Embed Size (px)
Citation preview
Human Investigation and AutomationThe Integral Balance of Ecommerce Risk Mitigation
Author: Austin Denson, Marketing Specialist
August 2018
2 G2 Web Services • Human Investigation and Automation
IntroductionConsider today’s payment industry the “Wild West”, harnessing the good, the bad and the ugly. The clash between regulators and criminals is a consistent one. Late advancements in payment methods and technology has played a significant role in the transformation of our industry. In addition, new ecommerce markets and internet users are being introduced daily. These sudden adjustments within our payment system allow transaction and payment launderers to operate in the shadows. Cybercriminals are secretly navigating these new payment gateways, selling illegal drugs, pharmaceuticals, illicit pornography and other violating goods and services worldwide. Subsequently, acquiring banks and their partners are experiencing large assessment fees for violations that they were simply unaware of.
Online Crime Operations Vary
Some online schemes can be more advanced than others. Certain transactions may not be detected automatically and require a thorough human analysis to accurately diagnose the violation. It’s imperative that payment players and partners apply advanced web crawling technology and robust investigation techniques in tandem. Extracting and then comprehensively examining transactional data, merchant records and website data will create a more dynamic anti-money laundering (AML) strategy overall. In turn, applying multiple merchant monitoring best practices simultaneously will reduce false-negative reporting and boost profits.
Merchant Monitoring Best Practices:
• Advanced web crawling and data mining — detectpossible violations automatically
• Human investigation — reveal hidden gaps andviolations that crawlers cannot detect
• Merchant onboarding inspection — reveal red flags atthe beginning
• Transactional data analysis — discover connectionsbetween laundering sites, front sites andpartnering merchants
• Merchant data analysis — uncover negative news,historical violations, chargebacks and other red flags
• Persistent merchant monitoring — consistently monitormerchants to detect any sudden changes intheir operation
What’s Considered a Violation?
Let’s use Mastercard as an example. Any product or service that is illegal or brand-damaging is enforced by Mastercard’s Business Risk and Mitigation program (BRAM). BRAM is designed to protect Mastercard and its customers from illegal and brand-damaging transactions. This is a standard enforcement model that is exercised by most regulators. It’s important that compliance teams and their partners study these deemed violations and recognize that the law can be altered at any time. As a result, an acquiring bank might think a merchant is operating within regulatory boundaries when in fact they are committing a crime. Staying current with payment regulations is critical for compliance teams.
Violating transactions enforced by BRAM:
• Illegal sale of prescription drugs and/ortobacco products
• Illegal Internet gambling/miscoded gambling
• Child exploitation
• Offensive adult pornography
• Sale of counterfeit merchandise
• Sale of goods or services in violation of intellectualproperty rights
• Sale of certain types of drugs or chemicals(synthetic drugs, salvia divinorum, etc.)
• Coerced transactions
G2 Web Services • Human Investigation and Automationg2webservices.com
Some violation categories are discovered more frequently than others. To fully comprehend what types of illegal drugs and violations are being detected we encourage you to download the updated G2 Drug Watch List. This list includes trending drugs, pharmaceutics and psychoactives detected by the G2 Analyst Team. Walk away with an understanding of what brands are considered illegal, how they are distributed (pill, power, tube, etc.) and where they are commonly hidden online.
Ongoing Concerns for Acquiring Banks:
• Synthetic and illegal drugs
• Pharmaceuticals
• Pirated movies, TV shows, music and software
• Counterfeit goods
• Illegal gambling
• Illegal streaming/pre-loaded application devices
Numbers Don’t Lie, Cybercriminals Do According to a 2016 Global Economic Crime Survey, the transactions of illicit goods and services were estimated to be $1-2 trillion annually (Global, 2016). Only half of these transactions were detected by compliance teams. This rapid increase in cybercrime has heightened regulatory scrutiny on acquiring banks, services providers (PSPs) and other financial institutions (FIs). Of the 6,337 survey respondents, 1 in 5 FIs reported experiencing enforcement actions at some point in time. AML strategies and merchant risk assessments should be a top priority for PSPs around the globe.
Currently, the internet encompasses over 1.7 billion websites worldwide. From the creation of the World Wide Web in 1989, 46 percent of the world’s population now has an internet connection (See Figure 1). That is a substantial increase compared to the 1 percent recorded in 1995. In total, there are over 7.4 billion active internet users that spent an estimated $2,197 trillion in 2017 (Saleh, 2018).
Figure 1: Global Internet usage by region
Risk Investigation and Detection Manually searching through large volumes of data can be a daunting task. It’s estimated that 300 to 500 websites are created per minute. Manually monitoring that amount of content without automation is impractical. Luckily, recent advancements in web crawling and data mining technology has upraised risk mitigation efforts tenfold. Advanced crawling techniques can collect various amounts of data including outbound links, inbound links, recent site changes and many other variables. Data mining is then used to derive useful insights from the raw data. However, there is a delicate balance between automation and human investigation that will make or break a risk compliance strategy.
