The Payments Hustler. Jane Hennessy. Head of External Alliances, G2 Web Services UMACHA Navigating Payments Conference October 5, 2017

Transcription

1 The Payments Hustler Jane Hennessy Head of External Alliances, G2 Web Services UMACHA Navigating Payments Conference October 5, 2017

2 Agenda Who is the Payments Hustler? How does he work? How have authorities gotten involved? What do you do about it?

3 Who is The Payments Hustler? A brief overview

4 Who is The Payments Hustler? Deals in illicit products or services Usually operates online Learned to hide his transactions by accepting credit cards under a front business ( Transaction Laundering ) Then lost his access after the card networks and acquirers got smart, causing him to rotate alternative payment methods ( Payments Laundering ) The Payments Hustler

5 What Payments Does He Use? Peer-to-Peer E-Wallets Mobile Pay Bank Debits/Credits ALTERNATIVE PAYMENTS METHODS MSBs Pre-Paid Cards Vouchers Cryptocurrencies Alternative Payment Methods (APMs) are payment methods apart from credit/debit cards used to make online purchases or transfer money While credit/debit cards are still the dominant online payment method, APMs are gaining ground rapidly While card brands become better at detecting front businesses, APMs are only slowly realizing this threat

6 What is the Growth and Acceptance of APMs? Pre-Paid Mobile Wallet 2016 Pre-Paid Cards Peer to Peer 2016 $1.35T +32% 2017 (Juniper Research) $3.1T by MM US Adults +25% 2017 (Javelin Strategy)

7 Where Does He Learn? Self-Study Laundering-As-A-Service

8 Why Do They Dwell in the Dark Web? What is The Dark Web? Information not searchable by traditional search engines Not easily traceable Used by Payments Hustlers to share tips in real time The most popular browser is The Onion Router or simply known as TOR

9 Latest Take Down The company profited anywhere from $600,000 $800,000 a day

10 How Does He Work? A high-level overview with case studies

11 What Is His Strategy? Rule #1 The Payments Hustler is Working to Get Paid With his merchant accounts closed, he is forced to go back to the drawing board Pre-Paid Transaction Laundering And/Or Point-to-Point $50 Vouchers Pre-Paid Cards Cryptocurrency MSBs Mobile Wallet Payments Laundering

12 What Are His Tactics? Plan A: Alternative Payment Networks (money transfer, P2P) Plan B: Bank Payments (account-linked debits, credits) Plan C: Cryptocurrencies (general: bitcoin, specialized: potcoin) Bad actors probe less monitored payment types for weaknesses through trial and error Alternative and emerging payments are often unprepared and find themselves unwittingly enabling crime

13 What Does It Look Like In Practice? Month 1 Month 2 Month 4 Merchandise Methods

14 What Does It Look Like In Practice? If you can t fix it, feature it! -Sir Ernest Shackleton

15 What Does It Look Like In Practice? Step 1 Step 2

16 What Does It Look Like In Practice? Step 3 Step 4

17 What Does It Look Like In Practice? Step 1 Step 2 Clearly this payment brand would not want to be seen as facilitating bestiality

18 What Does It Look Like In Practice? Escrow

19 What Does It Look Like In Practice? The payment has been laundered and no evidence of the illicit nature of the transaction is readily apparent

20 How Have Authorities Gotten Involved? Regulators and legislators take notice

21 Are Regulators Taking Notice?

22 Are Legislators Taking Notice? US State Congress Laws

23 What Do You Do About It? A playbook for action

24 What Does Good Organizational Communication Look Like? Compliance & Risk Sales Underwriting Account Monitoring Key Tactics Detect Look for Related Transaction Process Undisclosed Abnormalities Businesses Ferret Align Regularly Sales Out Initiate Front Practice Businesses Test with Orders Business Goals Detect Use Create Clawbacks Related a Feedback of Accounts Commissions loop with Customer Service Apply Review a Business Common Customer Business Detail Online Review Reputation Apply organizational best practices and stay abreast of fraud trends so you direct countermeasures

