Semi-Offline Funnel
Semi-Offline Funnel is a hybrid cloaking technique where the website serves as a clean "lead generation" brochure, but the actual transaction and risk exposure happen off-platform via encrypted messaging apps.
📝 Short Summary
- Scenario: A "Luxury Concierge" website. It lists no prices and has no cart. Users must "Contact on WhatsApp". The merchant then sends a payment link for "Consulting Services" to sell high-risk goods (e.g., replica watches).
- Business Motivation: To bypass web crawlers entirely. The crawler sees a static brochure with no e-commerce functionality.
- Key Deception: Decoupling the "Sale" (Chat) from the "Payment" (Generic Invoice).
🏗 Technical Architecture
Frontend Behavior (Customer View)
- Website: Slick, high-end design. "Rolex Sourcing" (or generic "Watch Sourcing").
- Call to Action: "Chat with an agent to order."
- Transaction: Agent sends a Stripe/PayPal Payment Link via WhatsApp.
- Invoice: "Invoice #9922 - Procurement Services - $500".
Backend Behavior (PSP View)
- Integration: No Shopping Cart integration. 100% usage of "Payment Links" or "Virtual Terminal".
- Referrer: None (Direct traffic to the payment link).
- Metadata: Sparse. No SKUs, no product images in the transaction data.
🕵️♂️ Detection Challenges
- No Web Evidence: The risk analyst visits the site and sees nothing purchasable. It looks like a legitimate service business.
- Encrypted Comms: The negotiation happens on Telegram/WhatsApp, which the PSP cannot monitor.
- Generic Invoicing: "Consulting" or "Services" describes almost anything, making it hard to disprove.
🏦 PSP Detection Probability
| Provider | Probability | Detection Analysis |
|---|---|---|
| Stripe | 85% | Strong. Flags accounts with high volume but low API usage (Manual Invoicing). Analyzes the ratio of "Payment Links" to "Website Checkout". |
| PayPal | 80% | Strong. "Business in a Box" monitoring detects when "Services" invoices align with high-risk price points (e.g., exactly $200 or $500). |
| Wise | 95% | Very Strong. Demands contracts/SOW (Scope of Work) for consulting invoices >$1k. Will freeze if proof is vague. |
| Square | 75% | Medium/Strong. Good at detecting manual entry anomalies, but "Consulting" is a supported vertical. |
| Shopify Payments | 50% | Medium. If they use "Draft Orders", it looks like a custom B2B sale. |
🛡️ Recommended Detection Strategies
1. Traffic vs. Volume Anomaly
Compare website traffic estimates (SimilarWeb data) with transaction volume.
- Signal: A "Consulting" site with 50 monthly visitors processing $500,000/month.
- Reasoning: Legitimate consulting requires lead gen. High volume with zero web footprint suggests an offline/hidden funnel.
2. Invoice Line Item Entropy
Analyze the text diversity of invoices.
- Signal: 1,000 invoices all generated with the exact string "Consulting Services".
- Legitimate Behavior: Real consultants usually customize invoices ("Project Alpha Milestone 1", "Q3 Retainer").
3. Defensive Pseudocode (Log Analysis)
typescript
// TypeScript: Detect suspicious manual invoicing patterns
function analyzeInvoiceEntropy(invoices: Invoice[]): RiskSignal {
const descriptions = invoices.map(inv => inv.description.toLowerCase());
const uniqueDescriptions = new Set(descriptions).size;
const totalInvoices = invoices.length;
// Calculate "Repetition Ratio"
const repetitionRatio = 1 - (uniqueDescriptions / totalInvoices);
// If 95% of invoices have identical descriptions and volume is high
if (totalInvoices > 100 && repetitionRatio > 0.95) {
return {
riskLevel: 'HIGH',
reason: 'Bot-like manual invoicing detected. Potential cloaking funnel.'
};
}
return { riskLevel: 'LOW', reason: 'Normal variance in invoices' };
}