Money Laundering-as-a-Service: The Booming Business of Dark Web Money Laundering Services Artwork

Integrity Insights

Integrity Insights is a podcast from Berlin Risk, a Berlin-based corporate intelligence and compliance advisory firm. In the podcast, we cover the latest developments in the fields of financial crime, political risk, sanctions, open source investigations and much more. The podcast is hosted by Filip Brokes, consultant at Berlin Risk.

All Episodes

Integrity Insights

Money Laundering-as-a-Service: The Booming Business of Dark Web Money Laundering Services

October 16, 2025 • The Berlin Risk Podcast • Season 1 • Episode 17

In this episode of Integrity Insights, Filip is joined by Daniel Shkedi, Head of Product Marketing and Strategy at Refine Intelligence, a fraud prevention company. He is also a fraud and threat intelligence researcher specializing in cybercriminal activity on the dark web and Telegram. His publications cover a wide range of topics, including online fraud prevention (in banking, eCommerce, and payments), identity validation, emerging threats in underground forums, and AI-driven fraud and eCrime.

The conversation dives deep into the emerging field of Money Laundering as a Service (MLAS) and how cybercriminals are adapting their operations. Daniel provides insights into his research, the typologies of money laundering services offered on the dark web, and why financial institutions need to pay attention to this growing threat.

Key themes discussed:

Money Laundering as a Service (MLAS)
Daniel describes his recent project, where he mapped out how organized criminal groups provide money laundering services to fraudsters on platforms like Telegram and the dark web. This “business” mirrors legitimate financial services in sophistication and scale, making it a rapidly growing problem for financial institutions.

Typologies of Money Laundering
Through his research, Daniel identified several key typologies of money laundering services, including:

Bank Drops: Rented or sold bank accounts used for cash-out services.
Bank Loaders: Criminals who move funds onward to bank drop accounts.
End-to-End Money Laundering Services: Criminal enterprises offering full money laundering packages, including layering and integration.
Shell Companies and Insider Services: Fraudsters offering to set up fake companies or bank insiders selling stolen financial data.
Street-Level Cash Outs: Basic services where criminals withdraw funds using stolen or fraudulently obtained bank accounts.

Global Scope of Money Laundering
Daniel shares his findings on how these services are not limited to a single region, but are a global phenomenon. The services are available across North America, Europe, Latin America, Asia, and the Pacific, with different nuances depending on the jurisdiction.

Why Institutions Should Care
Beyond regulatory compliance, Daniel emphasizes that money laundering and fraud expose financial institutions to serious reputational risks, financial losses, and operational disruptions. Criminal enterprises are evolving, and financial institutions must adapt by building proactive threat intelligence programs.

The Role of Threat Intelligence
Daniel outlines how threat intelligence plays a pivotal role in understanding fraud enablers, monitoring their infrastructure, and predicting where future attacks might come from. By gathering data from multiple sources, including the dark web and Telegram, financial institutions can develop comprehensive threat intelligence strategies to stay ahead of cybercriminals.

Connect with Us:

LinkedIn: https://www.linkedin.com/showcase/integrity-insights/?viewAsMember=true
Berlin Risk Linkedin: https://www.linkedin.com/company/berlinrisk/?viewAsMember=true
Website: https://berlinrisk.com/

All right, Daniel, welcome on the podcast. Hi. Thanks for having me. Um, okay, let's kick off with the, with the brief intro. Can you tell our listeners, uh, both your sort of professional background. Of course, of course. So my name is Daniel Chetty. I am the head of product marketing and strategy at Refine Intelligence.

And Refine Intelligence is a startup building a fraud prevention platform. Uh, mostly focusing on, on US financial institutions. And um, and again, the primary focus is mostly on check fraud and scam prevention. So I've been in the fraud prevention. A ML and cybersecurity spaces for over 10 years now, before joining Refine, I held a variety of, uh, of product, product, marketing and pre-sales roles at leading fraud prevention companies, tech companies, um, including BioCatch, Forer and identical.

And. So over the years, I specialized in a wided range of fraud types, right? I've seen, you know, obviously a lot in the banking world, so it could be, uh, uh, fraud attacks, like account takeovers and new account fraud, as well as e-commerce fraud, like card not present, CNP fraud, automated attacks, retail policy abuse, and, and more.

