transaction laundering case study: an online …...psps, and payment facilitators at risk. for every...

SummaryCriminal organizations are businesses too – and just like all businesses, they need to manage risk in order to succeed. The practice of producing multiple websites, obtaining multiple merchant accounts, and holding transactions mitigates the risk of business disruption from account terminations. This exploitation of the payments system puts acquiring banks, ISOs, PSPs, and payment facilitators at risk. For every site that is terminated as the result of illegal activity, dozens more continue their dual-purpose business model, with new violators entering the payments chain every day.

The payments industry is not only dealing with sole practitioners. Transaction laundering can be bought and sold as a service. By working together, criminals can bypass laws more easily and provide supply more efficiently. Black markets are industries unto themselves, fulfilling supply for the global demand of illegal products and services of all types. Seemingly low-risk online retailers selling toys, candy, children’s clothing and housewares may actually push illegal drugs, counterfeit goods, weapons, violent content and more worldwide. The complexity of cross-border threats to payments service providers is astounding, and the consequences for violations can be devastating. It is imperative to have an efficient team working together and a vendor that offers a wider field of vision into perpetrators and patterns.

Transaction Laundering Case Study: An Online Steroid Ring

Prepared by: G2 Web Services

G2 Web Services • Transaction Laundering Case Study: An Online Steroid Ringg2webservices.com

Australian Acquirer Discovers Transaction Laundering Threats Following Assessment An Australian acquiring bank received a card scheme assessment for a merchant found to be enabling illegal transactions. These fines grow for each day that a violating site is active, creating liability for payment processors that could reach millions-of-dollars in penalties. Not to mention, attracting scrutiny from law enforcement agencies, governing bodies, and regulators.

The violating merchant, Body Sports Pro, was an online retailer of sports and exercise related nutritional products, advertising an assortment of vitamins, minerals, health supplements, and protein blends. It utilized a simple, but effective web design, and seemed to be just another new online business. With the growth of global nutrition and supplements sales over the past decade, many new players have entered the market. The industry is poised to reach a value of $37.7 billion by 2019, making sports nutrition sellers increasingly commonplace and very appealing to acquiring banks. There were no red flags at boarding, and the acquirer had no reason to question the merchant’s legitimacy.

Upon receiving the assessment, the bank realized that it needed a more comprehensive monitoring solution in place to combat any ongoing fraud perpetuated by their merchants, mitigate future risk, and protect against additional fines. After consulting industry leaders and researching compliance programs, the bank concluded that G2’s Transaction Laundering Detection was the answer. Transaction Laundering Detection gives acquirers, ISOs, PSPs, and payment facilitators a multi-layered depth of defense solution designed specifically to keep launderers out of merchant portfolios.

Body Sports Pro was quickly identified to be operating as a “front” site processing payments for another store, Anabolic Steroids Worldwide. This illegal merchant was selling oral and injectable steroids, HGH and peptides, and other illicit performance enhancing drugs (see Figure 1). This is a clear violation of the merchant agreement, blatant brand damaging activity and palpable criminal misconduct. But further inspection determined this was just the tip of the iceberg. The violating merchant wasn’t a lone wolf. G2 Transaction Laundering Detection uncovered that the violator was a counterpart to a much larger supplier distributing steroids globally.

Figure 1: When customers shopping on Anabolic Steroids Worldwide reached the checkout, they were re-routed to the payment processing page on the registered merchant site Body Sports Pro. Making the purchase of illegal products look legitimate.


Transaction Laundering Threatens Acquirers and Consumers Alike Anabolic steroids contain performance-enhancing agents that act by increasing lean muscle protein synthesis and body weight, without increasing fat mass. The illicit site was marketing steroids as a quick and easy way to build muscle during normal workout routines. Presenting steroid cycles with images showing the progress of “satisfied customers” before and after using their products. The messaging conveyed performance enhancing drugs as safe and legal, with images of athletes, fitness models and professional body builders used to help negate any consumer concerns. Performance enhancing products were falsely presented as an essential component to everyday athletic regimens, with quick results and no side effects (see Figure 2).

