TRANSACTION LAUNDERING AND HIGH-RISK PAYMENT PROCESSORS – UPDATED
1st October 2018 (updated 27th October 2018)
INTRODUCTION
Transaction laundering is one of those terms you may have come across, or should have come across, and it may be one of the most important means of laundering the proceeds of criminal activity.
However, as with other types of trade-based financial crime that are often grouped under the somewhat misleading term “trade-based money laundering”, it is one relatively difficult to detect and thus more likely to elude the types of routine check undertaken by compliance staff. It is not a new phenomenon, and as far back as 2001 the expected growth in online transactions was predicted to lead inevitably to e-laundering as well[1].
In essence, one might consider that, despite the apparent high-tech and “modern” paraphernalia and terms involved, transaction laundering is no different from “old fashioned” money laundering, where a seemingly cash-rich front, such as a takeaway or launderette was used, but with online payments substituted for real cash.
The continued rapid growth in e-commerce makes transaction laundering more prevalent, easier to hide, and much easier to make an integral component of a larger fraud. Estimates of the value of transaction laundering have suggested figures of $200 billion a year in the US alone.
In recent months, for example, AirbnB has been identified as another route for transaction laundering[2] – a scheme involving more than 3,000,000 lodging listings in 65,000 cities across 191 countries would seem to have obvious appeal to launderers. There have also been reports of “sales” of non-existent goods via Amazon, eBay etc.
Another example from 2016 is where a research project undertaken by Apple found that 90% of purportedly genuine Apple-branded chargers sold on one online retailer were in fact counterfeit[3].
The proliferation of so-called micro merchants and instant onboarding by payment providers etc, as well as the explosion of different payment methods contribute to data overload and difficulty in monitoring merchant portfolios.
Another investigation in 2018, found that fraudsters had used 20,000 compromised credit cards to make in-app purchases and create profiles that were powerful or with better skills and abilities in the Clash of Titans and other games. The fraudsters could then sell those profiles via third-party vendors to other gamers who want to advance in the game, thus creating an informal value transfer[4].
Thomson Reuters, owners of the World-Check compliance tools, has said that about 50%-70% of online sales for illicit drugs, counterfeit goods, and unlawful adult content involve some form of transaction laundering, quoting the Electronic Transactions Association (ETA), a trade association for the payments industry. It goes on to say that unlicensed online gambling is even more dependent on this type of money laundering, with more than 90% of illegal gambling sites said to be making use of transaction laundering to move their credit card receipts into the payment system[5].
WHAT IS IT?
Transaction laundering involves leveraging e-commerce and merchant processing to create fictitious transactions which appear legitimate. This can include both deliberate transaction laundering by a collusive merchant, or passive transaction laundering where a merchant’s payment credentials are stolen by the money launderers and used to their launder funds.
Transaction laundering may also be described as “credit card laundering” (or “prepaid gift card smurfing”)[6], “undisclosed aggregation,” or “factoring”, such terms having, or capable of being given, legitimate connotations. Another term used is merchant-based money laundering (MBML)[7], of which it is said that transaction laundering is just one form. Indeed, factoring in itself is a large and wholly licit activity allowing a creditor to sell on debts owed to it to a third party, the third party charging a percentage commission for the right to collect the debt as its own – paying the creditor, for example, 90% of the original debt. The third party gets a new asset and the original creditor gets most of its money immediately, and without the concern of potential bad debts etc.
The term “ghost laundering” has also been used.
However, cases involving activity identified as transactions laundering, and using the term to flag up the importance of the methods involved, remain relatively rare. There was a prominent US case in 2013, involving an estimated $6 million – but it was the Federal Trade Commission and not the FBI that undertook the case[8]. Another important case dates from 2016, when US authorities took action against Canadian-based PacNet[9], described by the US Treasury as an “international payments processor and money services business, [and] has a lengthy history of money laundering by knowingly processing payments on behalf of a wide range of mail fraud schemes that target victims in the United States and throughout the world”[10].
There are three basic forms of transaction laundering –
- Use of a front company – this is set up and passes any due diligence checks made by a bank or financial institution. However, rather than just selling goods, the company also (or instead) launders criminals’ money – for example, by use of wholly fictitious “sales” (aka “phantom shipments”) to cover movements of cash, or sells illegal products masquerading as legitimate goods.
