Security & Fraud

How The eCommerce Fakers Launder Money

“Fake it ‘til you make it” is a familiar idiom with roots in the great teachings of Aristotle, who once said that a person who acted virtuous would, in fact, become a virtuous person.

Fake merchants — a problem that now underpins a $352 billion annual money-laundering loophole in the U.S. alone — don’t exactly follow those same principles. These merchants act like real merchants, with no intention of ever becoming one. In this situation, faking it until they make it is simply an illegal means to what has become a lucrative endgame for them.

The eCommerce fakers, Trulioo GM Zac Cohen told Karen Webster in a recent conversation, are an increasingly common occurrence. They look and feel like a real merchant, they are able to legitimately take payments, but they aren’t really in the business of selling the goods as advertised goods.

Instead, Cohn noted, they either fake it by breaking into a legitimate merchant’s data stream — and use their merchant account to sell illicit goods and services — or go all the way and create fake digital storefronts.

“Fake merchants are the sinister side of eCommerce, because we either are dealing with [a] fraudster taking advantage of a less-mature or less-hardened merchant account to forge data and divert funds through different accounts,” Cohen said, “or we just have the folks that are just illegally setting up a front business that have no intention of ever being legitimate, and the whole thing is just fraudulent front-to-back.”

It may not be a top-of-mind problem for many consumers and merchants, which Cohen said is just the way they like it. Since the beginning of commerce, fraudsters have been looking for ways to game the system, he noted — and the sheer proliferation of microbusiness online in recent years created a new weak point to attack.

The good news, Cohen noted, is that the payments ecosystem now has a better understanding of why and how these eCommerce fakers ply their craft, and is now better-equipped to stop it. But only if the solutions to stop it don’t leave gaps for those fakers to keep faking until they make it.

The Tough Thing About Easy Merchant Onboarding

Fraudsters are taking a sudden interest in online storefronts, Cohen said, for one very explicable reason: Those storefront operators can set up shop, literally, anywhere on planet Earth where there is an internet connection.

And there are now millions of those storefronts.

“There are a lot of great tools in the market that make it easy to set up shop online,” Cohen explained, “and that means that there are a lot of micro-merchant businesses out there selling everything from razor blades to real estate.”

Making it that easy to start one’s own microbusiness inspires innovation, but also — unfortunately — makes it easy for anyone to start a microbusiness, including those whose main entrepreneurial efforts are focused on building a cool-looking storefront that specializes in fake invoices, false transactions and data scraping. The buyer, of course, does not know they are shopping in a money-laundering boutique. They think they are buying shoes, or clothes, or electronics — or helping people in their time of need.

“What we have seen a lot of lately is people setting up fake firms, trying to take advantage of disaster resources deployed to help victims,” Cohen said. He referenced the opportunistic fakers who set up schemes intended to “help” the California wildfire victims, but who lined their own pockets instead.

All these fakers are discoverable, of course — but for most of them, when they are, it is far too late to do anything to the fraudster, who has already shut down their fake company and moved to the storefront next door. And since there are so many instant onboarding solutions for microbusinesses, Cohen said, the fakers can keep faking it for quite a long time.

“You can see these small hits, happening over and over again,” Cohen observed, adding that it exists because it is lucrative, which is why fraudsters will continue for as long as they can.

Fighting The Fakers

Fighting the fakers is hard, Cohen noted, because fraudsters are agile and very much in the know. They tend to know, for example, that most transaction fraud securities and controls are meant to find fraud after the fact. They also know the security software is looking for illicit transactions.

This means they use schemes to hide those obvious telltales and exploit those fraud loopholes.

“Fraudsters are quite good at creating transaction frauds that are very hard to spot — double invoicing, or carousel transactions, for instance,” Cohen explained. “Fraudsters are onto the fact [that] the industry is looking for weird transactions — so they are making small changes in places like invoices where it is hard to pick up, or taking advantage of the fact that no one is really looking hard at them when they are setting up their firm.”

It’s not that monitoring after the fact isn’t useful or important, Cohen said — as it is both of those things. It just isn’t sufficient to the problem. Finding fake merchants after they’ve set up shop isn’t nearly as good as exposing them before they can set up shop.

That’s where Cohen said Trulioo want to take the fight, using the company’s Global Business Verification project to find the fake merchants before they set up shop, during the onboarding process.

“Businesses are learning today and becoming much, much more aware … than they’ve ever been … that this is a problem, and an expensive one both in terms of dollars and reputational damage. It is very much top of mind,” he said.

Online communities run on trust, he said, and the best approach to building trust in that kind of digital context is simply to know with whom one is doing business. It is important for payment services providers to know who their customers and vendors are, and how the supply chain is functioning, Cohen said. That’s because without those kinds of easy checks, it is incredibly easy to use sloppy onboarding to attack payment networks, or use those networks for “nefarious purposes.”

The problem, according to Cohen, is one of visibility. There are exactly zero platforms that want to make it easy for fraudsters to leverage their, otherwise, slick onboarding processes to defraud people and launder money.

It’s just that “money laundering has come a long way since its laundromat days with Al Capone. It’s now time to shift courses and adopt new tactics that take proactive — and not just reactive — measures,” he said.

Fraudsters, Cohen noted, want to fake it ‘til the make it. Smarter onboarding will make it easier to catch the faking early on so that they never make it anywhere.



The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.