Please enable JavaScript to view the comments powered by Disqus.

About


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Comment Standards:
Comments are moderated and will not appear until the moderator has approved them.

Please submit appropriate comments. Inappropriate comments include content that is abusive, harassing, or threatening; obscene, vulgar, or profane; an attack of a personal nature; or overtly political.

In addition, no off-topic remarks or spam is permitted.

February 24, 2020

Mules May Pack More Than Money

My colleague Dave Lott recently blogged on global law enforcement efforts to crack down on money mules. In his post, he categorized the two main groups of money mules: the innocents and the criminals. It just so happened that last November, I received an email trying to recruit me to be a mule (see the image).

email recruiting me to be a mule

I recently watched a fascinating video describing another type of unwitting mule. The nearly 20-minute video video fileOff-site link from the DEF CON 27 Hacking Conference is well worth your time. Nina KollarsOff-site link offers a highly entertaining glimpse into an interesting mule scheme known as triangulation fraud. (You can see the diagramOff-site link she uses in KrebsOnSecurity.) Rather than helping criminals launder money by moving ill-gotten funds, the mules in triangulation fraud help launder money by unwittingly purchasing legitimate, usually discounted, ill-gotten products from the criminals on a third-party marketplace. These criminals use data from stolen credit cards or synthetically created identities to purchase the products and then "cash out," or launder the funds by reselling them. Criminals will obviously use the data to purchase high-end products for their own use, but the adage that "cash is king" is true for criminals as well and they often look to turn their ill-gotten goods into cash.

The triangulation fraud scheme places the mule in an interesting position, as Kollars highlights in her video. While some people may not suspect they've been caught up in a fraudulent scheme, she was astute enough to know something fishy was going on and that she was, in fact, receiving illegally purchased goods—or, in essence, stolen goods. Ultimately, she reached out to the manufacturer of the products she received in an effort to return them. She also contacted law enforcement. Kollars acknowledged that even though she knew she was dealing with criminals, the deals were so good it was tempting to continue transacting with them.

We often write in this blog about the financial losses due to fraud of the various affected parties, including consumers, financial institutions, and businesses. But there is another important negative consequence I want to highlight now: mules help criminal and terrorist organizations fund illicit activities such as drug trafficking and terrorist activities by participating in moving money around the globe or by purchasing products, as Kollars describes in the video. It is imperative that people who suspect they are looking at a triangulation scheme or otherwise being recruited as mules immediately reach out to law enforcement. These schemes may seem small and harmless, but they are a form of money laundering. Let's all do our part to educate potential mule recruits about these schemes to stop them from being lured in and, if someone tries to recruit them, about the importance of notifying law enforcement immediately. We can all work together to put an end to the recruitment of unsuspecting citizens by global criminal and terrorist organizations.

February 10, 2020

Slowing Down the Mule Train

Slowing down the money mule train, that is. Money mules are those individuals who transfer money or goods received through fraudulent schemes on behalf of or at the direction of a criminal enterprise, often based outside the United States. It's a form of money laundering.

In December 2019, the FBI announced it was collaborating with other domestic and international law enforcement agencies to identify, stop, and prosecute major money mule networks. Two months later, it claimed that the operation had stopped the illegal actions of more than 600 domestic money mules—a 50 percent increase in their success rate over the entire previous year. (The U.S. efforts coincided with the European Money Mule Action, led by Europol, the European Union's agency that combats crime and terrorism.)

So who are these money mules and how are they recruited? The money mules fall into two main groups: innocent participants and those people who are as criminal as the leaders of the fraud schemes. It's the money mules who take the greatest risk; the leaders of the schemes use them to insulate themselves from arrest and prosecution.

The first group, the naïve participants, are generally recruited through online ads, résumés submitted to mainstream job search sites, or emails promising work-from-home employment as a "payment processing" or "money transfer" agent. Upon being "hired," these people must provide their bank account information so that deposits can be made to their accounts. If the victims say they want to open a new account to process these transactions, the contact dissuades them from doing so because new accounts face additional scrutiny and restrictions. When a deposit is made, a mule has to transfer those funds, minus the "commission," to another bank account. That account is usually outside the United States so the transfer occurs through an international money transfer service. The mule might also be asked to purchase gift cards, load funds onto them, and then provide the card numbers and PINs to the contact. Individual transactions are generally under $10,000 to avoid the filing of currency transaction reports or suspicious activity reports.

Sometimes truly innocent participants are caught in a "cuckoo smurfing" scheme. In this scenario, someone's bank account credentials are compromised without that person's knowledge. The criminal deposits or transfers money into the account and quickly moves it over to another account. The innocent participant isn't aware of this transaction until he or she checks the account.

However, the vast majority of money mules are people who clearly know they are acting illegally. They are often part of local, national, or international gangs, and use the proceeds of money mule activities to fund other criminal activities.

While there have been a number of enforcement successes, including the effort announced by the FBI, the constant attention being given to this problem indicates it persists. Hats off to all the various law enforcement agencies involved in this money mule crackdown. Hopefully, the increased publicity will prevent individuals from unknowingly becoming part of these networks as well as highlight the scams used to victimize others. What other actions do you think will help curb this type of crime?

