Illegal transactions often go unnoticed in the digital payment world because of seemingly compliant onboarding paperwork and aesthetically pleasing websites. Transaction laundering is a common but intricate type of fraud that can be a major roadblock for acquirers and payment processors.
Understanding the complexities of transaction laundering
Transaction laundering involves fraudsters using their merchant account to process payments for illegal goods or services sold elsewhere. But there is a lot going on behind the scenes that makes it a complex fraud case. To evade detection, individuals engaging in illicit activities often operate multiple fraudulent businesses, frequently alter their front-facing websites (an official website a merchant presents to acquirers during onboarding, usually showcasing legitimate products), and maintain standby accounts with various financial institutions. They are more than just rogue merchants.
The real challenge? These transactions often look legitimate on paper. The websites pass initial due diligence, and the product listings appear to be real. But behind the scenes, the same merchant could be operating a parallel site selling unregulated pharmaceuticals, counterfeit goods, or high-risk services—all routed through the payment rails of a business claiming to sell flower bouquets or electronics accessories.
Why are acquirers having trouble identifying transaction laundering?
For several reasons, transaction laundering has become more widespread and challenging to track.
- Lower entry barriers to appear legitimate: Fraudsters can now quickly create polished websites with checkout pages and shopping carts.
- Outsourced onboarding: To save money, banks are increasingly relying on third parties, such as payment service providers, independent sales organizations (ISOs), or payment facilitators, to manage merchant acquisition. It’s possible that some of the downstream partners lack the resources or know-how to conduct thorough due diligence.
- Alternative payment methods: Traditional risk controls may not apply to newer, less-regulated payment methods.
- Redundancy and volume: Well-structured networks operate independently of a single merchant account. They utilize multiple accounts to ensure operational continuity in the event of an account termination. Terminated merchants often re-emerge in portfolios with slight modifications to their websites or company names in an attempt to circumvent detection.
Transaction laundering types
It is crucial to understand that transaction laundering takes various forms:
- Non-compliant aggregation: When a merchant accepts payments from another website that is unknown to the acquirer, this is known as non-compliant aggregation, even if the products or services are lawful.
- Illegal aggregation (without miscoding): A merchant processes transactions for another website that offers illicit goods or services using their authorized merchant identification number (MID), which closely resembles their high-risk, but compliant front website.
- Illegal aggregation (with miscoding): To evade detection, fraudsters use a low-risk MCC to route high-risk transactions through their MID.
- Third-party laundering: When a business without the required facilitator license handles payments on behalf of another business, they are essentially acting as an unauthorized middleman.
All these variants of transaction laundering (except perhaps the first one) have one thing in common: they create a convoluted trail intended to conceal the true source and destination of the money, often in violation of regulations.
Challenges behind transaction laundering investigations
Investigating transaction laundering is similar to peeling an onion. You discover a network of linked domains, entities, and shell accounts rather than a single merchant running a single rogue website. G2RS analysts have even seen instances of transaction laundering as a service, in which insiders at payment companies offer unidentified third parties access to clean merchant accounts.
Static compliance reviews and one-time Know Your Business (KYB) checks are insufficient to combat this type of structural fraud. It is critical for PSPs and acquirers to continuously monitor merchants’ online activities before and after onboarding.
How to prove transaction laundering
Identifying red flags alone is insufficient when establishing instances of transaction laundering. And most of the time, even solid evidence won’t be good enough to make a case. For instance, a merchant’s contact information may appear on shady forums, or the prices may not match the products listed. But it’s easy to ignore these signs if they don’t point to illegal transactions.
A more definitive method is to follow live transactions from high-risk websites back to approved MIDs. This method can reveal the connection between an illicit website and the merchant account that processes payments, but it requires specialized tools, a monitoring system, and knowledge of the domain.
Why detection tools matter and how G2RS helps
Standard compliance tools often fail to meet expectations because they aren’t designed to track merchants’ online behavior over time. G2RS can help.
Our brand detection tool continuously monitors the use of your brand name in connection with the sale of illegal goods and regulated items on e-commerce sites all over the web, all the time.
G2RS uses both automated detection and expert validation. That means you don’t just get alerts; you also get context, evidence, and reports to make informed decisions regarding the enforcement of regulations. Our analysts help you cut through the noise, identify real threats, and take immediate action, whether that means terminating a merchant or referring the case to your fraud or legal teams.
Learn more about how G2RS can protect your business.