Financial crime online: Dark Web vs Surface Web

The media is swamped with mentions of the evil called “The Dark Web”. And evil indeed it is.  After the conviction of  Ross Ulbricht - the ringleader of the notorious Silk Road website, law enforcement has concentrated it’s attention on drug trade, human trafficking and hacking communities in the dark web.

Law enforcement is correct to devote attention to dark web activities. Last year, the FBI launched a high-profile sting operation to battle drug trafficking on the dark web. Operation Hyperion identified thousands of dark web market users across three continents, sending a clear message that achieving true anonymity in the dark web is not that easy as many users have thought.   

However, illegal products and services thought to be exclusively available on the dark web, are quite often easily accessible through the familiar surface web, due to a scheme known as transaction laundering. By funneling illicit ecommerce payments through a legitimate merchant account, criminals are able to process payments for illegal goods and services out in the open. Merchant Service Providers and legitimate merchants, often unknowingly, end up facilitating online trade in illegal goods, exposing themselves to penalties and legal liability. 

Background: Deep/Dark/Surface Web Defined 

The surface web is where most of us operate almost all the time. It comprises any web content that is indexable by mainstream search engines like Google or Bing. 

The deep web simply refers to content that is not accessible for indexing by a search engine, and therefore, cannot appear in search results. There’s nothing sinister about deep web content by definition. Your emails are in the deep web, and so is your online bank account, your Amazon orders, flight and hotel reservations, and also your gym’s password-protected Pilates scheduling site. 

The common theme for all these examples is that you can only get to these pages by entering passwords and other credentials, or certain search parameters, etc. – these pages are generated dynamically and can’t be indexed. 

The dark web on the other hand is purposefully hidden, and can’t be accessed via standard web browsers at all. To access the dark web (among other methods), you’ll need a special browser such as TOR, to name one of the most famous ones. 

The dark web lives up to its name. More readily accessible, secure and anonymous than ever before, it has become far more than a fringe playground for hackers and journalists. It has evolved from a safe zone for the ones legitimately seeking anonymity into a full-fledged, corrupt network. The dark web today facilitates, on a massive scale, the worst things imaginable including the exchange of illicit content, collaboration on criminal plans, child pornography, sales of drugs and weapons, human trafficking, and a wealth of other illegal activities. So it well deserves the attention it gets from the law enforcers. 

Where is Financial Crime Happening? You might be surprised… 

There’s no question that the dark web is a haven for criminals. At a recent Law Enforcement Awards ceremony for the Financial Crimes Enforcement Network (FinCEN), an IRS crime team was recognized for its investigations into dark web, drugs and Bitcoin. 

Indeed, the financial activity on the dark web is conducted via the tools of crypto-currencies, Bitcoin being the most renowned one. It is almost impossible to use major payment methods such as credit cards on the dark web. 

Surfing the dark web requires savviness that is not possessed by the average Joe. It requires the awareness and the mindset of knowingly hiding and seeking anonymity. Most people do not shop for sneakers on TOR via a VPN using Bitcoins. Law enforcement is watching the dark web closely and criminals have good reason to be wary. 

But while all this is happening far below the surface, the criminals have found ways to conduct a good portion of their illicit activities out in the open.  To make things worse, they’ve found a way of accepting standard payment methods while abusing the financial system. It’s ironic that much of this crime is never even formally recognized as crime. Enter transaction laundering. 

What is Transaction Laundering? 

Transaction laundering (TL) is a new advanced form of money laundering and it occurs when a cyber criminal takes advantage of a legitimate payment ecosystem by funneling unknown transactions through seemingly unrelated ecommerce merchant accounts. These “unknowns” may or may not represent illicit goods, or unreported income. But from a regulatory point of view, they’re completely under the radar. 

For example, let’s say a dealer sets up a website to sell illegal drugs. He can actually accept payment via credit card from his customers by rerouting payments through a legitimate merchant account. The legitimate merchant (for example, an online clothing shop) and the MSP that processes the payments have no idea the payments are actually for drugs and not for clothes. And even if our drug dealer is selling – for example – legal drug paraphernalia, this example of transaction laundering is still facilitating a massive amount of unreported income. This represents an infringement of credit card brand association policies, a breach of KYC requirements and AML regimes, and also violates numerous federal regulations. 

The Extent of Transaction Laundering 

It is estimated that transaction laundering for online sales of products and services has reached over $150 billion a year in the US alone and over $300 billion globally, $10 billion of which, involves illegal goods, sold online by over 400,000 unregistered merchants. 

This is $300 billion of sales volume in illegal products and services sold online on the surface web using standard payment methods such as credit cards, of which Merchant Service Providers (MSPs) have neither control over nor specific knowledge of. These are unregistered transactions from hundreds of thousands of merchants that MSPs have not specifically approved, that go through the banking systems with effectively no KYC or AML procedures in place, and facilitate some of the worst kinds of illegal commercial activities. 

Through transaction laundering, criminals can now access an audience that would not be savvy enough, or criminally minded enough, to go through the alleys of the dark web or use crypto-currencies. Criminals can now easily sell counterfeit products, or prescription medications, to unknowing consumers that would otherwise not venture into the dark web to make a purchase. They can also now push controlled substances and extreme content through spam emails and other channels. One can only imagine what could happen if we took the hackers’ forums of the dark web and put them on Facebook for everyone to see. Now apply this to the ecommerce industry and that’s where transaction laundering comes into play.   

Transaction laundering grows as the volume of Internet commerce grows. Emerging payment models and transaction processing technology have not kept pace thus far with the massive growth in online shopping. With so many transactions over so many payment systems, MSPs (acquiring banks, payment facilitators, and online marketplaces) simply lack the right tools to sufficiently vet each merchant and each payment. 

Ron Teicher, founder and CEO of EverCompliant

Image Credit: Sergey Nivens / Shutterstock