Transaction Laundering – Money Laundering Goes Electronic in the 21st Century

By Ron Teicher

The age-old art of hiding money from governments truly took flight in the online era. The good news for us (and bad news for cyber criminals) is that regulators are starting to use technology to catch up.

In October 1931, American gangster Al Capone was convicted of tax evasion of approximately $1 million and sentenced to 11 years in prison. Federal Anti-Money Laundering (AML) laws didn’t exist yet, but prosecutors were able to prove that Capone was illegally hiding his bootlegging profits to avoid paying federal taxes. To this day, it remains the most famous case of financial crime in American history, as it put an end to his Chicago-based crime operations.

The FBI’s success in using financial law against Capone forced criminals to devise a more sophisticated method to disguise profits from their illicit practices. Succeeding gangsters learned from Capone’s demise, and realized the importance of establishing businesses as “fronts” for their underground, illegal activity. Casinos were probably the most obvious examples of fronts, where large volumes of money could flow in and out.

The legal struggle against money laundering began, in earnest, some 50 years ago with the Bank Secrecy Act of 1970. This law required financial institutions to record large cash transactions, and report suspicious fiscal activity to the government. Various legislation over the following decades mitigated criminal activity, and made it much more difficult for criminals to hide illicit funds.

But then, came the age of the Internet and online commerce, where hiding behind a computer screen was able to give you a degree of anonymity.

And with this, a new category of online crime began exploiting the industry of digital payments in order to facilitate money laundering. Regulators, who previously devoted massive resources to building complex, mostly manual, AML processes – now simply can’t keep up in this digital age.

Transaction Laundering – The New Face of Money Laundering

Electronic money laundering, also known as Transaction Laundering, is the most common, but least enforced , method of money laundering. The principle is simple: an unknown online business uses an approved merchant’s payment credentials to process credit card transactions for unknown products and services.

For example, a cyber criminal can set up a website in a matter of minutes, accepting payment via card, and disguise their income from illegal activities by rerouting payments through a legitimate merchant account, like an online book shop.

In addition to regulatory offenses, Transaction Laundering infringes upon credit card brand policies, putting merchants and acquirers in violation of KYC requirements  and violates numerous federal regulations.  This leads to potential fines, legal action and brand damage.

Transaction Laundering is happening, right now,  directly under the noses of regulators through the exploitation of online anonymity. The threat of this criminal activity grows as the volume of Internet commerce grows. How big is Transaction Laundering, really?

Our research has shown that Transaction Laundering for the online sales of products and services reaches over an estimated $200 billion a year in the US alone. Of this, $6 billion involves illicit goods.

Not Just Drugs, Guns, and Trafficking: Transaction Laundering Also Finances Global Terror

Just like in the days of Al Capone and the early advent of money laundering, Transaction Laundering is linked to illegal activity.  Perhaps an even worse reality, in our current times, it is now proven to be the source of financing for numerous terror attacks – including the violent attack on the offices of French satire magazine Charlie Hebdo.

Moreover, the FBI recently revealed that ISIS was using Transaction Laundering to finance a US domestic terror agenda via eBay and PayPal. As reported in The Wall Street Journal, the FBI announced that an American-born ISIS operative and US citizen was arrested after he received nearly $10,000 via PayPal for fraudulent sales of fake computer printers via eBay.

Transaction Laundering is not just a domestic U.S. threat. The Daily Beast recently reported that Russian criminals are using Airbnb to launder illicit funds from stolen credit cards. Unlike other Transaction Laundering instances, the Airbnb scheme also involves fraudulent, complicit hosts instead of merchants – exploiting Airbnb’s online marketplace to conduct illegal activity.  The scam is simple: fraudsters use stolen credits cards to launder the dirty money through complicit Airbnb hosts they meet in underground, online forums. Once the Airbnb booking transaction is processed, no one actually stays at the advertised accommodation; instead the two parties split the payment and create fake end-of-stay reviews to close the transactional loop.

The Good News: Regulators are Finally Catching Up

The good news for 21st century is that AML regulations are starting to sync with the digital world. There are an estimated 40 million e-commerce websites worldwide, making manual monitoring and long onboarding  processes inefficient and overall impossible. As new Regulatory Technology, or “RegTech” players, enter the scene, AML regulators are able to take advantage of emerging technologies like AI and machine-learning solutions to more effectively fight digital money laundering. This is a game changer for regulators who have long been statutorily powerful, yet unable to exert the full measure of their power against digital money launderers.

Newfound regulatory confidence and advanced RegTech are making the detection and prevention of Transaction Laundering a shared responsibility among law enforcement agencies, e-commerce players, MSPS, fintech providers and individual users. With the right digital tools in place, electronic money laundering can be detected, and ultimately intercepted. After so many years of hiding their illegal practices behind the screen, e-money launderers have good reason to be worried. Much like Al Capone’s, their elaborate schemes and operations could soon come to an end.

https://www.finextra.com/blogposting/15423/transaction-laundering—money-laundering-goes-electronic-in-the-21st-century

Solving a blockchain conundrum: Biometrics could recover lost encryption keys

By Lucas Mearian

Blockchain could one day solve the online privacy problem by encrypting or scrambling personally identifiable information and issuing each person a random string of bits – a private key – created explicitly for unscrambling their data.

