Money laundering and fraud are quietly infiltrating everyday life through Bitcoin ATMs and other digital currency kiosks, right in plain sight. These machines, now found in gas stations, convenience stores, and shopping malls, have transformed from tech novelties into prime tools for scam payments and illicit finance. As criminals exploit weak controls, banks and regulators are left scrambling to contain the fallout. The U.S. Financial Crimes Enforcement Network (FinCEN) is now sounding the alarm: convertible virtual currency (CVC) kiosks stand at the heart of a dangerous surge in money laundering, exposing both financial institutions and ordinary consumers to growing risk.

This article explores the explosive growth of scam payments and money laundering through CVC kiosks, tracing the regulatory crackdown, real-world criminal typologies, and the evolving compliance burden facing financial institutions. Backed by FinCEN’s latest notice and supported by global trends, the CVC kiosk story is no longer about innovation. It’s about a fight for financial system integrity as fraudsters and money launderers exploit the cracks.

CVC Kiosk Compliance Risks and the Fraud-Money Laundering Connection

CVC kiosks—also called crypto ATMs—are designed to offer easy access to digital assets, but ease of use has come at a steep cost. Kiosks process billions in transactions annually, with tens of thousands of units now installed in the U.S., Europe, and beyond. Law enforcement and regulators are increasingly concerned by the surge in both scam payments and classic money laundering, often intertwined.

At the core, CVC kiosks allow for the conversion of cash to crypto or vice versa, sometimes with little more than a phone number or a scan of an ID. Criminals have seized on this feature, directing fraud victims—often through romance scams, tech support cons, or fake investment pitches—to deposit cash directly into kiosks. These funds are instantly sent to digital wallets controlled by bad actors, sometimes routed through multiple kiosks in different states or countries to obfuscate the money trail.

This practice, called “layering,” is a fundamental money laundering stage, and kiosks are increasingly seen as a preferred channel. According to FinCEN and the Financial Action Task Force (FATF), kiosks are also being exploited by drug trafficking groups, tax evaders, and organized crime. Gaps in customer due diligence, inconsistent enforcement of the Bank Secrecy Act (BSA), and insufficient transaction monitoring allow both low-level scammers and sophisticated launderers to operate with relative ease.

Real-life cases illustrate the risks. U.S. authorities have documented drug trafficking organizations using CVC kiosks to move cash proceeds, structuring deposits to stay under reporting thresholds. In parallel, banks and compliance officers are flagging a spike in scam-related deposits, often involving elderly victims instructed to use local kiosks by fraudsters posing as government agents or tech support.

Regulatory Response and the Global Context

FinCEN’s latest notice marks a clear escalation in the regulatory response. The agency is urging all financial institutions—banks, credit unions, payment processors, and kiosk operators themselves—to step up efforts to detect and report suspicious activity. The notice highlights three primary vectors: scam payments, cybercrime, and money laundering tied to organized criminal groups.

This U.S. crackdown is mirrored abroad. In the UK, the Financial Conduct Authority (FCA) has launched high-profile raids on unregistered kiosks. Spain and Germany have uncovered networks laundering millions through clusters of crypto ATMs, often enabled by weak oversight and inconsistent KYC controls. Australia’s AUSTRAC and Canada’s FINTRAC have each updated guidance for kiosk providers, requiring tighter onboarding and mandatory suspicious transaction reporting.

Across all jurisdictions, regulators stress a simple message: CVC kiosks are a weak link in the global fight against illicit finance. The FATF’s most recent guidance and mutual evaluation reports repeatedly flag crypto ATMs as high-risk, with calls for harmonized licensing, stricter ID verification, and real-time monitoring to stem both fraud and money laundering.

But gaps remain. Not all U.S. states have robust MSB oversight. Many kiosks are operated by small businesses lacking the resources to implement comprehensive AML programs. Some deliberately structure transactions below mandatory ID or reporting thresholds. Meanwhile, banks that provide accounts to kiosk operators face “de-risking” pressure, with several high-profile cases involving account closures after compliance breaches.

Typologies: How Criminals and Scammers Exploit CVC Kiosks

Understanding how fraud and money laundering overlap in the CVC kiosk ecosystem is key for compliance professionals. FinCEN’s notice, along with global typology reports, points to several recurring schemes:

1. Scam Payments: Victims receive phone calls or online messages from fake tech support, romance partners, or government officials, all of whom instruct them to deposit cash at a nearby CVC kiosk. The crypto is immediately sent to a scammer’s wallet, usually via an automated QR code.

2. Layered Laundering: Drug traffickers, smugglers, and organized crime groups deposit structured cash through multiple kiosks, breaking up large sums into small, less detectable increments. These are converted to crypto, transferred across wallets, then off-ramped to foreign accounts or used to purchase goods and services.

