Article

How to Detect Money Laundering in Ecommerce

Money launderers bring a lot of trouble to various industries. This is true within ecommerce due to the anonymity, access to multiple accounts, and huge volume of transaction opportunities that it offers to criminals. 

Fortunately, the ways that money launderers might exploit an ecommerce site are predictable enough that there are ways to detect it. This is especially true if your fraud prevention infrastucture includes the integration of anti-money laundering software. Let’s take a look at the matter in more detail.

Why Is Money Laundering a Problem for Ecommerce?

There is no guarantee that ecommerce can ever be fully equipped to circumvent criminal behavior associated with money laundering. This is because the crime involves disguising ill-gotten funds as legitimate online transactions. When these take place online, digital payment systems ultimately facilitate this illegal intention by allowing anonymity and untraceability through various malicious methods.

For ecommerce platforms that aren’t necessarily legally mandated to perform AML checks, potential money launderers become even harder to detect, as those platforms will shy away from introducing ROI-damaging layers of security friction that gather AML-relevant identifying data.

The pain points of ecommerce businesses are compounded as both cardholders and merchants can potentially be fraudsters. For example, the former can use ecommerce to hide their dirty money through any number of transaction setups, and the latter can hide their dirty money by creating an ecommerce site as a front for illegal trading. 

The methods that both of these fraudsters might employ are always on the move, as security technologies race to close money-laundering loopholes. Staying informed is crucial to staying ahead. 

Combat Ecommerce Money Laundering

SEON can be leveraged by companies in ecommerce to effectively combat money laundering through its AML capabilities, as well as behavioral and risk monitoring.

Ask an Expert

How Does AML Apply to Ecommerce?

Ecommerce is vulnerable to – and in much need of – AML measures. For companies that are either mandated to do so, or are otherwise unwilling to take on the potential risk of being associated with AML-sanctioned entities, AML needs to be continually used and developed. Money launderers’ attempts to exploit online transactions are wide-reaching and can’t be stopped with the typical ecommerce onboarding process alone.

Let’s take a closer look at how AML applies to ecommerce below:

  • By being a necessity – Far from just being an ideal precaution, AML is also a requirement for many financial industries and other industries regulators have pinpointed as susceptible to money laundering, with high-end ecommerce and real estate among them.
  • By being scalable – AML is a work in progress and its research and development is crucial in allowing fraud specialists and other experts to find new ways to tackle criminals’ exploitation of ecommerce systems.
  • By being dynamic – Internationally, AML refers to a large spectrum of lists and circumstances, so fraud fighters must develop their own AML measures based on use cases that are specific to the given ecommerce site, particularly in terms of how criminals may use that site for money laundering.

On top of the above, AML applies to ecommerce in the sense that all entities with business operations in regulated regions have to make sure they are not dealing with sanctioned entities appearing on AML watchlists. This is not only for its security and effectiveness, but to help ensure the respectability and usability of their site.

Proper ecommerce AML precautions, after all, when offered to customers transparently and in tandem with other security protocols (such as CDD checks) will help bolster an ecommerce site’s reputation, overall safety, and possibly even its functionality.

How Ecommerce Payment Providers Detect Money Launderers

Money launderers are most likely to be detected by ecommerce payment providers when the right security precautions and checks are carried out, along with the use of the best equipment and people for the job.

These best-practice resources often consist of:

In combination with the transaction monitoring process, profiling is also crucial to sniffing out ecommerce money launderers. Machine learning systems, such as Whitebox Machine Learning, for instance, can use algorithms to assign a risk score to users who may appear suspicious due to their behavior, activity, and/or associations, and then generate explanations for that score.

For example, machine learning can be used to spot patterns and detect whether a person is likely hiding their true identity. If a user profile shows this possibility, at the review stage, the user can be assessed for associations with malicious individuals in the form of online connections such as friends on social media. 

An ecommerce payment provider who combines transaction monitoring systems with sophisticated profiling methods such as ecommerce fraud prevention software – while ensuring that the resultant data is scrutinized by dedicated fraud specialists – will ultimately increase their likelihood of detecting money launderers.

How Do You Detect Money Laundering in Ecommerce?

Detecting and precluding money laundering requires the right equipment, communications, and general awareness precautions in place. In addition to hiring knowledgeable fraud specialists, make sure that your website is equipped with a comprehensive fraud management system and has an AML-compliant system in place to report any suspicious activity on your domain.

Indeed, sniffing out money laundering is not just about detecting money laundering itself, but it’s also about looking out for the signs that money laundering attempts may be upcoming – and learning how best to adjust your defenses as a result.