The person holding the blockchain private key could issue various public keys controlling who has access to the personal data on the blockchain. So, for instance, if a car rental agency needed to verify you have a driver’s license, you could use a public key to give them access to that information. You could later revoke access to that information.

The still-nascent distributed ledger technology, however, faces a vexing problem: what does a user do if they lose their private key? Essentially, a lost key means they lose access to all of their data – and if that data happens to include bitcoins or other cryptocurrency, they lose their digital money as well.

For example, Bitcoin scrambles user information through the use of the AES 256-bit encryption algorithm, which creates a 256-bit private key that can be represented by 32 or 64 alpha numeric characters.

“For Bitcoin, there simply is no key recovery. If you lose your private key, you’ve lost your Bitcoin,” said Martha Bennett, a principal analyst at Forrester Research.

Lance Morginn, CEO and co-founder of the Blockchain Intelligence Group, believes the blockchain industry and government regulators will need to collectively come to terms on a standard for reclaiming a lost private key.

The Blockchain Intelligence Group is a private company that offers blockchain search and data analytics tools; it has already been working on ID management with U.S. regulators and law enforcement agencies.

The most likely method for reclaiming a private key would be to physically go to a secure facility where the key’s owner would have to pass a number of security measures before the key is restored.

“It’s going to come down to a multitude of biometric devices. It could include a fingerprint scanner with a pulse detector, a retinal scanner and facial recognition all tied together,” Morginn said. “We’re in discussions with number of different regulators around world.”

Increasing regulatory scrutiny

While the idea of going to a private key reclamation facility may seem far-fetched, regulators in various countries are already boosting their scrutiny of cryptocurrency exchanges, including requirements that cryptocurrency be stored offline.

After a number of bitcoin thefts over the past seven years, Japanese regulators this month tightened their rules requiring exchanges to keep bitcoins offline or in “cold storage,” and bitcoin wallet access will require more than one person’s login information.

Conversely, most of the world’s other bitcoin exchanges today continue to keep the digital currency in “hot wallets” or online electronic depositories managed by the exchanges themselves.

Japanese bitcoin exchanges will also have to take more action to prevent money laundering, just as financial service companies in the U.S. must do today by following know-your-customer (KYC) and anti-money laundering (AML) guidelines.

Blockchain identity networks projects have also sprung up, offering the potential to satisfy new, more stringent requirements, such as KYC, to ensure that companies know with whom they’re doing business. KYC regulations were enacted in recent  years to address a rise in money laundering and terrorist activity funding.

Through a blockchain identifier network, banks could pre-verify who their customers are, and whether or not they’re tied to nefarious activities.

There are already blockchain networks that use biometrics to enable access to private keys and the personally identifiable information (PII) they protect.

Biometrics for accessing keys

For example, Civic, a blockchain identity-verification technology provider, pre-registers users and their identification data, encrypts it and issues a passcode accessible via a finger print scan using an app on a mobile device.

In March, Civic partnered with mobile voting provider Votem to launch a know-your-customer process that will pre-register and authenticate those participating in Votem’s crowdfunding initial coin offering (ICO). Once user IDs have been verified using blockchain, the identities are stored on the Civic App and can be reused for the ICO.

Civic’s private keys are generated by a third-party crypto wallet, providing a firewall between Civic and users’ keys app. The fingerprint scan eliminates the need for logins  with a username, password, third-party authenticator, or physical hardware token. Civic users can choose who gains access to their information and what data gets shared.

Just as physical keys only open the locks for which they were made, public keys can be used by blockchain users to control what data is released to whom; public keys are controlled through smart contracts, a blockchain business automation tool that determines what information is released based on the public key used.

There are several projects in the works to enable the worldwide exchange of PII via blockchain networks. The biggest benefit: there would be no central authority, such as a bank, governing the exchange of private data. The control would remain with the owner of that data.

For example, the Sovrin Foundation, a new nonprofit organization now developing the Sovrin Network, could enable anyone to globally exchange pre-verified data with any entity also on the network.

The online credentials would be akin to identify information that might already be in someone’s physical wallet: a driver’s license, a bank debit card or a company ID.

Instead of a physical card, however, the IDs in digital wallets would be encrypted and link back to the institutions that created them, such as a bank, a government or even an employer. Any of them, through the blockchain, would automatically verify  information to a requestor.

The owner of the digital wallet can limit what information a business receives via an electronic token.

“Let’s say I go to rent a car and you’ve got the 18-year-old behind the counter that I have to give all my information – my driver’s license, my credit cards. She doesn’t need all that information. She just needs to know that I’m authorized to drive that car. I have just given her the… token saying I’m licensed in the state of New York,” said Shone Anstey, president and co-founder of the Blockchain Intelligence Group.

