Case study 1: Identity theft and money laundering

A Pay Pal account was opened in a branch of a foreign bank. The account was debited with
many transfers into accounts of a number of beneficiaries (according to order).
Modus operandi of the shady business consisted in changing middle (i.e. from 12th to 17th)
digits of the account, checksums (check digits), names of beneficiaries and their addresses,
while the last 9 digits and the bank code (digits from 3rd to 11th) remained the same. There
were a few (max. 10) transfers, the value did not exceed 3000 PLN (equivalence of ca 1000
USD).
After a couple of days, the accumulated funds were wired into accounts of a few organizers
or were withdrawn in cash.
As it was established, the funds originated from the American Pay Pal accounts belonging to
different individuals. Having stolen their identity (identity theft), the criminals opened Pay
Pal accounts on their behalf, then a motion to open a credit line was made on the behalf of
victims. Material was sent to public prosecutors office.
As a result, the bank implemented a system of automatic verification of the beneficiaries
accounts in case of incoming transfers, and this preventive measure forced offenders to
change their modus operandi. The criminals started to open lots of Internet-access accounts
in different banks (a record-holder opened 1 main and 261 auxiliary accounts). The accounts
were credited with wire transfers coming from the Pay Pal account. Accumulated funds were
transferred into accounts of few organizers from which were withdrawn in cash.
Follow-up material was sent to the Public prosecutors office. 48 accounts belonging to one
of the criminals were blocked. Police found out that the shady business was organized and
controlled by a person who was a sort of specialist in banking and/or IT systems. The
participants lived in the same district of the town and were well-known to the local police.
As for the technical details, the identity theft crime was committed using botnet.
Source: Poland
Case study 2: Use of digital goods and defrauding their seller in a way that
allows criminals to obtain directly legitimate funds
The victims: a set of Credit Cards holders, an e-payment company, and a VoIP Company

The scheme: Fraudsters own several companies that offer Premium Phone Numbers. They
set a large number of relays around the world, mostly in poorly regulated countries, and
they start calling these relays from zombie PCs, using VoIP accounts funded with
fraudulent Credit Cards used through the e-payment system.
Comments: The calls generate actual revenue for the Premium Numbers providers. These
companies can legitimately assert that they have no ways to check that calls to their
destinations are fraudulent or not. Moreover, if these calls come from all over the world, it is
very difficult to find a commonality.
The e-payment system sees transactions with VoIP providers, but has no way to check if
these are fraudulent or not, beyond its usual anti-fraud checks. And the VoIP Company sees
only the relays, but not the final destinations. If the relaying infrastructure is built prudently
enough, there is almost no risk for the fraudsters to be uncovered.
And as a result, from an ML/TF perspective, we have the proceeds of a crime, the theft of
Credit Cards details, which are transferred to the legitimate economy of a given country
without having to go through the Financial System, and be exposed to its anti-moneylaundering controls.

Next
In our next post, we will look at some specific software solutions to help detect suspicious
activity.
- Michael & Sascha
Sources:
[1] PayPal.com
[2] Criminal money flows on the Internet March 2012, Moneyval (www.coe.int/moneyval)