Authors: Hitha Prabhakar
Although these figures are still difficult to track, the World Bank estimates that billions of dollars are illegally transferred on SVCs, with a loss of hundreds of millions of dollars to retailers in the U.S. and billions of dollars worldwide.
Retailers Feel the Pain of SVC Fraud
Stores within the U.S. felt the impact of SVC usage as money laundering instruments. In 2005, the National Retail Security Survey found that the average loss to retailers from gift card fraud (another form of SVC) was approximately $72,000. The cost increased in 2010 by nearly 2,000%. The retailers that responded to the survey attributed 62% of the losses to employee conduct, 13% to counterfeit or “skimmed” cards, and 13% to stolen cards.
27
Most of the fraud happens internally with clerks who remove the card’s bar code and switch it with an item that is being purchased. When a customer purchases
the item, he is actually putting value on the gift card. Employee fraud involving gift cards and stored value cards has grown sharply and is costing the retail industry an estimated $36 billion, or 1.51% of retail sales.
28
“The recession really took a toll on regulating internal fraud, because there was so much employee turnover,” says Joe LaRocca of the NRF. “By losing their most valuable and trustworthy employees because of staff cuts, retailers ended up taking a significant hit to their bottom lines. The lesson to be learned here is retailers need to get more sophisticated when it comes to tracking their sales and reporting if they want to stop this problem.”
29
Credit Card Fraud Is Even Worse
SVCs weren’t the only digital monetary instruments that piqued the interest of potential fund-moving terrorists. In Los Angeles, Detective Guevara noticed how many of the criminals who had been investigated years ago and had since been jailed were using outside sources to devise and mastermind credit card fraud schemes.
“What’s happening is that a lot of these once-violent criminals have aged and since learned a new, nonviolent way of stealing money,” he says. “Money laundering has been around for centuries. This method is being handed to a new generation that does everything digitally.”
In 2006, total credit card fraud losses in the U.S. alone were estimated at $3.718 billion.
30
Credit card companies paid the most dollar cost, along with point-of-sale (POS) merchants. Internet and mail order and telephone merchants were in second and third place.
31
The worldwide statistic is much higher.
Guevara notes that if there was a stereotype of a money laundering person, it doesn’t apply to those involved in credit card fraud. From the financially desperate to kids younger than 20, people engaging in
credit card fraud are unassuming and as average as someone sitting in a Starbucks with a Wi-Fi connection and a pair of headphones.
In November 2008, hackers broke into RBS Worldpay, a U.S. payment processing subsidiary of the Royal Bank of Scotland. They gained access to the data of 1.5 million cardholders and distributed the information to a network of “cashiers” working with them. As the “cashiers” created counterfeit payment cards, hackers went into the RBS Worldpay computer systems and modified the accounts so that the available funds on the cards and the limits on the cash were all raised. Over just 12 hours, the cashiers went on a spree, withdrawing $9 million from 2,100 ATMs in 280 cities worldwide.
32
In June 2010, 178 individuals were arrested in a global credit card fraud ring based in Spain. The ring was broken into 14 different subgroups that were based in France, Italy, Germany, Ireland, Romania, Australia, Sweden, Greece, Finland, Hungary, and the U.S. Each group had a leader, who was the only one with direct contact to the larger ringleader. Individuals used stolen bank card numbers to create counterfeit cards and make ATM withdrawals and purchase items at retailers. The raid garnered 5,000 counterfeit cards and 120,000 stolen card numbers.
33
To give an example of how intricate this scheme was, the Spanish authorities found 11 laboratories where members of the group were producing the cards.
34
Overall, the group was said to have raked in close to $24.5 million for credit card fraud, along with extortion, robbery with force, and sexual exploitation. Says Guevara, “It’s not just one crime like credit card fraud these criminals are involved in. It’s just one of several.”
Retailers such as GameStop and T.J. Maxx bore the brunt of international credit and identity fraud rings in a way that significantly affected their sales. According to LaRocca, in a separate incident, a ring of Vietnamese nationals fraudulently bought DVDs and games with stolen credit card information. Then they took the merchandise and resold it on online auction sites by setting up fake names. In addition, these nationals took the product and sent it back to Vietnam,
costing the stores millions of dollars. Likewise, T.J. Maxx experienced a system hack in which a theft ring obtained customers’ information and sold it to another ring in Eastern Europe. The Eastern European ring resold the information to Internet chat rooms and created fake credit card profiles, using them to acquire gift cards and then sold those cards online.
“These are very sophisticated rings that comprise field operatives and ringleaders working together,” says LaRocca. “Typically the leaders will farm out the dirty work to the operatives, who are mostly illegal immigrants or foreign nationals. Their system purposefully has several technological layers, each done to throw off authorities. It’s quick, virtually undetectable, and costs retailers a lot of money.”
Even with the cooperation of the World Bank and International Monetary Fund (IMF), and mandatory compliance with FATF regulations, many countries have yet to effectively regulate money laundering and terrorist financing. The reasons for the lack of regulation are not complicated. Countries simply can’t seem to define exactly what constitutes terrorist financing offenses. They can’t figure out whether their laws already have clauses that allow potential terrorists to be prosecuted under the predicated FATF terrorist offenses list. Finally, if they don’t have clauses, they can’t seem to figure out how to be in sync with FATF regulations. Government bureaucracy is preventing money laundering from being suspended on an international level.
Domestically, retailers’ loss of money is just the beginning of their worries. The ripple effect goes as far as the consumer psyche, says LaRocca. When consumers realize a retailer has been the target of credit card fraud, they tend to be more hesitant to go back to that retailer. At times it takes up to 90 days for consumers to get their money back if they have been a target of credit card fraud. Publicly, the retailer is lambasted in the media, and that sentiment doesn’t go away easily.
