Merchants attempting to distribute high-risk or prohibited goods online in exchange for payments through banking facilities, often create websites that initially appear to market authentic or common low-risk products. Some of these merchants assume that banks would overlook online activities over time, thus exploiting this opportunity to commence marketing prohibited goods on the website. However, with the help of service providers, banks do, in fact, monitor and detect these websites, ultimately suspending those merchant accounts.
Here is how a skilled merchant distributing prohibited goods can slip through and bypass detection from banks. The initial steps are the same: these merchants would apply for a legitimate merchant account using a seemingly authentic registered website, but at the same time, establish other websites to distribute prohibited or high-risk goods. These merchants would implement a method to redirect or aggregate the payment flow from the website distributing prohibited goods through to the registered website’s payment system. This allows the unregistered website to share the payment account of the registered website, which the bank does not know about. This practice is called Transaction Laundering or Payment Aggregation.
The scenario described above represents the most basic form of Transaction Laundering within banking systems. However, in more intricate situations, these processes may involve multiple entities. A common practice is when dishonest merchants aggregate credit card payments through one or more payment service providers’ (PSP) facilities to increase the difficulty of detection.
Mastercard defines Transaction Laundering as “the action whereby a merchant processes payment card transactions on behalf of another merchant.” Often, there are multiple unregistered websites operating behind the facade of a single registered merchant site. Regardless of the legitimacy of goods sold on these unregistered websites, Transaction Laundering itself violates card scheme rules and regulations.
There are two primary reasons why over 90% of non-compliant transactions involve Transaction Laundering. Firstly, it is difficult to detect by banks and other regulators, whether through web crawling or manual checks. Secondly, the transaction descriptors typically appear as those of the registered website rather than the unregistered website on the customer’s credit card statement. Consequently, these non-compliant activities remain well disguised, allowing both sellers and buyers to conceal their illegal actions. However, banks and PSPs face penalties, financial losses and poor reputation as a result of processing these illicit transactions.
Risks to Banks and PSPs
Transaction Laundering poses various risks that can tarnish the reputation of banks and payment service providers (PSPs) and lead to financial losses. Some examples include:
Violation of regulations set by Visa GBPP, Mastercard BRAM, and UnionPay
Non-compliance with Anti-Money Laundering and Sanction laws
Allowing high-risk transactions to infiltrate the payment system
As technology advances and online payments become faster, cheaper, and more anonymous, Transaction Laundering has become an increasingly popular tool for money laundering and illicit transactions.
Solution
Austreme created world-leading Transaction Laundering Detection (TLD) technology to help acquirers, banks, and PSPs detect hidden and/or unapproved websites exploiting their payment services and facilities. Additionally, its system assists clients in detecting any high-risk content or goods (e.g., pornography, gambling, drugs, intellectual property infringement) in these hidden websites.
Austreme pioneered the TLD solution in 2010, making it the first in the world. It is also the only TLD service provider that complies with PCI-DSS standards audited by Qualified Security Assessors (QSA), a widely accepted security standard endorsed by the top five card brands (Visa, Mastercard, American Express, JCB, and Discover). With one of the most reliable and advanced technologies in the industry, Austreme has been a registered Mastercard Merchant Monitoring Service Provider (MMSP) since 2015, offering its clients the potential for penalty waivers in case of card scheme violations. With its extensive database, Austreme monitors and analyzes over 97 million websites daily, enabling its system to continually grow and stay updated.