One of the main differences between a successful criminal and a wanna-be is that the smart one knows how to hide (often in plain sight), and use methods that often seem more mundane than dramatic — despite what Hollywood has trained us to believe over the last century or so.
A demonstration of that truth came around again recently with the observance of the Chinese New Year in early February. The country’s holiday tradition of people giving red envelopes stuffed with cash has — as befits a nation where consumers have embraced mobile payments and commerce more than just about anywhere else — turned digital. WeChat is credited with that shift, which began in 2015 with more than 1 billion envelopes (hong bao) being delivered. Annually, consumers send 40 billion or more red envelopes — and the tradition involves Chinese consumers located all over the world.
However, according to a recent PYMNTS discussion between Karen Webster and Zac Cohen, general manager of identity verification firm Trulioo, as that tradition transforms into a digital exercise, regulators and payment service providers are failing to keep up with criminals who are exploiting those transactions to conduct money laundering on a micro scale. Red envelopes, in fact, stand as only one example of that trend. Gaming — including the wildly popular Fortnite — is part of all this as well, one of the “unexpected ways in which people take advantage of the system.”
No one needs to be told how the payments landscape — after decades of serving as a relative backwater to commerce — is undergoing profound changes, and every PYMNTS reader knows that all such changes create business opportunities. That holds true for money launderers as well. Their particular business benefits from such shifts, as the best money launderers seek out new holes in anti-money laundering (AML) defenses, and new ways to escape the notice of law enforcement and regulators.
No one should blame the victim for the crime, of course. Yet, in Cohen’s telling, during this gold era of innovation and global growth, payment service providers have not, generally at least, done enough to think ahead of the game — and to anticipate how the spread of their services might not only benefit consumers and beef up the bottom line, but how criminals would react and, in some cases, latch on to those new digital offerings.
In January, for instance, news emerged that Fortnite’s in-game currency was being used to launder money from stolen credit cards. It works like this: A hacker will access someone else’s credit card information, then use it to create a Fortnite account and buy V-bucks, the game’s currency. Once the account fills up with V-bucks, they are then sold through a legitimate vendor like eBay, or on the dark web, for lower rates than the $10 for 1,000 that gamers get in the game or through an authorized online store.
Such examples, Cohen said, show that “it’s time that people make the assumption” that money launderers are always looking for new ways to clean their money — ways that regulators might not have considered, at least deeply. He added, “I’m not sure if people think about global the way they should.” He used Twitter as example, pointing out that even for its founder, it was no doubt difficult in 2006 — when that social media messaging service launched — to anticipate the full global impact it would have on payments, commerce, marketing, politics and even culture.
The point is to put more proactive thought into these types of payment tools and offerings. “You need to take a security-first approach,” he told Webster.
Put another way, according to Webster: “We need to create experiences with the bad guys in mind.”
Take the digital red envelopes, which are almost tailor-made for money laundering, according to the discussion. One person reportedly received more than 3,400 red envelopes, each with relatively small amounts of money in it. As Cohen said, spotting the money laundering is like trying to spot a single boat in the ocean.
A proactive approach seems obvious, but a workable proactive approach is not always taken for various reasons. One factor is lack of awareness. “Everything starts with education and information sharing,” he said, and that includes forums to share what works and what doesn’t in trying to detect money laundering attempts.
Money launderers, of course, don’t tend to use their real identities, but Cohen said there is tech that can spot patterns of criminal activity — and do so with relatively little friction, which is another factor that can discourage companies from being proactive. “Are there a lot of odd transactions going to one individual, or is that the norm?” he said by way of example. Technology can also “map all these relations on the back end, and can lead to powerful insights.”
Criminals are never defeated. They may be thwarted, but they tend to adopt. However, the first step — like so many other things in life — is to grasp the scope and character of the problem.