A new form of online fraud called transaction laundering (TL) is infecting the medical, pharmaceutical, and financial payment infrastructures. TL is a new way to launder money on the internet, when legitimate merchants process payments, typically using a
credit or debit card, on behalf of another merchant. However, credit card brand associations consider TL a crime whether or not the merchants are aware of the illicit transactions.
Usually, TL is a win-win situation for both merchants and customers. For example, an emerchant can set up an internet store such as a flower shop, and get approval from a bank to process orders. The criminal can then create a few unregistered sites selling
illegal goods, such as drugs, and direct their payments through the seemingly legitimate flower shop. The customers get their drugs, their credit card statements say ‘flowers’, and everyone is happy.
But, as this unique
pharma-fraud case illustrates, customer satisfaction is not always the result. In fact, TL can be harmful not just for the legitimate online businesses that allow the criminals to prosper, but also harmful for society at large.
Aiding the criminals; not the AIDS patients
This past year, a New York based specialty pharmacy named MOMS, meant to provide medications and support services to patients with HIV. In reality, this pharmacy was secretly providing expired or fake HIV medication. The scheme was complex, and involved
several players and shell companies to function. The partners in this plan facilitated sales of counterfeit HIV medication on a massive scale, with a lot of work put into making the drugs look legitimate, both on a transnational level (false invoices through
shell companies) as well as on a physical level (rebranding/repackaging during the pre-sale stage). In this way, ‘Mom’s the word’ took a whole new meaning for this business.
The criminals used MOMS since it was a legitimate company and an ideal inconspicuous business through which to process payments for the illegal commerce that occurred through the shell companies. And thanks to online payment technology, many of the people
were unaware of the intricate transactions that were transpiring.
TL awareness is the first step
The MOMS episode in TL was discovered and prosecuted. The perpetrators in the pharma-fraud saga were found guilty of several charges, including first and second degree counts of money laundering.
Courts and regulators worldwide show no mercy when it comes to money laundering, and fines are firm for all parties involved—including large banks. When banks fail to implement anti-money laundering (AML) safeguards, the consequences can be catastrophic:
The
biggest case so far amounted to a $8.8 billion settlement between the largest bank in France, BNP Paribas, and the Department of Justice. The settlement comprised additional measures on top of a cash component, including personal penalties on executives,
agreement to withdraw from certain risky business activities, and commitments to future compliance investments.
Fines are an ongoing concern for banks, and at this moment, a slew of transaction launderers is most likely about to begin. This is because, in most cases, payment processors are often not aware about the TL being conducted in their portfolios until it is
too late.
Payment processors are keeping a close eye on merchants
In the last few years, credit card brands such as Mastercard and Visa have tightened their reins by imposing warnings, fines and/or sanctions to fight against TL. In turn, payment processors have stepped up their responsibility for their emerchants and their
potential brand-violating activities. Many have implemented stricter underwriting procedures, keeping a close eye on their potentially high risk merchants.
But spot checking a few websites, even intensively, is not enough to detect TL. Fraudsters know the rules of the system and how to appear legitimate during the underwriting stage. When an online business goes live, it is usually followed by a whole ring
of associated businesses that the payment processors don’t usually detect. And how can they catch them?
The sheer volume of data makes vetting and monitoring online merchants extremely hard to handle. It’s not just a matter of searching through the merchants in their portfolio; it’s about uncovering the transactional activity they don’t know about in hidden
payment pages or even unreported mobile applications.
Cyber intelligence can unearth the crimes
Transactional launderers aren’t going to stop any time soon, as long as they can get away with their crimes. Payment processors should consider shifting their stringent efforts from the underwriting stage to an ongoing strategy. As TL activity changes over
time, payment processors can monitor their merchants periodically, on a continual basis.
Solutions that rely on manual steps simply won’t make it in this atmosphere; they must be automated so that they can effectively scale to uncover the layers and layers of hidden payment pages and potentially illegal activity. Using cyber intelligence on
top of existing manual resources, payment processors will be better equipped to limit transaction laundering and protect victims worldwide.