Darknetlive

AUSTRAC Releases Guide on Profiling Crypto Transactions

Australian Transaction Reports and Analysis Centre (AUSTRAC) released a guide on “preventing the criminal abuse of digital currencies.” Digital currency exchanges can use the lists of indicators in the guide to profile their customers.

The guide “provides financial indicators to help businesses, including digital currency exchange providers, recognize and report criminal activity through digital currencies,” according to the AUSTRAC website. The guide lists money laundering, the purchase and sale of illicit products via darknet marketplaces, terrorism financing, scams, tax evasion, and ransomware as serious crimes enabled by cryptocurrency.

In the money laundering section of the guide, AUSTRAC noted that criminals use mixing services and privacy coins to launder money.

“Although conversion services and privacy coins operate outside of the traditional banking sector, blockchain analysis tools can be used to identify digital currency addresses connected to conversion services, creating an opportunity for financial service providers to identify transactions coming from or going to these services.”

A picture of The report suggests that businesses avoid “de-banking” suspicious customers.

The report suggests that businesses avoid “de-banking” suspicious customers.

The most interesting part of the guide is the section on behavioral and financial indicators. Each listed indicator should trigger enhanced customer due diligence. If the digital currency exchange suspects a customer or transaction is linked to criminal activity, they must submit a Suspicious Matter Report to AUSTRAC.

General Indicators

Identification, verification, and profile information

Behavioral Indicators

  • Customer is reluctant or declines to provide identification or personal information.
  • Customer attempts to provide as little identity information as possible, including incomplete or insufficient identification information.
  • Customer provides stolen, forged or fake documentation.
  • Customer verification information is a photograph of data on a computer screen rather than the original document.
  • Company beneficial ownership is difficult to establish.
  • Customer provides documentation with identifiable alterations or of a low quality during on-boarding or when conducting ECDD.
  • Customer on-boarding documentation is unable to be verified or does not match the details of the account.
  • Customer acts on behalf of someone else (without disclosing the fact) or impersonates someone else.
  • Customer appears to be using a virtual private network (VPN) or encrypted email in an attempt to hide their identity.
  • Customer is known to law enforcement, via publicly available information.
  • Customer frequently changes their identification information, including email addresses, internet protocol (IP) addresses, or financial information.
  • Customer is difficult to contact, responds only via email or web chat, and at unusual hours.
  • Customer uses a mail account provider known for high privacy features.
  • Law enforcement or regulator interaction indicates that a customer is linked to illicit activity.
  • Customer has adverse media or open source reports.

Source of funds and wealth

Financial indicators

  • Customer has unexplained wealth or the source of their funds does not match their profile.
  • Customer purchases large amounts of digital currency not substantiated by available wealth or consistent with their profile.
  • Structuring (or perceived structuring) of government issued currency deposits or digital currency withdrawals via cryptocurrency ATMs or retail locations.

Behavioral Indicators

  • Customer provides inconsistent explanations as to the source of funds or source of wealth that are used for the purchase of digital currencies.
  • Customer provides documents that appear to have been altered or of low quality during on-boarding or when conducting ECDD processes.
  • Customer requests higher limits inconsistent with their occupation or profile.
  • Customer is reluctant or declines to provide source of funds or wealth.

Account activity

Financial indicators

  • Use of chain-hopping in an apparent attempt to obfuscate source or destination of funds.
  • Multiple customers send funds to the same external wallet address (that is not a service).
  • Publicly available information such as sanctions lists or analytical tools indicate a customer’s wallets, or wallets the customer is transacting with, are associated or linked to illicit activity.
  • Unusual transactions such as customer moving earnings through mixers, multiple conversions or layering through multiple exchanges prior to cashing out.
  • Customers that regularly make significant profits or losses by transacting with the same subset of wallet addresses.

Behavioral Indicators

  • Multiple customer accounts are opened with either the same email address, phone number, IP address, residential address, postal address or on-boarding documents.
  • Customer accesses their accounts from a high number of different electronic devices or IP addresses.
  • Customer lacks knowledge or provides inaccurate information about the transaction, the source of funds, or the wallet address where they want to send the digital currency.
  • Customer seems anxious or impatient with the time taken to make a large transaction.
  • Customer is evasive as to the reason for the transfer.
  • Customer wants to increase transaction limits shortly after opening an account.
  • Customer creates or attempts to create separate accounts under different names to circumvent restrictions on trading or withdrawal limits imposed.
  • Customer attempts to coerce or persuade staff to ignore reporting obligations or break normal protocol to conduct a transaction.
  • Customer consistently conducts transactions under actual or perceived reporting thresholds.
  • Customer gambles with digital currency or has transactions to/from gambling websites.
  • Customer uses privacy enhanced digital currencies which do not appear to be used for investment purposes.
  • Customer IP addresses do not match the state or country the customer resides in.

