You’ve heard of money laundering, but have you heard of transaction laundering? According to a recent article on the PaymentsSource website, transaction laundering, which is also known as undisclosed aggregation or factoring, is a relatively new and increasingly popular scam in which cyber criminals hijack the legitimate payment process to sell all manner of illicit goods and services online, with as many as 6-10 percent of unauthorized ecommerce sites whose payments banks may be processing without consent or awareness.
Transaction laundering violates both the merchant’s agreement with its acquiring bank and several state and federal laws, including the U.S. anti-money-laundering laws. Some experts consider transaction laundering the digital version of money laundering in that it works in a similar manner. It’s an increasing concern for acquirers and payment processors because it is becoming more prevalent and it is difficult to identify, plus it puts acquirers at risk for fraud and brand damage. It occurs when legitimate merchant accounts are used to process unknown transactions for another line of business, legal otherwise. The goal is to use online acquisition systems to take payments for illegal goods and services, basically engaging in illegal commerce while using legal means to get paid.
Transaction laundering differs from money laundering in that it relies on credit card payment systems, usually involves “softer” crimes like the sale of illegal pharmaceuticals or sexual content, and it gets “cleaned” once the money is deposited in the merchant account of the front business. This not only makes it an extremely high security risk, but also difficult to track down, which means it’s even harder to eradicate. A laundered transaction begins when an unknown business uses an approved merchant’s payment credentials to process payments for products and services that the acquirer doesn’t know about, which leaves the acquirer open to a substantial amount of risk. If proper monitoring is not utilized, acquirers, PSPs, payment facilitators and gateways can unknowingly facilitate transactions for many unknown merchants processing laundered transactions. Three of the most common types of transaction laundering are:
- Benign: Two legitimate businesses are sharing the same payment gateway.
- Malicious: An illicit business is sending transactions through a legitimate or shell account.
- Affiliate: An illicit business takes payment info, creates an affiliate account at a 3rd party merchant site, and purchases goods to collect affiliate revenue.
Unfortunately there is no single solution for transaction laundering, and detecting the launderers is becoming a major challenge for all involved. The varied sources, payment methods and processes make it difficult to develop a one-size-fits-all solution. Plus, compounding the difficulty is the fact that many of the websites involved look perfectly legitimate but they have been caught selling illegal products, routing payments for their illegal goods and services through their own legitimate accounts. In addition, the sheer volume of transaction laundering sites out there is enough to make your head spin – for every one busted site, there are dozens, perhaps even hundreds, that are not uncovered.
It takes a mix of technology and good old human brain power to figure out where the highest risk factors are in the transaction. Merchants can help stay ahead of transaction laundering by keeping up with the Payment Card Industry Data Security Standards (PCI DSS), which will help your acquirer and processing bank to look for anomalies and sales patterns in your data, which may help to uncover any issues.
Transaction laundering may not be an entirely new problem but it is significant and has the potential to increase exponentially. In fact, some experts think this is the greatest challenge the payments industry has ever faced. Knowledge is key in working to eradicate transaction laundering. Working together with your acquirer and processing bank will help to prevent this growing threat from spreading.