Transaction Laundering: Payments’ Next Big Threat


Where there’s a [cybercriminal] will, there’s a [cybercrime] way. Transaction laundering, not to be confused with money laundering, is a pretty big will that has found some pretty effective ways to perpetuate, says Allison Guidette, CEO of G2 Web Services. Guidette and her team have been on the front lines of detecting and fighting compliance and fraud for 11 years and helped to uncover and shut down some of the biggest operations going. Guidette describes how the coming of EMV to the U.S. will escalate what has always been a threat, just one that not a lot of people talk about or focus on.

Transaction laundering is not a new problem, but it’s a significant one, with the potential to explode rapidly for two reasons: the pact of cybercrime is making it harder for acquirers to keep up and the impending shift to EMV will push more fraud online where this can just grow exponentially.

It is a crime sustained by various points of entry and the ever-increasing methods of payment available for the transactions to take place through. These fraudulent transactions can come through shopping carts, payments pages or even virtual terminals, even being processed through a page the shell business may or may not have any knowledge of.

Unlike the more well-known fraud of money laundering, transaction laundering relies on credit card payment systems, may involve softer crime such as prohibited pharmaceuticals and sexual content, and it gets “cleaned” once the money is deposited in the merchant account of the front business. All of these factors result in a security risk that is not only difficult to track down, but even more challenging to eradicate.

What’s worse is that as these fraudsters are being chased underground, they continue to pop back up by utilizing darker corners of the Internet to continue their crimes, G2 Web Services confirmed. But despite advancements in monitoring services, both merchants, card networks and federal regulators are having to do more in order to stay one step ahead of criminals in the transaction laundering world.

“The merchant acquiring industry has gotten pretty good at monitoring traditional merchant websites for brand damaging and illegal content. Now fraudsters — think of them as the mole in the carnival game whack-a-mole — are increasingly turning to transaction laundering as a way to gain access to payments and perpetuate crimes as we close off their avenues through traditional monitoring websites,” Guidette told MPD CEO Karen Webster in a recent interview in advance of the launch of G2’s new Transaction Laundering Detection Services.

G2 Web Services has been in the business of taking on this threat by developing ways to separate the legitimately “good” payments aggregation service providers and those who engage in undisclosed aggregation, involving prohibited substances and items being sold through what seem like legitimate businesses. And, some of their cases and “big busts” read like the stuff of fiction thrillers. Take, for example, these instances:

  • An illegal website selling injections of HCG (human chorionic gonadotropin) injections, a performance enhancing drug, through a legal pharmaceutical site
  • Bubble gum branded cannabis being sold through a merchant posing as a toy retailer
  • Herbs laced with synthetic drugs sold through a business posing as a food ingredients retailer

That’s not including what Guidette describes as cases of transaction laundering that have quickly escalated and expanded into syndicates, not only allowing illegal goods and services to enter the payments system and violating the merchant’s agreement with its acquirer, but also flouting U.S. anti-money-laundering laws.

“There is absolutely no one-size-fits-all solution to detect transaction laundering,” Guidette said. “Neutralizing the threat requires identifying which acquirer owns the front customer and which path the bad transactions followed.”

A path that Guidette firmly states requires the use of data, data science, expertise and the cooperation of the acquirer. But above all else, banks and compliance professionals will have to work together and with a multifaceted approach to truly curb the rise of transaction laundering.

“The solution to this problem isn’t just technology, it’s a combination of technology, internal monitoring by the acquirer and best practices. It’s never obvious and it is not easy,” Guidette explained.

The “it’s not easy stuff” is what has given birth to G2 Web Services’ Transaction Laundering Detection Solution. Guidette explains the solution as one that “works backwards” from the approved merchant and forward from the violators, while operating in partnership with the acquiring client or their value chain member. Which, for example in cases where the fraud involves child pornography, actually means bringing the activity to the attention of law enforcement.

“Acquirers have a process that is well established for reporting that illegal activity and their actions against it up all the way to the card networks. That mechanism has been pretty effective in making sure that legitimate acquirers were able to dramatically reduce the incidents of crime,” Guidette said.

Guidette says that situation has the potential to become more prevalent this fall as the U.S. embraces EMV and fraud moves online. That, she believes will only spark an uptick in transaction laundering.

“[EMV] is a very good thing for reducing card-present fraud, but what most expect to happen is more transactions will move online and that increase in card-not-present transactions in all likelihood will mean more transaction laundering online,” Guidette confirmed.

Unfortunately, just like with the whack-a-mole example, the fraudsters behind transaction laundering are not going away, instead they continue to find new channels to commit their crimes.

G2 Web Services hopes that it can help thwart this new threat with its detection service, which broadens the scope of current transaction laundering detection to include an omnidirectional protection methodology, which aims to attack the threat from all angles while shutting down threats inhabiting multiple pathways. The service will also rely heavily on the company’s extensive fraud and compliance database, and plans to employ evaluations from expert analysts with 150 years of combined experience.

“We are extremely excited about what we are introducing today. But this frontier of risk is continuing to move, so working in the payments community together we’ll continue to innovate to stay ahead of the challenge,” Guidette added. “There is some really bad stuff going on out there and we are proud to be a part of the army that’s fighting it.”