Transaction laundering occurs when a merchant processes payments through a legitimate account on behalf of another undisclosed business, often one engaged in illegal or prohibited activities. Detecting this fraud requires payment processors to identify hidden relationships between merchants, websites, and transaction flows that circumvent standard underwriting controls.
How Transaction Laundering Works
Transaction laundering exploits the gap between what a merchant claims to sell and what they actually process. A legitimate storefront business obtains approval to accept card payments for retail goods. Behind this approved front, the merchant routes transactions from undisclosed websites selling prohibited items such as counterfeit goods, unlicensed pharmaceuticals, illegal gambling services, or adult content. The card networks and acquirer see only the approved business activity while the actual commerce happens elsewhere.
Common Laundering Structures
The simplest structure involves a single merchant operating two websites: one approved storefront and one hidden site. The merchant descriptor and category code match the legitimate business, but transaction data originates from the undisclosed site. More sophisticated schemes use payment aggregation, where a compliant merchant acts as a front for dozens of underground sellers. The aggregator collects payments, takes a cut, and distributes funds to the actual sellers through wire transfers or cryptocurrency.
Shell company networks add another layer of complexity. Fraudsters create multiple legal entities with minimal operational history, obtain merchant accounts through different acquirers, and rotate transaction volume to avoid velocity triggers. Some laundering operations use affiliate marketing structures where the front merchant claims commissions on referred sales, masking the true source of transactions.
Detection Signals and Indicators
Acquirers and processors monitor multiple data streams to identify laundering activity. Web content analysis compares the products and services on a merchant website against their approved category code and business description. A sporting goods store suddenly selling supplements or streaming services triggers investigation. Transaction pattern analysis detects anomalies such as unusually high average ticket sizes, spikes in volume inconsistent with business type, or geographic clustering that contradicts the merchant location.
Technical fingerprinting examines website infrastructure to identify shared hosting, duplicate payment pages, or common ownership across seemingly unrelated merchants. If ten approved storefronts share the same server, SSL certificate, or analytics tracking code, they may be controlled by a single fraudulent operation. Descriptor analysis catches cases where the charge descriptor shown to cardholders does not match the approved business name or website.
Payment processors increasingly deploy machine learning models trained on known laundering cases. These models score merchants based on behavioral signals, website characteristics, and network relationships. High risk scores trigger manual review or automatic account suspension pending investigation.
Industry Response and Regulatory Requirements
Card networks mandate transaction laundering controls through their operating rules. Visa requires acquirers to verify merchant websites against approved business activities and monitor for undisclosed payment facilitator relationships. Mastercard mandates Merchant Monitoring Programs with ongoing surveillance of transaction patterns and web presence. Violations can result in fines exceeding 100,000 dollars per incident plus potential loss of acquiring rights.
The Bank Secrecy Act requires processors to file Suspicious Activity Reports when they detect laundering indicators. FinCEN guidance specifically calls out transaction laundering as a money laundering typology requiring enhanced controls. The CFPB has pursued enforcement actions against payment processors that failed to detect merchants engaged in unfair or deceptive practices, often involving laundering structures.
Summary
Transaction laundering detection protects the payments ecosystem from merchants who use approved accounts to process undisclosed or prohibited commerce. Effective detection combines web content monitoring, transaction pattern analysis, technical fingerprinting, and network analysis to identify hidden relationships. Regulatory requirements and card network rules mandate these controls, with significant penalties for acquirers who fail to detect laundering activity.