By: Greg Baxley, Marketing Coordinator
A food ingredients company selling spices and other food products was onboarded by an acquirer. It utilized a simple, but effective, web design that merchandised peppers, confections, rare seasonings and other culinary items. Prices were high, but not unreasonable. At first glance it seemed to be just another new online business, and the acquiring bank had no reason to question its legitimacy.
It was soon discovered, however, that the food merchant was laundering for a site selling the drug spice (see Figure 1). This slang term refers to dried plant matter laced with synthetic (or designer) cannabinoid compounds meant to mimic the effects of high-potency THC. The chemicals used in spice have a high potential for abuse, no medical benefit, and can cause serious side effects including auditory hallucinations, paranoid delusions and aggressive behavior.
Other risks and adverse consequences are unpredictable, with symptoms lasting several days, or even weeks in some cases. Usually our bodies deactivate a drug as it metabolizes it, but this is not the case with spice. CB1 receptors in the brain stem become overloaded, causing cardiac, respiratory and gastrointestinal problems that result in an overdose. Reports of kidney failure and seizers are not uncommon. The drug can leave patients catatonic and listless, and result in hospitalization and death. The DEA has designated the five active chemicals most frequently found in spice as Schedule I Controlled Substances, making it illegal to sell, buy or possess them. The United Nations Office on Drugs and Crime (UNODC) recently released a report reaffirming that these compounds are illegal in many countries worldwide, including England, Germany, France, Italy, Japan and Demark.
When G2 Web Services delved deeper, the problem was larger than originally anticipated. This ingredient store was in fact part of a network of four functionally and visually equivalent ingredient stores with multiple merchant accounts. One site was active, and three were dormant. To make matters worse, there were five additional active violating sites through which the drugs were also being advertised and sold. And three more sites ready to be activated at will (see Figure 2). This syndicate had positioned itself with a safety net to ensure its criminal enterprise could carry on in the event that one or more sites were ever terminated.
The merchant account was shut down immediately. The involved acquirers were pleased with the results, and they deserved to be. An illegal drug seller was denied the ability to process credit card payments online, and the acquiring bank avoided penalties from regulators and card brands. Unfortunately, the violators were not done yet. The operation came back online, processing through a separate merchant account, at first accepting one card brand. Then, two months later, they were back to accepting four cards again. This was merely a speed bump in the road for the offenders.
The syndicate also began relabeling its products as herbal incense, Matrix, K-2, spice incense and potpourri. These are other references to the drug spice that customers would recognize but acquirers might overlook during the onboarding process. By renaming products, the culprits relaunched without initial detection from their new acquiring bank.
The most cunning method of all was to bypass conventional authorization and the settlement processes all together on some sites by requesting that buyers enter their payment information directly into the shipping section, or request an “invoice” via email. This enabled re-keying of orders elsewhere, such as through
In this specific case, the criminals won in the short term. They adjusted their tactics to continue operations, skirting detection by using both separate and new merchant accounts, and further exploring alternative routes for processing payments. Fortunately, the illicit victory was to be short-lived. G2 Web Services had been monitoring the sites to see if the syndicate would resurface. When it did re-emerge with different acquirers, G2 Web Services informed the organizations so they too could terminate the accounts.