There is a paper trail.
Transferring money electronically by the system itself requires knowing what bank it’s going to(routing number) and what account it’s going to.
There’s other ways to send money but the second half of the question about a network means it would likely use this.
Sending gift cards or something pre-paid in the similar to cash section is different but even then sometimes can be traced.

The implications of cutting off an entire country, negatively impacting their ability to do business on a global level, for a scam would be an extreme measure.
To even get that kind of discussion, it literally take[s an act of war.](https://www.google.com/amp/s/www.kiro7.com/news/trending/what-is-swift-what-happens-if-russians-are-cut-off-it/HIUXX6HZK5DV7GPT77ETSI6XDY/%3FoutputType%3Damp) A few scammers in a country are not equivalent at the geopolitical level as an invasion of another country.

Other things have happened like banning certain banks from operating with a country’s citizens, like the US restricting a bank that was used to [launder North Korean money. ](https://www.nytimes.com/2007/01/18/world/asia/18iht-north.4255039.html)

Under the Patriot Act, there are ways to freeze accounts and some other things but that’s for terrorism.

Even then, targeting one country’s banks due to fraud just kind of slows the problem. Country A bans Country B. No other country bans another.

So they transfer to neutral Country C instead, then B.
Is country A just supposed to ban all transfers then to stop this?
Cutting off from financial networks took several countries to agree, otherwise there’s ways to still get to the restricted country because it’s well… a network.

The paper trail exists, but it can be very difficult to follow. The problem is that the scammers are often based in countries that don’t have good laws for tracking down and prosecuting criminals. So even if you can find where the money went, you may not be able to get it back or prosecute the people who took it.

You pay a bunch of 12 yo 20 bucks for their debit card. They think its fine caus its empty. You transfer the money to those accounts and simply withdraw the money.

The paper trail typically ends with a cash withdrawal. Most scammers will use Western Union or other money transfer services that are designed to allow for very quick movement of money, although some have begun switching to crypto. Most bank fraud departments work 24/7 and start trying to get fraudulent transfers reversed immediately, but even a few hours delay can make the difference.

Typically there are multiple accounts involved in a transfer chain, and almost all of the owners of those accounts will often be victims of fraud themselves, or at worst mules who are just transferring money around for a small cut. Most commonly they’re people who have fallen for employment or investment scams, where the funds from the first victim are transferred into their accounts, only for them to be contacted and told there was an error and could they please send the money onwards to the right account?

Professional fraudsters limit their liabilities by making it impossible for banks to completely shut down their methods without making life much harder for everyone else who uses these services legitimately.

There is a paper trail, banks involved have records of each and every transaction for certain. But if you have a victim and victim’s bank in country A, a intermediary bank in country B an criminal with criminal’s bank in country C then good luck to victim trying to get their money back because no court has jurisdiction over all the banks involved. And banks certainly don’t give out any banking information unless the law says they must.

Besides money mules, corrupt businesses can be used.

In the UK at least, bank transfers by Faster Payments clear almost immediately, and can be up to £15k [*]. A business can accept a Faster Payment and release goods to that value with confidence they have been paid. There isn’t a chargeback system like there is for credit/debit cards.

Where this gets dodgy is the business may be aware they’re enabling fraud, and may not have truly released any goods. In the long term, such a business will be discovered and there will be paper trails of onward transactions. But this buys fraudsters time – the money is much less “hot” than coming directly from a compromised account.

By the way, money mules may not have committed a criminal offence. There’s no law against receiving money in your account and withdrawing it as cash. And the duty to report suspicions of money laundering only applies to regulated organisations (banks, law firms, etc.) – not to some broke person who does it for £50.

All this info is UK focused but broadly applicable elsewhere. May be a bit it out of date as while I still work in Infosec, I’ve not done much financial stuff in recent years.

[*] Someone pointed out the limit is now higher. Although from a quick look, most banks have a limit below the system limit, e.g Halifax limits online transactions to £25k. They do allow £250k in person, which could happen in some scams.

