PYMNTS-MonitorEdge-May-2024

No Place For Hate Group Transaction Laundering

Agree or disagree with the Second Amendment, there’s nothing wrong with a website selling goods like hats and t-shirts to people who wish to wear their support on their sleeves. Or is there? Banks didn’t notice it at first, but on closer scrutiny, one particular online merchant appeared to be selling such products but turned out to be laundering transactions for one of the biggest neo-Nazi groups in the U.S.

The front site accepted all major credit cards and alternative payment methods. The hats, t-shirts, patches, history books and tongue-in-cheek novelty items were, perhaps, odd — or, at the very least, politically charged — but the site seemed to check out and even appeared to take a stand against hate speech, suggesting anyone who disagreed with the right to bear arms simply “go somewhere else” rather than haranguing others on the site. The merchant also, ironically, claimed to be tracking IP addresses in an effort to prevent fraud.

Yet when visitors clicked on the categories to shop, they were oddly barren. There was only one book for sale and two hats. The real merchandise was hidden — and much less mundane. There was, for instance, a first-person shooter video game for sale in which players could go on missions to kill members of certain ethnic groups.

No bank wants that in its portfolio. If the public associated it with such groups and activities, that could destroy the bank’s reputation permanently. That’s exactly why the hate group was laundering money in the first place: No legitimate bank would take it on, knowing what it represented. Unable to sell its goods, the enterprise nonetheless found its way into multiple portfolios by masquerading as a simple online merchant.

Transaction Laundering 101

Dan Frechtling, CPO at G2 Web Services, recently spoke with PYMNTS’ Karen Webster about this new iteration of an old crime. G2 provides merchant risk intelligence solutions for acquirers, commercial banks and their value chain partners. It was G2 that cracked the code on the hidden neo-Nazi merchant.

So-called “hate group laundering” may be a relatively new issue, Frechtling said, but transaction laundering is old news. It’s gone by different names over the years: aggregation, factoring and credit card laundering, just to name a few. Mastercard came up with the term “transaction laundering” when it launched a new initiative to combat it.

Transaction laundering occurs when a merchant or business is processing transactions on behalf of a hidden business engaged in illicit activities. Savvy buyers never even visit the front site, but simply place their orders with the true merchant and run their payment through the front to hide it from the banks and credit card networks.

To the average Joe, the fake site looks like any other online merchant. People may even be able to purchase the regular goods the site claims to be selling, although in other cases, the criminals won’t bother stocking those items and will simply have the system generate an “out of stock” message for any innocent orders placed.

Of course, not all of these hidden merchants are selling racist video games. A common example is drug trafficking. G2 recently took down a site pretending to sell psychedelic t-shirts but which was actually selling psychedelic drugs.

The site was utilizing a clever code in which the name of the t-shirt had the same initials as the drug, and the size indicated the number of blotters the buyer wished to order. This way, the buyer was able to convey information about the true order, yet the transaction would show up on his or her statement as a simple (albeit expensive) t-shirt purchase.

In that instance, no actual t-shirts were available for sale. But, in a similar instance, a fake toy store masking sales of the synthetic cannabinoid “spice” would indeed mail innocent shoppers the action figure or remote controlled car they tried to order.

Frechtling said the front merchant usually knows exactly what it’s doing. In these cases, tracking these cybercriminals can be very, very tricky. On the rare occasions when the merchant is innocent, it’s possible the criminals leveraged an unpatched vulnerability in their site to hack it.

Telltale Signs

Many of these criminal enterprises are very clever, but Frechtling said there are a few telltale signs that should trigger banks to dig deeper into some of the merchants in their portfolios. Here are a few questions banks should be asking as they review their portfolio contents.

Do the products on the site make sense, or does the selection seem inconsistent? For instance, G2 found a website selling both apparel and electronic testing equipment. Since those products are wildly disparate and would not normally be sold on the same site, it could mean the site isn’t normal.

Is the pricing reasonable, or do the prices fail to correspond with the products that seem to be for sale? There are, indeed, luxury e-tailers selling t-shirts for $300 apiece (and more), but prices like this combined with other factors may suggest something else is being marketed.

Does the merchant have a very high processing limit relative to the types of goods sold? Does it display unusual chargeback patterns or a transaction ebb and flow which could suggest load balancing across a network of active and dormant sites, one that may suddenly become active as others in the network are shut down? Criminals are creating backup plans, Frechtling said — they know they’re going to get shut down, so they’re ready to launch another front to keep business moving through the hidden site.

It’s worth noting the same criminals often resurface with new efforts that may bear similar patterns to their past work. That’s because it’s not law enforcement catching these bad guys, but financial institutions. All they can do is terminate the merchant account, not send anyone to jail.

Trends

Frechtling said transaction laundering is on the rise because other points of entry into payments are being closed off as credit card networks crack down on content. It used to be possible to sell illegal goods through a transparent website, but it’s a different eCommerce world today.

“When they get shut down, perpetrators don’t go away,” Frechtling said. “They go somewhere else. By trial and error, they find cracks in payments like water finds cracks in pavement.”

He pegged the ease of set up as one major driver behind the increase in transaction laundering. No longer does one need to be a kingpin to succeed in this realm, he said — anyone can set up a merchant front and, with a little know-how, start laundering transactions. And, as dark web markets shift and shutter, the people using them have to go somewhere. There are more buyers on the surface web than on the dark web, so their odds of turning a profit there may be higher, Frechtling said.

His final word of caution to banks is to keep an eye on alternative payment methods. While these represent higher convenience and lower transaction costs for buyers and sellers, criminals are looking for weaknesses in fraud and compliance practices.

“Banks have been aware of this for a while,” Frechtling said, “but they still don’t fully understand that this is the new form of money laundering. It’s a new thing, and the payments industry is just waking up to it.”

To download REAL LIFE LAUNDERERS, fill out the form below:

    First Name*

    Last Name*

    Title*

    Company*

    Work Email*

    PYMNTS-MonitorEdge-May-2024