PREMS83012 MONEYVAL RESEARCH REPORT Criminal money flows on the Internet: methods, trends and multi-stakeholder counteraction March 2012 www.coe.int/moneyval www.coe.int/cybercrime PREMS 83012 GBR 2104 Typology research march 2012.indd 1 05/02/13 16:07 www.coe.int/moneyval www.coe.int/cybercrime Criminal money flows on the Internet: methods, trends and multi-stakeholder counteraction1 1 Ref. MONEYVAL(2012)6, dated 9 March 2012, adopted by MONEYVAL at its 38th Plenary meeting (5-9 March 2012). Criminal money flows on the Internet – March 2012 Table of contents 1 Introduction ....................................................................................................... 7 1.1 Objective of the study ......................................................................................................... 7 1.2 Methodology ...................................................................................................................... 8 2 Overview of initiatives and issues involved ...................................................... 10 2.1 Context ........................................................................................................................... 10 2.1.1 Measures against cybercrime ......................................................................................... 10 2.1.2 Measures aimed at money laundering and the financing of terrorism, and at the search, seizure and confiscation of proceeds from crime ....................................................................................... 11 2.1.3 Key international standards ........................................................................................... 12 2.2 Cybercrime: threats, trends, tools and infrastructure ............................................................ 13 2.2.1 Types of cybercrime ...................................................................................................... 13 2.2.2 Cybercrime tools and infrastructure ................................................................................ 14 2.2.3 New platforms for cybercrime ........................................................................................ 18 2.2.4 Organising for cybercrime .............................................................................................. 19 2.3 Proceeds generating offences on the Internet ...................................................................... 21 2.3.1 Fraud .......................................................................................................................... 22 2.3.2 Other proceeds generating offences on the Internet .......................................................... 31 2.4 Mapping cyber laundering risks and vulnerabilities ................................................................ 34 2.4.1 Technological risks ........................................................................................................ 35 2.4.2 Anonymity ................................................................................................................... 35 2.4.3 Licensing and supervision limitations ............................................................................... 36 2.4.4 Geographical or jurisdictional risks .................................................................................. 37 2.4.5 Complexity of laundering schemes .................................................................................. 38 2.4.6 Other risks ................................................................................................................... 38 3 Typologies and selected case studies................................................................ 39 3.1 Criminal money flows on the Internet and money laundering methods, techniques, mechanisms and instruments ........................................................................................................................... 39 3.1.1 Money remittance providers ........................................................................................... 40 3.1.2 Wire transfers /take over or opening of bank accounts ...................................................... 42 3.1.3 Cash withdrawals ......................................................................................................... 44 3.1.4 Internet payment services ............................................................................................. 45 3.1.5 Money mules................................................................................................................ 48 3.1.6 International transfers .................................................................................................. 51 3.1.7 Digital/electronic currency ............................................................................................. 52 3.1.8 Purchase through the Internet........................................................................................ 53 3.1.9 Shell companies ........................................................................................................... 54 3.1.10 Prepaid cards ............................................................................................................... 55 3.1.11 Online gaming and online trading platforms ..................................................................... 57 3.2 Indicators of potential money laundering activity: money laundering red flags/ indicators ......... 57 4 Countermeasures .............................................................................................. 60 4.1 E-crime reporting ............................................................................................................. 64 4.1.1 Internet Crime Complaint Centre (IC3) ............................................................................ 65 4.1.2 MELANI ....................................................................................................................... 65 4.1.3 National Fraud Reporting Centre ..................................................................................... 66 4.1.4 Internet Crime Reporting Online System (I-CROS) ............................................................ 66 3 Criminal money flows on the Internet – March 2012 4.1.5 Signal Spam ................................................................................................................ 66 4.1.6 E-Crime reporting: using a common data format .............................................................. 67 4.2 Prevention and public awareness ........................................................................................ 67 4.3 Regulatory and supervisory measures ................................................................................. 67 4.3.1 Risk management and due diligence measures ................................................................. 67 4.3.2 Due diligence for registrars and registries ........................................................................ 69 4.4 Harmonised legal framework based on international standards ............................................... 70 4.4.1 Implementation of the Budapest Convention on Cybercrime ............................................... 70 4.4.2 Implementation of the Convention on Laundering, Search, Seizure and Confiscation of the Proceeds from Crime and on the Financing of Terrorism ................................................................. 70 4.5 Establishment of specialised units for high-tech crime ........................................................... 71 4.6 Inter-agency co-operation ................................................................................................. 73 4.6.1 Germany: Project group “Electronic payment systems” ..................................................... 73 4.6.2 Albania: Memoranda of co-operation ............................................................................... 74 4.7 Public-private co-operation and information exchange........................................................... 74 4.7.1 The Irish Bankers Federation (IBF) High Tech Crime Forum ............................................... 74 4.7.2 Hungary: Incident management working group ................................................................ 75 4.7.3 US National Cyber-Forensics & Training Alliance - NCFTA ................................................... 75 4.7.4 Information Sharing and Analysis Centres (ISAC) for the financial sector ............................. 76 4.7.5 European Financial Coalition against Commercial Sexual Exploitation of Children Online ........ 77 4.7.6 Electronic Crimes Task Forces (US Secret Service) ............................................................ 77 4.7.7 The European Electronic Crime Task Force (EECTF) ........................................................... 77 4.7.8 Contact Initiative against Cybercrime for Industry and Law Enforcement (CICILE) ................ 78 4.7.9 Guidelines for law enforcement/ISP co-operation in the investigation of cybercrime .............. 78 4.8 Training .......................................................................................................................... 79 4.8.1 The European Cybercrime Training and Education Group (ECTEG) ...................................... 79 4.8.2 The University College Dublin Centre for Cybercrime Investigation (UCD CCI) ...................... 80 4.8.3 South-eastern Europe – law enforcement training strategies .............................................. 80 4.8.4 Council