In addition to my work, um, in, um, in product and strategy, I, I've also, uh, uh, I am also a, a fraud and threat intelligence researcher focused on cyber, criminal activity on the dark web and telegram. And I've published extensively on these topics and covering. You know, a lot of subtopics like on, in like online fraud prevention and banking, e-commerce payments, identity validation, emerging underground threats, and AI driven fraud and ecr.

So that's really in a nutshell, and, and regarding these research, research projects, I recently came across your, uh, research project looking into, uh, money laundering as a service. Uh, can you maybe talk us through how, you know, this project came about and, uh, what does, you know, what is, what are, what are maybe some of the main findings of course, in research of, yeah, so, so this project, uh, was, uh, started sometime in, in a, I believe in April.

2024. Uh, my good friend and, and former colleague, Rio Minor and I, we started working on this. We, um, the idea was to create a, a research program that with the goal to systematically map and analyze the evolving ecosystem of professional money laundering services offered to fraudsters and particularly.

On Telegram and the Dark Web. And since the, the beginning of this project, we've uncovered, you know, structured service economies, including cash out networks, money mule recruitment, um, uh, networks and laundering packages, so to speak. Right? That, um, it, it kind of mirrors in a sense legitimate financial services.

In terms of the sophistication and scale, right? Just in the dark web. Um, so that is kind of the background, how we started the money laundering as a service, or I like to call it MLAs. So that's, that's a term that, uh, we coined together and I use it interchangeably. Um, so I'll tell you a little about the, uh, the project itself, right?

So we actually used a. Uh, a pretty solid methodology, right? And the idea was to collect data using a variety of, of collection tools, uh, could be, uh, what we call osint, open source intelligence, human intelligence, and cyber intelligence, um, and use a multi-layered approach. Uh, to, uh, collect, uh, data from the dark web basically, and create a sample, create a database.

So in phase one of the project, we, uh, roughly collected 350 analyze ads. Basically ads in the dark web and dark web forums, and dark web marketplaces. Of, uh, um, financial criminals that were offering these money laundering services. Okay. And we sampled them systematically. And I'd say 99% of them were ads that were posted just within the, the last 12 months when we started the project.

Okay. And after, um, we sampled them and we created the database. Of course we did a lot of, of, of statistical analysis and, and checks just to make sure that, you know, that results are significant. Um, we, uh, we, we came up with a definition of eight typologies. Or, or, or basic money laundering services. Um, and, and that's how we classify the ads and then we divided them.

So I can, uh, uh, before I, I say something about that, I can, I can tell you a little about the typologies if, if you're interested in that. No, yes, please. Absolutely. Okay. So after looking at the data, we, like I said, we identified. State typologies, and I'll just give a kind of a very short definition for each one of them.

Right? So the first one is bank drops, right? Uh, essentially we're talking about ads. With the main service over there was accounts that are rented for a commission or they're actually sold, and they're usually used to facilitate a cash out, right? There's a wire transfer or some other payment, and then they actually withdraw the funds from those drops.

The second typology is what we call bank loaders and, and essentially layering accounts. These are the folks who actually make the payments to the bank drops, right? Um, and they move funds onward often to bank drop accounts. Then we have the end-to-end money laundering services and essentially we are talking about.

Businesses. Okay. These are large organizations, criminal organizations, cri, criminal enterprises that provide comprehensive financial services for all three money laundering phases. Right? The layering and, and all of that. Um, it's really, really interesting because it seems like it's, it's very organized.

It seems like organized, correct. Um, then we can talk about a few more. The Shell companies, you know, services such as setting up shell companies, the documentation, et cetera, like that. Mm-hmm. Bank insiders. Very, very interesting phenomenon. We're basically seeing bank employees offering insider services at the, at financial institutions, right?

Selling stolen checks, selling stolen data. It's fascinating and, uh, and a few minor stuff, uh, such as fake statements. You know, folks who forged. Bank statements or, or utility bills or other documentation, trade goods that is kind of using bulk goods like gold or diamonds or stuff like that. For, for money laundering and cash outs, very kind of street level cash outs.