“That way, if the car company has a break-in and someone steals all their databases, they don’t have my personal information,” Anstey added.

The ID2020 alliance, a global partnership, is working to create an open-source, blockchain-based digital identity system for people in the U.S. or other nations who lack legal documentation because of their economic or social status.

A blockchain-based identity token, one that contains PII, may be considered more sensitive because once in someone else’s possession it could be used to impersonate someone for any number of purposes. Witrh that in mind, regulators are considering how blockchain users would be able to revoke access to their identity tokens as well, Anstey said.

Michael Fauscette, chief research officer at G2 Crowd, a business-to-business software review site, expects that in the next five years, decentralized identity verification will no longer be a novelty; it will be the norm.

“Imagine hiring without reference checks or transcript verifications, where all that an applicant needs is a blockchain hash,” Fauscette said.

With identities, bank accounts and employer information all possibly stored online through blockchain, it will be more crucial than ever to ensure that a lost private key can be recovered.

Despite steps in the right direction, the industry isn’t even close to enabling how private keys will be recovered, Morginn said.

https://www.computerworld.com/article/3273429/blockchain/solving-a-blockchain-conundrum-how-biometrics-could-recover-lost-encryption-keys.html

Combating fraud and money laundering with graph analytics

By Yu Xu at Tiger Graph

Dirty money and money laundering have been around since the existence of currency itself. On a global level, as much as $2 trillion is washed annually, estimates the United Nations. Today’s criminals are sophisticated, using ever-adapting tactics to bypass traditional anti-fraud solutions. Even in cases where enterprises do have enough data to reveal illicit activity, more often than not they are unable to conduct analysis to uncover it.

As the fight against money laundering continues, AML (anti money laundering) compliance has become big business. Global spending in AML alone weighs in at more than $8 trillion, says WealthInsight. This figure will continue to grow, considering how any organization facilitating financial transactions also falls within the scope of AML legislation.

But combating crime is never easy. Especially when organizations face pressing needs for cost reduction and faster time to AML compliance in order to avoid regulatory fees. Legacy monitoring systems have proven burdensome and expensive to tune, validate and maintain. Often involving manual processes, they are generally incapable of analyzing massive volumes of customer, institution and transaction data. Yet it is this type of data analysis that is so critical to AML success.

New ideas have emerged to tackle the AML challenge. These include: semi-supervised learning methods, deep learning based approaches and network/graph based solutions. Such approaches must be able to work in real time and handle large data volumes – especially as new data is generated 24/7. That’s why a holistic data strategy is best for combating financial crime, particularly with machine learning (ML) and AI to help link and analyze data connections.

Graph analytics for AML

Graph analytics has emerged at the forefront as an ideal technology to support AML. Graphs overcome the challenge of uncovering the relationships in massive, complex and interconnect data. The graph model is designed from the ground up to treat relationships as first-class citizens. This provides a structure that natively embraces and maps data relationships, even in high volumes of highly connected data. Conducted over such interconnected data, graph analytics provides maximum insight into data connections and relationships.

For example, “Degree Centrality” provides the number of links going in or out of each entity. This metric gives a count of how many direct connections each entity has to other entities within the network. This is particularly helpful for finding the most connected accounts or entities which are likely acting as a hub, and connecting to a wider network.

Another is “Betweenness,” which gives the number of times an entity falls on the shortest path between other entities. This metric shows which entity acts as a bridge between other entities. Betweenness can be the starting point to detect any money laundering or suspicious activities.

Today’s organizations need real-time graph analytic capabilities that can explore, discover and predict very complex relationships. This represents Real-Time Deep Link Analytics, achieved utilizing three to 10+ hops of traversal across a big graph, along with fast graph traversal speed and data updates.

Let’s take a look at how Real-Time Deep Link Analytics combats financial crime by identifying high-risk transactions. We’ll start with an incoming credit card transaction, and demonstrate how this transaction is related to other entities can be identified:

New Transaction → Credit Card → Cardholder → (other) Credit Cards → (other) Bad Transactions

This query uses four hops to find connections only one card away from the incoming transaction. Today’s fraudsters try to disguise their activity by having circuitous connections between themselves and known bad activity or bad actors. Any individual connecting the path can appear innocent, but if multiple paths from A to B can be found, the likelihood of fraud increases.

Given this, more hops are needed to find connections two or more transactions away. This traversal pattern applies to many other use cases – where you can simply replace the transaction with a web click event, a phone call record or a money transfer. With Real-Time Deep Link Analytics, multiple, hidden connections are uncovered and fraud is minimized.

By linking data together, Real-Time Deep Link Analytics can support rules-based ML methods in real time to automate AML processes and reduce false positives. Using a graph engine to incorporate sophisticated data science techniques such as automated data flow analysis, social network analysis, and ML in their AML process, enterprises can improve money laundering detection rates with better data, faster. They can also move away from cumbersome transactional processes, and towards a more strategic and efficient AML approach.