Here is the real problem, and I’m talking about you Bank of America, (I’m a cybercrime investigator that does wire fraud cases,) there should be no way in 2022 in America especially with the Patriot act that someone can set up a Bank of America account one day with little or no accurate ID, have millions of dollars wired into the account the next day, the money immediately wired back out overseas, and no flags or cooling off period or no verifications happen. Literally 90% of the time I investigate a wire fraud case, the bad actors use Bank of America at some point in the process and it is infuriating as hell. On another note we do trace the money sometimes we can’t do anything about it I had a case where the scammers had the money in a account and used mules all over New York City going to each ATM machine and withdrawing the daily limit from one machine to the next, we had pictures of the people, but there wasn’t a damn thing we could do about it.

What happens is that the money get transferred from the victim’s account to another bank, then another, and another, and another so quickly that by the time a bank can inform the next bank to freeze the funds, they’ve already been moved on to the next one. So it’s a game of cat and mouse. Every iteration increases the lag until eventually there’s enough time to use that money in some way that the bank cannot restore such as cash withdrawal, or purchasing some untraceable asset.

So, the problem is not so much traceability, as it is reaction speed. Banks have elaborate command centers where real time monitoring takes place to prevent fraud and money laundering. But most of these attacks are carried out with automated computer software to move the money around quickly. Also, to cover their tracks, it is not uncommon that there is some form of a cyber attack to follow the transfer of stolen assets to disable the bank’s system so other banks cannot be alerted quickly.

Nonetheless, most of the time, at least here in Europe, most of the stolen assets can be frozen in time and returned to their rightful owners.

The frustrating part here is that as consumers we have no real control of our own accounts and our own credit. I very rarely need to open a new account so it would be nice to just lock myself down and same goes for wiring money – why I cannot whitelist/blacklist wire transfers?

Here’s an example scenario focusing on how it could work in the UK, in reality the trail can be a lot simpler but also a lot more complex from what I have seen over the years working in fraud. Customer is the victim of a scam and loses 40k in the form of 4 x 10k faster payments to different banks:

– 10k to bank 1 is used by a mule account controlled by fraudsters to buy jewellery and other expensive goods like phones and tablets (either in store or online it doesn’t matter, fraudsters will have ways to acquire the goods bought online through various methods I won’t go into here).

– 10k to bank 2 is distributed by the mule to a few different accounts at another bank (or multiple banks) where it is withdrawn in smaller amounts of cash. That cash could then be paid into accounts elsewhere or used to spend on goods.

– 10k to bank 3 is then immediately sent overseas via an international payment to one of the many SEPA countries for example Romania, what happens there is generally out my view but it will be very similar to domestic receipt, i.e. cash, goods, or transfers out to various other accounts.

– 10k to bank 4, bank 4 is actually a wire transfer or money order company such as Moneygram or Western Union. These money orders can be picked up from any number of locations around the world as cash, there are usually ID verification requirements but all is needed here is a willing participant in the country or fake documentation.

So you see the question of where has the money gone for a victim is actually all sorts of places, each of these has their own paper trail or is specifically designed in such a way where a paper trail is not feasible. Tracing funds does happen in some cases but as seen in the example it can be almost impossible to gain any traction bearing in mind that these examples also apply to every other bank that has received any of the money. Where transfers happen within the UK around different banks the issue is the lack of real-time inter-communication between banks to intercept fraud transfers however this can only happen when it suspected to be fraudulent or the customer has confirmed it, which often comes with a delay. When you go international it complicates things even further.

In terms of cutting off countries from the banking systems others have covered that, but the main thing is fraudsters and money launderers will adapt much quicker than the banks and law enforcement can, so if we cut off a country because of the fraud then they will just shift to a different one pretty much immediately.

That was a lot more words than I expected when I started typing. The example I did not use was crypto, no need to wash through multiple layers if you can just send it to Binance and then send on to another wallet operated by somebody located literally anywhere on the planet, although the ledgers are public there are plenty of ways to obfuscate the trail.