anti-money laundering – Bredemarket

“Accept Without Posting” Issue Resolved…Even Though I Appeared To Be Very Evil

Here’s the resolution to the “Accept Without Posting” issue that I discussed on Saturday.

You’ll recall that I initiated a Zelle transfer to my account at “the blue bank,” but the blue bank “placed this transfer on hold so they can conduct further review.”

With no word on what the blue bank was reviewing. And the “blue bank” representative whom I spoke with on Saturday didn’t know either.

I had already ruled out the simple explanations, such as either the sending Zelle account or the receiving Zelle account didn’t exist.
I figured that perhaps my use of Zelle was the issue. The day before I sent the “on hold” transaction, I had sent another transaction. I figured that two transactions in two days tripped up some odd alert of possible account draining.

Neither of these turned out to be the issue.

On Monday (just after I had rated the “blue bank” 5 out of 10 for its handling of the issue; coincidence, or no?) I received a call from someone at my local “blue bank” branch.

Turns out that the issue was the COMMENT that I attached to the Zelle transfer.

My comment referenced another individual. Without revealing this person’s personally identifiable information (PII), I will state that his first name begins with a K, his last name begins with a P, and he is a “Junior.” So because acronyms are wonderful, I referred to this person as “KP2” in the Zelle transfer field.

Which was an extremely evil thing to do, because that tripped up an anti-money laundering check.

“AML.” Google Lyria. Public Domain.

Basically, anti-money laundering checks verify that a person isn’t transferring money for a sanctioned person.

And I didn’t trip up just ANY anti-money laundering check.

This one was bad.

AML catches evil people.

Really bad.

How bad?

Let’s look at ISO 3166 country codes. The alpha 2-digit country code for the Democratic People’s Republic of Korea (North Korea) is…KP. KP-02 is the specific administrative code for South Pyongan Province (Pyeonganbuk-do).
And the Korean People’s Army includes a II Corps that is sometimes abbreviated as…KPA II Corps or KPA 2nd Corps.

Back to the call I received from my local “blue bank” branch. The representative didn’t go into all that, but just said that my comment about “KP2” looked like a reference to North Korea.

I burst out laughing.

I gave the “blue bank” representative the full name of K[REDACTED] P[REDACTED] Junior, explained that there were five “KP”s, and that I used numbers to tell them apart.

Ironically, both “KP2” and “KP4” are veterans. I wonder if they realize their initials associate them with this guy.

Kim Jong Un. By Mil.ru, CC BY 4.0, https://commons.wikimedia.org/w/index.php?curid=177498377.

Anyway, my answer satisfied the banker, the hold was removed from the Zelle transfer, and I received the money within minutes.

And I know to be careful when using acronyms beginning with the letter “K” in financial transactions.

AML

This Lyria song didn’t really move me, as it were. I doubt I will even put it on YouTube or the socials.

“AML.” Google Lyria.

Accept Without Posting (I may be a fraudster, June 2026 edition)

Remember in March 2022 when I searched my (then) Twitter profile picture against TinEye and found 0 matches, indicating that I may be a fraudster because TinEye didn’t have a history on me?

Well, I found additional evidence of my supposed shady nature.

For purposes of this discussion, I will refer to the two banks in question as the “red” bank and the “blue” bank. (No political implications here.) I’ve previously referred to the blue bank as Wildebeest Bank, but today I’m sticking to the color scheme idea.

Both banks use Zelle to support instant transactions between member institutions, and I have Zelle-enabled accounts with both banks. For the record:

I frequently perform immediate Zelle transfers from the blue bank to the red bank.
On Wednesday, I successfully performed an immediate Zelle transfer from the red bank to the blue bank.

So on Thursday, I thought nothing of sending a second Zelle transfer from the red bank to the blue bank.

Until the red bank emailed me.

“The recipient bank [the blue bank] has placed this transfer on hold so they can conduct further review. Upon completion of the review, they will either complete your transfer or [the red bank] will contact you with more details. No further action is required from you at this time.”

Now why would a bank conduct further review? Three possible reasons.

The recipient isn’t enrolled in Zelle. Not a problem here.
The recipient bank is conducting a technical check. This shouldn’t be a problem here, since both Zelle accounts have been successfully used before.
The recipient bank is conducting a fraud check. This, perhaps an anti-money laundering investigation, seems the most likely scenario, especially since this was launched one day after another transfer. Even though the second transfer is SMALLER than the first transfer, perhaps the one-day timeframe looks like someone is trying to drain the red bank account.

So this happened Thursday, and as of Saturday (two calendar days and one business day later) I hadn’t heard a thing.

So I called the blue bank, reached a helpful representative, and waited for her to research the issue. I heard her mutter over the phone:

“Accept without posting”

Then, a minute later:

“What does THAT mean?”

While I waited for her to officially talk to me again, I performed some online research and confirmed that “accept without posting” is another way of saying that the transaction is under review. Here’s what the Cleveland Federal Reserve says about FedNow, one bank transfer method:

“[T]he FedNow Service sends the payment information to the receiver’s financial institution and asks that bank to confirm that it intends to accept the payment message. It can accept, or reject, or accept without posting, which means some of the pre-checks of the transaction are pending or delayed.”

