The Nefarious Uses of Virtual Currency: When Bits Byte Back.

For this weeks blog post, I wanted to experiment with a couple different media formats. I hope you don’t mind the videos. There are eight in all, and you should watch each of them.

Here is a diagram of how money laundering works:

The potential for this may be growing. Here is a fairly new and exciting development that could be a game-changer: bitcoin.

I should point out here that there are legitimate uses for virtual currencies like bitcoins. Check out this CNN report for an example: http://www.cnn.com/video/?/video/tech/2011/07/19/taylor.bitcoin.currency.cnn#/video/tech/2011/07/19/taylor.bitcoin.currency.cnn

But the abuses of online currency is not a hypothetical. It is already happening. Consider John Solomon’s disscussion of Egold, another virtual currency similar to bitcoin. ““E-Gold is operated online and, until it faced US federal charges [], was physically registered in Nevis, a financial jurisdiction known for its lax regulatory oversight. E-Gold gave its customers an anonymous way to move and store value backed against a supposed gold reserve held privately in Europe and the United Arab Emirates. Identity thieves, credit card fraudsters and child pornographers in cyberspace all demonstrated an acute predilection for the anonymous financial services which EGold was reputed to provide.”

Okay, now watch another brief video I made.

The FAFT Recommendations are long, I will post one which summarizes the gist of the matter. It is after the last two videos. Just scan it.


Last one:

MEASURES TO BE TAKEN BY FINANCIAL INSTITUTIONS AND NONFINANCIAL BUSINESSES AND PROFESSIONS TO PREVENT MONEY LAUNDERING AND TERRORIST FINANCING

Customer due diligence and record-keeping

Financial institutions should not keep anonymous accounts or accounts in obviously fictitious names. Financial institutions should undertake customer due diligence measures, including identifying and verifying the identity of their customers, when:

  • establishing business relations;
  • carrying out occasional transactions: (i) above the applicable designated threshold; or (ii) that are wire transfers in the circumstances covered by the Interpretative Note to Special Recommendation VII;
  • there is a suspicion of money laundering or terrorist financing; or
  • the financial institution has doubts about the veracity or adequacy of previously obtained customer identification data.

The customer due diligence (CDD) measures to be taken are as follows:

 a)

Identifying the customer and verifying that customer’s identity using reliable, independent source documents, data or information 1

 b)

Identifying the beneficial owner, and taking reasonable measures to verify the identity of the beneficial owner such that the financial institution is satisfied that it knows who the beneficial owner is. For legal persons and arrangements this should include financial institutions taking  reasonable measures to understand the ownership and control structure ofthe customer.

c)

Obtaining information on the purpose and intended nature of the business relationship.

d)

Conducting ongoing due diligence on the business relationship and scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the institution’s knowledge of the customer, their business and risk profile, including, where necessary, the source of funds.

Financial institutions should apply each of the CDD measures under (a) to (d) above, but may determine the extent of such measures on a risk sensitive basis depending on the type of customer, business relationship or transaction. The measures that are taken should be consistent with any guidelines issued by competent authorities. For higher risk categories, financial institutions should perform enhanced due diligence. In certain circumstances, where there are low risks, countries may decide that financial institutions can apply reduced or simplified measures.

Financial institutions should verify the identity of the customer and beneficial owner before or during the course of establishing a business relationship or conducting transactions for occasional customers. Countries may permit financial institutions to complete the verification as soon as reasonably practicable following the establishment of the relationship, where the money laundering risks are effectively managed and where this is essential not to interrupt the normal conduct of business.
Where the financial institution is unable to comply with paragraphs (a) to (c) above, it should not open the account, commence business relations or perform the transaction; or should terminate the business relationship; and should consider making a suspicious transactions report in relation to the customer.
These requirements should apply to all new customers, though financial institutions should also apply this Recommendation to existing customers on the basis of materiality and risk, and should conduct due diligence on such existing relationships at appropriate times.

1. Reliable, independent source documents, data or information will hereafter be referred to as “identification data”.

Advertisements

~ by joshroot on October 30, 2011.