September 10, 2018

The Case of the Disappearing ATM

The longtime distribution goal of a major soft drink company is to have their product "within an arm's reach of desire." This goal might also be applied to ATMs—the United States has one of the highest concentration of ATMs per adult. In a recent post, I highlighted some of the findings from an ATM locational study conducted by a team of economics professors from the University of North Florida. Among their findings, for example, was that of the approximately 470,000 ATMs and cash dispensers in the United States, about 59 percent have been placed and are operated by independent entrepreneurs. Further, these independently owned ATMs "tend to be located in areas with less population, lower population density, lower median and average income (household and disposable), lower labor force participation rate, less college-educated population, higher unemployment rate, and lower home values."

This finding directly relates to the issue of financial inclusion, an issue that is a concern of the Federal Reserve's. A 2016 study by Accenture pointed "to the ATM as one of the most important channels, which can be leveraged for the provision of basic financial services to the underserved." I think most would agree that the majority of the unbanked and underbanked population is likely to reside in the demographic areas described above. One could conclude that the independent ATM operators are fulfilling a demand of people in these areas for access to cash, their primary method of payment.

Unfortunately for these communities, a number of independent operators are having to shut down and remove their ATMs because their banking relationships are being terminated. These closures started in late 2014, but a larger wave of account closures has been occurring over the last several months. In many cases, the operators are given no reason for the sudden termination. Some operators believe their settlement bank views them as a high-risk business related to money laundering, since the primary product of the ATM is cash. Financial institutions may incorrectly group these operators with money service businesses (MSB), even though state regulators do not consider them to be MSBs. Earlier this year, the U.S. House Financial Services Subcommittee on Financial Institutions and Consumer Credit held a hearing over concerns that this de-risking could be blocking consumers' (and small businesses') access to financial products and services. You can watch the hearing on video (the hearing actually begins at 16:40).

While a financial institution should certainly monitor its customer accounts to ensure compliance with its risk tolerance and compliance policies, we have to ask if the independent ATM operators are being painted with a risk brush that is too broad. The reality is that it is extremely difficult for an ATM operator to funnel "dirty money" through an ATM. First, to gain access to the various ATM networks, the operator has to be sponsored by a financial institution (FI). In the sponsorship process, the FI rigorously reviews the operator's financial stability and other business operations as well as compliance with BSA/AML because the FI sponsor is ultimately responsible for any network violations. Second, the networks handling the transaction are completely independent from the ATM owners. They produce financial reports that show the amount of funds that an ATM dispenses in any given period and generate the settlement transactions. These networks maintain controls that clearly document the funds flowing through the ATM, and a review of the settlement account activity would quickly identify any suspicious activity.

The industry groups representing the independent ATM operators appear to have gained a sympathetic ear from legislators and, to some degree, regulators. But the sympathy hasn't extended to those financial institutions that are accelerating account closures in some areas. We will continue to monitor this issue and report any major developments. Please let us know your thoughts.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

July 29, 2013

Suspicious Activity Reports: What the Numbers Show

Initially intended to help law enforcement identify individuals and organizations involved in money laundering and terrorist financing, Suspicious Activity Report (SAR) filings are also used to help detect activities related to consumer fraud and identity theft. Depository institutions (DIs) and money services businesses (MSBs) together file about 98 percent of all SARs submitted annually to the Financial Crimes Enforcement Network (FinCEN). Industry groups are constantly working to educate SAR filers about the various types of activities that they should document so these activities can be properly tracked. FinCEN recently updated its statistics to include SAR activity in 2012, and the summary volumes are shown in the chart below. The Retail Payments Risk Forum believes that an ongoing educational effort of customers, as well as DI employees, is a vital element in recognizing and mitigating fraud in our payments system. As part of that effort, I think there would be benefit in examining the shifts among the different SAR activities and gain an understanding as to possible reasons for these shifts.

SAR Filings by DIs and MSBs: 2013-12

As the above chart shows, the number of SARs filed by DIs has risen steadily over the last two years. SARs from MSBs, on the other hand, dropped 14 percent from 2011 after seeing an average annual increase of 15 percent over the previous two years. So why the ups and downs?

From a pure numbers standpoint, the answer to the question lies in the details of the activities that can trigger a SAR. In the case of SAR filings from DIs, for example, 2012 saw a dramatic increase in identity theft and check fraud filings, while mortgage loan fraud SARs dropped. This shift is explained by the increased diligence being placed on mortgage loans and the alarming growth of identity theft and check fraud incidents. By contrast, SAR filings from MSBs showed a substantial decrease in the category where the person reduced the amount of money order or traveler's check purchase to avoid having to complete a funds transfer record (but still generating a SAR). One wonders whether this reduction represents progress in the fight against money laundering and terrorist financing, or have the individuals engaged in these illegal activities changed their money handling tactics by performing lower dollar value transactions to avoid suspicion and identification?

Every federal judicial district has a SAR review team. This team of regulators and federal and local law enforcement reviews SARs to determine whether they need to initiate new investigations or supplement the filings to existing cases. The efforts of these teams illustrates how more comprehensive reporting, improved data analysis, and stronger monitoring capabilities can help detect and address fraud and abuse within our payments system. FinCEN publishes a semiannual report—Trends, Tips & Issues—that provides a summary of key findings from the teams' reviews of SARs. These reports let involved parties know how they can use the information to provide greater protection to potential victims of fraud. We encourage you to read copies of FinCEN's reports to better understand current fraud trends so you can educate your employees and customers.

Photo of David LottBy David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed