Transaction laundering has quickly evolved into one of the payment industry’s most prominent and most difficult problems. Transaction laundering — also previously known as “undisclosed aggregation” or “factoring” — occurs when a merchant processes unknown transactions on behalf of another business.
This hidden business is often engaged in prohibited activities, and the “front” merchant may either be colluding or exploited by this violating business.
Governments around the world have joined the battle against money laundering – passing laws that put an end to anonymous banking services and under-the-table money transfers and payments that enable crime and finance terror. It’s been on the agenda of governments for years. So how did they miss one of the biggest aspects of the problem?
It is estimated that Transaction Laundering for online sales of products and services topped $159 billion in 2016 in the US alone. Of this, some $4.6 billion involved illegal goods, which were sold online by an estimated 100,400 unregistered merchants.
The scam in transaction laundering works like this: A criminal sets up an illegal site where shoppers can order the drugs or other illicit goods they seek. Many times, the shoppers do not even know they are committing an offence – the counterfeit goods may just appear to be a great sale!
When it comes time to pay, they submit their credit card credentials, like they would do in any legitimate purchase. However, the payment will not be processed by the drug site, but rather by a legitimate-looking site that pretends to sell perfectly legitimate products – say, books (bookseller sites were the number one business model used by transaction launderers in 2016), operated by the crook for the purpose of gaining access to card processing utilities.
The credit card is charged, and the seller collects his/her payment via the legit site. Thus, a customer who buys Angel Dust will be charged for a copy of War and Peace – and that’s how the payment will show up on the credit card statement issued by their bank.
Let’s be clear – we’re talking about $159 billion of sales volume over which Merchant Service Providers (MSPs) have no control. These are unregistered transactions from hundreds of thousands of merchants transacting through MSPs’ payment networks occurring without their consent or knowledge. And despite all this – MSPs continue to facilitate and process these transactions.
In recent years, transaction laundering has become commonplace. Fraudulent merchants who cannot meet underwriting criteria and therefore cannot obtain merchant accounts under their own name hide behind third-party legitimate merchant accounts. This way, it’s difficult to trace excessive chargebacks, complaints, or other signs of illegal activity to the real culprits.
The criminals in question are not just drug dealers, human traffickers or illicit weapons vendors. Transaction laundering has been shown to be a financing source of numerous terror attacks — including the attack on French satirical magazine Charlie Hebdo in 2015. And this year, the FBI unsealed an affidavit that claimed ISIS used eBay and PayPal to funnel payments to an American who was allegedly an operative. Alarming indeed.
Regulators Begin to Take Notice
As far back as 2001, the Australian government predicted the e-money laundering revolution in a report entitled The Law Enforcement Implications of New Technology.
“When money laundering techniques are considered in parallel with e-commerce realities, a number of possible challenges become clear. The use of cryptography has an equal potential to assist criminal communications as it has to secure legitimate transactions.
While new technology can be employed to good effect to assist in the tracing of communications, electronic evidence is relatively easy to destroy. E-commerce has a global reach and individual jurisdictional laws could be exploited by money launderers living in one jurisdiction, perpetrating offences in a second jurisdiction and transferring value through many other jurisdictions.
And although it is perhaps too soon to tell which of the new electronic payment systems will become most widely used, and which user identification techniques will develop, they all present some possibility of exploitation by criminal elements for money laundering and other purposes,” reads and excerpt.
These predictions largely came true. As online payments have thrived, so has online fraud and payment-oriented crime. Moreover, despite the US Treasury’s Financial Crimes Enforcement Network (FinCEN) and other regulators’ stricter anti-money laundering rules, their mechanisms of enforcement still mostly target traditional business and financial services: Capital markets, banking, insurance, wire transfers, cash deposits and securities.
Here’s the gist of the problem: There is no technological reason that anti-money laundering efforts should fall short on transaction laundering. Rather, two issues that are completely fixable hinder enforcement — awareness and policy. That is starting to change, albeit slowly.
Until recently, transaction-laundering enforcement was done exclusively by the credit-card brands themselves.
Credit-card networks require all participants to screen and underwrite merchants to ensure they are legitimate businesses. The rules meant to exclude merchants engaged in potentially fraudulent or illegal practices also strictly prohibit transaction laundering.
A recent breakthrough highlights the increased awareness of state regulators to transaction laundering, and its implications for anti-money laundering policy. When the US Federal Trade Commission (FTC) started proceedings against an operation called Money Now Funding (MNF) and its successor companies on August 5, 2013, it was one of the first definitive actions taken by a regulator against transaction laundering.
The MNF scam relied on the perpetrators’ ability to accept credit and debit-card payments without raising fraud alerts with the acquiring bank. To conceal its identity and prevent the acquirer bank and card networks from scrutinising and terminating its merchant account, MNF engaged in an elaborate transaction laundering scheme. They established a large number of fraudulent merchant accounts, each under different fictitious names, through which MNF could launder charges to consumers’ credit or debit-card accounts.
Then, in August of this year, the FTC initiated proceedings against payment-service companies involved in the scam based on the following:
- Section 5(a) of the FTC Act, 15 USC § 45(a), which prohibits unfair or deceptive acts or practices in or affecting commerce.
- The FTC also enforces the Telemarketing Act, 15 USC §§ 6101-6108. Pursuant to the law, the FTC promulgated and enforces the Telemarketing Sales Rule (TSR), 16 CFR Part 310, which prohibits deceptive and abusive telemarketing sales or practices.
The Bottom Line
Why should transaction laundering be a key target for regulators in 2018? Because it’s a huge, solvable problem.
Transaction laundering is strictly forbidden by credit-card companies, and is illegal under the Telemarketing Sales Rule (TSR). But until recently, most enforcement against transaction launderers has been handled by credit-card brands. Having the FTC use existing TSR rules against transaction launderers is a tremendous step forward.
We still don’t know what the results will be, as the FTC’s latest case hasn’t yet reached the stage where penalties or fines would be imposed. Regardless, this shows that regulators are scrutinising transaction laundering more.
A new approach and new tools are needed for online anti-money laundering efforts. In 2018, online AML should be a shared responsibility among law enforcement, e-commerce companies, international standards-setting organisations, managed service providers, fintech companies and individual users.
In this way, the problem of digital money laundering — just like the traditional analog version — can not only be addressed, but actually defeated. Having government agencies like the FTC enforce rules is a welcome step in the right direction.