Example: E-payment company

For one example of graph analytics powering AML, we can look towards the #1 e-payment company in the world. Currently this organization has more than 100 million daily active users, and uses graph analytics to modernize its investigation methods.

Previously, the company’s AML practice was a very manual effort, as investigators were involved with everything from examining data to identifying suspicious money movement behavior. Operating expenses were high and the process was highly error prone.

Implementing a graph analytics platform, the company was able to automate development of intelligent AML queries, using a real-time response feed leveraging ML. Results included a high economic return using a more effective AML process, reducing false positives and translating into higher detection rates.

Example: Credit card company

Similarly, a top five payment provider sought to improve its AML capabilities. Key pain points include high cost and inability to comply with federal AML regulations – resulting in penalties. The organization relied on a manual investigative process performed by a ML team comprised of hundreds of investigators, resulting in a slow, costly and inefficient process with more than 90 percent false positives.

The company currently is leveraging a graph engine to modernize its investigative process. It has moved from having its ML team cobble processes together towards combining the power of graph analytics with ML to provide insight into connections between individuals, accounts, companies and locations.

By uniting more dimensions of its data, and integrating additional points – such as external information about customers – it is able to automatically monitor for potential money laundering in real time, freeing up investigators to make more strategic use of their now-richer data. The result is a holistic and insightful look at its colossal amounts of data, producing fewer false positive alerts.

As we continue into an era of data explosion, it is more and more important for organizations to make the most in analyzing their colossal amounts of data in real time for AML. Graph analytics offers overwhelming potential for organizations in terms of cost reduction, in faster time to AML compliance and most importantly, in their ability to stop money laundering fraudsters in their tracks.

Top Latest Japan World Business Sports Entertainment Opinion Lifestyle Features Photos Videos Japan struggles to hamper int’l cryptocurrency money laundering operations

TOKYO — Loose overseas regulation of virtual currencies has prompted increased money laundering among some designated Japanese organized crime groups, with the Mainichi Shimbun confirming one case where a total of some 30 billion yen was funneled through various overseas exchanges since 2016.

While the Japanese government has recently moved to strengthen measures against money laundering, these are limited to the country’s boundaries. Grasping the situation of money being transferred through anonymous overseas accounts is a problem that cannot be solved without international cooperation.

In a bar on the second floor of an old building just off a street bubbling with nightlife in Tokyo’s Akasaka district, a 30-something member of a designated organized crime group and a Chinese man have agreed to meet once a month. The bar is a haven for people who exchange information about virtual currencies online through members-only blogs and social media sites to meet face-to-face. Japanese and English fly back and forth with specialized terms relating to cryptocurrencies mixed in.

“There were no problems,” says a Chinese man to the gang member on a night in mid-April as he hands over a USB drive. On the drive is a data file named “ZDM” filled with numbers and English notations. This is the record of money laundering using the difficult-to-trace currencies “Zcash,” “DASH” and “Monero.”

The file begins from June 2016, and shows the gang’s capital at a total of 29.85 billion yen post-laundering. The most recent record for February shows a total of some 130 million yen run through the system via several hundred transfers. The amount was lower than normal, but due to scandals surrounding cryptocurrency exchanges at the time, the gang member simply commented, “We didn’t want to draw any attention to ourselves, so this will do.”

The men then move to a room in an apartment building within walking distance called “base camp.” There, eight men and women stare into computer screens. The Chinese national reveals they are Japanese in their 20s and 30s — mostly engineers and students. These members first convert the group’s capital to blockchain currencies such as Bitcoin and Ethereum at Japanese exchange operators. These groups spread out the virtual currency by sending the money to five or six accounts held at exchange companies that do not require identification documents like a passport to open an account, such as the Russian exchange “YoBit.”

From there, the Bitcoin or Ethereum is converted into “Zcash,” “Dash” and “Monero” — ZDM. In terms of privacy protection, trading logs in the blockchain for these three currencies are not made public, and both the sender and receiver of the money can do business anonymously. The members used several exchange operators to move the virtual currency over dozens of transactions to cover their tracks, with collaborators in Russia making the last transaction into the local physical currency.

The personnel and equipment is all provided by the gang. “We have bases just like this all over the Tokyo area,” the gang member explains. “The most important thing is to process the money in small amounts.”

It has been less than 10 years since virtual currencies came onto the financial scene. Still, the Chinese man says, “Gangs were attracted to the anonymity associated with cryptocurrencies from the beginning. Now, its use is not limited to just money laundering, but is also being used as a venture to generate capital.” Of the total of 29.85 billion yen recorded returned to the group via foreign exchange operators in the file he gave the gangster, he commented, “I was given roughly 35 billion yen. Five billion yen was the service fee.”

“It’s a typical money laundering scheme. In a way, I’m not surprised,” said a senior official at the Financial Services Agency (FSA). “If you are going to do something illegal, then everyone knows to use the ‘three anonymous siblings,'” the official continued, referring to Zcash, DASH, and Monero. In Japan, the only cryptocurrency exchange that dealt with the three siblings was scandal-hit firm Coincheck Inc., from which thieves siphoned off 58 billion yen worth of “NEM” currency. However, after Coincheck was bought out by Monex Group Inc., the new owner expressed its intention to cease trading in those virtual currencies.

