GRC Tuesdays: As Transaction Laundering Expands, SAP Offers Sophisticated Screening Tools
As the year-end holiday season commences, we consider the threat of transaction laundering, which has become one of the most pervasive forms of economic fraud. This crime exploits flaws or gaps in the authentication of transacting parties and products sold using numerous payment processing platforms. In fact, counterfeit goods sales are exploding online with the vehicle of transaction laundering, as sellers maintain anonymity across borders and manage websites in poorly regulated markets to avoid detection and the consequences of legal action. The Economist estimates that the total global value of fake goods sold in 2017 is as high as $1.8 trillion.
The principle of digital transaction laundering is the same as traditional money laundering: an unknown (or a “shell”) business uses approved merchant payment credentials to process online payments for unknown, falsely identified or counterfeit items. As an example, a dealer creates a website for the purpose of selling illicit drugs, accepting payment via credit card. These illegal transactions are laundered by disguising them as authorized payments for unregulated or anonymous products routed through legitimate merchants. Neither acquirers processing these payments nor interested regulators know that these payments are made for controlled substances with “ship to” orders to unregistered or false addresses.
Bad Guys Lurk behind Legitimate Commerce
In a specific case of illegal online drug sales in 2016, a pharmacy in New York was implicated in a widespread scheme to sell expired and fake HIV medication. The perpetrators used a legitimate company to process payments for the illegal transactions that occurred via shell companies. Due to the subterfuge of the operatives and buyers’ lack of authentic sources for accurate information about these products and the identity of the sellers, many victims of this scheme were unaware of the crime in progress.
The World Health Organization reports that the global value of counterfeit, contaminated, substandard and fake prescription drugs is over $400 billion per year. The Financial Times has reported that transaction laundering for online sales of all products and services amounted to $200 billion in the US in 2017. Around $6 billion of this total involved illegal goods, sold by up to 335,000 unregistered merchants.
The FBI has investigated cases in which political networks use US-based payment and e-commerce resources to finance their activities via fraudulent transactions. Apart from the denigration of the integrity of the processing systems being used, banks and credit card companies lose revenue when any form of money laundering occurs. Lost revenues are ultimately covered by higher prices for goods and services. Thus, we are all victims of transaction laundering.
Dangerous organizations are exploiting transaction laundering to fund their activities. The 2015 attack on the offices of the Paris-based satire magazine Charlie Hebdo was at least partially financed by transaction laundering. Perpetrators of the attack were discovered to have sold counterfeit items online. The attackers purchased over $9000 of counterfeit items—consisting mostly of fake Nike shoes procured from China via Western Union—and then sold them online in France as if they were the genuine article. In addition, The Wall Street Journal reported in August of 2017 that the FBI had uncovered records showing that ISIS had financed its domestic agenda in the US via masked sales on eBay via PayPal.
The US Regulatory Framework Is Evolving
US Federal regulators consider transaction laundering a special form of money laundering. A 2017 Federal Trade Commission case against Electronic Payment Systems indicates that the FTC is starting to move against specific instances of transaction laundering. However, FinCEN (the Financial Crimes Enforcement Network under the US Department of the Treasury ) has yet to release guidelines on transaction laundering countermeasures. Until FinCEN explicitly regulates transaction laundering, individual states will continue to have the right to combat transaction laundering as they see fit.
Currently, 13 out of the 50 US states have legislation in place to counter transaction laundering. Of the states that have passed such legislation, most have made these crimes some class of felony. Many of these states function as leading merchant acquiring hubs. In 2010 Georgia (currently the leading merchant acquiring state in the US) became the first state to implement a transaction laundering law. In 2015, five more states followed: North Carolina, Oregon, Texas, Utah and Wisconsin. And in 2016, six additional states – Washington, Virginia, Nebraska, Louisiana, Florida and Arizona – implemented transaction laundering laws, followed by Alabama.
The continued inability to detect and deter transaction laundering is an ever-increasing business risk. Unknowingly and unintentionally, transaction processors are exposed to the liability of facilitating criminal activity. This places them at risk of fines, chargebacks, legal action and brand or reputational damage whether or not the crimes themselves are ever prosecuted in an applicable jurisdiction.
SAP Advanced Screening Solutions Reduce Risk
In the wake of growing challenges posed by transaction laundering, there is SAP Business Integrity Screening. For our customers’ core transaction processing, SAP HANA-native SAP Business Integrity Screening was designed to provide real-time detection of payment fraud patterns. In addition, SAP Business Integrity Screening can place a live transaction block on suspect payments for automated or manual release upon review.
With this capability, customers are also able to:
- Receive live potential fraud alert notifications on in-process transactions
- Automatically detect anomalies in vendor master data, invoices, purchase orders, bank details, and customer details
- Apply real-time calibration for “What –if?” analysis on historical data with weighted factors and thresholds to reduce false positive cases
- Analyze transaction patterns leveraging optional integration with SAP Predictive Analytics
- Modify and monitor KPIs to optimize detection and screening performance
SAP Business Partner Screening Provides Added Support
Added support needed to identify sanctioned and anonymous parties to live transactions comes from SAP Business Partner Screening. The SAP HANA-based rule sets for identifying and blocking transactions involving (or on behalf of) drug dealers, arms traffickers, and other criminal organizations is found in this solution. Customers can license SAP Business Partner Screening as a standalone SAP HANA solution or receive the rule set as part of SAP Business Integrity Screening.
SAP Business Partner Screening allows our customers to:
- Monitor debarred parties in watch lists from multiple commercial data providers and legal authorities
- Run mass screening simulations of business partner lists to identify weak aliases and help reduce false positives in processed transactions
- Enable business users to modify key parameters used in live screening
- Enable multi-level alert resolution for escalations and case matches
We can’t hope to stop the practice of transaction laundering and counterfeit commerce and neither can our customers. However, SAP Business Integrity Screening and SAP Business Partner Screening help our customers to reduce significant revenue losses from fraudulent transactions and the high cost of related investigations.
In addition, they provide the ability to quickly determine the true identities of buyers and vendors in the very process of live purchases. This helps companies to avoid becoming party to illegal traffic and the potential fines, fees, criminal penalties, reputational damage, and loss of revenue that comes with it.
Learn more about the full range of SAP security offerings and please continue to read all of the blogs in our GRC Tuesday series.