Are the financial transactions conducted inside virtual environments truly anonymous?. An experimental research from an Australian perspective
| Date | 28 December 2012 |
| Pages | 6-40 |
| Published date | 28 December 2012 |
| DOI | https://doi.org/10.1108/13685201311286832 |
| Author | Angela S.M. Irwin,Jill Slay,Kim‐Kwang Raymond Choo,Lin Liu |
| Subject Matter | Accounting & finance |
Are the financial transactions
conducted inside virtual
environments truly anonymous?
An experimental research from an
Australian perspective
Angela S.M. Irwin, Jill Slay and Kim-Kwang Raymond Choo
Information Assurance Group and Forensic Computing Lab,
University of South Australia, Adelaide, Australia, and
Lin Liu
School of Computer and Information Science, University of South Australia,
Adelaide, Australia
Abstract
Purpose – The purpose of this paper is to examine the identity and payment method verification
procedures implemented by a number of popular massively multiplayer online games (MMOGs) and
online financial service providers (OFSPs) to determine if the systems they currently have in place are
sufficient to uncover the identities of those who may wish to use such environments to conduct money
laundering or terrorism financing activity.
Design/methodology/approach – The paper investigates whether the payment instruments or
methods used by account holders to place funds into their account(s) hinder or assist investigators to
expose the real-world identity of the account holder. The paper then discusses whether it is feasible
and/or desirable to introduce know your customer (KYC) and customer due diligence (CDD) legislation
into virtual environments and illustrates an effective KYC approach which may assist MMOGs and
OFSPs to correctly identify their account holders, should legislation be put in place.
Findings – The systems currently in placeby all of the MMOGs investigated arewholly inadequate to
successfullyestablish the real-worldidentities of account holders.None of the informationrequired at the
account setup stageis verified and, therefore, cannot be reliably associated withan account holder in a
real-worldcontext. It appears that all three of the MMOGs investigated are leaving the seriousmatter of
identityand payment method verificationto the organisations that assistin the sale and purchase of their
in-world currency such as third party currency exchanges and Internet payment systems (collectively
referred to as OFSPs). However, many of these OFSPs do not have adequate systems in place to
successfullyverify the identities of their accountholders or users either. The authors’experiments show
that it can be a very simpleprocess to open accounts and perform financial transactions withall of the
OFSPs investigatedusing publicly available or fictitious identityinformation and a prepaid Visawgift
card. Although allfive OFSPs investigated in this research claim to verify the identityof their account
holders, and may alreadybe subject to KYC and CDD legislation, theirsystems may need some work to
ensure thatan account holder or user is accurately identifiedbefore financial transactionscan take place.
Originality/value – The authors believe that the electronic KYC approach discussed in this paper
deals effectively with the challenges of global reach, anonymity and non-face-to-face business
relationships experienced by virtual environment operators, thereby assisting in the effective detection
and possible prosecution of individuals who wish to use these platforms for illicit and illegal purposes.
Keywords Internet, Virtualreality, Computer games, Money launderingcontrol, Payments,
Virtualanti-money laundering/counterterrorism financing, Virtualenvironments, Know your customer,
Customer due dilig ence, Electronic KYC approac h, Australia
Paper type Research paper
The current issue and full text archive of this journal is available at
www.emeraldinsight.com/1368-5201.htm
JMLC
16,1
6
Journal of Money Laundering Control
Vol. 16 No. 1, 2013
pp. 6-40
qEmerald Group Publishing Limited
1368-5201
DOI 10.1108/13685201311286832
1. Introduction
In recent years there has been much debate about the risks posed by virtual
environments. Concern is growing about the ease in which virtual reality role-playing
games, also known as massively multiplayer online games (MMOGs)[1], such as Second
Life
w
and World of Warcraft
w
can be used for financially-motivated cybercrime, money
laundering and terrorism financing (Tefft, 2007; Rijock, 2007; Sullivan, 2008; Methenitis,
2009; Sanders, 2009). Virtual environments are also reported to provide potential and
opportunity for allowing large sums of real and virtual currency to be moved across
national borders without restriction and with little risk of being detected (British
Broadcasting Corporation News, 2008; Heeks, 2008; Leapman, 2007; Lee, 2005).
Currently virtual worlds and, more specifically, MMOGs are generally not subject to the
laws and regulations of the real world. Therefore, they may offer an excellent
opportunity for criminals and terrorism financers to carry out their illegal activities
unhindered and with impunity (Tefft, 2007). With Second Life
w
in particular, its
fast-growing economy leaves many legal experts claiming that the lack of even basic
regulation of its banks and stock exchange could provide a haven for money launders,
fraudsters and terrorists to hide and move around funds to avoid the surveillance they
would be subject to in the real world (Leapman, 2007).