3. Synthetic ID Fraud: Some operators, wittingly or not, allow the use of fake or stolen IDs to process high-value transactions, enabling both fraudsters and launderers to operate anonymously.

4. Human Trafficking Proceeds: Interpol and Europol have highlighted cases in which human trafficking payments were routed through CVC kiosks, taking advantage of anonymity and cross-border transfer speed.

Red flags identified by FinCEN, the FATF, and other authorities include:

• Multiple transactions just below identification or reporting thresholds
• Repeat deposits at different locations within short periods
• Large deposits from first-time users or those with little digital asset experience
• Transactions involving wallets or QR codes flagged by law enforcement
• Kiosk operators failing to file SARs or maintain beneficial ownership records

Case studies show how quickly losses can mount. A 2025 investigation in California tied over $6 million in losses to one cluster of kiosks, mostly targeting elderly victims of tech support scams. Meanwhile, authorities in Madrid uncovered a multi-million euro laundering ring using kiosks to layer proceeds from drug sales and tax evasion.

Raising the Bar: What Compliance Officers and Institutions Must Do

FinCEN’s message is clear: compliance officers, banks, and kiosk operators cannot afford to ignore the rapidly rising fraud and money laundering threat. The agency’s guidance demands more than “check-the-box” controls. Proactive, technology-driven, and ongoing vigilance is now expected.

Core requirements and best practices include:

• Robust KYC at the Kiosk: Even for small-value transactions, operators are expected to implement real-time ID verification—potentially including biometrics or instant database checks—to counter synthetic identity risks.
• Automated Transaction Monitoring: Kiosk operators and their partner banks must use monitoring systems capable of detecting structuring, rapid movement between locations, or transactions tied to high-risk wallets.
• Comprehensive SAR Filing: Timely reporting of suspicious transactions is non-negotiable, especially where typologies suggest scam payments or layering of illicit funds.
• Bank Due Diligence: Financial institutions must verify kiosk operators’ MSB registration, beneficial ownership, and AML program strength before onboarding and throughout the relationship. Site visits and independent audits are increasingly seen as best practice.
• Consumer Awareness and Education: Banks and operators should support public campaigns warning about scams targeting vulnerable groups, especially seniors.

The regulatory climate is also tightening internationally. The European Union’s Sixth Anti-Money Laundering Directive (6AMLD) and the forthcoming Markets in Crypto-Assets Regulation (MiCA) will impose stiffer penalties and greater obligations on virtual asset service providers, including kiosk operators. Australia’s upcoming reforms are likely to further restrict anonymous cash-to-crypto transactions.

The technology landscape is evolving. Startups are rolling out AI-powered tools to analyze transaction patterns, identify risky wallets, and automate ID verification. However, cost and fragmentation remain barriers, with many small operators lagging behind regulatory expectations.

Banks, Kiosk Operators, and the Path Forward

The rapid expansion of CVC kiosks has brought new convenience—but also a complex mix of fraud and money laundering risks. For financial institutions, the stakes have never been higher. Those providing banking services to kiosk operators must treat them as high-risk MSB clients, updating risk assessments, monitoring transaction flows, and collaborating with law enforcement and industry consortia to keep pace with new typologies.

Ignoring FinCEN’s warnings could result in severe regulatory penalties, lost licenses, and reputational harm. But the risk is more than regulatory: consumers—especially those least equipped to defend themselves—face devastating losses every day.

Going forward, coordinated regulatory action, advanced technology solutions, and public education will be essential. Institutions and operators that invest in strong controls and transparent operations will not only avoid fines but help protect the financial system from being co-opted by scammers and launderers. The challenge is formidable, but the cost of inaction is already plain to see.

---

Related Links

• FinCEN Convertible Virtual Currency Guidance
• FATF Virtual Assets Guidance
• U.S. Bank Secrecy Act Regulations
• EU 6th Anti-Money Laundering Directive
• AUSTRAC Digital Currency Exchange Guidance

Other FinCrime Central Articles About Crypto-ATM Risks

• Crypto ATM Seizure Highlights London’s Ongoing Money Laundering Fight
• AUSTRAC Targets Crypto-ATM Money Laundering and Money Mules
• UK Crypto ATM Operator Jailed for 4 Years: The First Prosecution of Its Kind

Source: FinCEN

Some of FinCrime Central’s articles may have been enriched or edited with the help of AI tools. It may contain unintentional errors.

Want to promote your brand with us or need some help selecting the right solution or the right advisory firm? Email us at info@fincrimecentral.com; we probably have the right contact for you.