As internet technologies become more advanced, so have the ways in which money launderers, terrorism financers and criminals utilise them for illicit and illegal activity. The introduction of new payment methods, virtual environments and the ease of maintaining anonymity on the internet have helped to transform the criminal underworld, offering new ways to move large sums of money with relative ease ( Pearce, 2012 ; Jacobson, 2010 ; FATF, 2010 ). The internet has become a fertile ground for terrorists to obtain funds to support their operations by participating in activities ranging from credit card theft using phishing, hacking and key logging attacks through to money laundering ( Strayer, 2011 ; Jacobson, 2010 ).
In recent years, there has been much debate about the risks posed by virtual environments. Concern is growing about the ease in which massively multiplayer online games (MMOGs)1 may be used for economic crimes such as money laundering, fraud and terrorism financing ( Methenitis, 2009 ; Sanders, 2009 ; Sullivan, 2008 ; Vallance, 2008 ; Tefft, 2007 ; World-check, 2007 ; Castranova, 2005 ). Many believe that potential and opportunity exist for allowing large sums of money to be moved across national borders without restriction and with little risk of detection ( Pearce, 2012 ; Keene, 2011 ; Tsuruoka, 2011 ; BBC, 2008 ; Heeks, 2008 ; Leapman, 2007 ; Lee, 2005 ). The ease in which money launderers and/or terrorists have turned to virtual environments and digital currencies, when traditional avenues of funding are restricted or lost, has become problematic for governments (e.g. counter-terrorism agencies) and security professionals alike (Australian Transaction Reports and Analysis Centre ( AUSTRAC, 2012 ); Vallance, 2008 ). With Second Life in particular, its fast-growing economy has left many legal experts claiming that the lack of even basic regulation of its banks and stock exchange could provide a haven for money launders, fraudsters and terrorists to hide and move funds around to avoid the surveillance they would be subject to in the real world ( Chambers-Jones, 2012 ; Pearce, 2012 ; Leapman, 2007 ).
There is a clear consensus of opinion that virtual environments are potential targets for cyber criminals, money launderers and terrorism financers. However, there is much debate about the level of risk that these environments pose. Some believe that money laundering in virtual environments is a real threat that requires regulation similar to that seen in the real-world ( Chambers-Jones, 2012 ; Pearce, 2012 ; Leapman, 2007 ). However, others believe that virtual environments and virtual currencies do not provide the scale necessary for large-scale money laundering activity ( Nino, 2011 ; AUSTRAC, 2012 ). For example, Detective Superintendent Colin Dyson, Commander of the New South Wales Police Fraud and Cybercrime Squad, in a media interview indicated that virtual worlds hold more appeal to criminals as a platform for communication and co-ordination than for laundering the proceeds of crime ( Pearce, 2012 ). This may be due to the additional administrative overheads and potential limitations on volume that exist in virtual environments.
AUSTRAC's (2012, p. 16) typology report identified virtual worlds and digital currencies such as Bitcoin© as potential vulnerabilities, stating:
[…] while the nature and extent for money laundering through digital currencies and virtual worlds are unknown, it is important to recognise their potential for criminal exploitation, particularly in response to tighter regulation of established or traditional financial channels.
AUSTRAC (2012) also states that because digital currencies are currently not widely accepted as payment for goods and services, it limits the avenues through which digital currency can be used to convert, move and launder illicit funds. The limited size of digital currency markets, in turn, reduces the extent to which large amounts of illicit value can be moved. It believes that the overall utility of digital currencies for criminals, at this point, may currently be limited to niche crimes in the cyber environment and individual or smaller scale illicit activity.
Sullivan (2008) blames the negligible means of monitoring financial activity, sparse due diligence, poor customer identification rules, and the absence of mandated forms or reports to complete when suspicious activity is detected, for making virtual worlds fertile grounds and ripe with opportunity for criminal elements. He claims that because the virtual realm is completely unregulated, it is a voluminous means of money movement and could potentially provide a safe harbour for money launderers, fraudsters and/or terrorists. He believes that virtual worlds could be considered as the virtual counterpart to the Hawala system2.
Some believe that the anonymity provided by virtual environments also contributes to their desirability for illicit activity. Tefft (2007) and Brown (2010) blame the absence of know your customer (KYC) regulations, which removes the onus from MMOGs to correctly identify account holders before allowing them to move real and virtual funds through their accounts, as a contributor to illicit activity. The ease in which it is possible to open accounts and perform financial transactions using stolen credit card numbers and prepaid Visa or MasterCard gift cards were cited by Brown (2010) and Choo (2008) .
A number of authors have described potential virtual money laundering scenarios ( Tefft, 2007 ; World-check, 2007 ; Sullivan, 2008 ; Sanders, 2009 ; AUSTRAC, 2012 ). Tefft (2007) looked at the susceptibility of unregulated virtual banks and their ability to become money laundering centres. He provides an example of how money launderers, using financial professionals in their employ as front men, purchase a virtual bank license. Although the scenario described by Tefft (2007) could provide the opportunity to launder vast sums of money, many of the loopholes which would make this scenario possible have been closed or tightened. For example, in 2008 Second Life introduced terms of service that prohibit the offering of banking services, in-world investment funds and stock offerings to any entity without proof of an applicable government registration statement or financial institution charter, thereby making this money laundering scenario much more difficult, if not impossible, to carry out. In addition, in 2009 Entropia Universe received a real-world banking license making them subject to real-world regulations, allowing regulators to gain valuable insight into possible money laundering activities which may take place inside this environment.
World-check (2007) , Sullivan (2008) , Sanders (2009) and AUSTRAC (2012) provide simple scenarios that may facilitate virtual-world money laundering. Although the scenarios described by each are a good starting point to showing how money laundering might occur in virtual environments, they contain a number of weaknesses. For example, the scenarios do not discuss the practicality or feasibility of using virtual environments to carry out the money laundering or terrorism financing activity. Since the people using these scenarios are likely to have real-world money laundering or terrorism financing schemes in place, the examples do not discuss how the scenarios might compare to traditional methods in respect to ease of use, the amount of funds that can be laundered/raised, how long it would take to launder/raise the same amount of funds possible in traditional, real-world environments, the cost to launder/raise the same amount of funds possible in traditional, real-world environments, the risks that are present in the virtual-world scenarios and the chances of detection compared to that experienced in real-world environments. The money launderer or terrorism financer would take these factors into account before deciding to convert or supplement his or her money laundering or terrorism financing activity with unfamiliar and potentially complicated techniques.
Another weakness of the virtual-world examples described by Tefft (2007) , World-check (2007) , Sullivan (2008) , Sanders (2009) and AUSTRAC (2012) is the absence of red flag indicators or detailed behaviours that may alert service providers, AML/CTF investigators and/or law enforcement agencies to the presence of virtual money laundering or terrorism financing behaviour. In traditional money laundering and terrorism financing investigations, a series of red flag indicators can normally be detected. This will also be true for virtual money laundering or terrorism financing. Red flag indicators are an important tool to help service providers, AML/CTF investigators or law enforcement agencies decide whether a particular activity, financial transaction or series of transactions by an account holder or entity are atypical in nature or vary from normal activity and require...