April 11, 2007
Terrorist Funding in Real TimeBy Rachel Ehrenfeld and John Wood
Migrant workers, terrorists, criminals, and anyone holding a mobile telephone are rejoicing. Already many are able to transfer money (m-payments) anywhere anytime, efficiently and inexpensively. Technological advances and cooperation between international mobile communications providers and major international financial institutions, made such transfers possible. According to Visa USA CEO John Philip Coghlan, “ The convergence of payments and mobile communications is not just logical, it's inevitable."
An m-payment system is being developed by members of the GSM Association and Mastercard to enable 200 million international migrant workers and the poor who do not have bank accounts to transfer money domestically and internationally. According to the World Bank, 175 million migrants transferred at least $230 billion in international remittances in 2005. A recent U.N. sponsored South African study found that m-banking can be up to a third cheaper for customers than the current banking alternatives. However, focusing on populations in Less Developed Countries lacking functioning anti-money laundering and anti-terrorist financing regulatory framework, where corruption is rife, is likely to make terrorist financing much easier.
Already, in Kenya, Vodafone through a local partner is offering a mobile remittance service called “M-Pesa”. In the Philippines, which is ranked by Hong Kong-based Political and Economic Risk Consultancy (PBRC), “the most corrupted Asian country,” already 3.5 million people are using a service that allows them to transfer money over the two major mobile networks operated by SMART Communications and Globe Telecom. They can also pay bills, give contributions to charities locally and internationally, purchase Prepaid Internet credits, and buy gaming credit.
A key ingredient to abuse an m-payments is the stored value card, which does not require a bank account or credit card to activate and use. Nor does it require two forms of government-approved identification, just plain old cash. The majority of cards only allow low levels of cash to be held on the card, but some allow the transfer of thousands of dollars. However, there is hardly a better vehicle available to terrorists for transferring or receiving money, as the m-payment service with its mobility and anonymity.
A large number of major U.S. credit-card companies and banks now offer stored value cards. According to the National Drug Intelligence Center's National Drug Threat Assessment 2007, "the number of U.S.-issued Visa- and MasterCard-branded money remittance cards... increase from 400,000 in 2005 to more than one million in 2006. In addition, more than 7 million MasterCard and Visa prepaid debit cards were in circulation." These cards are used much like their debit and credit card counterparts.
This is how m-payments can work: You buy a stored value card for X amount of dollars and a prepaid, disposable mobile phone. Next, you register with the m-payment service provider using a free anonymous e-mail account, your prepaid mobile phone number and the money on the stored value card. Using your mobile phone, you log on to the m-payment service provider and give them the number of the mobile phone to which you wish to transfer the funds from your stored value card. The m-payment service provider sends a message to the receiver's phone number asking where to transfer the money.
The recipient can request the transfer to his stored value card and withdraw the funds from any ATM. Both sender and recipient can then throw away their mobile phones and use new ones for yet another transfer. This can be repeated again and again, with different stored value cards and without any fear of detection.
According to the GSM Association, 3 billion people have mobile phones, but only 1 billion people worldwide have bank accounts. BearingPoint, a major management and technology consulting company, estimated the unbanked marketplace in the United States alone in 2006 at $510 billion. No wonder that banks such as Citigroup, HSBC, JPMorgan Chase, BancorpSouth, as well as mobile phone companies such as Cingular, Verizon, Sprint and Vodafone, to name a few, are clamoring for a piece of the action. More than a dozen m-payment service providers are already operating. The largest of which is PayPal, with its over 100 million Internet accounts worldwide.
In the United States, for example, Citigroup teamed up on February 27 with Obopay, the mobile person-to-person payment service provider, thus enabling not only South American or Filipino migrant workers to avail themselves of their m-payments service, but perhaps also drug traffickers and/or supporters of al Qaeda, Hamas and Hezbollah in the United States, who wish to send money back to the Middle East, or to each other all over the world.