The vulnerabilities that plague virtual environments are numerous but many of
these vulnerabilities are compounded by the high levels of anonymity afforded to its
users. For example:
.The use of avatars[2] which allows users to conceal their true identity when
creating accounts and performing transactions.
.The use of internet cafes or public spaces, as pointed out by Brown (2010), to
access virtual environments and perform financial transactions.
.The absence of know your customer (KYC) regulations which removes the onus
from MMOGs to correctly identify account holders before allowing them to move
real and virtual funds through their account(s) (Brown, 2010; Tefft, 2007).
.The ease in which it is possible to open accounts and perform financial
transactions using stolen credit card numbers and prepaid Visa
w
or
MasterCard
w
gift cards (Brown, 2010; Choo, 2008a).
.The global nature of virtual environments which allows the rapid and often
informal transfer of real and virtual currency between players, accounts, on-line
financial service providers (OFSPs) and across international borders, thereby
making it extremely difficult to identify the true beneficial owner of funds.
There can be no doubt that virtual environments provide high levels of anonymity to
their users, but what is less clear is whether the OFSP, payment method or financial
instrument selected to place funds into the virtual environment or the anti-fraud and/or
the anti-money laundering/counter terrorism financing (AML/CTF) measures in place
by MMOGs and OFSPs can reveal the true identity of account holders. This research
aims to shed light on these issues and make recommendations as to how virtual
environment operators might make these environments less attractive as a platform for
money laundering and terrorism financing activity.
This paper represents the findings of the third phase of a research project. The overall
aim of the project, which is being undertaken in Australia, is to establish whether it
Virtual
environments
7
is possible and/or feasible to launder money and raise funds for terrorism inside virtual
environments (Irwin et al., 2012b). The first phase of research involved the collection and
statistical analysis of 300 money laundering and terrorism financing typologies (Irwin
and Slay, 2010). The statistical analysis phase attempted to measure the size of the
money laundering and terrorism financing problem, identify threats and trends,
the techniques employed and the amount of funds involved to determine whether the
information obtained about money laundering and terrorism financing in real-world
environments could be transferred to virtual environments. The second phase of
research investigated how modelling could be used to provide an easy-to-follow, visual
representation of the important characteristics and aspects of money laundering and
terrorism financing behaviours (Irwin et al., 2012a). This phase of research examines the
account setup and account verification procedures carried out by a number of popular
MMOGs and OFSPs. It also investigates whether the payment method used by an
account holder to place funds into his or her account hinders or helps investigators to
expose the identity of that account holder in a real-world context.
The rest of the paper is structured as follows: Section 2 provides a background to
Australia’s AML/CTF regime, including definitions of money laundering and terrorism
financing and the motivation for money laundering and terrorism financing activity.
It also looks at current KYC and customer due diligence (CDD) requirements for
financial transactions which take place in real-world environments. These real-world
KYC and CDD requirements will be used to determine whether the MMOGs and OFSPs
under investigation have effective systems in place to accurately identify their account
holders. Section 3 discusses the research questions and describes the research methods
used to answer these research questions. Section 4 presents the results obtained and
discusses whether the current account setup and verification procedures utilised by the
MMOGs and OFSPs are adequate for identifying those that might wish to use these
environments for illicit or illegal activity; Section 5 looks at whether it is feasible and/or
desirable to introduce KYC and CDD legislation into virtual environments and
discusses how MMOGs and OFSPs might become truly KYC and CDD compliant.
An effective KYC approach, which may assist virtual environment operators to
correctly identify their customers, is illustrated. Finally, Section 6 concludes the paper.
2. Background: Australia’s AML/CTF regime
This section provides an introduction to money laundering and terrorism financing.
It then looks at the importance of effective KYC and CDD processes and procedures in
determining the money laundering and terrorism financing risk posed by a customer.
Since KYC and CDD requirements do not currently exist in virtual environments,
we must look to real-world KYC and CDD legislation to determine what proper and
effective KYC and CDD systems might look like. It is only then that we can determine
whether the MMOGs and OFSPs under investigation have adequate processes and
procedures in place to accurately identify their account holders.
2.1 Definition of and motivation for money laundering and terrorism financing
There are many definitions for money laundering, depending on whether you are
looking at it from a legal, economic or social perspective. However, the definition applied
to this project is the one used by the Australian Transaction Reports and Analysis
Centre (AUSTRAC), Australia’s AML/CTF regulator and specialist financial
JMLC
16,1
8
To continue reading
Request your trial