The regulatory gap in ecommerce payments is a pressing issue. Transaction Launderers are taking  full advantage of the gaps in the current regulatory regime to funnel illicit ecommerce transactions into the payments ecosystem. Without proper controls, AML efforts are threatened by the influx of billions of dollars laundered through merchant accounts. 

Right under our noses, there’s a money laundering scheme going on that would make Tony Soprano drool. I’m talking about transaction laundering – the digital era’s answer to Walter White’s car wash, and a perfect example of how life can sometimes outdo fiction.

Like so many other areas of life, the payments industry has experienced an unprecedented era of technological advances in recent years. The rapid proliferation of new payment methods, e-wallets, cryptocurrencies, and the invention of so-called “frictionless onboarding” has had significant implications on the way money laundering has evolved.

Today, almost any entity has an online identity which may differ significantly from its physical one. It is also quite easy today  to gain access to the payments world, and to be able to accept payments online. Emerchants and online marketplaces serve as the best example for combining these two phenomena.  However, the scope of AML laws and regulations, as well as their ability to be  enforced, is not accurately reflecting this evolution of the digital world. There is a gap to be bridged, and new money laundering methods, such as transaction laundering have evolved and continue to thrive within this  regulatory gap.

What is transaction laundering, exactly?

Transaction laundering is a merchant-based fraud scheme that takes advantage of legitimate payment ecosystems by funneling unknown transactions through seemingly-unrelated ecommerce merchant accounts. By doing this launderers enable legitimate websites – often unknowingly - to act as payment processing storefronts for criminal enterprises selling firearms, illicit drugs, or even financing terror via unregulated cross-border transactions.

In case there was any doubt, transaction laundering is money laundering. Making illegally-gained proceeds appear legal is money laundering by definition. KYC and other regulations are being violated as payment processors essentially have no way of knowing the origins of transaction, who the actual merchant is and what is being sold.

By funnelling unknown payments through verified merchant accounts, transaction launderers essentially touch upon the three steps of money laundering - placement, layering and integration - all in one click--the digital age of money laundering.

The issue doesn’t stop at the MSPs. While  proceeds from transaction laundering infiltrate the banking ecosystem through a merchant service account, the money doesn’t stay there for long. Merchant accounts are linked to checking accounts, quite often in an entirely different bank.

Essentially, an acquiring bank ends up unwittingly pumping laundered proceeds of illegal activities into the banking ecosystem. When transaction laundering occurs – and it does happen frequently – it makes every entity on the payments processing chain complicit and massively liable.

Yes, Transaction Laundering is Massive. Yes, it Directly Funds Terror.

Recent estimates found that transaction laundering for online sales of products and services tops $200 billion a year in the US alone. Of this, around $6 billion involves illegal goods, which were sold online by an estimated 335,000 unregistered merchants.

Transaction laundering is also a documented financing method of choice for high-profile terror attacks. By way of example, consider Cherif Kouachi, one of the two terrorists who attacked the offices of French satire magazine Charlie Hebdo in Paris. The weapons used in the attack were funded with some €8,000 of counterfeit items, mostly sports shoes, that were sold online in France. And both terrorists were involved in selling drugs online before they sold these counterfeit goods.

The Regulatory Gap

While transaction laundering is rapidly growing, regulatory bodies, being focused on other parts of the financial services world, don’t yet seem to have the awareness, the technological tools or the in-depth knowledge of the payments space to combat this critical threat.

In the United states, progress has been made at the state level to address transaction laundering, or the “illegal factoring of credit card transactions”. Currently twelve states, including  Arizona, Florida, Georgia, Louisiana, Nebraska, North Carolina, Oregon, Texas, Utah, Virginia, Washington and Wisconsin have adopted specific laws and regulations regarding transaction laundering  that can result in legal fines ranging from as little as $2,500  up to $250,000 USD.

Enforcement mechanisms on the Federal level are still focused mainly on traditional business and financial services such as banking, capital markets and insurance. However, when probing, these businesses, their links to payments processing, and their exposure to transaction laundering as part of it, is being mostly left out.

Taking into account the rapid growth in the volume of ecommerce transactions, regulators need to direct their full attention to payments in general, and ecommerce card-not-present credit card payments specifically. For now, and until they sufficiently do so, transaction launderers will continue to take advantage of these regulatory gaps to enable multi-billion-dollar schemes.

Financial services stakeholders need to act now to limit liability and plug the massive hole in the AML regime that transaction laundering represents.