- Use of a “pass through company” – this is where an otherwise genuine company with a legitimate account takes on a “silent partner” and –
- allows (or has to allow) an that partner (or another) to use its account[11];
- embeds a payment link on the web page of another’s company, to route payments (e.g. for illegal goods sold using that site) through its own, apparently legitimate account; or
- enters the sales from the partner business into its system manually, making the laundering more difficult to detect.
The company whose account is being used may received an inducement, such as a percentage commission, even if not itself directly implicated in the illegal sales or activity generated the additional “income”. The “partner” may be described as an “affiliate partner” or as part of an “affiliate network”, in either case seeking to route payments for illegal or non-existent product via the legitimate account.
- Operating a “funnel account” – this is where, again, an otherwise legitimate business accepts credit card charges from companies that do not have merchant processing accounts, entering the charges as legitimate transactions in its own card payment processing system. For example, in locations where online gambling is illegal this might occur with transactions instead being tagged with the Merchant Category Code for online clothing or electronics sales.
In each of the above, it may well be that the account involved is legitimate and/or intended to continue operating. However, there are the so-called “bust out frauds” – where a merchant applies for a merchant account with a payment provider without any intention of actually operating a legitimate business. Instead the account is used for fraudulent or illegal transactions, with the aim of processing as many transactions as possible within a short amount of time, and before being caught, simply abandon the account.
The National Merchants Association[12] in the US have also categorised transaction laundering as follows –
- Benign laundering – where two legitimate businesses are sharing the same gateway;
- Malicious laundering – where an illicit business sends its transactions through a legitimate account, using it as cover for its own illicit proceeds; and
- Affiliate laundering – where an illicit business highjacks customer payment information, creates an affiliate account at a third-party merchant site, and then purchases goods using the highjacked funds to collect affiliate commission from the site through fictitious purchases.
In 2017, a Reuters investigation revealed a network of dummy online stores offering household goods that was actually a front for internet gambling payments. In that case, seven sites operated out of Europe and appeared to sell innocuous items including fabric, DVD cases, maps, gift wrap, mechanical tape, pin badges and flags. In fact, they were wholly fake outlets, part of a multinational system to disguise payments for the $40 billion global online gambling industry, which is illegal in many countries and some US states[13].
It is not just criminals that can, and do, use transaction laundering methods. In 2017, the FBI in an affidavit said that it had uncovered a global financial network run by a senior Islamic State official that funnelled money to an alleged ISIS operative in the US through fake eBay transactions[14]. The terrorist attacks in Paris in 2015 are also said to have been funded through online sales of counterfeit goods and illegal drugs[15].
In September 2017, the Financial Times published a guest article calling for transaction laundering to be a top priority for regulators[16]. The author said that the principle behind transaction laundering is simple: an unknown business uses an approved merchant’s payment credentials to process credit card payments for unknown products and services. He also said that online marketplaces and the like lacked the tools to vet each merchant, let alone each payment or customer. The article made the point that traditional forensic tools used can result in lengthy, clumsy and unproductive investigations, and AML efforts are often wrongly focussed on high-risk, high-volume merchants – whereas payments can be routed through smaller players, and smurfed[17] into smaller amounts (see also the comments about the use of algorithms by High-Risk Payment Processors below).
HOW CAN YOU TO DETECT IT?
Amongst the possible ways to detect transaction laundering are –
- close examination of the “merchant’s” website – how are goods or services offered, does it look appealing to the consumer, would you be tempted to use it? Do the types (sizes, colours etc) of goods or services make sense?
- comparing the content of the website to its claimed volume of business – does it make sense; does it seem realistic?
- by taking into account how long the website has been active – typically, new sites do not generate large-scale business when first launched (unless they are from already large and reputable businesses)
- comparing the products offered and the average sales price and the Merchant Category Code being used – are there unexplained spikes in sales values, does the average individual sale value make sense for the type of product being offered?
- where the Code(s) being used by the website do not match the type of products that is supposedly selling
EverCompliant, a leading provider of cyber risk intelligence and transaction laundering detection and prevention, has said that the top 10 Merchant Category Codes used by transaction launderers are as follows[18] –
- Book Stores
- Food Stores
- Convenience Stores
- Markets
- Household Appliance Stores
- Men’s and Boy’s Clothing
- Accessories Stores
- Variety Stores
- Cosmetic Stores
- Gift, Card, Novelty, and Souvenir Shops
In 2017, the Association of Financial Crime Specialists (ACFCS)[19] in the US ran a 3-part series of guest articles on MBML – part 1 on “phantom shipments”[20], part 2 on “prepaid gift card smurfing”[21] and part 3 on “transaction laundering” in general[22], including examination of the the payments ecosystem, the electronics and largely automated systems, used to process payments. They are strongly recommended as a lead-in to the subjects.