11 Responses to “The Nefarious Uses of Virtual Currency: When Bits Byte Back.”

  1. If the failure of Ginko was predicted by experts such as Ben Duranske, shouldn’t it be a hint to the rest of us that the only institutions we should trust with our money are actual FDIC-member banking institutions and credit card companies? I mean, no offense to the users that deposited money in Ginko or a similar bank, but they had to have been aware of the risk they were taking by depositing their money with any alleged “bank” other than a real one with real credentials. Let this serve as a warning to the rest of us that it is dangerous to have our money floating in virtual space. Don’t be fooled: the Second Life Exchange Commission is not the same as the SEC.
    The use of financial currency has extended beyond virtual worlds such as Second Life and Entropia, to social networking sites such as Facebook. With Facebook’s introduction of Facebook Wallet, users will be able to link their credit cards to their Facebook accounts and use Facebook credits to buy goods. Michael Davis predicts that if the launch of Facebook Wallet is as successful as it could be, Facebook could instantly become the largest money laundering network since PayPal. The problem for users, of course, is the security, or lack thereof, of online accounts such as Facebook. The more links a hacker has to your bank account or credit card information, the more susceptible users are to fraud and theft. As technology becomes more advanced, so do the hackers, and it is truly caveat emptor for a user using these new tools developed by Facebook or Google. It is also important for users to remember that these companies are not offering these “services” for free; they stand to make millions of dollars through these transactions. It is up to the user to keep his or her best interests at heart.
    As someone who has one credit with a low limit as the only card I use for online transactions (my debit card number never goes near a computer), I would not use an application like Facebook Wallet. I believe that one of the surest ways to protect myself from some of the dangers of online crime is to remove myself from the virtual space. Just as it is a terrifying to think that I could be arrested for allegedly downloading child pornography that my neighbor was in fact downloading on my server, it is equally as terrifying to think that a hacker could involve my bank account or credit card information with virtual-currency-crimes.

    Oh, and Josh, very creative blog post!

  2. Josh, great job changing things up with the videos – they were very well done!

    I think that the problems (or at least potential problems) with virtual currency and banking are definitely serious ones. In terms of digital currency like Facebook credits where a user can simply link their credit card, there are potential authorization issues at hand. What if a user forgets to log out of a public computer? I know it is commonplace to change a friend’s information or status as a joke, but what if you found someone’s ability to buy $100 worth of credits? In addition to the risks of the end-user, the financial institutions (be it banks or corporations) themselves also have risks of hacking, fraud, and having the ability to easily under-represent their income for tax purposes.

    As someone who is generally money-conscious, I’ve done a lot of reading about the “average credit card user” versus the “average cash user,” and research indicates that those without credit cards are less apt to spend money. That is, that those WITH credit cards think less about each purchase since it is only a swipe away. To illustrate this point, how mindless is it to click “$50.00 for 500 Facebook Credits” versus actually going to a store and watching yourself spend $50? To tie this back to other topics, internet anonymity is a huge reason that people behave the way they do online. If someone knew your every move online, many people would restrict their behavior at least to an extent.

    The businesses running the virtual currency systems are the ones benefiting from the ease of purchase, at which point they have almost effortless cash flows coming in, once the systems are established. The savvy user within Second Life or another virtual world may have to continue evading rules and laws to keep up a Ponzi scheme, but Facebook just has to sit back and dole out the credits.

    After learning about all of the financial perils in the virtual world, I think EVE Online might have it right with their “no cashing out” system. Watch the cash roll in and don’t worry about players cashing out thousands of dollars through potentially fraudulent transactions. In my opinion, it’s just one less thing to worry about.

  3. Josh, I agreed with practically everything you said and wrote. Very creative presentation too!

    Although I think people who bought into the Second Life bank schemes, like Ginco, were not prudent, I do not understand why the government has not pursued criminal charges against them. It seems clear to me that had these people done the same schemes in the real, physical world, they would be guilty of fraud. I see nothing about this transpiring in a virtual world that makes the offense any different or more legal. They purposely lied to Second Life users in order to steal their money. Ginco knew they could never deliver on their insanely advertised interest rates. Perhaps, prosecutors do not understand or feel comfortable with virtual worlds and crimes, but as the fraud amounts climb, I do not see how the government can continue to close their eyes and pretend these frauds are not occurring. Whether white collar crimes need a more specialized division for these types of crimes, or whether several seminars could pass on to attorneys all the needed information, I do not know, but something needs to be done.

    I am also very concerned about currency in virtual worlds and the potential for money laundering. Like you, I am not losing any sleep on the person who is selling their WOW gold to make a few bucks. But I do see the potential for money laundering not as possibly occurring but probably occurring. My fears are not eased by the fact that in none of our readings where there proposed ideas to counter this illegal action. I am not a fan of excess regulation, but self-regulation seems problematic as I wonder if these businesses have the means or knowledge to properly regulate for these practices. Using your cell-phone to make purchases and using virtual currency to make real world transactions all seem likely for our near future. For this reason, it is crucial that law enforcement and legislators not wait for the technology before they begin to tackle these issues and prepare accordingly. We need to stay ahead of the curve on this or people are not only going to lose money, but we are going to be giving the edge to criminals engaged in all kinds of activity.