Crime-Specific Indicators

Illicit Darknet Market Activity Indicators

Financial indicators

  • Blockchain analysis tools link a customer’s transactions to darknet clusters, child exploitation clusters, mixers or high risk exchanges.
  • Customer’s wallet addresses show exposure to high-risk conversion services or darknet marketplaces.
  • Use of, or donations to darknet explorers, including a platform enabling anonymised internet access indicating access to, and possible illicit purchases on the darknet marketplaces.

Terrorism Financing (totally real)

Financial indicators

  • Public information or blockchain analysis tools indicate a customer has transacted with websites or wallet addresses considered to be high risk for terrorism activities or proliferation financing.
  • Transactions with sanctioned wallet addresses or people of interest listed on government websites, such as the Office of Foreign Assets Control (OFAC) or the Department of Foreign Affairs and Trade (DFAT).
  • Transactions to crowdfunding or online fundraising campaigns linked to ideologically or religiously motivated violent extremism focused forums.
  • Transfers to/from international exchanges with less stringent ‘know your customer’ processes, including those owned or hosted in high risk jurisdictions.
  • Customer account receives multiple small deposits, which are immediately transferred to private wallets.

Behavioral Indicators

  • Social media (or online profiles/handles) indicate the customer holds ideologically or religiously motivated violent extremism ideologies or sympathies.

Tax Evasion

Financial indicators

  • Use of services that do not make commercial or economic sense. For example, a business moving earnings through mixers or an individual converting a digital currency multiple times prior to cashing out, incurring additional conversion fees.

Behavioral Indicators

  • Customer makes enquires about avoiding tax reporting obligations.
  • Customer asks if personal or transaction information will be shared with the Australian Taxation Office.
  • Customer requests to hide or delete transaction activity held.
  • Customer sends or receives government issued currency to a wide range of related personal or business accounts at different institutions.

Preventing the Criminal Abuse of Digital Currencies Financial Crime Guide

34 Comments
Do you really want to comment here? not rules
ae3f0616
594986c0 Fri, Apr 22, 2022

Good thing btc is made to be peer to peer

74c4a9d0
56ee4980 Fri, Apr 22, 2022

AHAH [snip …] CUCKS

5123254f
d95eedf0 Fri, Apr 22, 2022

is this for localbitcoins

a8a06924
9323c550 Fri, Apr 22, 2022

Little china doing big things over there. I’m guilty of half of these indicators and behaviors when transacting legally.

3d8545e1
f5d98070 Fri, Apr 22, 2022

I’m such a gamer I broke all of these indicators B3

8b37cd21
a3f06fe0 Fri, Apr 22, 2022

BTC everything is public - the ledger makes is real easy to figure our who is who for LEO and provides the entire transaction history.

93c885e8
e0464900 Sun, Apr 24, 2022

shhhhhhhhhhhhhhhhhhhhhhhhhh

it spoils the fun

USSS-FBI-DHS-IRS-USPSIS not to mention the for-profit contractor, “security researchers” who were pinched and/or Brett Johnson snitch, and of course the local Judge who ordered LE to pick you up in your sleepy predominantly white suburban town, as your neighbors say, “We always knew that soiboi Joe Rogan Apple Fanboy Gamer cuck was up to no good. pounds another tallboy, pops some Percs, and takes a drag on a Cig “Nobody wants to work anymore!”

All y’all are cucks and you know it

421bd056
8b518e20 Sat, Apr 23, 2022

Ya but Monero doesn’t…

d46c5482
b648c9b0 Sat, Apr 23, 2022

Is this supposed to be a stupid joke or what

e880adf3
c704c9e0 Sat, Apr 23, 2022

ROFL.. the fuck are these clowns even talking about.. 80% of these is normal behavior for anyone with half a brain to protect his privacy

f4d2c7ee
59222f50 Sat, Apr 23, 2022

hacash dot org

ef68bb2b
f58a5b50 Sat, Apr 23, 2022

that’s the authoritative Australian government for you.

26920b1e
5ed89020 Sat, Apr 23, 2022

Whatever with all 0f the peanut gallery comments, DNL?

25d0bc57
50142710 Sun, Apr 24, 2022

An evil hive mind of ethnic Jews ARE working together to cause EVERYTHING bad in the world, such as ALL war, economic meltdowns, ALL left-wing politics, income disparity, atheism (yes, you read that right), the impeachment of YOUR WORLD PRESIDENT Donald Trump, the last time you got food poisoning at a fast food place, every time you stub your toe on a table FUCKING JEWS DID THIS, etc. Basically, you name it, Jews are not only for it, but actively did it.

BUILDING 7 OF WTC DIDN’T IMPLODED ITSELF

JET FUEL DONT MELT STEEL

FAUX FUACCI JABBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB!

