Transaction laundering – too big to be ignored

Also known as credit card laundering or factoring, this type of fraud occurs when legitimate merchant accounts are used to process unknown transactions for another line of business, both legal and illegal. In online sales, transaction laundering tops USD 200 billion a year in the US alone, of which at least USD 6 billion involves some type of illicit goods or services, sold by nearly 335,000 unregistered merchants.

Moreover, popular online marketplaces have become targets for transaction launderers looking to abuse the online payment system to facilitate illegal activities. In August 2017 the Wall Street Journal reported that the Islamic State allegedly used PayPal and fake eBay transactions to channel money to an agent in the US. Three months later, in November, scammers leveraged Airbnb to launder dirty cash from stolen credit cards. Fraudsters used stolen credits cards to launder the dirty money through Airbnb bookings that never actually happened, benefiting both parties through large value transactions.

Because transactions may come from a variety of different sources (shopping carts, payment pages, virtual terminals, etc.), can be made via different payment methods (credit cards, digital currency, e-wallets), and can be processed through a page that the acquirer may or may not have visibility of, transaction laundering is difficult to detect and prevent.

What are the fraudster’s methods?

The tactics deployed by transaction launderers typically include using alternative payment networks and bank payments, or relying on cryptocurrencies. Using the dark web for refuge, payment hustlers can freely conduct illegal commerce as well as lurk and browse undetected to find the illicit products or services they are looking to buy or sell.

Another reason why these criminals are able to operate online without being shut down is the fact that sometimes the victims themselves are using the online to purchase illicit products and services. In those cases, reporting the fraud to authorities would only bring about more questions on the illegal purchases.

According to G2 Web Services, the three most common types of transaction laundering are:

• Benign: Two legitimate businesses are sharing the same payment gateway;

• Malicious: An illicit business is sending transactions through a legitimate or shell account;

• Affiliate: An illicit business takes payment info, creates an affiliate account at a third party merchant site, and purchases goods to collect affiliate revenue.

Unfortunately for consumers and businesses, these crimes are not always a top priority or even on the radar of regulators and authorities. Sometimes, managed service providers (MSPs) do not investigate the real origin of transactions until they face sanctions or fines by credit card brands. National governments have put in place sets of procedures, laws, and regulations designed to stop the practice of generating income through illegal actions, also known as Anti Money Laundering (AML). But many AML efforts are often wrongly focussed on high-risk, high-volume merchants, while transaction laundering can happen also in multiple smaller-scale, seemingly low-risk players.

How to fight it?

Transaction laundering has started to plant itself firmly in the consciousness of the minds of regulators, lawmakers, law enforcement and the general public, with everyone’s attention focusing on turning this awareness into action. 

Many covered financial institutions already collect some beneficial ownership information and have updated their AML policies and procedures in anticipation of the Customer Due Diligence (CDD) Rule. As a matter of course, all covered financial institutions should revisit their policies, procedures, and training materials to ensure their current practices meet the requirements of the CDD Rule by May 2018.

Another piece of good news is that there are companies on the market equipped with strategies and tailored techniques for fighting transaction laundering. Some of these companies are also featured in The Paypers’ “Global mapping of key players in the fraud management industry” included in the Web Fraud Prevention and Online Authentication Market Guide 2017/2018, page 62.

By combining cyber-intelligence technologies, EverCompliant aims to detect and prevent transaction and money launderers, hidden transaction tunnels and merchant fraud from entering the ecommerce ecosystem. Their flagship product is called MerchantView, a software solution that targets acquirers, PSPs, ISOs, online marketplaces, payment facilitators and hosting providers. The software analyses each merchant’s website(s), confirms their identity and true line of business, and monitors their transactions to reveal any associated and unreported websites (URLs).

Another way to fight this problem is the Proactive Risk Manager for Anti-Money Laundering from ACI Worldwide - a monitoring and detection solution that helps identify unusual activity and offers a fast track to compliance. It conducts both real- and near-real-time fraud and anti-money laundering checks, and alerts users to potential issues via SMS, text, email or phone, enabling them to immediately confirm or deny transactions.

G2 Web Services provides merchant risk intelligence solutions for acquirers, commercial banks and their value chain partners, representing close to 60% of global merchant outlets. The company believes that with so many ways for a payment to enter the system (and therefore many ways for a transaction to be laundered) there is no one approach that is sufficient in identifying this complex problem. Therefore the tech company employs a layered solution designed to keep launderers away.

Trulioo, an identity and business verification company, has created GlobalGateway, a service that enables businesses to comply with cross-border AML and KYC, and the AML Watchlist, a solution that offers comprehensive coverage of global AML risk data sources including sanction lists (such as OFAC, UN, HMT, EU, DFAT, etc. ), law enforcement lists (Interpol, country specific government and state agencies, and police forces), and governing regulatory bodies’ (financial and securities commissions) from around the world.

IdentityMind fights transaction laundering by using digital identities powered by eDNA technology, to get a more accurate picture of risk and thus to enable better customer selection and fewer rejections of good customers. eDNA leverages machine learning to build identities and to analyse them for the most accurate reputation score (risk profile) possible. The company’s algorithms provide reputations for each entity tailored for the industry in which customers do business. Moreover, users can modify their risk process on the fly, adding in additional checks where merited.

Overall, hidden online ecosystems are easier to detect and monitored, as regtech companies will leverage AI and machine learning technologies to police and prevent the issues surrounding money laundering.

About Mirela Ciobanu

Mirela Ciobanu is Senior Editor at The Paypers and has been actively involved in covering digital payments - related topics, especially in the cryptocurrency, online security and fraud prevention space. She is passionate about finding the latest news on data breaches, machine learning, digital identity, and blockchain and she is an active advocate of the need to keep our online data/presence protected. Mirela has a bachelor’s degree in English language and holds a Master’s degree in Marketing.