Tag Archives: anti-money laundering

The Bangladesh Identities Weren’t Synthetic Identities, But They Failed The “Somewhat You Why” Test

Andrew Austin at Sardine has written an eye-catching blog post that discusses a fraud ring exhibiting unusual patterns.

  • Some fraudsters use synthetic identities to fool systems, but good systems can catch the synths.
  • But other fraudsters use mules and other techniques that pass identity verification checks, because the people are REAL people.
Google Gemini.

Austin’s post discusses an example of the latter.

Sign-up patterns in Bangladesh

In this particular case (Example 3 of 3), a gig economy company had discovered a fraud ring operating out of Bangladesh, but the identities were those of real people. The investigator noticed something right off the bat:

“When we looked into it, something was off: all of the locations seemed to be clustered in a few small towns.”

But wait…it gets better.

“The fraudsters were going door-to-door and signing up anyone who was willing to share their information….

“Dozens of routes snaked through neighborhoods where new accounts were being created, each of them running from North to South and then back to their starting point on the next street over.”

It turns out that the fraudsters were going down each street, paying people to borrow their identities, and then moving on to the next street.

Google Gemini.

How identity factors (in the plural) identified the fraud

In Bredemarket’s view, this raised alarms surrounding two factors of identity verification and authentication.

  • The first was geolocation. Once the identities were plotted, it seems strange that all of the identities lined up down each street and on to the next street.
  • The second is what I call somewhat you why. It’s reasonable to believe that if person A signs up for a service, their neighbors may sign up also. But it’s NOT reasonable to believe that people would sign up for the service in address order, moving from street to street. “No, Jim, 158 1st street can’t sign up for the service! 156 1st street hasn’t signed up yet!”

Now even if you don’t believe that “somewhat you why” is a real factor (Sardine prefers to talk about “device and behavior intelligence“), it’s clear that fraudsters were using the identities of real people to engage in a massive fraud scheme.

Look at the patterns, and you can discover from unusual ones.

And now a word from our sponsor

And if you’re wondering why I discuss SIX factors of identity verification and authentication (rather than five or three), check out my ebook “Proving Humanity: The Six Factors of Identity Verification and Authentication.”

Four pages from "Proving Humanity: The Six Factors of Identity Verification and Authentication" by John E. Bredehoft, Bredemarket. Click on the image to purchase.

AML Fun: Be a Home-based Money Mule!

The term “money mule,” which first appeared around 2005, refers to a person who transfers illicit money for someone else—sometimes knowing that the activity is criminal, sometimes unknowingly. 

That new job

Scamicide warns us of money mule scams, although this work at home job may sound innocent enough:

“[Y]our job is to receive goods, often electronics that have been shipped to you, inspect them and then reship them to an address provided to you by your new employer.”

So the employee is being paid to inspect goods. What’s wrong with that?

“The problem is that these goods have been purchased with stolen credit cards and you have just become an accomplice to the crime when you ship them to someone else who will then sell them to turn the merchandise into cash.”

Trouble

And if the employee plays their cards wrong, they can end up on an Anti-Money Laundering blocklist.

Why? Perhaps the money launderers aren’t just after a profit. Perhaps, as the U.S. State Department’s Bureau of International Narcotics and Law Enforcement Affairs notes, that home-based employee may be supporting terrorism: 

“Among those who seek to disguise the illegal proceeds of their crimes are drug traffickers, terrorists, corrupt public officials, and organized criminal groups.”

A student job

And there are consequences for the money mules, knowing or not. A foreign student in the UK applied to a job ad with this job description:

“your job content is: use your mobile banking during daily part-time working hours, according to my requirements: help the company collect and transfer money, transfer to the account designated by the company, the company has every day Many orders.”

The company assured the student that everything was legal, so the student took the job. Things went well, until:

“And today my bank sent me a message saying they’ve frozen my account and will still do so unless i explain what certain transactions are for.”

Because the banks can also get in trouble if they violate AML laws.

Money muling doesn’t pay in the long run.

A3ML: When Regular AML is Not Good Enough

As some of you know, AML stands for Anti-Money Laundering. It ensures that money given to Johnny Angel doesn’t end up in the hands of Vladimir Putin. This impacts financial institutions:

“Banks had to follow government regulations (know your customer, anti-money laundering, know your business), even in the midst of a worldwide pandemic.”

But AML goes far beyond banks because of its national security implications. Which means the military has to get involved.

Therefore DARPA has entered the picture, with its Program Announcement (posted on SAM as DARPA-SN-25-23) for something DARPA calls “Anticipatory and Adaptive Anti-Money Laundering,” or A3ML.

Uh, what? GovTribe explains:

“The program seeks to develop sophisticated algorithmic methods that can analyze financial transaction graphs and detect suspicious patterns more effectively than existing manual processes. This initiative represents a significant shift towards proactive and predictive financial crime detection methodologies.”

Of course, the introduction of the word “predictive” raises alarm bells, based upon activities outside of banking. At best, police potentially waste a lot of time investigating every single broken tail light. At worst, Muslim lawyer Brandon Mayfield becomes a suspect for a crime he didn’t commit.

Hopefully the people pursuing A3ML can minimize bias.