Audience: This document is intended for acquiring managers, directors and executives responsible for merchant compliance and risk. In particular, this is intended for those who must keep their portfolios free of transaction laundering and associated costs and fines.

Cleaning Out Transaction Laundering A Guide for Risk and Compliance Leaders

Prepared by: Dan Frechtling, Chief Product & Marketing Officer Gavin Andrews, Principal Product Manager

Table of Contents

A confounding problem for risk managers ............................................................. 1

The 6 types of laundering merchants ..................................................................... 3

Case #1: “Spice” syndicate ..................................................................................... 6

Case #2: The laundering veterans .......................................................................... 7

Working with a partner .......................................................................................... 8

About G2.............................................................................................................. 11

1

A confounding problem for risk managers Transaction Laundering occurs when unknown, often illicit, businesses process payments through merchants known to acquirers or their downstream partners. It is sometimes known as unauthorized aggregation or factoring. By any name, transaction laundering is a crime. It violates the merchant's agreement with its acquirer, allows prohibited goods and services to enter the payment system, and may flout anti-money-laundering (AML) laws, especially in the US (see sidebar: Transaction laundering may attract attention of regulators) Transaction Laundering is being taken very seriously by card networks. On July 1, 2015, Mastercard announced it created a formalized program with incentives to monitor and detect transaction laundering. Bad actors find it increasingly hard to sell prohibited items through monitored merchant accounts because they are scrutinized by acquirers. But when acquirers terminate a merchant, the perpetrators behind the merchant live on to deceive another day and seek more covert methods of processing payments. G2’s Web Services’ Merchant Map®, which monitors tens of millions of merchants, has shown a full quarter of terminated accounts keep the rest of their operations mostly intact, seeking new paths into the payment system. Others rename and reform their operations but continue to sell illicit goods. Only a minority disappear completely. The Vice President of Compliance for a Top 10 US Acquirer told G2 Web Services, “This is the hardest problem I’ve seen in over 20 years. All of a sudden I’m a cop.” Violators don’t give up easily, and neither do you. So as transaction laundering is on the rise, so are solutions to help compliance professionals detect and eliminate the practice.

Why transaction launderers are cunning Transaction Laundering is hard to root out for two reasons. First, violating transactions can enter in multiple places along the payments chain. Life would be easier if all transactions flowed through your payment system in a consistent way, such as e-commerce authorization and settlement traveling from shopping cart to gateway to processor to bank.

Transaction laundering may attract attention of regulators

Ed Wilson, Partner at Venable, LLP, believes regulators in the U.S. may begin to scrutinize Transaction Laundering. Financial Crimes Enforcement Network (FinCEN). According to Wilson, “Regulatory pressure is most likely to come from the FinCEN. Unfortunately for the card industry, FinCEN sees TL as variations on well-documented AML themes. In view of this, the payments industry should expect little patience from FinCEN.” Federal Financial Institutions Examination Council (FFIEC). Further, “The increasing number of FFIEC examinations of payment processors and merchant acquirers illustrates that the same rules are being applied to all participants in the financial services industry. Failure to prevent uninvited (or unknown) guests from gaining access to the payment system will subject financial industry participants to substantial fines.” CFPB. Says Wilson, “Like the FFIEC, the CFPB has supervisory and examination authority that extends to acquiring banks, payment processors, and all other FIs involved in consumer financial products and services.”

2

But it’s not so easy (see Figure 1a). A shopping cart may go direct to a bank (see Figure 1b, path 2). Or two gateways may have a relationship (path 3). Or a gateway may funnel through a processor sometimes and a bank sometimes (path 4). Further, organizations can play multiple roles. The answer is never obvious. There are hundreds of companies and thousands of permutations. The key challenge is separating laundered transactions from legitimate transactions.

Figure 1a

Figure 1b

3

Second, merchants in your portfolio may be victims. Some merchants may be exploited by dishonest employees or by a fraudster that has registered for their affiliate program specifically to deliver transactions that originated on illicit sites (see Figure 2). In one case identified by G2, a pornographic site committed affiliate fraud by entering customer payment information on a software download site and earning an affiliate commission.

Figure 2

But the vast majority of merchants involved in transaction laundering are complicit. They often create “front” businesses or allow lawbreaking acquaintances to use their merchant accounts. In one early case identified by G2, a vitamin site created a shadow site which sold illegal injections of HCG (human chorionic gonadotropin). The shadow site became the revenue driver for the whole operation.

The 6 types of laundering merchants At this point, you might be wondering who these launderers are. When you and your risk teams investigate a potential transaction laundering case, it involves one of your registered merchants. Categorizing launderers by business legitimacy (real or façade) and the motivations of the merchant principals (honest or malicious) can help guide your investigation (see Figure 3a) The first question is around business legitimacy. Is it real or façade? Can you go to the store or site, purchase a product and have it delivered? Is there a coherent consumer experience? Or is the checkout process broken or otherwise incomplete? The second question concerns the character of the business principals. Are they honest or malicious? Are merchants making understandable mistakes or intentionally taking advantage of acquirers?

