The advent of the internet and the rapid rise of ecommerce have led to the emergence of a completely new class of customers for acquiring banks and Merchant Service Providers (MSPs). We are talking about entities whose identities are almost entirely confined to the digital realm with only a minimal connection to the physical world.
Historically, merchants were physical, “offline” entities. Today, almost every entity has some sort of online identity which differs in one way or the other from its physical one. Many bank customers possess rather basic online profiles, such as a single website and an email domain, coupled with a clear physical presence that can be easily understood (e.g. location of a store).
But the rapidly growing number of customers have a much more complex online-only profile, with several websites and email domains, dozens of digital channels and, most importantly, no real physical profile to speak of. Emerchants and online marketplaces are good examples of such mainly digital entities.
While digital entities are often operated by an “offline” company that is registered in a specific jurisdiction, the physical aspect of such an entity does not represent its true nature. This gap between the offline and the online identities presents a serious challenge for the financial industry, and especially for traditional KYC regimes and AML programs.
Digital Entities and Transaction Laundering
Because of the opacity of the digital world, and the ease with which online storefronts can be created, monitoring merchants has never been more difficult for MSPs.
The inherent difficulties with effectively assessing the legitimacy of digital-only merchants leads to a situation where sophisticated merchant-based fraud, such as Transaction Laundering, prospers online.
Transaction laundering is a new, advanced form of money laundering, which takes advantage of ecommerce payments by funneling unknown transactions through a registered merchant account, in order to “wash” proceeds from unreported and often illegal activities.
The fact that most MSPs are unaware that the online merchants they serve are often used as fronts for transaction laundering, highlights the importance of understanding the striking differences between digital and physical entities.
Need for Digitally Focused KYC Programs
To comply with Anti-Money Laundering (AML) regulations, financial institutions have invested heavily in building comprehensive programs to know their customers. But most KYC programs fail to encompass the fast-changing nature of the internet, ecommerce and social media. Even if an MSP fully complies with AML regulations, it is extremely difficult to keep pace with the elusiveness of unknown digital entities that gain access to the payment ecosystem through legitimate storefront websites. Unfortunately, due to significant difficulty in enforcement when it comes to digital entities, ecommerce payments became a blind spot in the AML regime.
Thus, it is important for MSPs to recognize the distinction between monitoring physical and digital entities. The digital world is a vast ocean of data that creates numerous ways to hide. MSPs rely on reported data and documents that typically exclude digital-only entities and shed no light on those hiding places.
This gap between the reality of the digital world and the KYC programs that are still focused on physical aspects of an entity, leads to a situation where transaction laundering prospers online.
KYC programs need to adapt to digital reality
KYC programs vary greatly, depending on the nature of the client’s business. However, all KYC programs are designed to answer three fundamental questions about the customer: where do they operate, what is their business and who is related to them.
Answering all three of these fundamental questions can prove surprisingly difficult when we deal with the so-called digital entities. Without proper insight into the ways digital entities operate, MSPs are at a clear disadvantage.
Here are some ways that highlight the importance of treating digital entities differently from physical entities when it comes to three pillars of KYC: country of operation, line of business and associated businesses.
Country of Operation
Evaluating which countries are serviced by and are connected to a digital entity can be extremely complex. In fact, it is quite easy for a digital entity to hide its connection to a sanctioned or otherwise high risk country.
Lines of business
The payment industry uses MCC (merchant category code) to categorize the merchants based on their line of business. EverCompliant has discovered that in reality, MSPs often have no clear view of what the real line of business for many of their clients actually is. That translates to the fact that more than 13% of MCCs of U.S.based merchants did not match their actual line of business.
When it comes to physical entities, decoupling the final transaction from the physical merchandise is difficult to accomplish, but in the world of ecommerce such decoupling – where you buy goods in one store, but process payments through another, is extremely easy with transaction laundering.
Hidden networks of associated businesses
With digital entities, a high risk customer can easily hide a network of unreported businesses by linking them to a single legitimate merchant account.
Let’s examine just one case out of many that we have analyzed to illustrate the scale of the issue. EverCompliant looked into a seemingly legitimate merchant that registered his domain with a acquirer, reportedly to sell cell phones and related accessories. Using its unique Cyber Intelligence techniques, Evercompliant found close to 4,000 related sites in the nutraceutical, pharmaceutical and other high-risk industries that were linked to this one merchant account.
When it comes to digital entities, hiding an entire network of associated businesses is easy to accomplish. Only a thorough check, using unique digital identifiers, that serve as the website’s “DNA”, could prove that all those websites were controlled by a single entity. Out of 3,999 unregistered sites 1,184 were active, including 791 payment pages that were funneling payments through the cell phone merchant account.
Cyber Intelligence Detects Transaction Laundering
Advanced cyber intelligence sheds light on the dark corners of the digital world where sanctions can be flouted, real lines of business are obscured and entire networks of hidden ecommerce websites are concealed.
MerchantView uses proprietary cyber intelligence technology to continuously monitor all aspects of merchant networks to identify, detect and prevent undisclosed activity from entering the payment ecosystem. MerchantView takes an active role in preventing and detecting transaction laundering offences within a merchant portfolio.
Sign up for a free trial of MerchantView today.