By: Dan Frechtling, SVP of Marketing and Chief Product Officer

 

In simpler times, most high risk websites could be detected by crawling and classifying the public web.

But as acquirers, processors and ISOs become more effective at stopping online fraud and prohibited activity, bad actors have gone underground. There are various means to do this. An increasingly attractive ploy is transaction laundering (TL).

TL occurs when unknown (often illicit) businesses process payments through known merchants. An online vitamin store secretly processes injections sold without a prescription. A clothing retailer processors orders for cannabis. Sometimes merchants are exploited, but most often they are complicit.

This arrangement is not only detrimental to merchants. It is detrimental to consumers as well. Some are billed for items they didn’t buy. Others are harmed by prohibited substances they purchased. As a result, regulators are taking a closer look.

The growth of TL and resulting consumer harm coincides with prosecutions of payment processors for other alleged KYC (Know Your Customer) lapses. In late March, the Consumer Financial Protection Bureau (CFPB) filed an enforcement action against payment processors for providing services for fraudulent debt collectors. The CFPB alleged that the service providers did not employ effective underwriting and  monitoring practices.

In the case of TL, regulator involvement may take several forms, according to Ed Wilson, Partner at Venable, LLP. Here’s what he had to say:

 

1. Financial Crimes Enforcement Network (FinCEN). According to Wilson, “Regulatory pressure is most likely to come from the FinCEN. Unfortunately for the card industry, FinCEN sees TL as variations on well-documented AML themes. In view of this, the payments industry should expect little patience from FinCEN.”
2. Federal Financial Institutions Examination Council (FFIEC). Further, “The increasing number of FFIEC examinations of payment processors and merchant acquirers illustrates that the same rules are being applied to all participants in the financial services industry. Failure to prevent uninvited (or unknown) guests from gaining access to the payment system will subject financial industry participants to substantial fines.”
3. CFPB. Says Wilson, “Like the FFIEC, the CFPB has supervisory and examination authority that extends to acquiring banks, payment processors, and all other FIs involved in consumer financial products and services.”

 

Regulators increasingly base enforcement actions on the doctrine that payment participants “should have known” about violations that process through their systems. TL may well fall into this category. Services like G2 Web Services’ Transaction Laundering Detection enable new visibility to financial institutions so they can find and eradicate it before it triggers business risk and potential fines.