Digital Wallet Transactions and the AML Monitoring Gap in Online Shopping

Digital wallets have quietly become the dominant force in e-commerce payments. Apple Pay, Google Pay, PayPal and a growing list of regional alternatives now account for more than half of all global online transaction volume. Convenient for consumers, efficient for merchants and increasingly attractive to financial criminals.

The problem is not that compliance teams are ignoring digital wallets. The problem is that most AML monitoring frameworks were designed for traditional bank transfers and card payments, not for the speed, volume and layered complexity that digital wallet transactions bring to the table.

That gap is exactly where illicit funds are moving.

Traditional payment methods leave cleaner audit trails. A bank transfer carries sender and receiver details, correspondent bank records and jurisdiction data. A digital wallet transaction, particularly at checkout in an online store, often does not.

Here is what makes digital wallets structurally different from an AML perspective:

Speed: Instant payments are a feature, not a bug. But that same speed compresses the window a compliance system has to flag suspicious activity before funds move again.

Volume: A single wallet can execute dozens of micro-transactions in minutes, making structuring, which is the tactic of breaking large sums into smaller ones to avoid reporting thresholds, much easier to execute and harder to detect.

Anonymity layers: Many e-wallet accounts require minimal identity verification at sign-up, especially below certain transaction thresholds. This creates low-friction entry points for bad actors who are specifically looking to avoid KYC controls.

Chain complexity: Money launderers use multiple wallet accounts across different providers, routing funds through several platforms before a purchase is completed. By the time the money reaches a merchant, it may have passed through four or five wallets with no single institution seeing the full picture.

According to ComplyAdvantage, e-wallets are expected to account for around 50 percent of e-commerce transaction value in 2025. That is a massive volume of payments running through systems where AML monitoring is often thinner than it should be.

The exploitation is not always sophisticated. Some of it is remarkably straightforward, which is part of why it persists.

Smurfing via multiple wallet accounts: A launderer creates several wallet accounts across different platforms and splits purchases across all of them, keeping each transaction below the threshold that would trigger a SAR or enhanced review.

Rapid fund cycling: Funds are deposited into a wallet, used to make an online purchase or gift card top-up, refunded and then immediately transferred to another wallet. This creates the appearance of legitimate retail activity while actually just moving money.

Wallet-to-wallet transfers before checkout: Before completing a purchase, criminals route funds through a chain of peer-to-peer wallet transfers, each one obscuring the origin of the money a little further. By the time the final transaction hits the merchant, the trail has gone cold.

Exploiting low-KYC onboarding: Many digital wallet providers offer basic accounts with limited identity verification. Criminals exploit this by creating multiple accounts using synthetic or stolen identities, shopping across platforms with no single institution connecting the dots.

The red flags here are consistent with broader AML typologies: transactions just below reporting thresholds, rapid movement between accounts, mismatches between a user's spending profile and their stated income or identity and frequent use of prepaid top-ups before purchases.

The AML monitoring gap in digital wallet transactions is not purely a technology problem. It is partly structural and partly jurisdictional.

Fragmented oversight: A digital wallet provider operating in one jurisdiction may not be subject to the same AML obligations as a bank in another. FATF's 40 Recommendations apply broadly but implementation varies significantly by country. The result is a patchwork of compliance standards that criminals navigate deliberately.

Siloed transaction data: Each wallet provider sees only its own slice of the transaction chain. Unless there is real-time data sharing, which is rare, no single institution has a complete view of how funds are being moved across platforms.

Threshold-based monitoring limitations: Many legacy transaction monitoring systems rely on rule-based triggers, flagging transactions above a certain value or frequency. Sophisticated launderers have learned to operate just below these thresholds, exploiting what compliance professionals call the visibility gap.

Mobile fraud compounding the problem: Fraud originating from mobile devices rose 11 percent year-on-year in the UK alone in 2025, according to Silent Eight. Fraudsters are opening mule accounts through mobile wallet apps and initiating high volumes of small, rapid payments, activity that blurs the line between fraud and money laundering and frequently slips past systems that treat them as separate risk categories.

The regulatory direction is clear. FATF, the EU's AMLA, FinCEN in the US and regulators across APAC are all moving toward stricter AML obligations for digital payment providers. The principle of same risk, same regulation is gaining real traction. Here is what best-practice compliance looks like in this space right now.

Apply a risk-based KYC approach to wallet onboarding: Low-value, low-frequency wallet accounts may warrant standard CDD. But accounts showing high transaction velocity, large cumulative values across many small transactions or activity patterns inconsistent with the user's profile should trigger enhanced due diligence. The threshold for EDD should be behavior-driven, not just value-driven.

Move beyond rule-based transaction monitoring: AI-powered behavioral analytics are now considered standard for institutions serious about digital payment risk. Machine learning models can identify structuring patterns, unusual timing of transactions and multi-account activity that rule-based systems miss entirely.

According to PwC, AI adoption in AML workflows is expected to reach 90 percent of financial institutions by 2025, up from 62 percent in 2023.

Link fraud typologies to AML reporting: Refund abuse, account takeover and synthetic identity fraud in digital wallets are not just fraud problems. They are often precursors to or components of money laundering schemes. Compliance teams need integrated systems that treat fraud signals as AML indicators, not separate incident categories.

Screen against sanctions lists in real time: The EU's SEPA Instant Credit Transfer regulation already requires firms to screen their customer base daily to process payments within ten seconds. That standard is likely to spread. Digital wallet providers operating across borders need automated, real-time sanctions screening built into every transaction flow.

Document the audit trail: When a wallet transaction eventually becomes the subject of a SAR or regulatory inquiry, the quality of your documentation determines whether you have a defensible compliance program or an enforcement problem. Every transaction monitoring decision, manual review override and EDD conclusion should be logged with supporting rationale.

The direction of travel is toward more accountability, not less. The EU AML Single Rulebook, finalized in 2024 and now in force, harmonizes AML requirements across member states, with digital payment providers explicitly in scope.

The updated FATF Travel Rule, revised in June 2025 and set for full implementation by 2030, extends transaction data-sharing requirements beyond crypto to cover a wider range of value transfers, including those initiated through digital wallets.

In the US, FinCEN is paying closer attention to fintech payment providers under the Bank Secrecy Act framework. Regulators globally are applying consistent pressure: if your platform handles money, you are responsible for knowing where it came from.

For CAMS-certified professionals working in e-commerce compliance, digital payment risk or fintech AML, digital wallets represent one of the most active and underdeveloped areas of the field. The gap is visible. The regulatory pressure is building. The question is whether compliance programs catch up before enforcement does.