Vulnerabilities of Commercial Websites and Internet Payment Systems
Criminals have shown adaptability and opportunism in finding new channels to launder the proceeds of their illegal activities and to finance terrorism. As the Internet becomes more and more a worldwide phenomenon, commercial websites and Internet payment systems are potentially subject to a wide range of risks and vulnerabilities that can be exploited by criminal organizations and terrorist groups.
The present study analyses money laundering and terrorist financing (ML/TF) risks associated with commercial websites and Internet payment systems with the focus on mediated customer-to-customer websites as the most vulnerable to abuse because of their popularity, accessibility (to the public), and high volume of cross border trade transactions. The analysis also provides a number of case studies that illustrate how mediated customer-to-customer websites can be exploited for ML/TF purposes.
The project team believes that even though awareness of ML/TF amongst major players in the online sector is increasing, due to efforts made by regulators and trade associations, efforts need to be made to increase this awareness, particularly regarding the mechanisms of ML/TF.
Looking ahead, the study identifies areas which could be the focus of future efforts in order to improve the capacity to cope with the identified ML/TF risks: i) building a better understanding amongst governmental bodies and the private sector of online ML and TF risks and related typologies and developing guidance for implementing mechanisms to detect suspicious transactions, ii) making traditional financial institutions aware that they still have an important role to play in the detection and the monitoring of suspicious financial transactions, even when the payment is made via an Internet payment service provider, iii) given the international character of commercial websites and Internet payment systems, international cooperation is a key factor in the fight against ML and TF, iv) explore further ways Financial Intelligence Units (FIUs) can enhance the exchange of information and data pertaining to the criminal misuse of commercial websites and Internet payment systems. Finally, given the international character and presence of Internet, it is difficult to determine which jurisdiction has regulatory authority over an Internet payment service provider, and how enforcement action can be applied if there are violations. World based Internet payment service providers have locations and licences in different countries and regions. It is consequently important that governments impose similar regulations, requiring customer identification, due diligence, record keeping and transaction reporting, to avoid certain Internet payment service providers choosing the country with the poorest regulations or one that is not at all regulated.