That's what we call it Folks who, uh, you know, who, who actually go to the ATM and they withdraw money from an account and then they, they move on. So those were the typologies. Can we maybe Daniel drill down into, uh. I'm interested in the, the, as you say, the most prevalent, uh, typology, the bank bank drops.

Like, do you see, you know, these bank accounts offered across, you know, different jurisdictions in, in, in Europe, in, in the us or is it, you know, all over the world? Or is it, uh, you know, maybe specific to, uh, uh, uh, uh, like one, one jurisdiction or one, one part of the world? Yeah, absolutely. So we actually, we actually looked at, at this from a geographic, uh, standpoint as well.

And I can say that the vast majority of, of, uh, the services were, were for, um, north American banks. Uh, typically the US and Canada, but it was a global phenomenon. It was all, you know, in all part parts of the world, in all regions of the world. It was in emea, um, you know, the UK and Germany and Poland, Spain, the Netherlands, France, I mean, very long list.

It was in, in Latin America, it was in, in, you know, in Asia, the Pacific, and uh, in countries like India, China, Australia, all of them. Similar, but they had some nuances and, and some different flavors, so to speak, of, of this type of, uh, uh, of, um, you know, of, of, of the services and pricing was different, but it was a global phenomenon.

Mm-hmm. But if I, so, if I understand it correctly, Daniel, it basically, the way it works is that, let's say like you have a cyber criminal who, you know, obtained money, uh, via, uh, cyber crime. Now they want to. Cash it out. So they will purchase on the dark web a particular, like fake or I don't know, stolen account.

And they, they then they just need to find a way to send money to this account. And then they can withdraw using the, I don't know, the credit card. Uh, they can, they can withdraw money from an ATM of this account. Uh, yeah, exactly. So, so the accounts they may obtain may be obtained. In legitimate ways. They could be real accounts that were, you know, that were aged.

But it, it's, it's usually the, so it's usually obtained through illegal activities, um, such as account takeovers or the use of synthetic IDs or, or identity theft or mule accounts. And, um, so they, that's basically how they. Take control of these accounts. Right. And once they control the accounts, they can use 'em.

Like I said, they can use them as a service. They can, you can rent them out. You can say, Hey, if, if you wanna launder the, the, I'd say the most common model that I see is like a, a split model. What does that mean? It means, hey, I have like a thousand dollars that I wanna launder, I'm gonna split the, um, the a thousand dollars 60 40.

Okay, so if you, if you make the payment, if you load the account, uh, then you're gonna get 40% of that, and I'll keep 60%. So the, the price is really, really high. You pay more than more than a half for this, for this type of service. Well, pricing, pricing changes and they're, or, or, but, but it's a very, very common model to see, you know, partnerships.

Hey, I'm looking for a partner. I'll split it. 50 50, I'll split it 70 30 or, or, anyways, but, but essentially. You really need two, um, two kind of folks in this process. You need the folks who make the payment or the layering, right? It could the, the loaders, and you need the bank drops. Someone who controls the account and you're able to, um, to monetize the account after, after the payment.

So, or mo monetize the payment. So if you, so again, if you are a, a, again, let's stick to this example of a cyber criminal. You, you will need to, you would need to find both, uh, a bank drop service and a bank loader service. Like you can do one without the other. Well, you're typically going to need both ends, right?

Mm-hmm. Of the, of the, uh, of kind of the payment process. But again, typically it depends on, on, on the specialization, right? Where we see a lot of folks who have bank drops who are looking for. For loaders and vice versa. You know, those are the criminals and they're like, Hey, we have money, or we have a job that we, you know, we need to launder a certain amount of money and we need someone who can actually, you know, cat, we need, who has a bank drop and who can monetize?

Later and then we can, they can deliver the, the money to another account or, I mean, there are different ways of doing this, right? But yeah, essentially you need, you need someone to make, make the payment and you need an account, you know, a bank drop for the monetization process. This kind of like, now listening to Daniel, it kind of sounds like this might even, uh, some of these people operating these bank drops, they might even, I mean, correct me if I'm wrong, but maybe they're even operating as subcontractors for like some larger.

Uh, money laundering groups, uh, where they, whereby they only specialize on this particular kind of like part of the, of the chain. Is it, is it possible? Absolutely. I think, I think that's spot on. And, and that goes to the other typology that I, I I presented and that's the end-to-end money bonding services, right?