Steroids are banned by all major sports bodies in the US, and by global organizations including the Association of Tennis Professionals, International Federation of Football Association, and the International Olympic Committee. The World Anti-Doping Agency (WADA) maintains a list of banned performance-enhancing substances that includes all anabolic agents, hormones and related substances.

Even with the known dangers and laws criminalizing the distribution and possession of performance enhancing drugs, there are more than 50 types of anabolic steroids and 30 additional stimulants used in combination with them, now known to international regulators.

Additionally, the market has become saturated with counterfeit drugs, which pose additional risks to health and safety. When consumers purchase steroids online, they never know what they’re actually buying.

Figure 2: Advertising for steroids included images of models, athletes, and body builders to influence customer perception that steroid cycles are fundamental for a muscle building routines.

Health ConsequencesThere is a wide array of serious side effects associated with use of anabolic steroids, because the synthetic components alter normal hormonal production in the body.

Regular users experience: Altered mood and irritability

Increased aggression

Severe depression

Steroids are often abused by athletes to increase the size and strength of their muscles and improve endurance.

Continued use can cause: Heart Disease

Kidney Disease

High blood pressure

Bacterial infections

Infertility

Users of steroids can also become both physically and psychologically dependent upon the drugs.

Withdrawl symtons include: Reduced sex drive

Appetite loss

Insomnia


Steroid Ring Endangers Payments Chain There is a thriving black market operating with near anonymity via the dark web, however few people actually have the knowledge and means to access these marketplaces. The dark web is less a place than a method—hiding IP addresses of websites’ host servers through sophisticated software like Tor, or alternatives like I2P and Freenet. Payments are often restricted to cryptocurrencies, catering to a specific segment of buyers and sellers.

By sacrificing this anonymity and moving operations to more visible parts of the internet, dealers can reach a much larger and diverse customer base. This is Marketing 101, like any business, criminal enterprises want to bring supply to where the demand is. To bypass barriers of conducting illegal activity, they get creative, using methods of transaction laundering to hide in plain sight. Because the major card schemes forbid their member banks from facilitating illicit purchases, criminals rely on the ability to process transactions discretely through valid merchant accounts. They use fraudulent measures and laundering practices to both operate and cover their tracks.

When G2 delved deeper into the violating nutritional products store, the problem was much larger than originally anticipated. It was discovered that the violator processing these transactions was merely one small component of a much larger enterprise. More violating sites were exposed, structured

into separate groups using multiple merchant accounts.

By creating these “pods” of sites, and working to eliminate the visible connections between them, the criminals created an intricate architecture of illegal activity (See Figure 3). This was a full-fledged steroid ring, and they counted on acquirers and law enforcement to not be able to decipher the seemingly invisible lines cascading between their web domains, routing and rerouting payment processing methods.

In total, there were more than a dozen other violating sites connected in some facet to the original violator. Based in multiple countries, some sites acted as front stores, while others openly displayed steroids and other illegal products in standard retail form. Customers could browse full product descriptions, pricing, and instructions for using them. When a shopping cart was loaded and a customer was ready to make payment, the transaction would then link to a front store, where payment would be processed using the site’s merchant account. Illegal sales were disguised as legitimate sales. In this case, steroids were being sold as nutritional goods. An order might show a customer having purchased vitamins or minerals. Revenue would seem normal to third-parties, steroid users would get what they wanted, and the criminals would profit. A customer’s credit card bill would show the purchase of innocuous vitamins. The products would then ship under the guise of the front store.

Figure 3: The ring established groups of sites in pods that would each reroute payment to a dedicated front site. Sites within each pod were hosted in separate countries to aid in blurring the lines between them.


The ring had positioned itself with a safety net to continue operations in the event that one or more its sites or accounts were ever terminated. Akin to a game of whac-a-mole, the termination of one merchant account would simply drive the criminals to pop up later with a different account. They could shift sales between websites as needed, and launch new company names at any time to perpetuate the rouse.

To further evade suspicion, the ring ran its websites using different web servers and separate hosting providers in different countries (see Figure 4). This tactic helped make the relationships between the sites less obvious to underwriters at boarding, and harder to track by law enforcement internationally.

To gain customer trust and loyalty, on many sites they boasted a 99.9% delivery rate to North America, South America, and Europe. If a package were seized at customs, a replacement would be shipped.

