There are many ways in which a criminal can illegally acquire money electronically. Whether it’s through malicious malware, phishing, vishing and smishing scams, account takeovers or other vectors, a commonality across all these attack methods is that fraudsters will need to move the illicit funds fast to avoid being caught and have the sum confiscated.

This is where the three stages of money laundering come into play, according to the United Nations Office on Drugs and Crime (UNODC): placement, layering and integration. In traditional money laundering schemes, the placement of funds begins when dirty money is put into a financial institution. When funds are stolen online through digital transactions at financial institutions, the process immediately jumps to layering.

This is done in three main ways:

  1. Moving funds within the financial system;
  2. Moving funds into unregulated financial e-cash systems; and
  3. Removing funds from the financial system altogether.

Moving Funds Within the Financial System

Moving funds within the financial system generally only occurs with very large sums of money. Some of the most common methods for this include the use of:

  • Offshore accounts;
  • Anonymous shell accounts;
  • Money mules; and
  • Unregulated financial services.

Offshore Accounts

Individuals can transfer stolen funds into an offshore account in a locale where bank secrecy laws are very strict. These countries and territories are often referred to as tax havens.

Financial institutions, trusts, shell corporations and other financial groups in these regions may welcome money from almost anywhere and often do not require disclosure of information regarding where the money originated from. In turn, these institutions do not file any reporting back to the country in which the funds were generated.

Anonymous Shell Accounts

A shell company, bank, account or corporation is an entity that conducts no real business. It is essentially a cover used to hide and move funds. The purpose of these accounts is to deceive others into thinking the business is legitimate while laundering money and evading taxes.

According to the Federation of Tax Advisers, shell accounts “conceal the identity of the beneficial owner of the funds, and the company records are often more difficult for law enforcement to access because they are offshore, held by professionals who claim secrecy, or the professionals who run the company may act on remote and anonymous instructions.”

Money Mules

A money mule is a person who receives and transfers funds acquired illegally for others. Most mules receive a commission for their efforts.

When bank accounts are compromised by cybercriminals and international organized crime groups (OCGs), money mules are an essential part of moving victims’ money through the financial system and assisting criminals in cashing out the compromised accounts.

Unregulated Financial Services

Unregulated entities may offer a variety of services that can be applied for criminal purposes. Many things fit into this category, such as:

  • Electronic Money: Stored-value cards allow electronic money to be put onto the card directly and then used to purchase goods and services.
  • Casinos: In recent years, the Financial Crimes Enforcement Network (FinCEN) placed regulatory requirements on casinos due to the large sums of money and high frequency of transactions at these establishments. Not every country and territory follows these guidelines, however, allowing savvy criminals another pathway to move their illicit funds. A recent example of this is a Bangladesh bank heist where cybercriminals targeted the SWIFT system to move money before extracting it through a casino in the Philippines.
  • Underground Networks of Money Dealers: This refers to conduits through which money is transferred via informal methods. These underground systems can be used for legitimate remittances but are also used for money laundering, criminal activity and terrorist financing.

Preventing Money Laundering

Financial institutions have attempted to stop this type of criminal behavior through Customer Due Diligence (CDD) and Beneficial Ownership regulatory requirements. These requirements call for the identification of the true owner of an account to stop the abuse of anonymous shell corporations.

Mary Beth Goodman, a former member of the National Security and International Policy team at the Center for American Progress, wrote in American Banker that “beneficial ownership rules are actually good for business because they would lead to reduced corruption and increased competitiveness. Beneficial ownership rules reduce risk by allowing banks and other companies to know who they are doing business with and minimize their financial exposure to others’ misdeeds.”

These rules may be difficult to enact and follow; it can be a herculean effort to identify the true owner of a shell corporation or trust. Criminals know this and will purposely shuffle money from one anonymous offshore account to another, moving money through the financial system before it ends up in an account from which it can be withdrawn.

Financial institutions are continuously monitoring their security systems and watching account activity. Through the use of device identification, biometrics, transaction velocity monitors, geographical dispersion and customer behaviors, they are able to flag more attempted fraudulent activity than ever before. Having a systematic approach to financial security and financial crime prevention is essential to address vulnerabilities that fraudsters are eager to exploit.

More from Banking & Finance

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today