Prosecutors say PacNet functioned as a middleman between its clients and banks, including aggregating payments collected by its clients, depositing funds into the company's accounts, and distributing funds. The accused individuals include two owners of PacNet, along with managers from the company's marketing and compliance departments. Each allegedly made $15 million from the scheme between 2013 and 2015. They now face conspiracy, money laundering, and mail and wire fraud charges.
In 2016, this column first covered the alleged fraud case involving PacNet when the U.S. Treasury Department designated the company as a significant criminal activity organization. Now those individuals accused of facilitating the scam will face justice.
It is common to hear about the dangers of losing money to scam artists and money launderers, but this case involving fraudulent transactions within a large payment-processing company is no longer surprising. Recently, MoneyGram agents were found guilty of using tactics such as contacting unsuspecting people and posing as relatives who had an immediate need for money. These were schemes that the agents were supposed to protect their customers from.
The PacNet story demonstrates that individuals, companies, and institutions are at risk of mail fraud and must take steps to protect themselves as best they can. Even worse, not only are third-party scammers at work, payment-processing company owners and executives can be in on the take, as well. Two actions are particularly needed:
- More investigations. Regulators and enforcement agencies worldwide need to step up their investigations and enforcement actions against payment processors that are implicated in facilitating mail fraud schemes. These actions should include more severe penalties for individuals and companies that are found guilty of fraud. The payment-processing industry has relationships with banks around the world. Strengthened international cooperation and greater regulation of this industry — including registration, licensing, and background checks — would be appropriate.
- Self-regulation and control. The payment-processing industry needs greater self-regulation, with a focus on fraud perpetrated by sellers and providers, including the processors' employees. Processors should educate consumers and businesses about the risks of mail fraud committed by sellers. They also need to strengthen their knowledge and controls over potential seller fraud. They can start by ensuring that account-opening procedures are adequate to verify the identity of account holders.
Analytics, such as velocity checks and pattern-recognition checks, can enable companies to detect potential fraud in high-risk countries as well as high-risk products and services such as lottery sales and solicitations of money for causes. Processors should follow the example of banks and other financial institutions by focusing on the probability of a transaction being fraudulent — for example, by scoring transactions — and referring suspicious transactions to the company's anti-fraud unit.
Of course, in a case where owners, partners, and managers collude to commit this kind of mail fraud, strong internal controls may not do much good. However, legitimate payment-processing companies also can benefit from:
- Establishing an executive-level position to combat fraud, and creating an independent compliance and ethics committee on their boards.
- Assessing the adequacy of the risks and risk mitigations around fraud and anti-money laundering activities that impact the organization.
- Establishing and regularly monitoring the organization's anti-money laundering and fraud policies, procedures, and processes, as well as checking whether employees are complying with them.
This last employee fraud concern is key to deterring and detecting the kind of behavior reported in this case. Along with fraud detection, employee and third-party human resources policies, processes, and compliance are needed. These should include reviewing and strengthening processes around recruitment, security and background checks, training, the code of conduct, and discipline.