4

Figure 3a

Let’s explore the six types (see Figure 3b)

1. Corrupted Merchant:

Operation: They sell real products. But they have partnered with an organization to

process their illicit transactions in order to earn extra revenue.

Example: A phone accessory store agrees to process payments for a pharma site to earn

extra money.

2. Criminal Owned Merchant:

Operation: They sell real products and also process illicit laundered transactions. Owned

by the perpetrator, built from scratch, or purchased from a legitimate merchant, they

attempt to conduct business without acquirer knowledge.

Example: A lighting store is purchased by a criminal organization to hide transactions

that are coming from illicit sources.

3. Front Business:

Operation: The e-commerce process is broken or incoherent – all transactions are

laundered from illicit sources.

Example: A food supplier with a broken ecommerce process secretly processes

transactions from an illegal drug site.

5

4. Online Expansion:

Operation: In the natural course of business growth, many merchants will start with a

brick and mortar account and expand to e-commerce without telling the acquirer. This

increases the acquirer’s risk.

Example: A brick and mortar book store expands to ecommerce using same account.

5. Terminal Sharing:

Operation: Some small businesses will share an account if they share the same physical

space or provide complimentary or bundled products or services.

Example: A chiropractic practice and a physical therapy practice share a terminal

6. Affiliate Laundering (see Figure 2):

Operation: Affiliate programs are a common ecommerce practice to bring increased

traffic and sales to a merchant’s site. Criminals can use these programs to launder

transactions originating on illicit sites and collect affiliate commissions.

Example: An innocent software merchant with an affiliate program is fed transactions by

a criminal organization.

Figure 3b

Through the last 11 years of monitoring merchant content, G2 has found that on average 1.5% of a client’s portfolio contains offending websites. You may have more, or you may have less. Let’s dive into specific case examples of transaction laundering.

6

Case #1: “Spice” syndicate A food ingredients company was onboarded by an acquirer. It utilized a simple but effective web design that merchandised peppers, confections, rare spices, and other ingredients. Prices were high, but not unreasonable. After investigation, it was discovered the food “Spice” merchant was laundering for a drug “Spice” site. The slang term “Spice” applies to a dried plant matter laced with synthetic (or designer) cannabinoid compounds. The chemicals used in Spice have a high potential for abuse and no medical benefit, and the DEA has designated the five active chemicals most frequently found in Spice as Schedule I controlled substances, making it illegal to sell, buy, or possess them. This is a common example – illegal drugs are a prime category for transaction laundering. When G2 delved deeper, the problem was larger than at first glance (see Figure 4). This ingredient store was in fact part of a network of four functionally and visually equivalent ingredient stores with multiple merchant accounts. One site was active, and three were dormant. To make matters worse, there were five active violating sites through which the drugs were advertised and sold. And there were three more ready to be activated.

Figure 4

7

Criminal organizations are businesses – and just like all businesses, they need to manage risk to succeed. Producing multiple sites and obtaining multiple merchant accounts mitigates the risk of business disruption from account terminations. What lessons can we learn from this case?

First, this syndicate involved multiple known and unknown merchants. Lesson: Look for copycats;

don’t stop with the first discovered case.

Second, this syndicate spanned multiple acquiring banks and PSPs. Providers were exploited

because they did not have a way of sharing information. Lesson: Make sure you or your technology

partner have access to a cross-acquirer view (see later discussion on Working with a partner).

Third, there were signs the front restaurant supply company was selling “laundering as a service.”

Lesson: Don’t consider perpetrator “terminated”; look for sequel attempts

It is important to realize the industry is not only dealing with sole practitioners. Transaction laundering can be bought and sold as a service.

“Through the last 11 years of monitoring merchant content, G2 has found that on average 1.5% of a client’s portfolio contains offending websites.”

Case #2: The laundering veterans In our second example, a toy and game merchant featured cup-and-ball game that challenged players juggling skills. It also sold remote control vehicles. Its products were addictive. But we’re no longer talking about games. The toy and game store was in fact laundering transactions for a marijuana and hallucinogenic mushroom site (see Figure 5) But something was odd about the timeline. The toy store came online in 2012. But the drug store had been online since 2002. What happened during the intervening 10 years? A historical investigation using the G2 Merchant Map® suggested the drug site began laundering through a solar lighting company in 2004. That same year, the store expanded from a focus on marijuana flowers and did into marijuana seeds – a natural complementary product set. In 2009, another site with laundering connections to the marijuana business emerged – this time a hemp store, another complementary product set for this industry – but this time on the legal side, consisting mostly of clothing items and bags. In 2012, two more front sites were added, a mobile phone accessory shop and the toy and game store, where our story began.