“As retailers, all we can do is be vigilant about protecting our databases and continuously develop more sophisticated security measures.
We’ve done a lot of work, brought in partners for Immigration and Customs Enforcement (ICE) and the Federal Bureau of Investigation (FBI), and they knew who to reach out to, but the longer we let this problem go on, it’s customers who end up paying the higher price for it,” says LaRocca.
35
RICO Defined
In 1970, the U.S. Congress passed the Racketeer Influenced and Corrupt Organizations Act (RICO). The statute provided extended penalties for criminal acts performed as part of an ongoing criminal enterprise. Its intent is to eliminate the influence of organized crime on interstate commerce.
36
RICO was originally intended to target members of the mafia. The statute holds that “any person or organization who commits a combination of two or more crimes within a ten-year period can be charged with racketeering if the prosecution feels that those crimes were committed with a similar purpose or result.”
37
Because the definition of “racketeering” is so general, 35 different crimes fall under its coverage, and sentencing can be steep. An individual found guilty of racketeering can be fined as much as $25,000 and sentenced to 25 years in prison. If an individual is found guilty of multiple crimes, jail time and fines could quadruple, depending on what he is being charged with.
Penalties for money laundering can also be severe. A person convicted of money laundering can face up to 20 years in prison and fines of up to $500,000.
38
Any property involved in a transaction or that can be traced to the proceeds of criminal activity—including property such as loan collateral, personal property, and, in some cases, entire bank accounts—may be subject to forfeiture. There are also criminal penalties for willful violations of the BSA and its implementing regulations under 31 USC 5322 and for structuring transactions
to evade BSA reporting requirements under 31 USC 5324 (d). If a person, including a bank employee, willfully violates the BSA or its implementing regulations, they are subject to a criminal fine of up to $250,000 or five years in prison, or both.
39
Anyone who commits such a violation while violating another U.S. law or engaging in a pattern of criminal activity is subject to a fine of up to $500,000 or ten years in prison, or both.
40
The RICO statute also allows the entire criminal organization to be prosecuted, as opposed to an individual. With its broad base and ability to go after an entire crime ring, it would seem like RICO would be a no-brainer when it comes to prosecuting ORC rings, especially those funding terrorism via money laundering schemes.
Guess again.
Why ORC Rings Still Exist: Money Laundering and the RICO Statute
“Money laundering is one area where the all-purpose cliché about ‘September 11 changed everything’ is certainly true,” says Professor Ibrahim Warde. However, the change wasn’t necessarily for the better. Professor Warde explains that money laundering is fundamentally different from terrorist financing. After 9/11, the government was pressed to do something immediate and drastic to reassure the public and project resolve. Focusing on the finances of terrorist organizations was the answer to a politically motivated need for a swift and muscular response, where the existing money laundering apparatus, as well as racketeering statutes and the Patriot Act, were the proverbial “hammer in a child’s hand.”
41
“Terrorist financing now is a small part of a much broader, largely amorphous, and certainly ill-understood network,” says Professor Warde. “The amounts needed to fund terrorist operations are small, and such amounts can easily bypass the formal banking
system. Furthermore, terrorist financing is in many ways the opposite of money laundering: it is not about cleaning dirty money, but about soiling clean money. And clean money, by its very nature, is consistent with a customer’s profile, and cannot be spotted by financial institutions.”
The inadequacy of money laundering mechanisms are so general that they bypass the true backbone of terrorist funding. The organized crime rings use “clean” money and non-banking funding mechanisms to transfer money to terrorist groups overseas. Although the money might not be “dirty,” the act of obtaining it is still illegal. Although the Patriot Act cracked down on unregistered money transmitters in the U.S. and bank accounts abroad, potential organizations funding terrorism without using bank accounts essentially fell through the cracks.
The RICO statute lists specific violations of federal law, including money laundering, violations of the BSA, and mail and wire fraud, among others.
42
But it doesn’t include the use of supplementary mechanisms in its definition, such as unregulated Internet accounts, stored value cards, gift cards, and the other ways money can be transferred between terrorist groups without the need for banking systems. In addition, sentencing under the RICO statute can be less stringent compared to a sentence for providing material support for terrorism. Faisal Shahzad received a life sentence.
An umbrella enforcement of the RICO statute doesn’t adequately sentence ORC members involved in terrorist acts. Instead, it protects them because of more lenient sentences.
More Problems with RICO: It’s in the Definition
With any far-reaching law, the terms that are used to define and ultimately convict a group of people (in this case, a group of people funding and providing material support to al Qaeda) can get hazy. In
2001, a group of 3,000 individuals composed of survivors, family members, representatives of victims, and insurance carriers alleged that more than 200 defendants (including charities, banks, front organizations, terrorist organizations, and financiers who provided financial, logistical, and other support) directly or indirectly provided material support to al Qaeda. The plaintiffs sought to convict the defendants under the RICO conspiracy provision (18 U.S.C.A. 1962).
43
But language, and the way in which the RICO statute is structured, prevented the conviction from going through.
The court concluded that although the “complaints allege the moving defendants may have assisted al Qaeda ... they do not allege ‘anything approaching active management or operation.”’ In reaching this conclusion, the court relied on prior decisions of the Southern District to the effect that operation or management was not satisfied “merely by engaging in wrongful conduct that assists the enterprise” and that simply “providing services to [a] racketeering enterprise is not directing the enterprise.” Accordingly, the court concluded that the plaintiffs had failed to satisfy the test of Reves and thus had failed to plead a viable RICO claim under section 1962(c) In re: TERRORIST ATTACKS ON SEPTEMBER 11, 2001. 392 F. Supp. 2d 539, 546 (S.D.N.Y. 2005).
44