TRANSACTION LAUNDERING AND HIGH-RISK PAYMENT PROCESSORS
INTRODUCTION
Transaction laundering is one of those terms you may have come across, or should have come across, and it may be one of the most important means of laundering the proceeds of criminal activity.
However, as with other types of trade-based financial crime that are often grouped under the somewhat misleading term “trade-based money laundering”, it is one relatively difficult to detect and thus likely to elude the types of routine check undertaken by compliance staff. It is not a new phenomenon, and as far back as 2001 the expected growth in online transactions was predicted to lead inevitably to e-laundering as well[1].
In essence, one might consider that, despite the apparent high-tech and “modern” paraphernalia and terms involved, transaction laundering is no different from “old fashioned” money laundering, where a seemingly cash-rich front, such as a takeaway or launderette was used, but with online payments substituted for real cash.
The continued rapid growth in e-commerce makes transaction laundering more prevalent, easier to hide, and much easier to make an integral component of a larger fraud. Estimates of the value of transaction laundering have suggested figures of $200 billion a year in the US alone.
In recent months, AirbnB has also been identified as another route for transaction laundering[2] – a scheme involving more than 3,000,000 lodging listings in 65,000 cities across 191 countries would seem to have obvious appeal to launderers. There have also been reports of “sales” of non-existent goods via Amazon, eBay etc.
The proliferation of so-called micro merchants and instant onboarding by payment providers etc, as well as the explosion of different payment methods contribute to data overload and difficulty in monitoring merchant portfolios.
Thomson Reuters, owners of the World-Check compliance tools, has said that about 50%-70% of online sales for illicit drugs, counterfeit goods, and unlawful adult content involve some form of transaction laundering, quoting the Electronic Transactions Association (ETA), a trade association for the payments industry. It goes on to say that unlicensed online gambling is even more dependent on this type of money laundering, with more than 90% of illegal gambling sites said to be making use of transaction laundering to move their credit card receipts into the payment system[3].
WHAT IS IT?
Transaction laundering may also be described as “credit card laundering”, “undisclosed aggregation,” or “factoring”, such terms having, or capable of being given, legitimate connotations[4]. Indeed, factoring in itself is a large and wholly licit activity allowing a creditor to sell on debts owed to it to a third party, the third party charging a percentage commission for the right to collect the debt as its own – paying the creditor, for example, 90% of the original debt. The third party gets a new asset and the original creditor gets most of its money immediately, and without the concern of potential bad debts etc.
However, cases involving activity identified as transactions laundering, and using the term to flag up the importance of the methods involved, remain relatively rare. There was a prominent US case in 2013, involving an estimated $6 million – but it was the Federal Trade Commission and not the FBI that undertook the case[5]. Another important case dates from 2016, when US authorities took action against Canadian-based PacNet[6], described by the US Treasury as an “international payments processor and money services business, [and] has a lengthy history of money laundering by knowingly processing payments on behalf of a wide range of mail fraud schemes that target victims in the United States and throughout the world”[7].
There are three basic forms of transaction laundering –
- Use of a front company – this is set up and passes any due diligence checks made by a bank or financial institution. However, rather than just selling goods, the company also (or instead) launders criminals’ money – for example, by use of wholly fictitious “sales” (aka “phantom shipments”) to cover movements of cash, or sells illegal products masquerading as legitimate goods.
- Use of a “pass through company” – this is where an otherwise genuine company with a legitimate account takes on a “silent partner” and –
- allows (or has to allow) an that partner (or another) to use its account[8];
- embeds a payment link on the web page of another’s company, to route payments (e.g. for illegal goods sold using that site) through its own, apparently legitimate account; or
- enters the sales from the partner business into its system manually, making the laundering more difficult to detect.
The company whose account is being used may received an inducement, such as a percentage commission, even if not itself directly implicated in the illegal sales or activity generated the additional “income”. The “partner” may be described as an “affiliate partner” or as part of an “affiliate network”, in either case seeking to route payments for illegal or non-existent product via the legitimate account.
- Operating a “funnel account” – this is where, again, an otherwise legitimate business accepts credit card charges from companies that do not have merchant processing accounts, entering the charges as legitimate transactions in its own card payment processing system. For example, in locations where online gambling is illegal this might occur with transactions instead being tagged with the Merchant Category Code for online clothing or electronics sales.
In each of the above, it may well be that the account involved is legitimate and/or intended to continue operating. However, there are the so-called “bust out frauds” – where a merchant applies for a merchant account with a payment provider without any intention of actually operating a legitimate business. Instead the account is used for fraudulent or illegal transactions, with the aim of processing as many transactions as possible within a short amount of time, and before being caught, simply abandon the account.