  4. Sorry, but I cannot feel sorry for the users who lost money in the SecondLife Ginko scheme, even those that lost $10,000. If something is too good to be true, it usually is. According to Duranske in Virtual Law, Ginko promised a return of 100% a year on deposits. Where was Ginko going to get the real world money to pay this 150% return on real world dollars? Was the return even backed by gold or some other legitimate currency? Also for US users, Ginko bank could have been anywhere in the world. I don’t know about you, but if I am placing my real world money in an “institution” for safekeeping or to purchase and sell goods, I would want to either speak to a real world person at a real world bank or have a real world place to go to if I had a complaint or problem with my account especially since I will be placing my real world money into this account. Ginko bank did not technically exist and if SecondLife one day decides to close up shop, Ginko bank goes with it which means, your money is gone because SecondLife’s TOS express states:

    “4.2 Second Life exists only as long as and in the form that we may provide the Service, and all aspects of the Service are subject to change or elimination.
    Linden Lab has the right to change and/or eliminate any aspect(s), features or functionality of the Service as it sees fit at any time without notice, and Linden Lab makes no commitment, express or implied, to maintain or continue any aspect of the Service. You acknowledge that your use of the Service is subject to this risk and that you knowingly assume it and make your decisions to participate in the Service, contribute Content and spend your money accordingly.”

    The TOS by itself gives me pause. Virtual financial institutions or SecondLife as a whole could be eliminated at anytime without notice to the user. Virtual user should be informed about engaging in financial transactions in virtual worlds and on the Internet as a whole. This brings me to Facebook’s credit offering to purchase goods and services. I am also leery of the potential for hacking into bank accounts and credit cards of unsuspecting users. As with virtual financial institutions, I also see that no good can come from this link between social media and currency.

  5. Great Job Josh. The segmented format of your post provoked diverse reactions to a number of connected issues. I will navigate these various issues and bring them to a central idea which addresses virtual currency. The analysis explores multimedia communication, business membership accounts, virtual currency, and the Metaverse.

    First, I am very interested in the exploration of multimedia communication. The juxtaposition of sights and sounds may communicate substantive content in extremely powerful ways. The increasing availability of multimedia content creation tools provide for an audio/visual language with which we express and exchange ideas. Your post seemed to be an exercise in exploring different multimedia expressions for different elements of your analysis.

    The format of your expression raises the first issue I want to bring up, which is EULA’s and Terms of Service. Since you used different multimedia creation tools, you were bound by different agreements for the creation of each video. Since this post was an educational work product, commercial usage did not apply. We are exploring virtual currency this week, however, so let’s discuss the commercial use of the multimedia tools you used.

    I noticed that you used XtraNormal, GoAnimate, Secondlife, as well as a webcam to create your videos.

    First, Xxtranormal’s EULA states, “You may copy any materials existing or generated on the Xtranormal site for your own personal use only.” The Xtranormal website promotes the use of their multimedia tool for commercial use such as advertising videos and branding, but requires that you personally contact Xtranormal and engage in this commercial use through them.

    Next, GoAnimate, also limits the terms to personal use, stating in its EULA, “GOANIMATE grants you a limited, personal, non-exclusive and non-transferable license to use and to display and to make one copy of the Materials and to use the services and this Site solely for your personal use and solely to create Animations. “

    As we have discussed previously in the class, SecondLife does grant intellectual property rights to the creators of machinima and user created content. An issue that arises here, however, is that if your video contains another user’s content, avatar, or property you may need a release form in order to create a commercial video. This is similar to the release you would require of live people or locations appearing in live-action films.

    Therefore, outside of the educational context, the diverse array of tools creates a variety of hurdles to commercial activity.

    Another point about your format is the computer generated voice. Though I think that it can be somewhat monotone and hard to follow, I am glad you explored applications of computer generated voice. Your post is timely, in that SIRI is recently released. The trend seems to be toward voice interaction between humans and technology.

    Next, another development is businesses offering discount cards and membership accounts. I am uncomfortable with sharing my personal information to obtain an account. Moreover, these businesses are obtaining details of my shopping habits and activity. What if my grocery store tells my insurance company that I buy a lot of red meat and then my insurance company raises my premium because of my increased risk for a heart attack? These matters don’t really concern me, however, because I get coupons. My key chain is filled with scan cards with rewards membership cards.

