In recent posts we introduced you to Cyber Security in Financial Services and gave you some background why you should care – the financial system is systemic and problems there can have global economic and societal ripple effects. We then looked at a recent cyber attack on U.S. banks (DDoS) and the industry’s answer and possible defenses.
Now we turn our attention to a specific form of cyber crime that goes widely unnoticed in the public, but is happening on a large and global scale: money laundering in cyberspace. For a deep-dive into what money laundering is and how it works in cyberspace, watch our two-part video series, the first of which is coming up this week. In today’s post, we want to give you a short overview of the nature and scale of the issue.
In the beginning, laundering money was a physical effort. The art of concealing the existence, the illegal source, or illegal application of income, and then disguising that income to make it appear legitimate required that the launderer have the means to physically transport the hard cash. The trick was, and still is, to avoid attracting unwanted attention, thus alerting the Internal Revenue Service (IRS) and other government agencies involved in searching out ill-gotten gains.
In what could be described as the “lo-tech” world of money laundering, the process of cleaning “dirty money” was limited by the creative ability to manipulate the physical world. Other than flying cash out of one country and depositing it in a foreign bank with less stringent banking laws, bribing a bank teller, or discretely purchasing real or personal property, the classic approach was for a “smurf” to deposit cash at a bank. 
Cyber laundering is a new way to hide the proceeds of crime and the advance of technological solutions of electronic payments and online gambling has eliminated the need for time and space as compared to the traditional way of money laundering to achieve Cyberlaundering. 
In 2001, U.S. prosecutors obtained almost 900 money-laundering convictions with an average prison sentence of six years. The rise of global financial markets makes money laundering easier than ever. Countries with bank-secrecy laws are directly connected to countries with bank-reporting laws, making it possible to anonymously deposit “dirty” money in one country and then have it transferred to any other country for use. Depending on which international agency you ask, criminals launder anywhere between $500 billion and $1 trillion worldwide every year. The global effect is staggering in social, economic and security terms. 
Terrorist funds are recycled in the financial system through a variety of layering techniques which take advantage of regulatory and supervisory weaknesses. Most recently the UK stated that financial crime there was 2% of GDP. 
Here is an excerpt from a cyber laundering chat channel:
<A> selling Bank Of America online access with $10.000 and other with $900 balance. Payment : Western Union
<B> who can cashout Bank Of America/Washington Mutual without pin but with online access msg me and lets make a great deal !
<C> can cashout verified paypals in 2 days. $2000 every couple of days. 75/25. Msg me for deal
<D> Payee: Centennial Bank
<D> Centennial -5541
<D> 4605 Harrison Blvd.
<D> Ogden, UT 84403
<D> 914-528-5626 Confirmation Number: XXX-YYY
<D> To edit this payment, change the payment information and click Save Changes
<D> Payee Amount Send Action
<D> Centennial $2,500.0 05/05
<D> i am w8 for new found hehe:D
<D> they just founded 2 transfers and i said why not try again
<D> this is my online acc:Payee: Centennial Bank
<D> i just send from a bank of america
<D> they sended checks to my acc lol
<D> 2 checks for 2.500
<D> gotta to go to italy to cash
<F> I SELL PAYPAL VALID AND VERIFIED WITH BALANCE 50$++++ MSG ME U GOT username/pw email acces ,pw!!ONLY WU! rippers dont waste my time
<G> have some 2k in Wells Fargo can transfer it in a form of check and can send paypal cash ….msg me if you can i perfer do deal with OPS@
Defenses against Cyber Laundering
It’s a daunting task to trace the origins of any deposit when there are about 700,000 global wire transfers occurring every day. Which is the dirty money and which is the clean stuff? Within the United States, there are two primary methods employed by the government to detect and combat money laundering: legislation and law enforcement.
Legislation includes the Bank Secrecy Act (1970), 1986 Money Laundering Control Act, 1994 Money Laundering Suppression Act, and 2001 U.S. Patriot Act.
Traditional law enforcement uses devices such as undercover stings to fight money laundering. The DEA’s Operation Juno, which ended in 1999, is a prime example. DEA agents made deals with the traffickers to turn drug money from dollars to pesos using the Colombian Black Market Peso Exchange. The operation ended with 40 arrests and the seizure of $10 million in drug proceeds and 3,600 kilograms of cocaine. 
However, fighting money laundering in cyberspace is a totally different ball game. There are process-oriented and technological weapons against cyber laundering. We will explore the technological weapons in more detail in future blogs. Here are some of the process- and policy-oriented means :
- FSAPs— The World Bank Group has incorporated a dedicated anti-money laundering module into the Financial Sector Assessment Program (FSAP). This module can be enhanced by updating it to provide technical assistance and training on how to identify and reduce new means of money laundering, cyber-crime and terrorist financing such as the “Non-Bank Issuer Model” and the “Peer-to Peer Model”.
- Global Payments Systems Mapping Project— Operational risk is a constant of doing business in a globally interconnected environment. By mapping the various means by which money moves, it will be possible to identify patterns, trends and discrete relationships otherwise unnoticed. This project and the knowledge derived there from can grant policy makers a better understanding of the flow of money, which can in turn be converted into knowledge for helping nations craft such things as monetary policies and financial risk assessment models.
- FATF Principle #13— Knowledge of one’s customers is a fundamental requisite to prevent money laundering. The “KTC” principle is significantly hampered by online transactions where digital money and anonymity of users creates a highly stealthy environment. To increase transparency, there are many authentication solutions, including the use of biometric and public key infrastructure (PKI) for users who initiate large value transfers. Two-factor authentication should be mandated by law for all financial transactions.
- Michael and Sascha
Financial Action Task Force (FATF)
PBS: The Black Market Peso Exchange
United Nations: IMoLIN
United Nations Office on Drugs and Crime: The Money Laundering Cycle
U.S. Department of Justice: Money Laundering