The National Merchants Association[9] in the US have also categorised transaction laundering as follows –
- Benign laundering – where two legitimate businesses are sharing the same gateway;
- Malicious laundering – where an illicit business sends its transactions through a legitimate account, using it as cover for its own illicit proceeds; and
- Affiliate laundering – where an illicit business hijacks customer payment information, creates an affiliate account at a third-party merchant site, and then purchases goods using the hijacked funds to collect affiliate commission from the site through fictitious purchases.
In 2017, a Reuters investigation revealed a network of dummy online stores offering household goods that was actually a front for internet gambling payments. In that case, 7 sites operated out of Europe and appeared to sell innocuous items including fabric, DVD cases, maps, gift wrap, mechanical tape, pin badges and flags. In fact, they were wholly fake outlets, part of a multinational system to disguise payments for the $40 billion global online gambling industry, which is illegal in many countries and some US states[10].
It is not just criminals that can, and do, use transaction laundering methods. In 2017, the FBI in an affidavit said it had uncovered a global financial network run by a senior Islamic State official that funnelled money to an alleged ISIS operative in the US through fake eBay transactions[11]. The terrorist attacks in Paris in 2015 are also said to have been funded through online sales of counterfeit goods and illegal drugs[12].
In September 2017, the Financial Times published a guest article calling for transaction laundering to be a top priority for regulators[13]. The author said that the principle behind transaction laundering is simple: an unknown business uses an approved merchant’s payment credentials to process credit card payments for unknown products and services. He also said that online marketplaces and the like lacked the tools to vet each merchant, let alone each payment or customer. The article made the point that traditional forensic tools used can result in lengthy, clumsy and unproductive investigations, and AML efforts are often wrongly focussed on high-risk, high-volume merchants – whereas payments can be routed through smaller players, and smurfed into smaller amounts (see also the comments about the use of algorithms by High-Risk Payment Processors below).
HOW CAN YOU DETECT IT?
Amongst the possible ways to detect transaction laundering are –
- close examination of the “merchant’s” website – how are goods or services offered, does it look appealing to the consumer, would you be tempted to use it? Do the types (sizes, colours etc) of goods or services make sense?
- comparing the content of the website to its claimed volume of business – does it make sense; does it seem realistic?
- by taking into account how long the website has been active – typically, new sites do not generate large-scale business when first launched (unless they are from already large and reputable businesses)
- comparing the products offered and the average sales price and the Merchant Category Code being used – are there unexplained spikes in sales values, does the average individual sale value make sense for the type of product being offered?
- where the Code(s) being used by the website do not match the type of products that is supposedly selling
EverCompliant, a leading provider of cyber risk intelligence and transaction laundering detection and prevention, has said that the top 10 Merchant Category Codes used by transaction launderers are as follows[14] –
- Book Stores
- Food Stores
- Convenience Stores
- Markets
- Household Appliance Stores
- Men’s and Boy’s Clothing
- Accessories Stores
- Variety Stores
- Cosmetic Stores
- Gift, Card, Novelty, and Souvenir Shops
For the TCSP[15] community, one of the chief risks is that they are used by new or existing clients to create the fake businesses, the front companies or to create the structure through which proceeds are seemingly legitimised and/or routed to or through jurisdictions on their way to benefit the criminals at the heart of the fraud. Not just client onboarding, but ongoing compliance checks, would be required – what might have sounded like a perfectly plausible proposition might, when revisited at a later date and when one is able to examine what has actually taken place, not ring true.
“Continuous Merchant Portfolio Monitoring” is a fancy term coined for what should be standard, ongoing risk assessment. The problems encountered are likely to include the fact that such ongoing sampling/monitoring is likely to be resource-intensive, involving potentially large amounts of data, requiring the ability to understand the terms used, and understanding the products and markets involved.
There are automated systems offered, where software analyses large amounts of data to detect anomalies, irregularities or other triggers. Such software might also help in detecting high-risk payment processing abuses (see below), particularly where automated systems and algorithms are being used by the other side. Such software can take advantage of emerging technologies like AI and machine-learning solutions. These solutions are generally aimed at the merchants, payment providers and financial institutions.
In the Isle of Man, a jurisdiction with a large and generally well-respected and regulated TCSP community, in 2017 guidance issued on trade-based money laundering was amended in February 2017 to make specific mention of transaction laundering[16] the definition given was that transaction laundering was “A form of online fraud where legitimate merchants process payments (usually involving credit or debit cards) on behalf of another merchant. Using [transaction laundering], a merchant sets up an online store and receives the approval of a bank or payments provider to process orders, he or she then sets up additional, unregistered websites to sell other, illegal goods with payments being routed via the legitimate online store.”. This is a useful, concise definition but the scope of transaction laundering in its various forms is really far wider – and the definition does not directly address the High-Risk Payment Provider risk (see below).
On the other hand, the term “transactions laundering” does not occur at all in the latest editions of the AML/CFT handbook published by the Island’s Financial Services Authority (FSA)[17], though the Handbook does contain comprehensive and detailed guidance on risk assessment, ongoing monitoring etc. In the sector-specific guidance provided by the FSA, whilst again comprehensive and detailed, there appears to be no direct reference to transaction laundering, nor of the risks posed to TCSP in unknowingly becoming involved in it.