    Moving towards virtual currency, I often do homework at Starbucks. As a man of habit, I regularly purchase a grande coffee for $2.08 and then a re-fill for $0.53. The other week, the barista told me that you get free refills with a Starbucks card/account. Well, I now have an account, and even pay for my coffee with my android phone, which is scanned by the register. It is a hassle to load money on my Starbuck’s account, but I am saving like $2.50 a week in re-fills.

    Next, the Ginko scheme sounds like the kind of get rich quick schemes that existed long before the internet. As Linden Labs stated in the 2nd reading, “either in the real world or in Second Life — if it sounds too good to be true, it probably is.”
    Bank Failure in Second Life Leads to calls for Regulation
    http://www.wired.com/gaming/virtualworlds/news/2007/08/virtual_bank

    As virtual currencies sprout up and compete for attention, most will probably fail. The concept of virtual currency is probably here to stay, however.

    Finally, the segmented format of this response was intended to bring up the concept of the “Metaverse.” As popularized in the novel “Snow Crash,” the Metaverse is a virtual world based successor to the internet. I think there is a strong argument for a virtual space with a standardized identification procedure and virtual currency. I do not believe in limiting the diverse activities we enjoy in virtual space, however the segmentation is creating barriers as opposed to freedom.

    We do not walk around with 50 different currencies in our wallets. It is not appropriate to have Starbuck’s cash, Exxon bills, and McDonald’s coins.

    Similarly, I don’t want to remember 50 different user names and 50 different passwords. I would like to see a virtual space where I log-in once. Inside I can check my bank accounts, my emails, conduct my business, explore, have fun, and exchange a single virtual currency.

  6. After Ginko, Second Life needs to pay more attention to its virtual banks and the way that users “invest” their Lindens. Second Life is essentially establishing a medium for its users to defraud others and engage in other criminal activity without any repercussions. Duranske’s blog was interesting because he discovered the Ginko investment and identified it for what it really was, a Ponzi scheme, shortly before it fell apart and the owner disappeared. If California or the federal government haven’t already investigated the manner in which Second Life is running its banks, they should. Furthermore, the government should not allow Second Life to regulate the virtual banking without oversight.

    Second Life issued a statement that “if it’s too good to be true, it probably is,” which seems to indicate that Second Life believes its users should shoulder the responsibility and that it wants to engage in a hands off approach. However, if this is Second Life’s true position, it does not comport with its previous conduct in regulating griefers. In the past, Second Life has a policy of actively discouraging griefers and punishing them. Yet, when its users lose a total of $750,000.00, the company is going to say that users are responsible for the consequences of failing to use common sense. (They must have forgotten that they are not EVE online.)

    By engaging in virtual banking and mixing virtual money with real money, Second Life is treading in dangerous territory. Second Life has its own agenda and based on the manner in which it has regulated the banks thus far, that agenda is not in line with our federal and state criminal laws.

  7. oh yeah, great post josh. really creative

  8. Pseudo, non-FDIC approved “banks”. A digital “ATM” dispensing real world money. Being able to use unrestricted credits for an entirely invisible online transaction. Paying for transactions from your phone’s Facebook application? Does anyone else see anything wrong with these scenarios? I guess I take the non-tech savvy approach and am very hesitant to agree with (or support) any form of technology that seems to do nothing effective for society but merely instill a newer sense of laziness and functionality. Online credit transactions through Facebook and other social media sites aren’t like computer-run, microscopic surgery procedures saving lives across the country.

    I don’t want to sound repetitive, but I have to agree with many of my classmates in the sense that I do not feel sorry for those that invested in Ginko Financial knowing full well that it was 1) not a real bank, 2) not FDIC approved or insured, and 3) too good to be a true (a 40% turn around almost immediately). I agree with Lindsay on this one. I’m equally as money conscious and hesitant about disclosing ANY financial information over the internet. I know this is opposite of some of my friends who seem incredibly willing to input all their debit card numbers and bank account numbers into these online budgeting programs which will synthesize and analyze your spending patterns and generate a personalized (and fluctuating) budget for you. No way, Jose!

    I found the article on the intersection of “mobility and credit” fascinating. I’ve seen the card swipe machines on many store counters, where you simply take you card and briskly swipe it face down over the little blue half moons and bingo! Your transaction is processed. For me, I never felt like this trend really picked up. But, now I see that people are actually investing in Facebook credits and putting them in their “Facebook Wallet” to be used as disposable cash. It amazes me how forward thinking our society is, but at the same time, how closed minded we are to the fact that with every increase in function, facilitation, and simplicity carries with it the higher risk of fraud, scam, online identity theft, and an overall creation of laziness among the community members. Fast forward to the day that, as Michael Davis wrote in his article, we are using our phones and mobile devices for everything, including paying for items with Facebook (or other site) credits. Now, consider how many times people lose their cell phones, or a stranger asks you if they could call a cab from your phone “just this once”.