8

Figure 5 A wide variety of businesses can serve as transaction launderers. Beliefs about high and low risk business types can negatively bias risk professionals away from performing meaningful investigations. Successful transaction launderers are skilled at hiding illicit transactions in the midst of real transactions. What lessons can we learn from the second case?

First, many different types of businesses can serve as launders. Lesson: Don’t exclude a known

merchant from a laundering investigation because of its business category or MCC.

Second, a known merchant that is laundering can sell legitimate products. Lesson: Real businesses

are created to launder transactions or can become corrupted after years of legitimate commerce.

Third, organized criminals keep their sites in business. Lesson: Don’t let the same criminal create a

risk event for you more than once.

Working with a partner You won’t need to face transaction launderers alone. Vendors have produced new products and services to help you detect probable cases and assist in confirming and even eliminating them. Here is an example from GlobalPayments.

9

“G2 contacted us after they had [discovered] non-

compliant sites located in the UK. We were able to

use this data to link these to merchants on our

portfolio who had registered a

compliant URL at the point of

approval. After further

investigation, we were

successfully able to identify

further links from our merchants to these non-

compliant sites and take the required action to

remove this risk from our portfolio.’’ Registered Trademark of Global Payments Inc. G2 Web Services, LLC Licensee of the Trademark

Global Payments reminds us transaction laundering detection is more collaborative than traditional monitoring. Detecting and taking action against transaction laundering is not the same as content monitoring, where risk managers take action based largely on reports. With transaction laundering, collaboration between firms and service providers is very important. Best practices to help you choose a partner fall into two categories (see Figure 6). First, there are Product attributes.

1. Full suite: Tools should combine website, traffic, and transaction analysis. There are many types

of analysis and data that you should consider independently and in tandem. The technology and

knowledge to do these well require significant investment. Working together with a partner who

has made the investment already will provide you the capabilities cost-effectively.

2. Wide angle lens: Utilize known transaction laundering from peer companies to catch cross-

acquirer and cross-region perpetrators before they strike your portfolio. Sharing data on

transaction launderers across the industry is extremely valuable. A partner should provide you a

systematic method of sharing data that protects privacy and competitive advantage while

providing the benefits.

3. Verification: Prove definitively that transaction laundering is occurring. At the end of every

transaction laundering investigation, you will ask: What now? Do I try work with the merchant?

Do I terminate the account? Do I clear and move on to the next case? Your partner should

provide a systematic method of obtaining definitive proof – increasing your likelihood of a good

decision.

10

Next, there are Information attributes.

4. Historical data: Perpetrators evolve quickly into new tactics. But in many cases the actors are

the same old dogs learning new tricks. You need to recognize past violators so you can catch

them before they re-initiate fraudulent activity. As the Veteran Launderers case (see Figure 5)

above demonstrates, some culprits have been in the fraud business since the turn of the

century. A partner should be able to backtrack at least 10 years.

5. Human analysis: Technology is an enabling solution, but it’s not the whole solution. A partner

should have an in-house analyst team to verify content violations to save you time and

resources.

6. Advisory: Detection methods that worked last year may not work this year. Technology and

human analysis should be complemented by expertise and intuition that comes from

discovering hundreds of transaction laundering violations. A partner should be able to share

with you a steady stream of best practices and information on transaction laundering trends

that help identify root causes.

Figure 6

11

About G2 G2 Web Services is a global technology and services company that helps banks, processors and their partners ensure safer and more profitable commerce. Clients representing over half of merchant outlets globally use G2 solutions to identify bad actors and keep them out of the payments system. Banks, processors and their partners use G2 tools and expertise to perform better due diligence and monitoring so they can grow their portfolios while taking on acceptable risk. Widely regarded as the market leader, G2 helps clients confidently handle known and unknown threats and manage changing rules and regulations. G2 Web Services is headquartered in Bellevue, WA, with offices in London and Shanghai. Learn more at: www.g2webservices.com

About the authors

Dan Frechtling, Chief Marketing & Product Officer Dan oversees marketing and product for diligence and monitoring solutions serving the US, Europe, Middle East/Africa, and Asia. Previously, Dan worked in a variety of senior roles at hibu (Yell UK) Ltd, DS-IQ (Walmart Smart Network), Mattel, and McKinsey & Co. Dan earned his MBA with distinction from Harvard Business School, and his BS from Northwestern University.

Gavin Andrews, Principal Product Manager Gavin focuses on new product development. He has launched new products and services in transaction laundering detection, anti-counterfeiting, fraud detection, and predictive risk scoring. Previously, Gavin worked at Inviso, where he established a subsidiary office in Shanghai, China. Gavin earned his BA in Applied Mathematics from Whitman College and a Certificate of Project Management from University of Washington.