Money laundering via in-app purchases

July 24, 2018 3 minute read

Not all fun and games – Money laundering via in-app purchases

Despite their name, free-to-play games generate hundreds of millions of dollars a year through in-app purchases. Last week, research firm Kromtech, discovered that this highly liquid in-app market has been used to launder money from stolen credit cards in three popular games. The scheme worked as follows:

  1. Criminals steal 20,000 credit card credentials,
  2. Then set up a MongoDB database to automatically generate Apple store accounts to create game accounts,
  3. They would then use the stolen cards to purchase expensive in-app objects,
  4. Sell these purchases to other players through third-party markets and,
  5. Hey presto, they exit the game with seemingly clean money.

The scheme was discovered because the money launderers used an unsecured MongoDB database which tells us two interesting things. Firstly, money launderers continue to experiment with cutting-edge technology. MongoDB is most commonly used in big data analytics and is praised for its ability to rapidly query large quantities of data. Secondly, they may have been technically sophisticated, but they lacked robust information security as failing to secure their database with a password led to its discovery. Most importantly what this story shows is a proven case study of in-game money laundering, something which so far has been mainly anecdotal. With over $37 billion traded each year through in-app game purchases, it would be no surprise if more money launderers weren’t drawn to this large market. 

No need to HODL – FATF to issue crypto-guidance in October

After months of deliberation, we have a date for when the Financial Action Task Force (FATF) will issue guidance on how states should apply its recommendations to cryptocurrencies and assets. According to the communique that came out of last weekend’s G20 summit, it will be this October under the US presidency. As set out by their paper to the G20, FATF wants to achieve a number of goals with their guidance.

Firstly, they want to ensure that there is a consistent, global approach to crypto-regulation, which doesn’t produce unnecessary barriers to legitimate use. As global standards are only as strong as where they are most lightly implemented, this consistent approach will be essential. So too, is the emphasis on not creating barriers as this will not only reduce the financial inclusion benefits of cryptocurrencies but will likely only serve to push illicit actors underground. FATF also plans to take special consideration of how to best curtail the higher AML/CFT risks present by prepaid cards, Bitcoin ATMs and Initial Coin Offerings. All of this couldn’t come soon enough. The FATF paper also reports that the use of cryptocurrencies to launder the proceeds of crime is becoming more common in a wider range of predicate offences than ever before.

Not for Sale – The success of GTOs in the US

When trying to hide illicit funds, criminals often turn to high-end property, anonymously purchased through shell companies to store their wealth. In 2016 the US tried to tackle this problem by introducing Geographic Targeting Orders (GTOs). These require insurance brokers to identify the Ultimate Beneficial Owner (UBO) of a Limited Liability Company (LLC) when it tries to purchase a property in all-cash. GTOs were originally put in place for six months and have subsequently been extended three times. Back in March, we questioned whether their extension alone indicated their success, now we have our answer.

A recently published paper spells out exactly what the effect of GTOs have been on money laundering. The results are staggering, after the implementation of GTOs in 2016 the number of all-cash property purchases by LLCs decreased by 70%. This is a considerable indicator of success but not just for crime prevention. In areas where GTOs are in place, the property price also decreased, supporting the common theory that money laundering through property artificially inflates prices, which has a negative impact on law abiding citizens. For the time being GTOs seem to be working and they provide evidence that new tools which require the identification of ownership are useful in the fight against financial crime.

Tell me what you think about ComplyAnalysis by taking this 2-minute survey:

Take Survey Now