Bridge Networks (Multi-Site)
Bridge Networks (or "Hub and Spoke" laundering) involve a cluster of low-risk "Bridge Sites" that aggregate traffic from multiple high-risk origins. This is used for volume dilution and redundancy.
📝 Summary
- Technique: Load Balancing & Merchant Rotation.
- Goal: Keep chargeback/fraud ratios below 1% per account and survive individual account bans.
- Risk Score: Severe (Organized Crime / Industrial Scale).
🏗 Technical Architecture
mermaid
flowchart TD
LB[Traffic Router / Load Balancer] --> B1[Bridge Site 1<br/>General Store A]
LB --> B2[Bridge Site 2<br/>Digital Agency B]
LB --> B3[Bridge Site 3<br/>Hosting Provider C]
B1 --> M1[MID #1]
B2 --> M2[MID #2]
B3 --> M3[MID #3]The Flow
- Aggregator: A central system tracks the health (chargeback rate, volume cap) of each Bridge Site.
- Routing: When a user buys on High-Risk Site A, the Router selects the "healthiest" Bridge Site (e.g., Site 2).
- Transaction: The user is routed to Site 2 to complete the payment.
🕵️♂️ Detection & Risk Signals
1. Network Clustering (The "Spiderweb")
- Signal: All Bridge Sites share common technical assets:
- Same SSL Issuer
- Same Hosting Subnet
- Same Google Analytics/Pixel ID
- Same CSS/JS Framework hash
- Same Director/UBO (Ultimate Beneficial Owner)
- Detection: Graph databases link these disparate sites into a single cluster.
2. Synchronized Velocity
- Signal: Traffic spikes occur simultaneously across 50 "unrelated" sites (driven by an ad campaign on the high-risk origin).
3. Shared Customer Base
- Signal: The same email addresses and credit cards are seen across all Bridge Sites, which is statistically impossible for unrelated businesses.
🏦 PSP Detection Probability
| Provider | Probability | Detection Analysis |
|---|---|---|
| PayPal | 98% | Very Strong. "Linked Accounts" algorithms are best-in-class. Detects shared devices, cookies, and UBOs instantly. |
| Stripe | 95% | Very Strong. "Radar for Platforms" detects clusters. If one node is banned, the entire graph (50+ accounts) is often nuked. |
| Adyen | 92% | Very Strong. Graph analysis connects "Shopper DNA". If a card is blacklisted on Site 1, it flags Site 2 when used there. |
| Square | 85% | Strong. Good at linking accounts via banking data and device fingerprinting. |
| Worldpay | 70% | Medium. Slower to link disparate accounts if they are set up under different legal entities (Shell Companies). |
| Payoneer | 88% | Strong. Detects funds moving from multiple MIDs to a single withdrawal bank account. |
| Fiserv / First Data | 65% | Medium. Often handles high volume well, but network detection relies heavily on manual analyst review. |
| Apple/Google Pay | 90% | Strong. The underlying device token (DPAN) is constant across merchants, making linkage easy for the wallet provider. |
⚠️ Analyst Notes
Bridge networks are expensive to maintain. Look for "Cookie Cutter" sites—hundreds of sites using the exact same "About Us" text or slightly modified templates. If you ban one, expect the traffic to immediately shift to another node in the cluster.