So like I said, these are criminal enterprises, right? It's a business. It's very, very important to understand that these are not petty thieves, but it's a business and it's, in many cases it's a very sophisticated and intricate, um, business and organization and those end-to-end money laundering services they support.

You know, placement, layering and integration, all stages of money laundering. They use a variety of instruments, right? Their level of sophistication and expertise is, is, um, is immense, right? Uh, just for instance, I'm, I'm looking at an ad right now and, and I mean. Just the, the types of laundering services over here through commodities is unreal.

For instance, laundering money through, you know, through, uh, through goods, through commodities like fuel and petroleum transactions or other commodities, uh, currency transactions, goal transactions. Bank guarantees. Um, you know, it could be capital market transactions, private equity, real estate, jet fuel, crude oil, petroleum, gas, agricultural goods, and the list goes on and on.

But I think that really. Kind of conveys the, the sense of that, how, you know, how sophisticated these organizations are. Mm-hmm. I mean, this, this is really, this is really crazy. I mean, especially I find, uh, really fascinating, the real estate example. Like, do you, do you have any. Idea of how, how, how this works is it basically, does, does this basically mean that they are able to, you know, buy a real estate on your behalf somehow with hundred funds?

Yeah, so my guess is, because again, I'm looking at the, at the ads and I'm looking, but, so I, I don't have, I intel into exactly how they're doing it in, in some of these transactions, but I would assume that they have insiders at. Real estate companies who are working with them basically, and they're part of, part of the laundering network and you know, they, they, they can start layering and moving money from A to B, from B2C, and, you know, c to this real estate company, they make some sort of transaction.

It could be an investment or it could be something else. And boom, voila. They, uh, you know, they, they laundered all the money. So, so that's again, just. Based on, on very simplistic logic, but I think that that is, that's kind of how it happens. They have insiders at, you know, at at global corporations sometimes and, and other services and, and they work together.

And I mean, do you, do you have, I mean, I mentioned, you know, this as, as an example, this example of a cyber criminal who wants to launder funds. Do you, I mean, I understand that you, you only see the, the, the ads. You don't only see their, their clients, but do you, do you maybe have, you know, from your experience, some, some ideas of, uh, who are the mo the most, uh, people most likely to use these kind of services?

So again, I think, I think we're typically. Talking about, um, I would say usually small scale money launderers, right? Folks who probably are involved also in fraud at some level, it could be stealing funds, right? So, but they need to monetize it somehow and they, they start laundering it through a network.

So they start moving it from, from A to B and B2C and other places, right? So I would say that on the dark web and places like that, we're mostly seeing, you know, um, I, I don't wanna say street level fraud in a ML because it, it's, it, it's probably not that we're probably looking at thousands of dollars, um, per cyber criminal or financial criminal.

But with that being said, at the very top of the pyramid, we're also seeing. Large scale inter enterprise like transactions. That are being conducted through these services. And, and I touched upon that earlier, right? When I'm talking about that. Um, so, um, I, that is the, the type of people who use these services a word about who are the people providing the services, right?

So I, you know, typically when I talk about this, I show a pyramid. And you have three tiers in the pyramid. You have the newbies at the very bottom who are the vast majority of the cyber criminals out there, right? Folks who are trying to get into cyber crime and financial crime. And they make up, you know, uh, like I said, the vast majority of, of the fraudsters out there, they're probably, uh, like a, a guesstimate, right?

A rough estimate would be 70%. And then the middle, you have the, the specialists. And these folks are folks who have, you know, really solid, uh, technical skills and, you know, they're, they're more sophisticated. They have more knowledge, um, but they don't create tools for other cyber criminals. They offer their services and at the very, very, very top of the pyramid, I'd say is no more than 5%.

Those are the experts. And the experts. Those are. You know, folks who not only provide white glove premium fraud and a ML services, but they also create automated tools, forged documents, um, you know, fake shell companies, all sorts of stuff to support other. Low, low, I don't know, low scale, um, cyber or financial criminals, so, mm-hmm.