25 Confronting the Fraudsters In a comprehensive KYC/KYCC program, that deals with APMs, we see two investigative components: 1.Known Universe Your alternative payments solution(s) and their associated business customers 2.Unknown Universe Business customers who are claiming to have accounts with your APM or are using your APM through some kind of proxy as a means of hiding either the origination of the funds and/or what it is being spent on

26 Strategies for Known Universe Business Customer Monitoring Fraud History Database Watch Lists/Negative News/Complaints Is: A Enrolls KYC sizable intelligence your database customer that that helps websites checks you in persistent past comply fraud with Business and BSA/AML compliance Customer and consumer violations Monitoring for protection connections laws to seek to your prohibited portfolio malicious content Does: Checks Leverages your both customers exclusive data Does: against and aggregated Uses Business your data portfolio Customer sourced to records scan from the WWW to hundreds find for those of any global previously changes watch in caught your lists and in customers illicit hundreds activities of business thousands profile news and information sources Means: You discover prevent your when payment merchants turn system Means: to from You prohibited are being informed activities exploited of merchants before as a they last connected resort can involve by to PEPs crooked you or in sanctioned merchants, legal trouble or even persons damage when so your they avoid brand try to penalties use aliases and other regulator actions that can permanently harm your business Data-driven: machine crawling bad actor database expert analysts data science

27 iworks Consumer Complaints The company name given to me when researching was MIT, and was in good standings with the BBB. When my charge card statement arrived, the charge read Real Estate training. Later I learned it was iworks I tried contacting the original salesmen. After four attempts by and phone messages, no response. They have several lawsuits pending and I regret ever working for this company I actually worked for iworks in St. George, UT and was very troubled with the fraud taking place there Year 1 Year 2 Year 3 Year 4 Year 5 The previous comments by former iworks clients have all been valid. There is absolutely no one to call, write, or to negotiate with regarding a refund If there is an Atty in UT that would take this case to help me recover my money, I would like to talk. If iworks wants to resolve this, I am open to discussion; however, I cannot get in touch with them Source: Ripoff Report

28 Strategies for Unknown Universe Brand Monitoring Brand Investigations Test Transactions Is: A Sets Portfolio continuous up your audit system crawl of your across to payment trace the WWW e-commerce purchases brand by trained to sites hidden analysts looking endpoints for your without payment buying the brand goods or services Does: Finds concealed use of your Does: brand, Combines Finds such merchants as shady analysis business engaging tools and in forbidden mystery customers shopping activity that bait to buyers expose as defined with fraud by the law, regulation within false pretense your and system of credit credit card card rules and who acceptance are using and your switch brand to to your facilitate brand their Means: after activity payment You find fails merchants violating your terms and conditions that are dealing Means: You in the avoid have most access investigation egregious to global by law enforcement, commerce, investigative such tools unfavorable as to illegal ferret drugs media out or coverage pharma, hidden misuse illicit and other gambling, of your brand payment counterfeit damage because and system, other discovered you endeavors find and through act on human prohibited commerce research experience first and machine *May driven require web monitoring third party assistance Data-driven: machine crawling bad actor database expert analysts data science

29 Processing Sites Found Using Unknown Universe Tracing Same Phone# is a clue that this is a network of sites Process attempt #1 Transaction Started On this site

30 Key Takeaways With the growth of APMs comes the expanding opportunities for fraudsters to find ways to get paid Payments Hustlers rotate through new payment types to exploit loopholes and less developed due diligence policies Payments Hustlers are tech savvy and have access to data about the vulnerabilities of your financial products in great detail Legislators, law enforcement and regulators are not just targeting banks but new payment-method businesses as well Payments Hustling poses a threat to your brand and your bottom line You can protect yourself with the proper due diligence on Known Universe (recognized accounts) and Unknown Universe (concealed users)

31

32 Thank you! Jane Hennessy Head of External Alliances, G2 Web Services