HIGH-RISK PAYMENT PROCESSING
A good starting point when trying to think about High-Risk Payment Processing (HRPP) is to listen to a podcast interview of Simona Weinglass, the reporter from the Times of Israel who broke the story of the scandal of the $10 billion binary options trading operating from Israel[18]. The fraudsters involved there used HRPP to realise their ill-gotten gains. Ms Weinglass claims that when trying to investigate HRPP she could find little or no literature on this aspect of the case.
Put simply, HRPP set out to facilitate “high-risk” businesses by arranging to filter their proceeds into the financial system. This may be to assist businesses with which traditional (or, as they would probably describe them, conservative) financial institutions are reluctant to deal, and/or manipulate merchant codes to disguise or misrepresent the nature of the business generating the funds – so as to prevent difficulties or unwanted scrutiny or delay in payment processing.
Of course, the high-risk businesses they serve are not necessarily involved in anything illegal – they may, for example, simply have a poor, or insufficient, credit history, have suffered excessive chargebacks[19] in the past, or operate in a business or territory with a history of high chargeback risk. However, as long ago as 2012, FinCEN issued an Advisory that warned financial institutions in the US of AML risks associated with third-party payment processors[20].
Whilst a large number of businesses offer services as HRPP, and would be operating legitimately, there will be others who would target those generating illegal proceeds. These would aim to integrate the funds through the legitimate (or not) payment processing system and legitimate (or not) banks. Hence, they may use reputable US or European banks, using subterfuge including breaking down payments into micro payments and spreading over numerous accounts or locations to fall below levels that might attract attention. This system may be highly automated, with the use of algorithms to handle the arrangements. They may alternatively, or also, use banks or other entry points in jurisdictions where less (or no) questions are asked about the source or legitimacy of funds.
Even if an account is identified and terminated by an acquirer[21], research undertaken in the US by G2 Web Service in 2016 appeared to show that around 25% of terminated accounts keep the rest of their operations mostly intact, seeking new paths into the payment system. Others rename and reform their operations but continue to sell illicit goods. Only a minority disappear completely[22].
Ray Todd
17th September 2018
[1] The Law Enforcement Implications of New Technology (Commonwealth of Australia report, August 2001): https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Former_Committees/acc/completed_inquiries/1999-02/itlaw/report/index
[2] https://www.thedailybeast.com/inside-airbnbs-russian-money-laundering-problem
[3] https://store.legal.thomsonreuters.com/law-products/solutions/clear-investigation-software/anti-money-laundering/the-growing-threat-of-transaction-laundering
[4] Another term used is merchant-based money laundering (MBML), of which it is said that transaction laundering is just one form.
[5] https://www.ftc.gov/news-events/press-releases/2013/09/ftc-halts-elusive-business-opportunity-scheme
[6] http://en.finance.sia-partners.com/20161113/pacnet-services-what-you-need-know
[7] https://www.treasury.gov/press-center/press-releases/Pages/jl5055.aspx
[8] This might be described as an “identity swap”.
[9] https://www.nationalmerchants.com/fraud-education/a-new-kind-of-fraud-transaction-laundering/
[10] https://www.reuters.com/article/us-gambling-usa-dummies-exclusive/exclusive-fake-online-stores-reveal-gamblers-shadow-banking-system-idUSKBN19D137
[11] https://www.wsj.com/articles/fbi-says-isis-used-ebay-to-send-terror-cash-to-u-s-1502410868
[12] http://www.lefigaro.fr/actualite-france/2015/01/08/01016-20150108ARTFIG00004-charlie-hebdo-l-itineraire-des-freres-kouachi.php
[13] https://ftalphaville.ft.com/2017/09/27/2193969/transaction-laundering-should-be-a-top-priority-for-regulators-in-2018/
[14] http://evercompliant.com/five-ways-criminals-abuse-payments-ecosystem/
[15] Trusts and corporate services providers.
[16] https://www.gov.im/media/1348726/notice-1000-man-trade-based-money-laundering-july-18.pdf
[17] https://www.iomfsa.im/media/1475/amlcfthandbookfinalversiond.pdf
[18] https://www.traceinternational.org/bribe_swindle_or_steal
[19] Chargebacks are where the credit card company cancels a payment after the customer has claimed that the transaction involved was unauthorised. The funds are debited from the business’s account and credited back to the customer. Here too, chargebacks need not indicate any illicit activity on the part of the business, hospitality industry, hotels and travel agencies are may also be flagged as high-risk because they can suffer high levels of chargebacks initiated by unsatisfied customers.
[20] https://www.fincen.gov/resources/advisories/fincen-advisory-fin-2012-a010
[21] Such as a credit card company.
[22] http://www2.g2webservices.com/cleaning-out-transaction-laundering/
raytodd.blog 