So those, so those would be the providers of those, uh, end-to-end money laundering services? Well, yeah, so I, I separate between both because Okay. Because the end-to-end money laundering services, like I said, it's a criminal enterprise. It involves a ring, not a single fraud store or, or money launder. It involves.

Multiple people, probably in different parts of the world. And another aspect, which is very interesting, is that you'll usually see in those, in those rings, you'll see a, a very high level of, of specialization, meaning you'll have a person who does the layering. You'll have a, a person who does the placements.

You'll have a person who does the, you know, the monetization. If it's fraud, then you'll have folks, for instance, let, let's like a fraud ring. Um. It does a TO account takeovers. You'll see folks who, you know, harvest the data and you'll have the, you'll have a person who specializes in launching the actual attacks against the accounts and taking over.

And then you'll have a third person who is, um, who, you know, monetizes those accounts. So. It's something, especially those, those more organized kind of criminal networks, there is a high level of specialization. It's actually fascinating to see that. It is, it is fascinating. Um, I mean, I also, I I also noticed in your, uh, I saw in your report that you, uh, manage to engage somehow with the fraudsters, uh, directly on the dark web.

Can you tell us how that, how that, how that went? Yeah. So, um. So I, I, I need some, I need to tread carefully here, right? Uh, uh, so this is where it gets really cool and maybe a little scary. Um, so as you mentioned, you know, threat intelligence is also collected through lawful, I underlined, lawful, lawful covert operations or exploitation.

And in plain English, um, it means direct engagement with the so-called service providers. In order to extract high value information from them. So without going into, you know, details about who or how, the idea is that someone, an analyst working with us or someone else engage directly with service providers.

Um, and I can, I actually am looking at some ads or, or not at ads, at the actual chat right now, and it's really interesting to see the, you know, the back and forth here. So I'll read it out, out, out loud if, uh, please. Yeah, yeah, yeah. Uh, yeah, so I mean. Here, tell me about your money laundering service. Crypto question mark.

PayPal, Venmo, Zelle Bank drops and the fraudster responds. Hi. My service mostly goes with the percentage of deduction depending on your project. What kind of money? Depends on what currency you want to get back. Um, so here's another question. Tell me more about, about the service and your process. Uh, okay.

So he responds, okay, so you want to change crypto into real currency, right? Uh, blah, blah, blah. Or direct deposits, and so on and so forth. So that's, that's a real conversation between one of our analysts and real financial criminal that is offering, uh, money laundering services. How, uh, Daniel, one question that comes to my mind right now is, uh, do you have the impression, uh.

That, uh, because I know that you did the research and, you know, uh, as, as far as I understand, mostly in English and the communication also took place in English. Do you have, did you have the impression that the people on the other hand are like native English speakers or maybe some, some, some. No, not at all.

Actually. Actually, I was correcting the English when I was reading it out right now. Um. So the punctu, the punctuation was totally off and, and it, it didn't seem like a native speaker, but I'm sure there are, um, plenty of, uh, of these, uh, these money laundering services and you know, in English speaking countries.

So, but you know, I've seen. Ads in, in, in different languages, right. That I, that I couldn't even translate, you know, some in, in Russian, some in Chinese, um, in other languages as well. So, like I said, it's a global phenomenon. It's not something that is, you know, a limited to a, a specific geography or a specific country.

It's, it's really all over. And, and that's kind of how money laundering. Um, can be successful in the sense that it has to have, you know, a, a more global perspective, moving money from. From country one to country two to other places and, and exploiting that. So, and I suppose particularly moving money to places with maybe weaker regulatory a ML frameworks.

Absolutely. And, uh, without naming any names and stuff like that, we all know that there are countries around the world that, like you said, they have weaker. Um, compliance and, and regulation, uh, or compliance regimes when it comes to a ML and, um, you know, uh, and, and of course bank secrecy, um, that, um, that.

Provides these financial criminals with a cloak of anonymity as well. And, um, so yeah, it's definitely like, like I said, the, the compliance regime there is a global compliance regime, but there are specific countries around, around the world that, um, that don't abide to many of those laws. Yeah. And they, and they're not really worried about, you know.

Other countries who, who do enforce it, right? Mm-hmm. If that makes sense. So, yeah. Yeah. No, absolutely. There are weird links. We have seen it all over and over again. Mm-hmm. Uh, I, uh, one last question I wanted to ask you is, uh, regarding the, the, the, the choice of platform. Like, because, uh, we have, we have discussed this in on other episodes of our, our podcast, that there is obviously a lot of, uh, shady business, uh, happening on, on Telegram.

Right as well. I'm sure maybe even similar type of services potentially are offered on Telegram. Like what is the. You know, how does the dark web differ in, in, in this sense, from Telegram, or if it does at all? Yeah, that's a, that's a fantastic question. So the, the Dark web, right, the Tour Network or the P two P network and it actually dated, I mean, it's, it started over 25 years ago.

Okay. So it started long before Telegram. Uh, uh, you know, started and um, and so I've been, again, primarily working. When it comes to investigations and stuff like that in the dark web, because, uh, until recent years, we didn't have really have Telegram. Um, now we're seeing a lot of activity in Telegram one because of the security features and, and anonymity features.

Right. You know, the encryption and mm-hmm. And the ability to self-destruct, um, you know, entire conversations and all sorts of stuff like that. So we're seeing similar activity. Over there, but we're also seeing a very, very close link between both platforms. Right. We're seeing, you know, I would say that at least in 60 or 70% of the ads that were, that were sampled, you, you also had, um, um, a telegram.

Um, address over there, or, or a telegram. I, I don't know what you call it. You call it a, a tele telegram? Yeah. Or a group or a bio or something like that. Mm-hmm. So they were using that. In fact, they were, they were advertising their services. In different forums, in different marketplaces, but I think the method in most cases is to actually continue the conversation on, you know, on Telegram or, or one of those platforms.

Mm-hmm. That's interesting. Yeah, so it, it's hard to say that they're, they're using one of them more than than the other. I think they're using both of each other because they complement. Other, but I, like I said, I got, when I started doing this, I started in the dark web. We didn't, we didn't have telegram yet, so.

Yeah. Yeah. No, understood. Understood. Mm-hmm. Um, all right, Daniel, is there anything, uh, anything else our listeners, you know, people in, uh, uh, uh, financial, anti financial crime or compliance, uh, our listeners should know about? Money laundering as a service or as you call it, um, MLAs mla. MLAs MLAs, mla. Yeah.

Yeah. Just a few key takeaways. So one thing that I like, I, I always like to talk about the economics behind financial crime and, and cyber crime. Okay. And a ML anti-money laundering. The a ML profession has an evil twin, okay? And that is money laundering as a service, just like folks who. Who are professional, um, money launder, um, you know, uh, analysts and investigators and stuff like that.

Folks who try to stop money laundering there is, uh, a, an evil twin or a mirror kind of profession, and that's the money laundering as a service. Um, another important key takeaway is that fraud and a ML have another nexus over here. We're seeing a lot of fraudulent accounts, right? They, where. The data was stolen or, or they were taken over by, by fraudsters, but that then they're used for money laundering, um, bank drops, for instance.

Um, and I think the, uh, maybe the main key takeaway is that companies, especially financial institutions, they need to build robust. Threat intelligence programs and take a more proactive approach versus a more reactive approach like, like we're seeing now, right? Essentially have folks like me and other investigators who crawl the dark web and and telegram, and they do it systematically.

They, they come up with intelligence reports and they provide timely reports to management and to, of course, to the, to the relevant, um, professionals in the organization. And they do that proactively and they, instead of waiting for something to happen and then, you know, scramble and start dealing with a problem.

Hmm. No, that that is, that is very helpful. Daniel and I, and I like the evil twin analogy. I've been, I've been, I've been thinking about this a lot because obviously we, we work in this space, we see a lot of financial crime and it's obviously, at the end of the day, it always has to end with, with. Fit the, with the laundering, right?

So like a lot of these, a lot of these criminals have to, uh, unavoidably end up in this situation where they look for providers of those services. So it's, it's, it's, it's extremely valuable, you know, that you, that you've done this work and then we can see how the, you know, all those typologies and how this works.

So thank, thanks all for this and, uh, thanks. Thank you. Thank you for having me speaking to me. And, uh, yeah, please let me know when you, when you, when you come up with another report. Of course. Thanks again for having me and it was a pleasure. Thank you. Thank you.