Trustwave SpiderLabs Uncovers Critical Cybersecurity Vulnerabilities Exposing Manufacturers to Costly Attacks. Learn More

Trustwave SpiderLabs Uncovers Critical Cybersecurity Vulnerabilities Exposing Manufacturers to Costly Attacks. Learn More

Managed Detection & Response

Eradicate cyberthreats with world-class intel and expertise

Managed Security Services

Expand your team’s capabilities and strengthen your security posture

Consulting & Professional Services

Tap into our global team of tenured cybersecurity specialists

Penetration Testing

Subscription- or project-based testing, delivered by global experts

Database Security

Get ahead of database risk, protect data and exceed compliance requirements

Email Security & Management

Catch email threats others miss with layered security & maximum control

Co-Managed SOC (SIEM)

Eliminate alert fatigue, focus your SecOps team, stop threats fast, and reduce cyber risk

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
The Trustwave Approach
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Platform
SpiderLabs Fusion Center
Security Operations Centers
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Why Merchant Service Providers Should Care About Transaction Laundering

You've seen it in the movies: Seemingly legitimate businesses such as restaurants, dry cleaners and taxi services acting as a facade to launder money gained from illicit activities.

With the rapid growth of digital business and e-commerce, an emerging threat that is viewed by some as another form of money laundering is transaction laundering. Transaction laundering involves a merchant processing payment transactions on behalf of another merchant, and its primary intent is to hide nefarious activity behind supposedly credible merchant transactions.

So how do merchants launder transactions? At first glance, the merchant will appear completely legitimate to a Merchant Services Provider (MSP) - which includes acquirers, payment processors or ISOs - because they present themselves as a low-risk business type, knowing they will clear all standard underwriting procedures.

>>Learn more about the Trustwave Transaction Laundering Detection (TLD) service. 

For instance, we have documented criminal merchants on file who disguise their businesses as engineering consultancy firms, web design companies, health food vendors, and many others. Once their application is approved with the MSP, the merchant uses its account credentials to connect the previously unknown (and criminally backed) websites to the "approved" payment stream through back-end web services, a practice known as aggregation. This activity is difficult to detect and can quickly turn into a game of whack-a-mole, because if, and when, the merchant is terminated with one provider, it switches to the next.

According to our research, roughly eight percent of any merchant portfolio includes the aggregation of transactions from unregistered websites. And this number is projected to grow.

If you're liable for your merchant's activities, it is important to be aware of this trending issue and assess how it may impact your business. One good question to start with is: "What is the cost to my business if we are seen facilitating illegal transactions?"

Then you must specifically:

1) Identify all online aggregating merchant websites.

2) Validate the physical address of all merchants.

3) Register low-risk sites.

4) Register the appropriate Merchant Category Code (MCC)

5) Take immediate action upon merchants conducting criminal activity on the previously unknown merchant websites.

Remember that not only are there payment security requirements (like the Payment Card Industry Data Security Standard) enforced by the card brands' compliance programs, there are also policies and laws around what is appropriate and legal to sell. Think about the financial and reputational impact if your business is caught facilitating illegal and/or policy-violating merchant transactions. In many cases, even though you are an unwitting party to this activity, the outcome can result in a high chargeback percentage, financial penalties and legal issues.

Transaction laundering is a threat to the integrity of the entire payments system, especially because it can touch so many different stakeholders, including banking, processors and their agents, federal and state government bodies, consumer protection agencies and average consumers. That is why it is critical for a global payments industry community to come together and directly address this new threat.


Aside from routine and persistent monitoring of the active merchant portfolio to identify existing or unrecognized merchant websites, you should instill additional processes to prevent criminal merchants from entering your merchant portfolio without disrupting existing on-boarding processes.

Alex Kaluski is a technical product manager at Trustwave.

Latest Trustwave Blogs

Unlock the Power of Your SIEM with Co-Managed SOC

Security information and event management (SIEM) systems play a pivotal role in cybersecurity: they offer a unified solution for gathering and assessing alerts from a plethora of security tools,...

Read More

Trustwave SpiderLabs: LockBit 3.0 Ransomware Most Common Malware Used to Attack the Manufacturing Sector

As the manufacturing sector continues its digital transformation, Operational Technology (OT), Industrial Control Systems (ICS), and Supervisory Control and Data Acquisition (SCADA) are becoming...

Read More

Trustwave’s Observations on the Recent Cyberattack on Aliquippa Water Treatment Plant

The attack last week on the Municipal Water Authority in Aliquippa, Penn., that gave threat actors access to a portion of the facility’s pumping equipment has spurred the Cybersecurity &...

Read More