It’s been a few months since I last did one of these and wrote about the Pakistan Lottery Typology. There’s been a few things which have caught my eye since then so I thoughts I’d share them. No particular order. I’ll look at some similarities at the end though.
This cropped up in the news this week as Fortune reported that books may be a new way of laundering illicit funds.
The report outlined that a number of authors on Amazons self-publishing site had their identities stolen and then used to launder money. The way this typology works is that the criminal upload fake (but expensive) titles to the stolen accounts – and then ‘buy’ then in volume, with the funds used for the purchase being transferred on to further bank accounts.
The assertion is that the ludicrously high price means that the average purchaser won’t look twice at them, as they simply won’t pay that much for a book and therefore won’t complain when what they receive is simply a tome of nonsense words. One ‘book’ was reportedly available for $555. It also means the launderer gets more book for their buck (higher value transactions) - so more funds can be processed in single transactions.
Amazon have said they are looking into it.
Continuing the digital theme, it was also recently reported that a scamming operation based out of Bulgaria had swindled music streaming service Spotify out of as much as $1 million in royalties. Apparently they pulled off the feat “by uploading several third-party playlists of songs, creating a flurry of fake Spotify accounts to boost their play counts, and reaping the cash rewards out of the music-streaming company’s percentage-based payoff system”.
I’m not a Spotify expert so will quote the article for further details:
“Most of the tracks were 30 seconds long—suspicious, considering that’s exactly the minimum amount of time a song must be listened to before Spotify registers a single “play.”
It’s possible that those 1,200 followers were real, ardent listeners, streaming the tracks for hours at a time. But what is far more likely is that a Bulgarian individual or group set up 1,200 paying Spotify accounts and played the 500 tracks on continual, random loop. That seems expensive—1,200 accounts at the rate of $9.99 a month adds up to $12,000 for the person running the scheme—until you look at the payouts.
Spotify’s average per-track payout is $0.004 per play. If 500 30-second songs are set to play on an automatic 24/7 loop for one month, that’s 72 million plays in that period—or $415,000 a month.”
And that’s just for a single playlist…
Spotify are also investigating.
Towards the end of last year, Airbnb was also reportedly caught up in a money laundering scheme. This one was particularly interesting as it also had links to former Trump campaign Manager Paul Manafort.
The gist of this one is as follows. Collaboration took place through Russian language crime forums and stolen (or even legitimate and but willing) Airbnb accounts were used to request bookings. Payments were then made to the Airbnb hosts. The host then, as agreed, sends back a percentage of the booking cost (profit) to the booker. And no-one ever stays in the property. Stolen credit cards are often the source of the funds.
The organisational side of it seems quite interesting – the article says that the arrangers are prepared to go 50/50 on the funds involved and also implies that they are able to utilise Russian hosts who appear trustworthy because they are utilising the review system on Airbnb. The figures mentioned were around $3000 per transaction.
Airbnb responded to say that they look for suspicious activity by utilising machine-learning algorithms.
So what does this mean?
Well, as one of the articles I read about the Airbnb example said – criminals “will seize any opportunity they can, especially when there is an opening for pushing cash through online services, which sometimes require relatively little effort, a computer, and just a bit of creativity”.
It’s the creativity aspect which makes these typologies interesting and also scary. Fundamentally we are looking at an abuse of a system. All three of these are really based around intangibles – so an electronic product or a service. There is not a ‘physical’ exchange of goods taking place.
This makes the transaction monitoring piece really important, both for the platforms involved but also for the firms that are effectively processing the transactions.
This will, of course, already be in place. But by keeping up with emerging typologies, new parameters and algorithms can be considered and developing risks can (in theory) be more robustly assessed and managed. The creativity element needs to not only be the remit of the criminal, but also of the Financial Crime professional. Creative problems need creative solutions.