or paper note.

Staff should be trained to pause when a customer looks rushed, confused, or says they are paying a government agency, bank, support desk, romantic contact, or unknown investment adviser. A short pause can prevent a large loss. A simple question such as "Is someone on the phone telling you to do this?" can reveal a scam without making the customer feel blamed.

Limits also matter. Operators can set lower first-time transaction limits, require extra review for large cash purchases, and block repeat attempts that look unusual. For merchants, the equivalent is to avoid open-ended wallet requests. Use a payment link or POS QR that is tied to a real invoice, product, deposit, booking, or service order.

The record should be clear after payment too. Keep the order ID, customer reference, amount, wallet address, network, status changes, refund notes, and support actions in one place. If a customer later asks what happened, the team should not need to search wallets, chat logs, and screenshots separately.

How MakePay can help merchants stay clear

MakePay is built around payment links, hosted checkout, POS-style QR payments, webhooks, and direct settlement to the merchant's own wallet. That helps merchants separate a real checkout request from an unsafe wallet transfer.

For in-person teams, a MakePay payment request can be tied to a specific counter invoice, support fee, hardware order, ticket, deposit, or service. The customer sees a branded payment page instead of a loose wallet address. The merchant sees payment status instead of relying only on screenshots or spoken confirmation.

For crypto ATM operators and offline exchange counters, this control is important. MakePay already supports a dedicated crypto ATM machines service page and a crypto ATM and offline exchange counter payments use case. These flows should be designed around clear receipts, visible warnings, staff review, and payment records. That is better for customers, better for support teams, and easier to explain to partners or regulators.

MakePay does not need to custody merchant funds to help with this. Merchants can still settle to their own wallet while using structured checkout pages, payment status, and records. The goal is not to remove crypto from in-person payments. The goal is to remove confusion.

Conclusion

Crypto ATM fraud controls should be part of checkout design, not a small warning at the end. If a payment involves cash, a kiosk, a counter desk, or a rushed customer, the flow needs stronger checks than a normal online cart.

Merchants should use payment requests that are specific, branded, time-limited, and tied to a real order. Operators should train staff to pause high-risk payments and keep clean records. With MakePay, businesses can offer in-person crypto payments while keeping the process clearer, safer, and easier to support.