The FSA now administers the revised Payment Services Act, which was introduced in April 2017. The new law required cryptocurrency exchanges to register with the agency and for users to provide proof of their identity. In addition, divided asset management and allowing for outside monitoring of accounts was also introduced. Following the Coincheck case, the FSA inspected cryptocurrency exchanges to find many problems in the anti-money laundering measures taken by those domestic firms, issueing orders to improve their business operations. .

However, even with the revised laws, nothing can be done to regulate the operating practices of exchange firms overseas. Once the money is wired abroad, it is difficult to grasp the whereabouts of the currency from Japan, especially when accounts that do not require official identification to open are used.

“It’s nearly impossible for Japan to handle the problem alone,” the FSA official explained. “Even if trade is restricted to only domestic transfers or monitoring is enhanced, it’s still not enough to counter money laundering. It would be best if all the group of 20 industrial and emerging nations and regions (G-20) would take the same steps toward prevention.”

Some countries are already moving in this direction. The Chinese government shut down exchange offices, while the South Korean government outlawed the practice of exchange operators issuing their own virtual currency to raise capital — or “initial coin offerings (ICO).” Meanwhile, India is set to outlaw the trade of cryptocurrencies all together, and the European Union is drafting legislation that would prioritize the protection of users. The United States is considering revisiting how the system is structured.

Still, it is unclear if all nations will take the same steps toward countering money laundering and other crimes. While the G-20 did decide in March this year to improve the system and come out with concrete measures to do so by July, it seems that it may still take time until agreement and enactment of those new rules is realized.

https://mainichi.jp/english/articles/20180514/p2a/00m/0na/002000c

Is money laundering easier in a digital world?

By Alexon Bell

The rise of social media, peer-to-peer platforms and online banks has had a huge impact on the convenience and ease of transactions between individuals. But these platforms have simultaneously opened new doors for fraudsters to trick people out of their money and particularly criminals looking for ever more innovative ways of laundering the proceeds of their crimes. In an increasingly digital world, is money laundering becoming easier to pull off?

New forms of money laundering

With ecommerce so commonplace and only on the rise, legitimate websites are being used as payment processors in order to launder vast amounts of money. Drugs can be ordered online and the transaction will appear as something innocuous on your statement, such as a floristry purchase. From the bank’s side, their customer appears to be an online florist, helping mask funds as cash is not used. Transactions are funnelled through other legitimate payment ecosystems for illegitimate purposes, including the financing of terror through criminal enterprises. Last year it was alleged that an ISIS operative in the US had used eBay to ‘sell’ computer printers and received payments for these transactions from overseas via PayPal.

Peer-to-peer marketplaces

The sharing economy is on the rise and some of the most recognisable peer-to-peer brands are being exploited through their online payment systems. The nature of a peer-to-peer marketplace enables direct transactions from criminals on one side and complicit players on the other side, thus laundering money through a legitimate platform. The ease of use of these apps and websites is fuelling such activity, and their popularity and global adoption allows criminals to hide amongst huge volumes of transactions between lay people.

Last year, it was discovered that Airbnb had been exploited by money launderers, with criminals booking fake stays in rooms with complicit Airbnb hosts. Such a scheme works by criminals using stolen credit cards to book rooms through the peer-to-peer marketplace and paying for their fake stay online – with complicit hosts closing the loop. The transaction turns criminal proceeds into ostensibly legitimate earnings. News sources claimed that online Russian forums were being used to connect criminals to complicit hosts. In many instances these funds were laundered across borders, allowing the money to be hidden even more effectively.

A similar scheme was recently reported in which Uber was being used to launder criminal proceeds through fake transactions. In this system, middle men use stolen credit cards to book fake rides which never actually happen, with complicit drivers. A cut is taken by the drivers and the middle men, leaving the rest of the now seemingly legitimate funds to the client.

Both these recent examples show the ease with which sharing economy marketplaces can be exploited. The current systems to police thousands of peer-to-peer transactions across the globe, monitoring transactions and flagging any suspicious activity, simply aren’t strong enough to spot scams that look very similar to the sea of legitimate interactions.

Social media

Social media has an increasingly dominant role to play in recruiting people to facilitate money laundering – whether they do so knowingly or unknowingly. Several recent reports have highlighted young people being recruited as money mules though social media. Last week, fraud prevention body, Cifas published their annual report, revealing that in 2017 there were 32,000 cases of 14 to 24 year olds allowing their bank accounts to be used to move the proceeds of crime – an increase of 27 per cent. Social media is fuelling the spread of images of young people with cash and luxury items, luring young people into schemes which promise to get them rich quick. Unwitting mules are also being recruited through social media offers of fake jobs or initiatives to make extra money. Messaging app WhatsApp is being used as a communication method with these young mules or victims.

