Following the money online

Trust, critical in business generally, proves even moreso with ecommerce, where unscrupulous merchants can take advantage of an ecommerce site with ease.

To protect themselves from various forms of fraud—such as transaction laundering—online marketplaces must be equipped with advanced systems to defend themselves. If and when marketplaces are unwilling or unable to do so, their processors must figure out ways to defend themselves. All players need to understand where the money is coming from.

What is transaction laundering?

Transaction laundering involves valid payment transactions that appear 100% legitimate, but are conducted on fraudulent grounds.

In a basic transaction laundering scheme, a merchant will set up an account on a legitimate marketplace, where users shop. The main point of their using the site is not sales, but to use the marketplace's financial platform to process payments, and to use its shipping platform to distribute illicit goods.

The actual sales are made elsewhere, perhaps via email, chat, on another site, or even on a mobile app. Purchasers who don't want to deal in bitcoins (the Dark Web coin of the realm) can receive a link from their merchant, who sends them to another website. The criminal will process the sale from that website through the merchant account being hosted on the marketplace.

For example, let’s say a person wants to buy marijuana. He or she would go to a website that sells illicit drugs, click on the product they want to buy, and simply add their credit card information. The criminal (or fraudulent merchant), would then take that credit card information and process it through their legitimate merchant account (for example, a site that sells books) and use the legitimate marketplace to process the payments.

In this example, if the merchant account is actually a micro-merchant within an online marketplace platform, the merchant can manage an online catalog with a wide variety of products that are difficult to evaluate. Examples include baseball cards or rooms for rent. Doing so, the crooks can maintain catalog supporting any price point. This makes it easy to process almost any amount though the marketplace’s payment platform.

As far as the marketplace site may be concerned, the transaction is no different than any of the thousands or millions of others that pass through the portal. But that doesn't make it any less liable to the banks, stockholders, or the authorities, for that matter, since in this scenario, the marketplace acts as a merchant, and the acquiring bank or processors remain responsible for that merchant.

Spotting and stopping transaction laundering

For the acquirers or processors, relying on the marketplace is insufficient. They have their hands full maintaining their relationship with merchants. They cannot inspect all of the transactions going through their site.

Doing so would require a forensic investigation of the activities of merchants. For example, a savvy investigator might notice that all the referrals came from an IP address that is associated with a drug site. But expecting a human being to figure that out in advance is asking the impossible. The volume of data is too great to process.

Instead, they can use cyberintelligence, machine learning, and analytical tools. These systems set up a profile for the merchant of what a legitimate transaction looks like, evaluating parameters that, when taken together, provide a clear picture of what a customer’s true actions are on the site.

One solution is for the acquirer or processor to focus on the ongoing monitoring of the marketplace portfolio. Most acquirers or processors vet their customers when they onboard them, but that is not sufficient anymore. These customers have to be monitored on an ongoing basis to detect anomalies in their activities.

Fraudsters know how to circumvent the system by making sure they look 100% legitimate at underwriting time. They readily pass know your customer and credit checks, and they seem to be in compliance with all requirements, while hiding any associations with illegal content. Only as transaction laundering starts can these links be detected.

Changing perspective also helps. Acquirers or processors need to stop looking at marketplaces as “customers,” and more as an ecosystem of customers, or in the industry jargon, as payment facilitators.

Once an acquirer or processor approves a new merchant, it also approves, potentially, a large number of associated parties. All compliance and underwriting procedures should be updated to work on the ecosystem layer, rather than the layer of the single merchant entity.

Bring processing compliance up to industry standards

Successfully keeping out fraudsters entails banks' updating compliance procedures on the merchant services side to be more in line with the scrutiny level in the rest of the financial system.

Money laundering and terrorist finance, of course, is a huge problem, and mounting evidence indicates that transaction laundering is becoming as significant a problem, with massive volumes of money being laundered and illegal products being sold virtually openly.

Acquirers or processors need to employ case management tools that will examine the activities of marketplaces, keeping a specific eye on the kinds of fraud in which transaction launderers engage.

Finally, acquirers, payment processors, marketplaces—and everyone else on the right side of the law—need to work together to develop more effective ways of rooting out transaction launderers. Underwriters, risk analysts, sales executives, fraud investigators, chargeback specialists, and service provider partners cooperate to identify problematic trends and potential transaction laundering activity.

The transaction-laundering threat requires a fundamental change in how the industry goes about vetting and monitoring online merchants. This involves moving beyond what is obviously known to the acquirer or processor. Solutions that rely on manual actions and analysis simply won’t do anymore; the solutions must be automated so that they can effectively scale. With such systems, all stakeholders—marketplaces, banks, and everyone else—can ensure that they catch the bad guys, and aren’t left “holding the bag.”

About the author

Ron Teicher is CEO of EverCompliant, which provides tools for detecting transaction-based laundering. Before founding EverCompliant, Ron led the compliance initiatives at Sanctum and Watchfire (acquired by IBM). Watchfire’s compliance product won SC Magazine’s first excellence award for Best Regulatory Compliance Solution.