Are the financial transactions conducted inside virtual environments truly anonymous? An experimental research from an Australian perspective

The purpose of this paper is to examine the identity and payment method verification procedures implemented by a number of popular massively multiplayer online games (MMOGs) and online financial service providers (OFSPs) to determine if the systems they currently have in place are sufficient to uncover the identities of those who may wish to use such environments to conduct money laundering or terrorism financing activity.

The paper investigates whether the payment instruments or methods used by account holders to place funds into their account(s) hinder or assist investigators to expose the real‐world identity of the account holder. The paper then discusses whether it is feasible and/or desirable to introduce know your customer (KYC) and customer due diligence (CDD) legislation into virtual environments and illustrates an effective KYC approach which may assist MMOGs and OFSPs to correctly identify their account holders, should legislation be put in place.

The systems currently in place by all of the MMOGs investigated are wholly inadequate to successfully establish the real‐world identities of account holders. None of the information required at the account setup stage is verified and, therefore, cannot be reliably associated with an account holder in a real‐world context. It appears that all three of the MMOGs investigated are leaving the serious matter of identity and payment method verification to the organisations that assist in the sale and purchase of their in‐world currency such as third party currency exchanges and Internet payment systems (collectively referred to as OFSPs). However, many of these OFSPs do not have adequate systems in place to successfully verify the identities of their account holders or users either. The authors' experiments show that it can be a very simple process to open accounts and perform financial transactions with all of the OFSPs investigated using publicly available or fictitious identity information and a prepaid Visa® gift card. Although all five OFSPs investigated in this research claim to verify the identity of their account holders, and may already be subject to KYC and CDD legislation, their systems may need some work to ensure that an account holder or user is accurately identified before financial transactions can take place.

The authors believe that the electronic KYC approach discussed in this paper deals effectively with the challenges of global reach, anonymity and non‐face‐to‐face business relationships experienced by virtual environment operators, thereby assisting in the effective detection and possible prosecution of individuals who wish to use these platforms for illicit and illegal purposes.