The rapid development and rising volume of e-commerce transactions in recent years has encouraged the outbreak of cybercriminals – who are finding more and more complex ways to conceal profits that are likely to have been earned illegally, via an online environment. The extensive range of payment systems available along with the exponentially growing amount of e-commerce activity undoubtedly facilitates difficulty in detecting fraudulent transactions by banks and payment service providers.


FDA targeted transaction laundering

In Oct 2018, the U.S. Food and Drug Administration, in partnership with international regulatory and law enforcement agencies, launched a global operation to target 465 websites that illegally sold potentially dangerous and unapproved prescription drugs. Essentially, the FDA targeted transaction laundering schemes in order to uncover the complex online drug network.


Transaction laundering is a particularly common scheme that criminals practise, to disguise illegal drug businesses. In fact, most illegal online credit card transactions are executed through transaction laundering. For example, vendors of illicit goods and drugs frequently establish shell websites that appear completely irrelevant to the category of goods they are actually distributing, such as a business for fashion – to process the payments obtained from the illegal drug network. To target the infrastructure supporting the drug businesses, the FDA carried out a series of investigations focused on credit card processors involved in the transaction laundering arrangements. This FDA operation has shown the payment industry why transaction laundering monitoring is so important, and how the law enforcement agencies perceive the role of credit card processors in the network of illegal businesses.


Launderers are very smart in pretending good merchants

Transaction launderers today are cunning and know how to deceive banks, by establishing professional websites, forging fake operation history, and leave no trace between their shell website and illegal businesses. After obtaining merchant accounts, these transaction launderers are also well aware to closely monitor their fraud ratio to avoid any alert to banks. It is very common for banks and PSPs to lack knowledge of transaction laundering activities until receiving notifications from card schemes or chargeback requests in which the hidden websites are revealed. Thus, banks may have already processed countless unknown transactions in their payment network, and consequently become penalised.


In a case that a deceptive operation known as MNF cheated more than USD7M and hid their money by transaction laundering (or credit card laundering), both the scammers and the payment company were charged by the U.S. Federal Trade Commission. The FTC has stated very clearly that their investigation does not only stop with the criminals but also “shutting down the operators who processed and hid their shady transactions”. So, the industry should treat transaction laundering as serious as other critical violations.


Common techniques used to detect transaction laundering

To fulfil the requirements of card schemes such as Visa GBPP and Mastercard BRAM, banks and PSPs have employed different ways to prevent the potential transaction laundering violations such as web content monitoring, making use of SEO analytics tools, doing test transactions or manually searching on Google etc. However, they still face a big challenge to mitigate this risk.


As mentioned, when a corrupt merchant submits a shell website to banks for approval, the website usually appears well disguised and nothing out of the ordinary. Thus, simply viewing and validating the submitted or approved merchant site in most cases, do not help in uncovering hidden businesses. The SEO web analytic tools may occasionally offer some traces of what is behind the site, but even if the bank became aware of, for example, some gambling sites bring web traffic to the merchant site, it will not be sufficient to prove that the merchant is processing the transactions for the gambling sites. The merchant is subject to deny any transactional relation and request the bank to provide evidence. Thus, these common transaction laundering detection techniques that rely on open data are generally ineffective.


Here is a scenario that banks can use to test their current procedure: if a merchant establishes a site offering illicit substances in the morning, and an hour later, covertly submitted transactions through an approved fashion website to the bank payment system. In this situation, the illicit site is new – it means that there is likely no corresponding data on Google or SEO analytics tools, and this illicit site is using the bank’s payment facility to execute transaction laundering. Is the bank’s current procedure capable of discovering this hidden site? If the answer is negative for the above test, it may be time to review the current TL detection procedure.


In 2019, it is time to review the current TL detection procedure

Instead of adopting the traditional merchant monitoring methods, transaction monitoring is a more proactive and reliable approach to protect banks from illegal transactions. Transaction monitoring will provide risk analysts a lot of real-time and useful data for investigations. No matter how recent the hidden website is or even if there is no connection between the shell website and the high-risk e-commerce website, the TL scheme can be revealed once there is any transaction activity. Therefore, banks will receive immediate alerts and have convincing evidence in hand.


Transaction Laundering is largely controllable with the correct monitoring and detection procedure. The industry should take prompt actions before any financial or reputation losses occur. While the size of e-commerce is becoming too large to ignore, the time is right to initiate and establish a safer payment infrastructure.


(First published at The Paypers)