Funds can be transferred from the credit card account to a different account. The incurred balance is then paid off using illegally obtained funds incoming from a different account or even paid off by cash.
Credit card wire transfers
Learn more >
This staggering statistic may still be on the rise. In addition to standard methods and tools, like checking accounts, money transfers or cash, more and more criminals turn to the new payment methods or systems that emerged from various financial institutions and fin-techs.
The rise of Apple Pay, Google Pay, PayPal and other tools along with the continuous increase in the volume of e-commerce related transactions (global cashless transaction volumes are projected to double by 20302) present an AML challenge to all institutions that issue credit cards.
Majority of these new payment methods provide the technology to facilitate the payment, but more often than not, the money originates from a good old credit card, usually issued by a good old bank.
Money laundering using credit cards is usually focused on executing payments that appear legitimate to conceal the illegal nature of the funds used. The most common schemes utilising credit cards involve both the card holder and the merchant who accepts the payments. Both parties are in on the scheme. The basic flow of funds is simple:
Illegal funds are transferred to the credit card (via wire transfer or using a cash payment).
The card is used to make a purchase with the merchant.
Money is passed on by the merchant to another account or withdrawn.
The process is repeated.
This simple scheme can be further complicated and “enhanced”, e.g. the merchant can mostly run a legitimate business, but they accept additional credit card payments to their account on behalf of a third party. In addition, the credit card and the merchant's account are usually set up with different banks, obscuring parts of the flow of funds from the view of the utilised institutions.
Sometimes by utilising them similarly to a checking account rather than a credit product, cynically assuming that credit cards undergo less scrutiny within the AML frameworks of financial institutions.
These “use cases” are dependent on how the credit card product is set up in a given financial institution. Here are some examples:
Learn more >
Learn more >
Learn more >
These methods may seem primitive and careless on the criminals’ part, but they feed on the major challenge of monitoring credit card transactions: the incredibly high volume of transactions.
This makes it increasingly difficult to differentiate the legitimate transactions from the suspicious ones. This will only get worse, due to the payment innovations and the rise of e-commerce mentioned at the beginning.
In some cases the easiest way of mitigating the risk of money laundering using credit cards is to review and change how the product is set up.
It all comes down to the risk appetite of the financial institution. One problem remains: some of these changes would disproportionately impact honest clients and, as a result, the revenues of the product.
The crucial ones are:
In principle, an effective alert generating system should flag all suspicious activity and limit the number of false positive alerts it produces. Best systems use a combination of rules and machine learning algorithms to analyse the transactions. The rule-based part runs on a set of scenarios, whose role is to identify the known patterns and typologies.
For example, a scenario can be built that identifies merchants with unusually high concentration of activity with a certain set of credit cards. Such a concentration indicates that there may exist a hidden relationship between the card holders and the merchant. This scenario can have a couple of variations - e.g. it can monitor a merchant that is external to the bank, but the cards are the bank’s clients or the merchant can be the client, but the cards are external.
Rule-based scenarios can only detect patterns that the financial institution is already aware of. They cannot identify new scenarios, something that the bank itself does not know it needs to be looking for. This is where the machine learning part of the system has its say.
The AI algorithms are used to analyse the data and identify patterns and trends that might not be yet known. This is a crucial feature, especially taking into account the incredible pace of change and the trends mentioned at the beginning of the article. These algorithms also adapt over time, learning from previous transactions and adjusting their behaviour accordingly.
Alerts should be then investigated in an effective manner, which needs to be supported by a versatile case management tool and relevant procedures.
The tools should allow the analyst to easily combine alerts or to review historical investigation results.
For example, in the scenario described earlier: if the alert points to a merchant receiving highly concentrated credit card payments from several, seemingly unrelated card holders, the process should allow the analyst to review activity on card holder accounts to identify the full flow of funds.
At the same time, the case management tool can utilise its own AI algorithms to support the analyst review process by helping him prioritise investigations or recommend deep dives into certain alerts. We all know not all alerts are created equal.
Fast changing client behaviours, emerging payment technologies and the sheer cunning of criminals always searching for new ways to launder their illegal funds present a huge challenge for financial institutions issuing credit cards.
Fortunately there is a clear way to become prepared to face this challenge.
By leveraging the appropriate technology, implementing streamlined and comprehensive processes and procedures, financial institutions will be able to comply with AML regulations and provide their customers with a safe and secure credit card experience.
Check out other publications in the “Transaction Monitoring” series:
Partner, Financial Crime Unit, PwC Poland
Director, Financial Crime Unit, PwC Poland