Red flags that should raise an analyst’s suspicion:
• Password protected sites that could hide violating content
• Non-descriptive, unnavigable, or partially developed websites that are processing transactions
• Incomplete websites that lack product details
• Unusual pricing structure for displayed products
• Non-clickable advertisements
• Spelling errors
• Products that cannot be purchased on the site
4 G2 Web Services • Human Investigation and Automation
Crowdfunding for KratomToday, a thoughtful idea can develop into bestselling product or service overnight. Musicians, filmmakers, entrepreneurs and others have successfully raised money through online crowdfunding sites for years. In 2016, $738 million was raised through crowdfunding sites worldwide. However, not all of the funds went to a legitimate cause.
Recently, the G2 Analyst Team discovered a merchant selling Kratom (See Figure 2). On the front page, the website states, “Due to technical difficulties on our processor’s end — on-site credit card processing may not be available. We have an off-site payment page, if you absolutely need to use a credit card.”
Figure 2: Violating website selling Kratom, a DEA “drug of concern”
When the G2 Analyst Team asked to pay using a credit card the website responded via email (See Figure 3). The email indicates that to make a card payment the customer must donate money on their fundraising page. The illegal card payment is disguised to fund a fake movie titled “The War On Dietary Supplements: The Documentary”. Essentially, the violating site is using a separate crowdfunding site to process illegal card payments for Kratom (See Figure 4).
Figure 3: Order confirmation and payment redirection email
Violating merchants will continue to work in secrecy unless detected by a keen eye. As you will see in the coming case study, a thorough human analysis was needed to completely expose and eradicate the illegal merchant.
What is Kratom? First, let’s distinguish what Kratom is and why it’s considered a violation. Kratom is a tropical evergreen tree in the coffee family. It has both opiate and stimulant properties and has been used in traditional medicine since the 19th century. FDA Commissioner Scott Gottlieb expressed his concern for Kratom consumption in a recent press release:
“The extensive scientific data we’ve evaluated about kratom provides conclusive evidence that compounds contained in Kratom are opioids and are expected to have similar addictive effects as well as risks of abuse, overdose and, in some cases, death. At the same time, there’s no evidence to indicate that kratom is safe or effective for any medical use.” - Scott Gottlieb
Kratom has been a DEA “drug of concern” for years. In 2016, the DEA announced the intention to make Kratom a Schedule I controlled substance. In February of 2018, the FDA announced that Kratom has been associated with 44 deaths. Luckily, G2 has been on the forefront of this trend for years.
G2 Web Services • Human Investigation and Automationg2webservices.com
Evolve or DissolveAML efforts have been forced to the forefront of the industry due to an upsurge in online fraud. New transaction laundering techniques are emerging and these economic crimes rest solely on the FIs facilitating them. PSPs that offer weak risk compliance programs are subject to hefty fines by regulators. Acquiring banks that have not implemented a sound risk compliance strategy are at risk. FIs need to be proactive in their efforts to prevent violating merchants from entering the payments ecosystem.
Figure 4: Crowdfunding page used to accept illegal card payments
Key takeaways for compliance teams:
1. Stay up-to-date on changing regulations
2. Utilize merchant monitoring best practices
3. Recognize red flags while performing a manual merchant analysis
4. Employ advanced web crawling techniques and human investigation in tandem
G2 Web Services Corporate Headquarters1750 112th Ave NE, Suite C101Bellevue, WA 98004 USA+ 1-888-788-5353
G2 Web Services London OfficeMillbank House1 Finsbury Square London, EC2A1AE UK
©2018 G2 Web Services. Specifications subject to change without notice. Printed in the U.S.A.
About G2 Web Services G2 Web Services, a Verisk business, is a global technology and services company that helps banks, processors and their partners ensure safer and more profitable commerce. Clients use G2’s tools and expertise to perform better due diligence and monitoring so they can grow their portfolios and manage changing rules and regulations while taking on acceptable risk.
Works Cited:Amount of money raised via crowdfunding globally (2016) | Statistic. (n.d.). Retrieved from https://www.statista.com/statistics/360512/funds-raised-via-crowdfunding-globally/
FDA, Health and Human Services. (2018, February 21). FDA oversees destruction and recall of kratom products; and reiterates its concerns on risks associated with this opioid [Press release]. Retrieved from https://www.fda.gov/newsevents/newsroom/pressannouncements/ucm597649.htm
Global Economic Crime Survey 2016 (2016). In PwC. Retrieved from https://www.pwc.com/gx/en/economic-crime-survey/pdf/GlobalEconomicCrimeSurvey2016.pdf
Saleh, K. (2018). Global Online Retail Spending – Statistics and Trends [Web log post]. Retrieved from https://www.invespcro.com/blog/global-online-retail-spending-statistics-and-trends/
Total number of Websites. (2017). Retrieved from http://www.internetlivestats.com/total-number-of-websites/