For the TCSP[23] community, one of the chief risks is that they are used by new or existing clients to create the fake businesses, the front companies or to create the structure through which proceeds are seemingly legitimised and/or routed to or through jurisdictions on their way to benefit the criminals at the heart of the fraud. Not just client onboarding, but ongoing compliance checks, would be required – what might have sounded like a perfectly plausible proposition might, when revisited at a later date and when one is able to examine what has actually taken place, not ring true.
“Continuous Merchant Portfolio Monitoring” is a fancy term coined for what should be standard, ongoing risk assessment. The problems encountered are likely to include the fact that such ongoing sampling/monitoring is likely to be resource-intensive, involving potentially large amounts of data, requiring the ability to understand the terms used, and understanding the products and markets involved.
There are automated systems offered, where software analyses large amounts of data to detect anomalies, irregularities or other triggers. Such software might also help in detecting high-risk payment processing abuses (see below), particularly where automated systems and algorithms are being used by the other side. Such software can take advantage of emerging technologies like AI and machine-learning solutions. These solutions are generally aimed at the merchants, payment providers and financial institutions.
In the Isle of Man, a jurisdiction with a large and generally well-respected and regulated TCSP community, in 2017 guidance issued on trade-based money laundering was amended in February 2017 to make specific mention of transaction laundering[24] the definition given was that transaction laundering was “A form of online fraud where legitimate merchants process payments (usually involving credit or debit cards) on behalf of another merchant. Using [transaction laundering], a merchant sets up an online store and receives the approval of a bank or payments provider to process orders, he or she then sets up additional, unregistered websites to sell other, illegal goods with payments being routed via the legitimate online store.”. This is a useful, concise definition but the scope of transaction laundering in its various forms is really far wider – and the definition does not directly address the High-Risk Payment Provider risk (see below).
On the other hand, the term “transactions laundering” does not occur at all in the latest editions of the AML/CFT handbook published by the Island’s Financial Services Authority (FSA)[25], though the Handbook does contain comprehensive and detailed guidance on risk assessment, ongoing monitoring etc. In the sector-specific guidance provided by the FSA, whilst again comprehensive and detailed, there appears to be no direct reference to transaction laundering, nor of the risks posed to TCSP in unknowingly becoming involved in it.
HIGH-RISK PAYMENT PROCESSING
A good starting point when trying to think about High-Risk Payment Processing (HRPP) is to listen to a podcast interview of Simona Weinglass, the reporter from the Times of Israel who broke the story of the scandal of the $10 billion binary options trading operating from Israel[26]. The fraudsters involved there used HRPP to realise their ill-gotten gains. Ms Weinglass claims that when trying to investigate HRPP she could find little or no literature on this aspect of the case.
Put simply, HRPP set out to facilitate “high-risk” businesses by arranging to filter their proceeds into the financial system. This may be to assist businesses with which traditional (or, as they would probably describe them, conservative) financial institutions are reluctant to deal, and/or manipulate merchant codes to disguise or misrepresent the nature of the business generating the funds – so as to prevent difficulties or unwanted scrutiny or delay in payment processing.
HRPP may also be referred to as “high-risk payment gateway providers”.
High-risk merchant accounts are a legitimate option for many businesses; the seemingly negative label actually being a form of classification used in various industries and sectors.
Of course, the high-risk businesses they serve are not necessarily involved in anything illegal – they may, for example, simply have a poor, or insufficient, credit history, have suffered excessive chargebacks[27] in the past, or operate in a business or territory with a history of high chargeback risk. However, as long ago as 2012, FinCEN issued an Advisory that warned financial institutions in the US of AML risks associated with third-party payment processors[28].
Whilst a large number of businesses offer services as HRPP, and would be operating legitimately, there will be others who would target those generating illegal proceeds. These would aim to integrate the funds through the legitimate (or not) payment processing system and legitimate (or not) banks. Hence, they may use reputable US or European banks, using subterfuge including breaking down payments into micro payments and spreading over numerous accounts or locations to fall below levels that might attract attention. This system may be highly automated, with the use of algorithms to handle the arrangements. They may alternatively, or also, use banks or other entry points in jurisdictions where less (or no) questions are asked about the source or legitimacy of funds.