97a8f4bf
e6e836c0 Sun, Apr 24, 2022

@25d0bc57

In an N-word voice: DATZ RITE!

bad578e6
914c59c0 Mon, Apr 25, 2022

@97a8f4bf

This is bait but the literal use of “…N-word voice…” in your comment (which appears to be in reply to yourself in the comment written in an attempt at some kind of boomer mockery). The comment seems to be an attempt to make your idea of normal whites look bad (as a “““white””” yourself). I think the use of “N-word” is an attempt to mock whites without offending a black who might not think you are a black, Puerto Rican, Cuban, etc.

This presupposes that you are not just a 12-year-old responding to a person (25d0bc57) who is not twelve but exclusively comments word salads that other 12-year-old kids would enjoy.

69e08549
864b8010 Mon, Apr 25, 2022

@bad578e6 or DNL

the reason to use that word is because of the censorship we see in many places ppl comment. But i have few things to say to you:

1- no i am not the same guy who is being replied to.
2- fuck niggers for that matter.
3- If not for fear of doxxing u guessed wrong at the which race I am, not a nigger or a kike either.
4- I didn’t expect that reply based on your previous replies in older posts.

but whatever

9c60a3da
46befa20 Mon, Apr 25, 2022

@69e08549

Yeah my response and reaction was out of line and overtly hostile. Sorry for that.

It is well known that I do not remove comments for the inclusion of any specific words FWIW. Certainly true that there is the eventual possibility for censorship on my end via ISPs, DNS resolvers, domain registrars, etc. but I don’t care what words people use here.

259dbbdb
d4c5f650 Mon, Apr 25, 2022

@9c60a3da

Well believe it or not some countries like the one I am in they censor all the internet activities including TOR and it is matter of time until they get me for such comments.

They sentence ppl for words or comments about ethnicities or countries even mentioning facts and statistics can get one into trouble it doesn’t matter.

I will try to improve my comments before posting.

a66c2413
22fc40a0 Mon, Apr 25, 2022

@259dbbdb

Fair enough. No hard feelings on my end. I was tired and already aggravated when I wrote that. Looking at it now after getting some sleep I wouldn’t have said anything at all.

Good luck out there.

9f8e6763
0f8f21f0 Sat, Apr 23, 2022

I wonder what kind of reaction this elicited from some of the industries more esteemed CSO’s? Would it be too intuitive to assume this memorandum made the rounds intended for the vary career professionals who taught them inasmuch?
The funny thing for me is it reads like C+P from any (random gateways) CNP 3PPS best practices ad-libbing KPI’s

159c30df
746c7f90 Sun, Apr 24, 2022

Link doesn’t work

f897525d
f1a125d0 Mon, Apr 25, 2022

Fixed

f7d6e2b3
72749e00 Sun, Apr 24, 2022

is abacus run by worldmarket admin?

7dbe13cc
46b8f4a0 Sun, Apr 24, 2022

I’d be very careful with them i dont really put my money in markets with drama

62cfc278
16c603d0 Sun, Apr 24, 2022

WAIT abacus are those exit scammers from worldmarket? do you have prove i will stick to asap until i know for sure

9ab20864
b64a3470 Thu, Apr 28, 2022

@62cfc278

People are saying the same about asap, that it can’t be trusted.
What do you think about HeinekenExpress own market?

97aef637
0a36a540 Sun, Apr 24, 2022

cops doing cop shit. encrypted mails, vpn, different devices and ips. like wtf. it’s like all the other cop reforms. targeting any behaviour that makes it harder for them to do said cop shit. no matter it’s legal (yet) or not

9e44524d
7aef3070 Sun, Apr 24, 2022

They analyzed the dnm bible and dread for that. These websites may help users but at the same time they may for instance unintentionally compromise stealth shipping methods and cryptocoins use/withdrawal.

To keep this at minimum these forums should be invitation-only.

9588664d
b32cd9c0 Thu, Apr 28, 2022

Sure, but it limits the freedom of use of the guides. People should be using monero anyways which renders useless the ledger analysis.

1a1c494a
9e9b1570 Thu, Apr 28, 2022

Plus more than half the indicators here shown coincide with legal use of normal privacy concerned users who care about not being robbed/scammed, basically sounds like bs excuses to monitor whoever they want, what they want, whenever they want and however they want.

38e94093
486d4140 Sun, Apr 24, 2022

The invitation only scheme is still not safe. In fact, it is most vulnaruble to psyops.

1dd3f011
31e74a10 Mon, Apr 25, 2022

I need to do something about the comment sections as they are basically worthless now. The barrier of entry is too low. Even the people posting in good faith have zero forum etiquette.

928d0433
c8be5410 Mon, Apr 25, 2022

just put a strong captcha..

Comment Submitted. Unless flagged for manual review, your comment should show up in about one minute.

Close

Comment Error. If you filled the fields out correctly, feel free to shoot us an email.

Close