Research (Insikt)

Russian Sanctions Evasion Puts Merchants and Banks at Risk

Posted: 23rd March 2023
By: Insikt Group®
Russian Sanctions Evasion Puts Merchants and Banks at Risk

insikt-group-logo-updated-3-300x48.png

Editor’s Note: This is an excerpt of a full report. To read the entire analysis with endnotes, click here to download the report as a PDF.

Executive Summary

Cybercriminals devise and execute various workarounds to legalize their illicit income. After international sanctions were leveled against Russia in the wake of Russia’s full-scale invasion of Ukraine, ordinary Russian consumers have likely resorted to similar workarounds to obtain goods produced abroad.

Recorded Future has identified prepaid cryptocurrency virtual credit cards and mail forwarding services — also known as “reshippers” — as methods that can potentially be exploited to illegally bypass sanctions. International financial institutions and merchants that are indirect participants of these workarounds may be at risk of falling under secondary sanctions. This risk could be greatly reduced by implementing more stringent verification procedures for the services and transactions involved in these workarounds.

Key Findings

  • Many crypto services allow customers to register prepaid cryptocurrency virtual credit cards with minimal or no verification. This lack of verification and dark web sources indicate that these prepaid cryptocurrency VCCs can be used for sanctions evasion.
  • Various mail forwarding services allow Russian customers to order goods produced from abroad. Purchases and deliveries can be funded through various means, including cryptocurrency and Russian-issued payment cards. Although these services publish lists of restricted goods that they claim they are unable to ship, dark web sources indicate that they can be used to receive goods that are subject to export controls.
  • We registered a prepaid cryptocurrency VCC using one of the crypto services described above. Open source analysis revealed the payment card’s bank identification number (BIN) was issued by a US financial institution.
  • It is likely that additional financial institutions and merchants are also being enlisted as unwitting participants in sanctions evasion schemes that involve prepaid VCCs and mail forwarding services. If this is the case, they may be at risk of secondary sanctions.

Background

Beginning on February 24, 2022, the US and 37 other countries implemented sweeping sanctions against Russia in response to its unprovoked invasion of Ukraine. These ongoing sanctions are explicitly intended to degrade Russia’s ability to wage war in Ukraine, and they include exhaustive restrictions on the export to Russia of luxury goods ranging from garments and accessories to high-end electronics, spirits, and even billiard sticks. [1, 2] According to the US Bureau of Industry and Security (BIS), the proscription of these exports is “intended to steadily increase the financial consequences on Russia … as a result of Russia's invasion of Ukraine.” Altogether, these measures appear to be having the desired effect. In October 2022, the US Department of State assessed that “US sanctions and export controls have severed Russia’s access to key technologies and industrial inputs that erode its military capability”. Similarly, the European Council estimated that Russia’s GDP had contracted by anywhere from 2.2% to 3.9% in 2022, undermining Russia’s ability to finance its war.

Governments have not acted in isolation, either. Over 1,000 companies motivated by a combination of outrage and fear of secondary sanctions have voluntarily suspended operations in Russia. Among these are Visa and Mastercard, which at the time of their withdrawal controlled about 70% of the Russian debit card market.

At the same time, technical and legal barriers are unlikely to significantly harm Russian cybercriminals’ efforts to monetize their illicit earnings. We previously predicted that international sanctions and the accompanying decisions of private companies to cease or reduce operations in Russia would likely encourage criminal buyers to reship and resell foreign goods on the Russian market. This is because any shortage of foreign goods on the Russian market that are obtained through legitimate sources likely creates corresponding demand for the same goods obtained through illicit sources. This presents cybercriminals with an opportunity to earn increased returns from their fraud cash-out schemes.

Related