Even if an account is identified and terminated by an acquirer[29], research undertaken in the US by G2 Web Service in 2016 appeared to show that around 25% of terminated accounts keep the rest of their operations mostly intact, seeking new paths into the payment system. Others rename and reform their operations but continue to sell illicit goods. Only a minority disappear completely[30].
FATF GUIDANCE ON “PROFESSIONAL MONEY LAUNDERERS” AND HRPP
The recent FATF guidance on professional money launderers[31], which can include what is terms a “professional money laundering organisation” or ““professional money laundering network”. The guidance included reference to various ways by which ill-gotten gains can be laundered and/or transferred across borders. These included –
- account settlement mechanisms – where criminals have cash and want to send funds to bank accounts in other countries, or criminals have money in their bank accounts but need cash (e.g. to pay their networks and workers). By making use of real or fake company accounts, the funds are received and transferred as if genuine transactions, including “payments” made to accounts in other countries – it may involve corrupt or corrupted members of staff within the company or companies involved, and/or similarly complicit personnel in financial institutions.
- underground banking – perhaps most well-known as hawala banking[32], bypassing the regulated financial sector and creating a parallel system of moving and keeping records of transactions and accountancy. By reciprocal credits and debits on the books of the participating partners – who may have ethnic or family connections that provide a high degree of trust – the virtual movement of the funds is facilitated, allowing funds to be accessed elsewhere.
- alternative banking platforms (ABP) – like underground banking, this operates outside the regulated financial system. However, it may use the facilities of the formal banking system, while creating a parallel accountancy and settlement system. They are described by FATF as form of shadow banking that make use of bespoke online software to provide banking services, without the regulated and audited customer due diligence checks. It is said to supported with special software that can encrypt traffic, manage transactions between accounts within the same platform, apply fees and assist with interaction with the outside financial system.
It is this last-named, i.e. ABP, that might seem to most closely described the HRPP model. However, the guidance goes on to then deal with Money Value Transfer Services (MVTS) providers, saying that evidence shows that that MVTS providers have knowingly facilitated the activities of professional money launderers, including currency conversions (i.e. foreign exchange), cash-based transactions, and/or electronic funds transfers. Complicit MVTS providers can play an important role in the placement stage of the laundering process.
FATF says that such complicit MVTS providers may continue to file SAR, so not as to arouse undue suspicion, but at the same time use separate records (i.e. shadow accountancy) so as to have one set that are apparently clean; or they may file SAR but use fictitious transaction details.
Any or all of the foregoing might seem to have a function for a HRPP. However, it is when the guidance moves on to what it terms “proxy networks” that one finally comes to something that describes the systems of HRPP that the Times of Israel is said to have detected in the binary options scandal, and about which little or no information could be found. It does appear, therefore, that FATF and the internal compliance community has at last caught up and provided some of the necessary, but missing, assistance.
FATF says that the main task of these proxy networks is to move client funds to the final, pre-determined destination and to obfuscate the trail of the financial flows (surely the aim of all of the above). It describes them as using bank accounts with multiple layers of shell companies in different jurisdictions, which have been established purely to redistribute and mix funds from various sources. These shell companies, it says, could be located in the country where the predicate offence occurred, transit countries or countries where the final investment of funds is conducted. This scheme is designed to make the portion of funds that belong to a client untraceable. The guidance describes a 5-stage process funds are received, moved and end up finally at the intended destination.
Crucially, the guidance makes the point that bank accounts are chosen to make the activity appear
legitimate, and to avoid SAR reporting and/or where the transaction may be blocked by financial institutions. For example, they use accounts of various characteristics (i.e. accounts where the activity volume was small, medium or large), in accordance with the sums laundered. The Times of Israel reporter herself had also noted that the HRPP may use multiple routings, and adopt a flexible approach, routing and re-routing funds (or portions of the funds) when any resistance was encountered, or to prevent or minimise potential suspicions.
Despite the useful information and case studies contained in the FATF guidance, it makes no direct mention of HRPP as a distinct, identified type. As outlined above, HRPP may be both legitimate and not, or combine both legitimate and illicit activity – or at the very least not be too particular about source and destination of the funds handled. As well as there being an obvious need for those in the financial sectors to be aware of the risks, and to be alert to the existence and use of HRPP, it appears to me that TCSP need also to be aware, and alert to the possibility that companies and other vehicles and structures they are asked to help create or administer are not for use as HRPP or as part of a structure or framework intended to be used by or for a HRPP. It is just one more of the many risks that the TCSP needs to have in mind when carrying out their due diligence.
