Viewpoint: Terrorist Financing and Prepaid Cards: Ban Them!
By David Parker, Polymath Consulting
The hysteria started almost immediately. The terrorists in France used prepaid cards, so all prepaid cards should be banned or, at the very minimum, KYC done on people who buy them. Of course, we still haven’t been told if the cards used were even issued in the EU, or if they were full KYC or simplified due diligence (SDD) cards. According to French authorities, the terrorists that authored the Paris attacks on Nov. 13, which killed at least 130 people, used prepaid cards to transfer money from France to Belgium.
Shortly after the attacks, France said it would target prepaid cards. “We will regulate more strictly the use of prepaid cards which were used in the November 13 attacks, in order to make it harder to remain anonymous,” Finance Minister Michel Sapin told a news conference.
What is SDD?
In Europe, there are varying levels of KYC requirements depending on the product and its level of risk/load limits. The two main types of e-money products available are those that require Simplified Due Diligence (SDD) and Standard Due Diligence. A third requires Enhanced Due Diligence for high-risk products and people. SDD is simply capturing at purchase, the name and address of the individual; they are checked against sanctions lists, but the details are not verified against official documents or databases. The cards typically are only sent to a cardholder’s home address, thus, ensuring multiple cards cannot be applied for by the same person. There are also gift card products where no details are taken at purchase. However, if they are later registered by the users, e.g., for online use or reloads, the users would be checked against sanctions lists. |
There seems to be a lack of understanding that anonymous cards—as in those without a person’s name on the front—do not have KYC or a known source of funds. We need to be careful and deal with these issues separately. You can have anonymous (that is, no name on the front of the card) full KYC products. In addition, just because you have not done full KYC also does not mean you don’t know or can’t trace the source of funds.
Bruno Dalles, head of Tracfin, the French financial intelligence unit, has added, “There are new means of payment which have been created which should be on our radar, I am thinking particularly of prepaid cards, especially if they are delivered in nearby foreign countries and used in France, for example, to book hotel rooms.”
One has to ask what is meant by “nearby foreign countries.” Are they talking about nearby EU countries that would fall under any new regulations or nearby countries that, no matter what EU regulations enacted, will not be affected? Finally, which may be a small point, is that anyone who issues prepaid cards always advises against using them to book hotel rooms due to the nature of most hotels doing pre-authorizations and locking cardholder funds.
French newspapers, according to Reuters, have been equally vocal in their support: “E-money and, particularly, prepaid cards . . . could be very widely used by organized crime, migrant traffickers and terrorists. Criminal investigation department officers have already found prepaid cards during searches of the homes of individuals belonging to such networks.”
So, the facts: Yes, you can get an anonymous prepaid card, with Simplified Due Diligence (i.e., name and address only captured not checked) with a limit of €2,500. (See sidebar for more details.) Funds can be loaded on and then spent as if it’s cash.
The spend and source of funds also is often traceable.
So, what are the alternatives? Well, the obvious one would be cash. When a terrorist spends cash, there is no trace, no history of where it came from, where or how it was spent.
I am slightly confused, therefore, as to why prepaid cards are so bad, given the relatively low limits on SDD products in Europe. There is an argument to say these limits could be lowered to further inhibit the attractiveness of them to terrorists, but let’s remember, we’re talking about the same European governments that agreed to produce a €500 cash note, worth seven times more than any British sterling note and more than five times the value of the favorite currency of the international black market—the US$100 note. Currently, just five of these lovely €500 notes in my wallet is equal to one prepaid card; is that any harder to carry around?
Reuters recently reported that French customs seized a Panamanian prepaid card with €250,000 stored on it, issued, we assume, by a Panamanian bank. How is reducing or eliminating SDD in Europe going to help, if high-value prepaid cards can come in from markets where there may be less efficient KYC procedures and policies?
To really hit terrorists hard, maybe we should ban all SDD prepaid cards and at the same time create a law that every time anyone goes to obtain cash from a bank or receives it from any source, they must complete full KYC and attach this to the bank note. That way it can be traced the same as a prepaid card and we can check that anyone receiving it is a proper person and legitimate.
I think the real issue is ensuring that e-money-licensed companies are better trained on AML and better regulated. This is not about having a name or having documentation on a cardholder; it’s about answering the question: “Should this person have that money or does it make sense for this individual to have this money?” The really difficult issue is whether the companies handling these products and issuing them truly understand what it means to be regulated and if they are living up to the standards they claimed when regulated.
After all, just because someone has passed KYC and demonstrated a monthly wage of US$5,000, should they be able to load US$15,000 as a first load? Of course not. This would mean they have loaded, in effect, three-month’s salary with nothing taken out to live on. It would be behavior that, despite passing a tick-box process of KYC and AML, could not be considered reasonable. Ultimately, being regulated is more than ticking boxes. It’s about looking for behaviors and seeing, from an AML point of view, if these behaviors are normal and, if not, are there reasonable explanations that on further investigation can justify those behaviors? (For example, using a prepaid card as a savings tool for a large amount of money is not normal behavior, but it could be in the case where a client saved for six months prior to going on a holiday.) What is needed is not more regulation but more in-depth policing of those who already are regulated to ensure they truly understand an e-money license isn’t a piece of paper, it’s an environment that requires constant vigilance, control and oversight.
David Parker is the founder and CEO of U.K.-based Polymath Consulting, which works on projects and advises organizations across the cards and payments industry. David is well-known for his work on prepaid cards and emerging payments. He has worked across the complete value chain, helping banks with their overall prepaid and emerging payments strategies and market-entry analysis; as well as working with telcos, processors and program managers on segment analysis, certification and membership applications. He can be reached at [email protected].