Scale of the issue

Online platforms are an attractive option for money launderers due to their global reach, speed, low cost and simplicity. There is no need to create a fake ‘shop front’ or false identities and no goods need to be moved.

Online money laundering is only set to grow. Global retail e-commerce sales are estimated to top $2.2 trillion annually, providing greater opportunities for criminals to hide their laundering activities among high volumes of legitimate transactions. Likewise, the popularity of cryptocurrencies and alternative payment platforms are garnering growing criticism and concerns over the transparency of transactions and the potential for easier than ever money laundering.

A digital solution

The digital world we live in is opening new doors for criminals to launder their money in different and creative ways. Only a digital-first approach will help tackle the issue.

New and ground-breaking innovations in technology that monitor transactions are helping to identify suspicious behaviour and patterns amongst huge numbers of legitimate payments and interactions. In particular, monitoring software is being used to put transactions in their proper context: making links and connections between parties and their transactions, using internal as well as external data sources. This contextual monitoring approach helps companies to see a 360° view of their customers – making it easier to identify unusual and illegitimate transactions consistently and accurately amongst thousands of genuine interactions. Using a combination of this digitally compiled insight and human intelligence will challenge online money laundering with a digital-first approach.

Peer-to-peer platforms, online payments and banking, and social media have been adopted across the globe thanks to their convenience, speed and ease of use. However, it is exactly these qualities that criminals are increasingly exploiting to support illegitimate activity.

While technology is fuelling this new approach to money laundering, technology is also the solution. Just as the criminal spheres of fraud and money laundering are converging, many organisations see the solution as a fusion of human intelligence with Artificial Intelligence. The key is cutting through the noise.

https://www.itproportal.com/features/is-money-laundering-easier-in-a-digital-world/

Fake books sold on Amazon could be used for money laundering

By Allison Flood

Books of gibberish are listed on Amazon.com for thousands of dollars, with one author claiming his name was used to send almost $24,000 to a fraudulent seller

Amazon’s self-publishing arm CreateSpace makes it relatively straightforward to publish a title that contains any text, provided that this isn’t “placeholder” or dummy text, and allowing fake books to be sold on the Amazon website at a price chosen by the seller.

For a highly priced title, the author can earn royalties of up to 60% for a paperback, or 70% for an ebook. While the internet retailer requires valid taxpayer identification from all its publishers, one affected author, the US-based business writer Patrick Reames, says that a fraudster used his social security number to pose as him, and publish a book under his name.

Reames spoke to the Guardian after Amazon sent him a US government 1099 tax form last month informing him that CreateSpace had paid him tens of thousands of dollars in 2017. Reames, who only makes a few hundred dollars a year from his business titles, searched for his own name on Amazon.com and discovered that, as well as the books he had written himself, which are sold via a publisher, rather than self-published via CreateSpace, a title named Lower Days Ahead also appeared under his name. Selling for $555 (£397), the book contained what appeared to be a computer-generated story.

Reames calculated that the “ridiculous” book would have to have sold dozens of copies in 11 weeks to have generated the almost $24,000 that Amazon says he has made from the book.

“There is no way in hell that 90 people in 11 weeks fell for this Amazon-hosted scam,” he says, speculating that a criminal wanting “clean” money published the book via CreateSpace, giving it a high price to put off the casual buyer.

He told the security expert and journalist Brian Krebs, who first broke the story, that he suspected someone had been buying the book using stolen credit and/or debit cards, and “pocketing the 60% that Amazon gives to authors”.

“It occurred to me that the only purpose that could be served by this ‘book’ and the account set-up with my credentials was to launder money … it’s clear someone stole my credentials from somewhere and set up an account with Amazon to avoid being held responsible for the taxes … which, of course, constitutes identity theft and tax fraud,” Reames wrote on his website, detailing his struggle with Amazon to deal with the situation.

Reames says Amazon has told him that it can send him a letter “acknowledging than I’m disputing ever having received the funds, because they said they couldn’t prove I didn’t receive the funds” and won’t share the details of the payee.

“So I can’t clear myself and they won’t clear me,” he says.

Reames said the situation would “almost certainly” be an issue next year, as the fraudulent account was not shut down until February, and so will affect his taxes for 2018. “I’ve not heard anything from Amazon despite the coverage this issue has received and their initial promise to follow up with me. They have provided only a letter confirming that I had contacted them and indicating that they had closed the account associated with the fraudulent book. In the only phone conversation I’ve had with the fraud group there, they refused to issue a corrected Inland Revenue Service 1099 form or provide me any information about where the funds were being sent,” he said.