Ray Todd
17th September 2018
Updated 27th October 2018
[1] The Law Enforcement Implications of New Technology (Commonwealth of Australia report, August 2001): https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Former_Committees/acc/completed_inquiries/1999-02/itlaw/report/index
[2] https://www.thedailybeast.com/inside-airbnbs-russian-money-laundering-problem
[3] https://www.forbes.com/sites/amitchowdhry/2016/10/23/apple-nearly-90-of-genuine-iphone-chargers-on-amazon-are-fake/#47df5ec15b07
[4] https://kotaku.com/criminals-are-using-clash-of-clans-to-launder-money-ne-1827698965
[5] https://store.legal.thomsonreuters.com/law-products/solutions/clear-investigation-software/anti-money-laundering/the-growing-threat-of-transaction-laundering
[6] https://www.acfcs.org/news/news.asp?id=328136&hhSearchTerms=%22furst%22
[7] See for example: https://www.acfcs.org/news/364876/Merchant-based-money-laundering-Part-3-The-medium-is-the-method.htm
[8] https://www.ftc.gov/news-events/press-releases/2013/09/ftc-halts-elusive-business-opportunity-scheme
[9] http://en.finance.sia-partners.com/20161113/pacnet-services-what-you-need-know
[10] https://www.treasury.gov/press-center/press-releases/Pages/jl5055.aspx
[11] This might be described as an “identity swap”.
[12] https://www.nationalmerchants.com/fraud-education/a-new-kind-of-fraud-transaction-laundering/
[13] https://www.reuters.com/article/us-gambling-usa-dummies-exclusive/exclusive-fake-online-stores-reveal-gamblers-shadow-banking-system-idUSKBN19D137
[14] https://www.wsj.com/articles/fbi-says-isis-used-ebay-to-send-terror-cash-to-u-s-1502410868
[15] http://www.lefigaro.fr/actualite-france/2015/01/08/01016-20150108ARTFIG00004-charlie-hebdo-l-itineraire-des-freres-kouachi.php
[16] https://ftalphaville.ft.com/2017/09/27/2193969/transaction-laundering-should-be-a-top-priority-for-regulators-in-2018/
[17] Involving “smurfing” or (in the context of money laundering and cash smuggling) the breaking down of larger amounts into smaller sums, to avoid detection or to avoid triggering transaction threshold alerts etc.
[18] http://evercompliant.com/five-ways-criminals-abuse-payments-ecosystem/
[19] https://www.acfcs.org/
[20] https://www.acfcs.org/news/news.asp?id=307150&hhSearchTerms=%22furst%22
[21] https://www.acfcs.org/news/news.asp?id=328136&hhSearchTerms=%22furst%22
[22] https://www.acfcs.org/news/364876/Merchant-based-money-laundering-Part-3-The-medium-is-the-method.htm
[23] Trusts and corporate services providers.
[24] https://www.gov.im/media/1348726/notice-1000-man-trade-based-money-laundering-july-18.pdf
[25] https://www.iomfsa.im/media/1475/amlcfthandbookfinalversiond.pdf
[26] https://www.traceinternational.org/bribe_swindle_or_steal
[27] Chargebacks are where the credit card company cancels a payment after the customer has claimed that the transaction involved was unauthorised. The funds are debited from the business’s account and credited back to the customer. Here too, chargebacks need not indicate any illicit activity on the part of the business, hospitality industry, hotels and travel agencies are may also be flagged as high-risk because they can suffer high levels of chargebacks initiated by unsatisfied customers.
[28] https://www.fincen.gov/resources/advisories/fincen-advisory-fin-2012-a010
[29] Such as a credit card company.
[30] http://www2.g2webservices.com/cleaning-out-transaction-laundering/
[31] http://www.fatf-gafi.org/publications/methodsandtrends/documents/professional-money-laundering.html
[32] Hawala comes from the Arabic for “transfer” and is largely seen now as a generic term that also covers a range of similar systems and which are common in the Middle and far East and Asia – fei-ch’ien (China), hui kuan (Hong Kong), hundi (India), hawala (Middle East), padala (Philippines) and phei kwan (Thailand). It involves the movement of the value of funds without physical movement of those funds, as a parallel or alternative remittance system outside of the normal banking channels, involving trust and the extensive use of connections such as family relationships or regional affiliations
raytodd.blog 