Then when the blue bank representative did speak to me, things got even more confusing as she said that there were notes from Monday involving “the green bank” that wasn’t even involved in the transaction. Wisconsin Travel Federation?

The representative didn’t have access to the group that put my Zelle transfer on hold, so for now I wait.

Technically it’s only been one business day.

The Bangladesh Identities Weren’t Synthetic Identities, But They Failed The “Somewhat You Why” Test

Andrew Austin at Sardine has written an eye-catching blog post that discusses a fraud ring exhibiting unusual patterns.

Some fraudsters use synthetic identities to fool systems, but good systems can catch the synths.
But other fraudsters use mules and other techniques that pass identity verification checks, because the people are REAL people.

Austin’s post discusses an example of the latter.

Sign-up patterns in Bangladesh

In this particular case (Example 3 of 3), a gig economy company had discovered a fraud ring operating out of Bangladesh, but the identities were those of real people. The investigator noticed something right off the bat:

“When we looked into it, something was off: all of the locations seemed to be clustered in a few small towns.”

But wait…it gets better.

“The fraudsters were going door-to-door and signing up anyone who was willing to share their information….

“Dozens of routes snaked through neighborhoods where new accounts were being created, each of them running from North to South and then back to their starting point on the next street over.”

It turns out that the fraudsters were going down each street, paying people to borrow their identities, and then moving on to the next street.

How identity factors (in the plural) identified the fraud

In Bredemarket’s view, this raised alarms surrounding two factors of identity verification and authentication.

The first was geolocation. Once the identities were plotted, it seems strange that all of the identities lined up down each street and on to the next street.
The second is what I call “somewhat you why.“ It’s reasonable to believe that if person A signs up for a service, their neighbors may sign up also. But it’s NOT reasonable to believe that people would sign up for the service in address order, moving from street to street. “No, Jim, 158 1st street can’t sign up for the service! 156 1st street hasn’t signed up yet!”

Now even if you don’t believe that “somewhat you why” is a real factor (Sardine prefers to talk about “device and behavior intelligence“), it’s clear that fraudsters were using the identities of real people to engage in a massive fraud scheme.

Look at the patterns, and you can discover from unusual ones.

And now a word from our sponsor

And if you’re wondering why I discuss SIX factors of identity verification and authentication (rather than five or three), check out my ebook “Proving Humanity: The Six Factors of Identity Verification and Authentication.”

Four pages from "Proving Humanity: The Six Factors of Identity Verification and Authentication" by John E. Bredehoft, Bredemarket. Click on the image to purchase.

AML Fun: Be a Home-based Money Mule!

The term “money mule,” which first appeared around 2005, refers to a person who transfers illicit money for someone else—sometimes knowing that the activity is criminal, sometimes unknowingly.

That new job

Scamicide warns us of money mule scams, although this work at home job may sound innocent enough:

“[Y]our job is to receive goods, often electronics that have been shipped to you, inspect them and then reship them to an address provided to you by your new employer.”

So the employee is being paid to inspect goods. What’s wrong with that?

“The problem is that these goods have been purchased with stolen credit cards and you have just become an accomplice to the crime when you ship them to someone else who will then sell them to turn the merchandise into cash.”

Trouble

And if the employee plays their cards wrong, they can end up on an Anti-Money Laundering blocklist.

Why? Perhaps the money launderers aren’t just after a profit. Perhaps, as the U.S. State Department’s Bureau of International Narcotics and Law Enforcement Affairs notes, that home-based employee may be supporting terrorism:

“Among those who seek to disguise the illegal proceeds of their crimes are drug traffickers, terrorists, corrupt public officials, and organized criminal groups.”

A student job

And there are consequences for the money mules, knowing or not. A foreign student in the UK applied to a job ad with this job description:

“your job content is: use your mobile banking during daily part-time working hours, according to my requirements: help the company collect and transfer money, transfer to the account designated by the company, the company has every day Many orders.”

The company assured the student that everything was legal, so the student took the job. Things went well, until:

“And today my bank sent me a message saying they’ve frozen my account and will still do so unless i explain what certain transactions are for.”

Because the banks can also get in trouble if they violate AML laws.

Money muling doesn’t pay in the long run.

A3ML: When Regular AML is Not Good Enough

As some of you know, AML stands for Anti-Money Laundering. It ensures that money given to Johnny Angel doesn’t end up in the hands of Vladimir Putin. This impacts financial institutions:

“Banks had to follow government regulations (know your customer, anti-money laundering, know your business), even in the midst of a worldwide pandemic.”

But AML goes far beyond banks because of its national security implications. Which means the military has to get involved.

Therefore DARPA has entered the picture, with its Program Announcement (posted on SAM as DARPA-SN-25-23) for something DARPA calls “Anticipatory and Adaptive Anti-Money Laundering,” or A3ML.

Uh, what? GovTribe explains:

“The program seeks to develop sophisticated algorithmic methods that can analyze financial transaction graphs and detect suspicious patterns more effectively than existing manual processes. This initiative represents a significant shift towards proactive and predictive financial crime detection methodologies.”

Of course, the introduction of the word “predictive” raises alarm bells, based upon activities outside of banking. At best, police potentially waste a lot of time investigating every single broken tail light. At worst, Muslim lawyer Brandon Mayfield becomes a suspect for a crime he didn’t commit.

Hopefully the people pursuing A3ML can minimize bias.