Monday, February 22, 2010

Virtual Currency and Money Laundering

By Max Burns
Pixels and Policy
Tuesday, November 3, 2009

After looking at the necessity of proper policing in virtual worlds yesterday, let's take a look at just how prevalent cybercrime really is.

As the Hindu Business Line reports, cybercrime - both small-scale phishing and large-scale acts like cyberterrorism and mass account information theft - is on the rise.

The Profit Potential of Virtual Crime

Cybercrime’s prevalence in the virtual world is debatable, with different organizations expressing varying levels of concern. The Fraud Advisory Panel, a consumer protection group, called for the extension of federal laws into the virtual world as early as 2007.

There’s definitely a need, reports the the Hindu Business Line, a business policy newspaper that recently dipped into the virtual world to take a sampling of cybercrime. From the article:
"Phishing attempts to acquire sensitive consumer information such as usernames, passwords, and credit card details fraudulently. Once an account is compromised in this way, a cyber criminal can empty it or use its associated credit card information for other purchases."
"While not a threat in the usual sense, users can inadvertantly become party to money laundering. Because avatars can trade currencies and goods inside the virtual world and then sell them into secondary markets for real money, the crime is difficult to trace."
We've come a long way from trying to trade useless loot for gold in Runescape. Money laundering through Second Life's Lindex Exchange, which allows users to spend real currency for Linden Dollars and then convert them back into a real world currency, is also a potential financial fraud hub.

In fact, money laundering on the Lindex was a hot topic in early 2008, causing the company to take a strong stand in defense of its platform. However, these concerns require further investigation, as the ease with which a player can convert currencies - which requires only a computer and a Second Life account - raises serious anti-terrorism concerns.

As virtual worlds grow in scale and in the number of financial transactions conducted daily, cybercriminals are growing in tandem. With no standardization between worlds, there is no way of knowing whether one source is making and cashing out Linden Dollars, Warcraft Gold, or any other in-game currency. This makes tracking accusations of money laundering extremely difficult.

As virtual worlds grow larger and become a part of tens of millions of lives, the security of one's virtual identity will come to the fore. Trading game currency and betting real currency on in-game markets has birthed an emerging, if impromptu, stock market.

Speculators discontent with the ravaged real-world market will no doubt turn to virtual worlds as they become viable. Without any virtual Securities and Exchange Commission to test the legitimacy of "virtual stock" promotions, this leaves well-meaning players open to fraud.

Despite how common e-mail phishing scams may seem (and who doesn't have a fake PayPal or eBay "account verification" e-mail in their inbox from the past month?), it is vital to remember that these are crimes.

One of the major problems facing law enforcement agencies is the issue of where an attack originates. This decides the thorny issue of jurisdiction.

Internet security firms like McAfee decry the current scam-ridden landscape of virtual worlds, but substantive recommendations for improving the situation are few and far between. As Tech Target reports, the ever-expanding virtual landscape and the cleverness of cybercriminals is confounding traditional law-enforcement services.

Given the cost of cybercrime and its potential to destabilize small virtual worlds that may lack superior protections, being confounded is no longer good enough. Law enforcement agencies need to give serious consideration to the major role virtual worlds are playing in the lives of users - both as hubs for financial transactions with sensitive credit card information, and as a center for semi-anonymous gathering.

Should law enforcement agencies monitor virtual worlds for cybercrime and identity theft? Is it time for the FBI to open a virtual office in Second Life to deal with claims of large-scale cybercrime events? Let us know your thoughts.

Max Burns is the editor of Pixels and Policy. Reprinted with permission.

For further reading/viewing:
"The Failure of Anti-Money Laundering Laws" (video), Center for Freedom and Prosperity, February 22, 2010
"Runescape creator pursues 'phishing thieves'", Mark Ward, BBC News, November 30, 2009
"Virtual World Money Laundering", Mark Methenitis, June 3, 2009
"Cyber-Laundering: The Union Between New Electronic Payment Systems and Criminal Organizations", Giulio Piller and Elvis Zaccariotto, Transition Studies Review, May 2009
"E currencies and money laundering are they intertwined?", Michael Hearns, November 21, 2008
"Group Laundered $38M in Virtual Currencies in 18 Months", Virtual World News, October 27, 2008
"Virtual worlds becoming money laundries", Shaun Nichols,, August 29, 2008
"Cyber Laundering: An Analysis of Typology and Techniques", Wojciech Filipkowski, International Journal of Criminal Justice Sciences, Volume 3 Issue 1, January - June 2008
"Virtual Money Laundering and Fraud", Kevin Sullivan, April 3, 2008
"Exchanging Real Money in Virtual Worlds", Andrea Kaminski, E-Commerce Times, March 3, 2008
ATM cards tied to virtual worlds a 'money launderer's dream'", Brian Monroe,, November 20, 2007
"UK panel urges real-life treatment for virtual cash", Adam Reuters, May 14, 2007
Virtual Worlds 'Clear and Present Danger' for Money Laundering", Brian Monroe,, April 26, 2007
"Virtual money laundering now available on the world wide web", Kenneth Rijock, World-Check, January 2, 2007


  1. "Money laundering" is not a crime. It's illegal by statute, but those statutes are pure bunk. Yes, they can help to track down real fraud, like phishing, but at great expense to honest people. Sort of like punishing all the kindergarten children because one or two misbehave and won't admit it. That's pure bunk, too.

    The correct way to cut down on phishing is to use public key encryption for access to accounts, not user names and passwords. See for a simple implementation of that concept.

    Or simply teach people about phishing. Those too dumb to learn deserve to lose their money. Don't punish the rest of us by stealing our privacy in the name of stopping "money laundering."

  2. I agree with you, Bill. Financial and monetary privacy are fundamental rights, case closed. This blog attempts to present the current status of digital currencies and their many implementations, including cross-border and multi-jurisdictional.

    Law enforcement issues are presented here in order to give digital and virtual currency issuers a broad overview of the enforcement landscape and the types of situations that may be encountered when exerting the right of financial privacy.

  3. hi,
    i just wanted to say how much i enjoy reading your blog. in a world full of spin, it's nice to get some fact-based analysis.
    keep up the good work.
    Virtual Office