Orders could not be shipped express in order to lower the chances of being seized. The websites stated that items were all wrapped in carbon photo paper to avoid x-ray detection. Products could also be hidden in toys and VHS tapes upon request. First-time buyers were instructed to not place orders for more than $750 using a credit card, and instead make their payment via bank transfer. The site listed MoneyGram as an option in the US, Überweisung in Germany, SEPA (Single Euro Payments Area) in Europe, and via IBAN (International Bank Account NBoumber) for other countries. This method helped to evade suspicion from card schemes and law enforcement when a new customer placed a large initial order. The violators indicated that bank transfers “don’t require any verification” as the reasoning behind the guideline. They even offered customers a 10% discount for using a bank transfer as the payment method on their first purchase.

Figure 4: Transaction Laundering Detection identified violators based in multiple countries, but the threat remains global as criminal rings continue shipping products to regions worldwide indiscriminately.


Eradicating Transaction Laundering After facing the assessment, the acquiring bank quickly terminated the violating merchant account. Threats had been averted, and the company could move forward with confidence knowing that they were in full compliance, and their portfolio was being monitored for any potential fraud in the future.

E-commerce has produced a multitude of new payment methods: e-wallets, virtual currency, mobile, and wearables. More are being added all the time. An increasing number of prohibited merchants have found safe passage into the payment system by exploiting valid merchant accounts. Life would be easier if all transactions flowed through payment systems in a consistent way, but they don’t.

Recent enforcement actions brought by the Federal Trade Commission (FTC) and the Department of Justice (DOJ) illustrate that financial industry participants are expected to know their customers and to keep bad actors out of the payments system. Examining bodies are increasingly expecting payment processors to be financial system gatekeepers over their own portfolios.

Without transaction laundering detection, acquirers are exposing themselves to regulatory penalties and card network assessments, and the loss of sponsor. Industry best practices for identifying transaction laundering help acquirers to protect themselves from these unknown violators.

To efficiently identify and eliminate transaction laundering in your portfolio, you must use a mixture of extensive data, analyst expertise, advanced technology, and a global view to pinpoint the highest risk factors present in transactions. Make the connections and find the violators.

Red Flag Indicators That Transaction Laundering is OccurringAt Boarding:

Suspicious pricing structures

Incomplete, vague, or mismatched product pages

Lack of vital product details, such as sizing information for clothing

Variances between merchant application and actual merchant website

Merchant asks questions about transaction posting and account debit timing

Merchant Monitoring:

Absence of typical marketing and merchandising processes

Batches of transactions or price disparities occurring at inappropriate times

Unusually high percentage of “card not present” keyed transactions (CNP)

Suspicious use of affiliate marketing

Large quantities of chargebacks

Clusters of consumer complaints


Defense Against Transaction LaunderersG2 Web Services is a global technology and services company that helps banks, processors and their partners ensure safer and more profitable commerce. Clients representing over half of merchant outlets globally use G2’s solutions to identify bad actors and keep them out of the payments system. Widely regarded as the market leader, G2 helps clients confidently handle known and unknown threats and manage changing compliance rules and regulations.

G2 Web Services employs a layered solution designed specifically to keep launderers out of your portfolio. Transaction Laundering Detection utilizes the G2 Merchant Map, the industry’s most comprehensive database consisting of over 11 years of global data on tens of millions of merchants, hundreds of millions of websites and over one billion different data points. Find out more at www.G2TLD.com.

Learn more atG2TLD.com

About G2 Web Services

G2 Web Services, a Verisk business, is a global technology and services company that helps banks, processors and their partners ensure safer and more profitable commerce. Clients use G2’s tools and expertise to perform better due diligence and monitoring so they can grow their portfolios and manage changing rules and regulations while taking on acceptable risk.

G2 Web Services Corporate Headquarters1750 112th Ave NE, Suite C101Bellevue, WA 98004 USA+ 1-888-788-5353

G2 Web Services London Office68 Lombard StreetLondon, EC3V 9LJUnited Kingdom

©2018 G2 Web Services. Specifications subject to change without notice. Printed in the U.S.A.

transaction laundering case study: an online …...psps, and payment facilitators at risk. for every...

Documents