After Krebs published his story, a number of titles priced at hundreds of dollars and containing gibberish were removed from Amazon, but multiple questionable books are still for sale on Amazon.com, including Bongo Shamalamadingdong’s A Poor Excuse for a Good Title: I Lied, which retails for $250 in paperback and contains the repeated line: “Once upon a time there was a chicken and a boy followed it into a garage, thinking it was a magic portal, but alas it was just a garage”. There is also Rich Dan Edward Knight Sr’s I Have Abundance Overflowing In My Life Forever: Brinks Trucks Follow Me Everrywhere I Go Eternally (Whatever You Ask Believe Receive) (Volume 1), a 24-page book priced at $2,999.99. There is no evidence that these titles are involved in fraudulent activity; CreateSpace specifications allow for “joke or gag books with repeated content or an intentional absence of content”, but only if they are “clearly labelled as such”.

“Whether these worthless titles are being used for illegal or nefarious purposes, I suppose only Amazon can answer that,” said Reames. “Some may be the product of delusional individuals or some type of joke, social commentary or satire. However, if any of these books have sold more than one or two vanity copies bought by the ‘author’, I think it would be a clear indicator that, like in my case, the books are being used to illegally funnel money under the guise of a legitimate transaction … and again, only Amazon could provide that information.”

An Amazon spokesperson said: “The security of Amazon accounts is one of our highest priorities, and we have policies and security measures to help protect them. Whenever we become aware of actions like the ones described, we take steps to stop them. If you’re concerned about your account, please contact Amazon customer service immediately using the help section on our website. Anyone who believes they’ve received an incorrect 1099 form or a 1099 form in error can contact us 1099@amazon.com and we will investigate.”

https://www.theguardian.com/books/2018/apr/27/fake-books-sold-amazon-money-laundering

Digital Detergent: Crypto money-laundering

AS LONG as dirty money has been around, so has money-laundering. Between $800bn and $2trn, or 2-5% of global GDP, is washed annually, estimates the United Nations Office on Drugs and Crime. Criminals have swapped money for precious metals, mis-stated invoices, rinsed cash through casinos or simply strapped it to their bodies and flown to places where banks don’t ask questions. Now they have a new detergent: crypto-currencies.

Such data as there are suggest that crypto-laundering is still a small share of the whole. But crypto-currencies’ attractions—global availability, the speed and irreversibility of transactions and the ability to hide identities—are plain. Rob Wainwright, head of Europol, Europe’s police agency, has estimated that 3-4% of the continent’s annual criminal takings, or £3bn-4bn ($4.2bn-5.6bn), are crypto-laundered. He thinks the problem will get worse. America’s Drug Enforcement Administration believes international gangs are using crypto-currencies more.

Dirty cash—from drug-dealing, say—can be washed by converting it into crypto, splitting it into smaller amounts and moving it through the crypto-sphere, perhaps via several virtual currencies. Dirty crypto, for example from a ransomware attack, can be similarly swapped around—often at high speed (“atomic swaps”) and in little chunks (“micro-laundering”)—until it is clean enough to be switched into ordinary money.

Authorities are slowly catching up. Last month a Briton was jailed in the Netherlands for taking €11m ($13.2m) in dirty bitcoin from criminals, converting these into ordinary money through his bank account, withdrawing the cash and returning it to the crooks, minus a cut. But professional launderers are using more sophisticated methods, often mixing old and new ways to evade detection, says Michael McGuire of Sussex University.

Europol recently uncovered how European crime bosses used crypto to pay a Colombian drug cartel for cocaine. European henchmen visited crypto-exchanges to convert euros into anonymous virtual currencies. These were sent to a digital wallet registered in Colombia and swapped into pesos on an online exchange. The pesos were withdrawn in cash, which local “money mules” spread over dozens of bank accounts, in sums small enough to avoid suspicion. The cartel bosses got the money by withdrawing the cash or by e-transfer.

“Sticking £10,000 down your underpants and flying to Zurich is still quite a common and easy way to launder money,” says Mr McGuire. But he warns that as governments work to get cash off the street and crack down on other ways of washing money, cyber-laundering may well be the future.

PayThink Cryptocurrency issuers must improve their anti-money laundering game

By Ron Teicher

All signs point to the end of a “Wild West” era of cryptocurrencies, specifically with ICOs. As governments step up to protect investors, companies considering an ICO should take the initial steps to self-regulate, before regulatory bodies step in and do it for them.

In July 2017, the SEC issued an investigative report “cautioning market participants that offers and sales of digital assets by ‘virtual’ organizations are subject to the requirements of the federal securities laws.”

The SEC is strongly considering labeling ICOs as securities, meaning that future offerings or sales of “blockchain technology-based securities” will have to be registered, just like the offerings or sales of traditional securities.

These unregistered offerings would then be liable for violations of securities laws in many countries including the U.S. The penalties for securities fraud are severe, and stand to increase as bipartisan groups of U.S. senators introduce a bill to raise penalties for securities law violations.

Other countries have taken even more strident regulatory actions against ICOs. In September 2017, China’s central bank announced a complete ban on ICO funding because it “seriously disrupted the economic and financial order.” China’s ban reflects a legitimate worry, shared by governments worldwide, over the danger of ICOs facilitating money laundering, online fraud, and terrorist financing.

When regulators recognize ICOs as securities offerings, they will likely require issuers to fully comply with standard Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations.

