By: Austin Denson, Marketing Coordinator
This series follows real cases of transaction laundering.
Transaction laundering runs off the notion of profit. Money is the driving force behind a criminal’s urge to sell illegal goods. To gain the most profit from his business, a criminal must be able to accept all types of payments, especially card payments, which are projected to grow five times as fast as cash.
The above is especially true for “front” merchants that are employed in transaction laundering. These are the businesses through which purchases for prohibited goods are re-routed, so the money is cleaned and legitimized. The best online retail operations make the checkout process as convenient as possible for the consumer. Whether it’s a legitimate business or an illegal underground market, they all abide the same goal when it comes to making cash. Make it fast.
The Story:
Lying deep within a G2 client’s portfolio was a website that seemed a little more psychedelic than most (See Figure 1). The suspicious site is password protected, and after further investigation by the G2 analyst team, the code was cracked. This allowed our team to infiltrate their system.
Figure 1: Laundering front merchant
Early Indicators
In this example, we see a website that claims to sell graphic t-shirts, but actually sells “research chemicals.” However, the chemical is recreational blotter acid, which is a Schedule I controlled substance under the Controlled Substance Act. The disclaimer “WE ONLY SELL BULK QUANTITIES” and unusually priced graphic t-shirts are just a few early indications of fraud (See Figure 2). Also, the size scheme is rather odd when selecting a shirt.
Figure 2: “WE ONLY SELL BULK QUANTITIES”
The Payment Process
When the acid-buying customer arrives at the checkout page, they are offered an opportunity to use either bitcoin or credit card. If the customer chooses to use a credit card, they are notified by email for further processing instructions (See Figure 3).
The steps are as follows:
1. The customer is notified that the merchant has created a new website for the sole purpose of accepting credit cards.
2. The email sent by the merchant tells the customer that they are currently on the old site and that the new website is password protected (providing an air of exclusivity).
3. To access this new site the customer is given a link to a Pastebin URL. (Pastebin is commonly used by programmers to upload bits of code to share with each other).
Figure 3: Payment processing instructions sent to customer via email
What does it look like in practice?
On Pastebin, the scheme is revealed along with a warning to not move forward with the transaction if the customer has any reservations at all. This point is reiterated several times and in bold. The customer is provided with the new URL to purchase from, a password into the site and instructions for how to fool the bank into thinking the customer is simply purchasing clothing (See Figure 4).
How It Works: t-shirt type stands for chemical type, and the t-shirt size stands for amount in grams or blotters.
Figure 4: Pastebin instructions to purchase LSD
With help from the G2 Merchant Map™, our analyst team was able to discover this website and eradicate it from the client’s portfolio.
Want to learn more? Download our recent case study on transaction laundering syndicates.