For example, if your customers are reporting that they are receiving an influx of phishing emails, this could be a symptom of a money laundering operation that may be upcoming or even already underway.

This is because many fraudsters who attempt to launder money on an ecommerce site will try to gain access to various log-ins to help spread their laundered money and evade detection. 

With all this in mind, detecting money laundering in ecommerce requires not only equipping yourself with fraud prevention solutions, but also gaining a significant knowledge of what constitutes business-as-usual email traffic and other operations, and to be wary of any experiences that deviate from these norms.

Top 3 Custom Rules for Money Laundering in Ecommerce

#1: Suspiciously High Transactions

Money laundering often involves criminals’ attempts to clean money following what tend to be large, illegal transactions.

This is why big transactions may be considered suspicious and why SEON’s fraud prevention software allows its users to apply a rule that flags, or even rejects, users who make major transactions.

Let’s take a look at the screengrab below.

Note the title of this rule in the top left corner: “200% increase in transaction $ over 24 hrs”. Here, this has been determined to be a crucial metric when looking for money-laundering behavior. In this case, this rule looks for transactions that are outside the expected transactional behavior for a given user, which could be a sign of account takeover or money muling, a red flag for the possibility of money laundering. 

Note the third red box at the bottom of the screengrab. It shows that this value can be instantly customized based on each company’s respective risk appetite, preferences, and overall experiences of dealing with ecommerce trading.

#2: One or More Individuals are Flagged by PEP Checks

A PEP (politically exposed person) is someone who is in the public eye and may be prone to money laundering, or may even be the target of it, due to such factors as their net worth, political prominence, media coverage, or connections.

As such, a very useful tool offered by SEON is its AML API that allows ecommerce users to be flagged when SEON’s software determines that their details match a PEP sanction list.

Let’s look at the below screengrab.

A screenshot displaying how PEP individuals are flagged by SEON's AML API.

As the rule parameter in the red box reflects, simply by having a user’s account flagged by a PEP match SEON’s software is able to inform its users of such politically-exposed persons and allow them to decide their best course of action.

For example, as reflected on the top line of the screengrab, a user may decide to set the “Action” to the following “State”: “REVIEW”. Persons on PEP lists may still be desirable as customers. This means that a PEP match doesn’t necessarily lead to the “REJECT” status, but it will mean that the given account will be flagged for further risk assessment.

#3: Multiple Failed Password Attempts

Ecommerce money launderers may use cyber attacks, such as phishing emails, to steal other online shoppers’ account information to make transactions in their name. This is so they can spread their dirty money thinly and with little traceability, in the hopes that doing so would help them evade detection.

However, even if a phishing attempt manages to acquire an email address and password combination, this does not mean that accounts associated with that address are in direct jeopardy, especially if good password hygiene is being observed. With just an email address, a money launderer may attempt to jam several potential passwords through security gateways, leading to a suspiciously high number of failed password attempts.

SEON’s customers can take advantage of this fact – let’s cover the screengrab below.

A screenshot displaying the custom rules for e-commerce companies so they can detect multiple failed password attempts.

Let’s say that a money launderer carries out a successful email data breach which leads them to try out a person’s log-in details, while completely unaware that the person changed their details just after the data breach took place, or simply uses a different password for different domain logins.

This is when the would-be money launderer could be led to try outdated log-in credentials multiple times, such as in a credential stuffing attack. If this process has been automated, this could happen in seconds.

Accordingly, the custom rule set up here – “5x Wrong Passwords Entered at Login” – will flag such activity for review. In fact, SEON users with a low appetite for riskiness may even go a step further and outright set the DECLINE status for such a circumstance.

Reduce Fraud Rates by 70–90%

Partner with SEON to reduce fraud rates in your business with real-time data enrichment, whitebox machine learning, and advanced APIs.

Ask an Expert

How SEON Helps Ecommerce Combat Money Laundering

SEON can be leveraged by companies in ecommerce to effectively prevent ecommerce fraud & money laundering through its AML capabilities, as well as behavioral and risk monitoring. 

One of the most effective ways to counteract money laundering activity is to identify and act on what constitutes suspicious behavior among malicious actors, and SEON’s software detects, tracks, and flags such behavior to help fraud fighters achieve this.

SEON’s rule customizability also accommodates users who – quite rightfully – wish to be comprehensive when considering the many approaches that criminals take when using ecommerce systems to launder money. This dynamism will be endlessly helpful in the fight against ecommerce within your domain, as the face of money laundering is always evolving, and your risk management teams must evolve their understanding and methods alongside it.

Sources