    I have to agree with Mike K. on his opinion about what’s easier to part with—$500.00 or 50 credits. It’s like gambling (and losing), a concept the majority of us are familiar with. It’s much easier to say “I’m going to spend 10 credits” without considering the real-world implications of this purchase. 10 credits might translate into $2.00, $20.00, or even $100.00. The conversation rate can apparently vary day-to-day in these “banks”. It makes me start to wonder if there are individuals out there with addictions to these credits and online “banking” through virtual worlds. It gives them an escape, but sadly, this supposedly “in world activity” that cost L3000 Linden just emptied their personal bank account $350.00 (or whatever the conversation rate is). And, better still, that must-have purchase or escapade doesn’t have a real-world equivalent so you’re continually left doing the walk of shame from your computer, possibly having just committed internet fraud or engaged in online money laundering, with a depressing bank statement in hand.

  9. Josh, I absolutely loved your post. It was incredibly engaging and I truly appreciate all of the effort you put into it! You did an amazing job!

    Anyway, I want to start by saying that I am truly surprised that throughout the entire semester thus far, I have not given much thought to financial crimes. However, now that I sit back and think about it, I bet financial crimes are both the most prevalent of all of the virtual crimes, as well as the most undetected of all of the virtual crimes. Without effective regulation of virtual economies, virtual worlds seem to be the perfect under-the-radar hub for money laundering and financial fraud. Why Congress has not cracked down on these virtual economies is truly beyond me.

    Although Linden Labs is ostensibly taking a firm stand against financial crimes, it seems like common sense that the users of Second Life bear the burden of enforcing most, if not all, of the in-world regulations. And frankly, I have no confidence in the ability of Second Life users to adequately and effectively regulate financial crimes. It’s not like the perpetrators post signs above the heads of their avatars that read “WHITE COLLAR CRIMINAL”. Plus, User A has no authority, and more than likely lacks any ability, to investigate and track the financial transactions of the equally anonymous User B. So, without Linden Labs’ big-brother oversight, Second Life is simply running on the honor system – which is clearly a very effective method of combating and deterring virtual crime. Not.

    The complete lack of regulation is even more alarming given that the number of people who utilize virtual currencies is increasing rapidly. Undoubtedly, the number of virtual criminals is growing in tandem. Additionally, the current state of the real-world economy makes it even more likely that users will slide over to the dark side, so to speak. Although I’m not sure exactly how far I think Congress should go with regard to regulating virtual economies, it seems pretty clear to me that something needs to be done. Otherwise, virtual worlds will likely turn into criminal cesspools. And that is very troubling.

  10. It’s interesting to think of all the possibilities to launder money in these virtual worlds. I too am surprised nobody has gone after Ginko, especially how the DOJ has seemingly launched an online war. Second Life is treading in dangerous waters by mixing virtual and real money. It’s all fun and games until there is “real” harm done to individuals. That’s when authorities are more able to come after individuals. My only issue with the debate of mixing online and virtual money is that regardless of the virtual world’s stand on it, it will always happen. To limit liability it would be wise to not allow it officially because they would stand to lose less than if they allowed it and were then charged criminally. Looking at World of Warcraft for example, you can simply go online and buy WoW gold. I’ve included two links at the bottom for you to look at. One of those links is a site where they have WoW characters listed for over $1,000 and the other allows you to purchase gold. It’s disturbing to think that this is an easy avenue for terrorists to launder their money. I’m sure when our generation is the one in Congress, laws will adapt accordingly. Part of the problem I see is that lawmakers just don’t understand some of the issue related to the virtual world.

    http://www.buymmoaccounts.com/
    http://www.hotcataclysm.com/gold.php?gameId=2

  11. Great job on the post. Let me raise a question for all of you… did you feel “sorry” for the victims of Bernie Madoff’s Ponzi scheme? He also promised returns that after examination were unrealistic and unsustainable and yet people ran to give him money. And the SEC, despite numerous red flags AND a whistle blower, did nothing to protect investors. A scam by its very nature takes advantage of the combination of gullibility and greed, yet the law clearly provides criminal liability for the person who pulled off the scam. The foolish belief of the victims does not impact the legality of the scheme.

    Here’s a scary link for you if you are thinking of using FaceBook credits: http://www.bbc.co.uk/news/technology-15553192

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: