Insights

What Is Transaction Laundering?

A hidden business processing card payments through an approved merchant account is one of the hardest risks for an acquirer to see. This guide explains how it works, what the red flags are, and how transaction laundering detection surfaces it.

Published 10 June 2026 · 6 min read

Transaction laundering happens when an approved merchant processes card transactions for another business that the acquirer never approved and usually never sees. The practice also goes by transaction aggregation or factoring. It turns a legitimate merchant account into a payment channel for a hidden operation.

For a bank or acquirer, the danger is structural. The merchant on record looks clean. Payments clear normally. But the economic activity behind those card transactions belongs to an entirely different business that could never have passed onboarding on its own.

How does transaction laundering work?

Transaction laundering usually follows three steps.

First, a front merchant gets approved. It has a plausible website, a sensible Merchant Category Code (MCC), and clean paperwork, so it passes onboarding without trouble. Second, a hidden business routes its card volume through that account. This business often cannot obtain its own acquiring relationship, so it borrows someone else's. Third, the money moves under a false identity. To the card networks and the acquirer, the transactions look like they belong to the approved merchant and its declared category, not to the business that actually fulfils them.

The same infrastructure often serves several front merchants at once. They share payment gateways, hosting, checkout code, and collection accounts. What looks like a handful of unrelated merchants can be a single operation behind the scenes.

How transaction laundering moves money A hidden business routes its card volume through an approved front merchant, so the acquirer sees only the legitimate merchant identity. HIDDEN BUSINESS Cannot get its own acquiring account FRONT MERCHANT Approved, plausible site, clean MCC ACQUIRER Sees a legitimate merchant and category routes volume appears as The card volume is real. The merchant identity is not. Money moves under a false merchant identity, so standard onboarding checks see nothing wrong.
How transaction laundering routes a hidden operation through an approved merchant account.

Why does transaction laundering evade merchant onboarding?

Most merchant due diligence is a snapshot. Onboarding checks the business at the moment it applies, looking at its documents, website, declared category, and ownership. Transaction laundering is built to pass that snapshot. The concealment is introduced, or switched on, after approval, once the review is over.

This is the heart of the problem. A merchant that was genuinely clean at signup can be repurposed weeks or months later. Without continuous merchant monitoring, the change stays invisible until it shows up as chargebacks, a card scheme inquiry, or a regulatory question.

What are the red flags of transaction laundering?

No single data point proves transaction laundering. It appears as a set of signals that, read together, contradict the merchant's declared identity.

  • MCC mismatch. The site's real content and product catalogue do not match the category the merchant was approved under.
  • Infrastructure overlap. Shared gateways, hosting, SSL fingerprints, or checkout components tie the merchant to other sites it should have no link to.
  • Shell commerce. The storefront looks like a real shop but cannot actually sell anything. Catalogues are placeholders, purchase paths break, or the checkout redirects elsewhere.
  • Content concealment. The page a casual visitor sees differs from the payment experience a real buyer reaches.
  • Payment flow contradictions. The real 3D Secure routing, acquirer, and gateway behind a transaction differ from what the merchant claims.

Why transaction laundering matters for banks and acquirers

Transaction laundering is more than a fraud-loss problem. It is a compliance exposure. Card network programs such as Mastercard's Business Risk Assessment and Mitigation (BRAM) and Visa's Integrity Risk Program (VIRP) hold acquirers responsible for the activity in their portfolios, including activity they never knowingly approved. Undisclosed aggregation can also route an institution's infrastructure into flows tied to prohibited content, which creates regulatory and reputational risk well beyond the original chargeback.

How do you detect transaction laundering?

Effective transaction laundering detection does not rest on a single check. It layers signals across identity, infrastructure, payment flow, and content, then weighs them together. MinRisk evaluates each merchant through this layered analysis. A dedicated transaction laundering scoring engine combines shell-commerce indicators, content concealment, and infrastructure overlap into one prioritized result.

MinRisk also verifies the actual payment path. Instead of trusting a merchant's declared gateway and bank, it documents the real 3D Secure routing that a transaction follows. This gives an acquirer outcome-based evidence rather than a claim. Because the monitoring runs continuously, MinRisk catches the moment a clean merchant changes behaviour, rather than waiting for the next manual review.

Some investigations reach beyond a bank's own merchant portfolio, into illegal-content sites that abuse an institution's IBANs and brand. RavenTrace extends the same intelligence into deep-dive, evidence-grade reporting. To see continuous monitoring and onboarding intelligence in one place, explore the MinRisk platform.

See transaction laundering detection in action.

Request a 30-minute live demo. MinRisk scans a merchant of your choice in real time and walks through the complete risk assessment.

Request a Demo

Read more answers in the Merchant Risk FAQ  ·  ← Back to Insights