While most people associate cybercriminals with hacking and security breaches, many of them have begun exploiting vulnerabilities in the e-commerce industry as well, using a new scheme called transaction laundering. By using transaction laundering, cybercriminals have found a way to bridge the gap between sellers of illicit (and often illegal) merchandise—drugs, counterfeit products, prostitution and the like—and the legitimate payment world. This, in essence, allows for the existence of a highway of illegal commercial activity going through the legitimate payments infrastructure.
Luckily (for them), gaps in online security and financial monitoring have made it easy for hackers to cover their tracks and disguise their transactions from banks, payment processors and law enforcement. In fact, criminals who process payments for illicit purposes through “legitimate merchant accounts” have become almost impossible for banks to detect. This new scheme has quickly pervaded the payment ecosystem, leading banks to unknowingly process illegal transactions, which result in millions of dollars in non-compliance fines, not to mention the huge reputational risk to their brands.
With the popularity of mobility increasing across financial services, today’s financial institutions must be vigilant about the wide variety of potential vulnerabilities present in the banking and payments ecosystems. These vulnerabilities can run the spectrum from banking and payments systems, as well as merchants, e-commerce, and other sites. This is why FIs need to work closely with their technology partners and systems implementers to ensure that all are following best practices, and guiding partners as to expectations and requirements for their collective systems and solutions.
Overview by Ed O’Brien, Director, Banking Channels Advisory Service at Mercator Advisory Group
Read the full story here