There are many ways in which a criminal can illegally acquire money electronically. Whether it’s through malicious malware, phishing, vishing and smishing scams, account takeovers or other vectors, a commonality across all these attack methods is that fraudsters will need to move the illicit funds fast to avoid being caught and have the sum confiscated.

This is where the three stages of money laundering come into play, according to the United Nations Office on Drugs and Crime (UNODC): placement, layering and integration. In traditional money laundering schemes, the placement of funds begins when dirty money is put into a financial institution. When funds are stolen online through digital transactions at financial institutions, the process immediately jumps to layering.

This is done in three main ways:

  1. Moving funds within the financial system;
  2. Moving funds into unregulated financial e-cash systems; and
  3. Removing funds from the financial system altogether.

Moving Funds Within the Financial System

Moving funds within the financial system generally only occurs with very large sums of money. Some of the most common methods for this include the use of:

  • Offshore accounts;
  • Anonymous shell accounts;
  • Money mules; and
  • Unregulated financial services.

Offshore Accounts

Individuals can transfer stolen funds into an offshore account in a locale where bank secrecy laws are very strict. These countries and territories are often referred to as tax havens.

Financial institutions, trusts, shell corporations and other financial groups in these regions may welcome money from almost anywhere and often do not require disclosure of information regarding where the money originated from. In turn, these institutions do not file any reporting back to the country in which the funds were generated.

Anonymous Shell Accounts

A shell company, bank, account or corporation is an entity that conducts no real business. It is essentially a cover used to hide and move funds. The purpose of these accounts is to deceive others into thinking the business is legitimate while laundering money and evading taxes.

According to the Federation of Tax Advisers, shell accounts “conceal the identity of the beneficial owner of the funds, and the company records are often more difficult for law enforcement to access because they are offshore, held by professionals who claim secrecy, or the professionals who run the company may act on remote and anonymous instructions.”

Money Mules

A money mule is a person who receives and transfers funds acquired illegally for others. Most mules receive a commission for their efforts.

When bank accounts are compromised by cybercriminals and international organized crime groups (OCGs), money mules are an essential part of moving victims’ money through the financial system and assisting criminals in cashing out the compromised accounts.

Unregulated Financial Services

Unregulated entities may offer a variety of services that can be applied for criminal purposes. Many things fit into this category, such as:

  • Electronic Money: Stored-value cards allow electronic money to be put onto the card directly and then used to purchase goods and services.
  • Casinos: In recent years, the Financial Crimes Enforcement Network (FinCEN) placed regulatory requirements on casinos due to the large sums of money and high frequency of transactions at these establishments. Not every country and territory follows these guidelines, however, allowing savvy criminals another pathway to move their illicit funds. A recent example of this is a Bangladesh bank heist where cybercriminals targeted the SWIFT system to move money before extracting it through a casino in the Philippines.
  • Underground Networks of Money Dealers: This refers to conduits through which money is transferred via informal methods. These underground systems can be used for legitimate remittances but are also used for money laundering, criminal activity and terrorist financing.

Preventing Money Laundering

Financial institutions have attempted to stop this type of criminal behavior through Customer Due Diligence (CDD) and Beneficial Ownership regulatory requirements. These requirements call for the identification of the true owner of an account to stop the abuse of anonymous shell corporations.

Mary Beth Goodman, a former member of the National Security and International Policy team at the Center for American Progress, wrote in American Banker that “beneficial ownership rules are actually good for business because they would lead to reduced corruption and increased competitiveness. Beneficial ownership rules reduce risk by allowing banks and other companies to know who they are doing business with and minimize their financial exposure to others’ misdeeds.”

These rules may be difficult to enact and follow; it can be a herculean effort to identify the true owner of a shell corporation or trust. Criminals know this and will purposely shuffle money from one anonymous offshore account to another, moving money through the financial system before it ends up in an account from which it can be withdrawn.

Financial institutions are continuously monitoring their security systems and watching account activity. Through the use of device identification, biometrics, transaction velocity monitors, geographical dispersion and customer behaviors, they are able to flag more attempted fraudulent activity than ever before. Having a systematic approach to financial security and financial crime prevention is essential to address vulnerabilities that fraudsters are eager to exploit.

More from Banking & Finance

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Cost of a data breach 2023: Financial industry impacts

3 min read - According to the IBM Cost of a Data Breach Report 2023, the global average cost of a data breach in 2023 was $4.45 million, 15% more than in 2020. In response, 51% of organizations plan to increase cybersecurity spending this year. For the financial industry, however, global statistics don’t tell the whole story. Finance firms lose approximately $5.9 million per data breach, 28% higher than the global average. In addition, evolving regulatory concerns play a role in how financial companies…

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

The rise of malicious Chrome extensions targeting Latin America

9 min read - This post was made possible through the research contributions provided by Amir Gendler and Michael  Gal. In its latest research, IBM Security Lab has observed a noticeable increase in campaigns related to malicious Chrome extensions, targeting  Latin America with a focus on financial institutions, booking sites, and instant messaging. This trend is particularly concerning considering Chrome is one of the most widely used web browsers globally, with a market share of over 80% using the Chromium engine. As such, malicious…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today