Currently, most ICOs don’t perform even the most basic customer check. In our review of U.S. based ICOs, we discovered that only 11% of these offerings require investors to prove that they are U.S. citizens.

A key piece in the overall AML landscape, KYC enables financial institutions to manage risk by granting them full transparency on their customers. Broadly speaking, the KYC process analyzes basic identity information and checks this information against lists of known parties who have been associated with fraudulent practices. Using profiles of similar customers, KYC models typical transactional behavior, and then monitors actual behavior against this model.

Such traditional KYC/AML regimes, designed to verify merchant identity and business scope, have been the frontlines of fraud prevention for decades. Even before specific KYC/AML regimes are updated to include ICOs, a growing number of companies considering ICOs are proactively ensuring their compliance with basic KYC/AML tenets. KYC also ensures that companies are not concealing part of their business activities or acting as a storefront for illegal products.

And it’s not just startups that are preparing for ICO regulations. Recently, the Waves blockchain platform joined forces with the ICO Governing Foundation, the Ethereum Competencies Centre, and Deloitte CIS to launch a self-regulatory body for ICOs.

The idea is to drive change from the ground-up by having the industry itself provide reporting, legal, tax, accounting, KYC, and business due diligence standards for ICOs.

Recognizing the fact that cryptocurrency fundraising is on the rise, this move makes sense.

Without best practices and standards in place, organic growth can be impeded by perceived risks to investors and issuers. Vladislav Martynov, the Head of the Ethereum Competence Center, noted in the Deloitte release that “joint and voluntary initiatives such as this self-regulatory body for token sales are a critical element in the professionalization of the blockchain industry. As custodians of some of the most remarkable and disruptive technology ever created, we must be seen to be fostering its responsible use as well as building functionality and maintaining the security of the ecosystem.”

Citigroup Searches for Bitcoin Professionals to Deter Money Laundering

Citigroup is advertising positions for Bitcoin professionals in order to beef up their in-house anti-money laundering operations.

The New York financial services giant Citigroup has posted ads on LinkedIn searching to fill vice president and senior vice president positions that will explore the risks of criminal activity associated with cryptocurrency and other digital payment technologies. The job advertisements stress “knowledge of cryptocurrency and bitcoin monitoring.” Candidates with a Bitcoin Professional Certificate will move to the head of the line.

The position of senior vice president is described on LinkedIn as “support the Global Head of AML Monitoring Risk Management-Emerging Risk by identifying, analyzing, and implementing AML transaction monitoring risk programs related to developments in cybersecurity, cryptocurrency, and emerging payment technologies, products, and methods,”

Including the Bitcoin Professional Certificate is an unusual qualification for a position in such a venerable company. When LinkedIn was searched with the qualification as a keyword only the Citigroup ad was found.

A CPB is unlike similar-sounding qualifications like CPA or CFA as it can be had by paying $50 and taking a 75 question multiple choice test online. The CPB certificate is meant to show a level of proficiency in Bitcoin transactions not to indicate any mastery of the technology that powers the cryptocurrency.

Citi’s Hunt for Certified Crypto Professionals may Indicate a Change in Company Position

The LinkedIn advertisements may indicate a change of position for Citigroup who in the recent past have banned customers from making cryptocurrency purchases with their credit cards. Nor has the group joined other financial giants like Morgan Stanley and Goldman Sachs in clearing Bitcoin futures trades for clients.

Ryan Taylor, the chief executive officer of Dash Core, was quoted by Business Insider as saying;

“Citi is very seriously looking at risks surrounding the nascent market for digital currencies. They are either identifying risk to eliminate certain profiles, or this could be a prerequisite to identifying new opportunities in the space at a later point,”

Despite its apparent hostile position to cryptocurrency, Citigroup has been looking into distributed ledger technology for some years now and have developed their own blockchain in order to run a currency called Citicoin in an attempt at creating a platform similar to Bitcoin.

The financial group had also created an accelerator to fund promising fintech startups in Hong Kong called Citi Mobile Challange Asia- Pacific as far back as the summer of 2015.

 

Gang busted on charges of bank fraud, ATM money laundering

A two-year-long cyberfraud investigation in Europe has culminated with the arrest of 20 suspects in a series of coordinated raids, according to a Europol press release.

As of March 28, nine suspects remained in custody in Romania and 11 were jailed in Italy on charges of bank fraud that netted 1 million euros ($1.23 million) from hundreds of customers of two major banking institutions.

Europol said that the organized crime group, comprised mostly of Italian nationals, used spear phishing emails impersonating tax authorities in order to harvest the online banking credentials of their victims.

The criminals allegedly used the stolen online banking credentials to transfer money from the victims’ accounts into accounts under their control, and then withdrew the money from ATMs in Romania.

In addition to bank fraud and money laundering, the gang is accused of drug and human trafficking, Europol said.

Participating authorities included the Romanian National Police, the Italian National Police, Europol and its Joint Cybercrime Action Taskforce, and Eurojust, according to the release.