Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

If there is a lesson from former New York governor Eliot Spitzer’s scandal-driven fall (aside from the most obvious one), it is this: banks are paying attention to even the smallest of your transactions.

For this we can thank modern software, and post-9/11 U.S. government pressure to find evidence of money laundering and terrorist financing. Experts say that all major banks, and even most small ones, are running so-called anti-money-laundering software, which combs through as many as 50 million transactions a day looking for anything out of the ordinary.

In Spitzer’s case, according to newspaper reports, it was three wire transfers amounting to just $5,000 apiece that set alarm bells ringing. It helped that he was a prominent political figure. But even the most mundane activities of ordinary citizens are given the same initial scrutiny.

“All the big banks have these software systems,” says Pete Balint, a cofounder of the Dominion Advisory Group, which helps banks develop strategies for combatting money laundering and fraud. “Depending on their volume, they might have thousands of alerts a month.”

Most of the systems follow fairly simple rules, looking for anomalies that trigger heightened scrutiny. Software company Metavante says that its software, for example, contains more than 70 “best-practice” rules, covering a wide variety of transaction types ranging from cash deposits to insurance purchases. The simplest rules might flag large cash transactions, or multiple transactions in a single day.

In Spitzer’s case, the three separate $5,000 wire-transfer payments reported by the Wall Street Journal would likely have triggered one of the most obvious of these rules, without any recourse to more advanced capabilities.

Banks are constantly on the lookout for activity that seems to be an effort to break up large, clearly suspicious transactions into smaller ones that might fly under the radar, a practice called structuring. Spitzer’s transactions almost certainly fit that profile, says Dave DeMartino, a Metavante vice president. Newspaper reports have identified New York’s North Fork Bank, owned by Capitol One, as Spitzer’s personal bank. A spokeswoman for the bank declined to identify which, if any, anti-money-laundering software the institution uses.

But banks, and law enforcement, are also looking for things that they can’t predict and thus can’t write rules for.

“If you’re just writing scenarios, you aren’t going to find things that you didn’t know about,” says Michael Recce, chief scientist for Fortent, another prominent vendor of anti-money-laundering systems. “About 60 percent of the things our customers find are things they knew about. The rest are things they didn’t know about.”

The simplest way to identify the unexpected is by contrast to the routine. A person who deposits just two paychecks a month for two years might be flagged if he suddenly deposits six large checks in two weeks, for example.

But software packages also group customers and accounts into related “profiles” or “peer groups,” in order to establish more-general behavioral baselines. Some software might group together all personal checking accounts with an average balance of less than $15,000, or merchant accounts with turnover of less than $100,000 per month. Some might go deeper, grouping together all business accounts specifically tied to dry cleaners or consulting firms.

The most sophisticated software packages can sort people or accounts into several categories at once: a single customer might be compared to other schoolteachers; to people who bank mostly at a single regional branch; and to people who have stable, pension-based monthly incomes, for example.

Each category is analyzed to determine patterns of ordinary behavior. Every single transaction by customers in these groups, and even patterns of transactions stretching back as far as a year, are then scrutinized for evidence of deviation from this norm using measures such as the number, size, or frequency of transactions, among others.

11 comments. Share your thoughts »

Credits: U.S. State Department, Financial Crimes Enforcement Network

Tagged: Computing, security, software

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me