Many companies in Europe also provide such services. LUUP, a Norwegian company with offices in Germany and the United Kingdom, recently entered into an arrangement with the National Bank of Dubai. The emirate is a well-known conduit for al Qaeda, Hamas and Hezbollah funding.
The United Kingdom based HSBC -- with more than 5,000 offices in 79 countries -- and its subsidiary First Direct -- a telephone and Internet-based commercial bank, offer an m-payment solution over the Monilink WorldWide Web network.
In the Middle East, Access2Arabia based in Jordan, offers mobile and/or Internet banking services to customers of among others Al-Ahli International Bank (Lebanon), Arab Banking Corporation (Tunisia), Arab Jordan Investment Bank (Jordan), Bank of Palestine (Gaza), Doha Bank (Qatar), International Bank for Trade and Finance (Syria), Jordan National Bank (Cyprus), Lebanon and Gulf Bank (Lebanon), The Housing Bank for Trade and Finance (Bahrain), The Housing Bank for Trade and Finance (Algeria) and WARAKAA Bank (Iraq). Clearly, such an extensive mobile banking network in countries with large potential terrorist population could be a major enabler of terrorist financing.
A major impediment to law enforcement and intelligence services trying to detect suspicious money transactions are special security features, that can be built into the Near Field Communication technology which is an integral part of the m-payment system. The challenge is compounded by the fact that the m-payment process can leave little to no audit trail; perhaps, only in the form of text messages, two mobile phone numbers; the amount; and short and simple instructions on transmission and reception.
The task of detecting or interdicting terrorists or money launderers is made all the more daunting because often the phone and stored value cards are discarded after a relatively small amount of time and use, and others employed elsewhere in their stead.
Moreover, many stored value cards enable you to reload the card, thus enabling larger sums of money to flow through it. That being said, the only applicable federal reporting requirement to providers of stored value is the Currency Transaction Report (CTR) rule. Wherein, a CTR must be filed for all cash transactions in aggregate of in one day or greater than $10,000. However, the CTR can be filed up to 15 days after the transaction has occurred. Thus, giving the terrorist more than enough time to disappear. Moreover, the lack of adequate regulatory oversight makes the m-payments untraceable.
To avoid the abuse of this new technology by criminals and terrorists, the government needs to implement a sophisticated real-time digital tracking system now, as well as a real-time blocking and digital reporting system.
In addition, the regulatory framework needs to come to terms with this new challenge. First, whilst almost all U.S. m-payment service providers have dutifully registered as MSBs with FinCEN, the regulations do not have specific provisions pertaining to them.
Second, much more needs to be done to address the reality of identity fraud and theft, which is made all the more formidable to detect by virtue of being in cyberspace.
Today, an m-payment service provider cannot verify that the address given has not been merely taken from the White Pages. Moreover, the m-payment service provider can not ensure that the Social Security number given in the registration process has not been stolen or "borrowed" from another person (a friend or acquaintance of the terrorist, who is legitimate), or belongs to someone who is in jail, or deceased.
Finally, since both terrorism and m-payments are global in scope, the m-payment service provider, as others monitoring terror financing, should have access to a real-time integrated, closely monitored list of all individuals, organizations, businesses and countries suspected of links to terrorists. However, in January 2007, the U.S. Treasury’s Financial Crimes Enforcement Network (FINCEN) reported to Congress that while “the reporting of cross-border wire transfer data by financial institutions is technically feasible,” law enforcement needs another year to asses whether it would be “valuable to the government's efforts to combat money laundering and terrorist financing.”
That terrorists are able to acquire valid drivers licenses, visas, social security cards, as well as credit cards is well documented, as evidenced in the 1993 WTC bombing investigations and trial, and documented in 9/11 Commission Report. Moreover, as we see again and again, many terrorists do not appear on any watch lists before committing their atrocities.
The need for swift business transactions and effective cut off of funds for terror demand such international cooperation now.