WARNING: The Latest, Most Complex Fraud Scam Might Catch You Off Guard!
You may be wondering how cybercriminals are able to turn stolen credit card data into cash flow. A popular scheme is to sell high demand, incredibly underpriced items on eBay that they don’t even own yet. Upon the auction ending, the fraudster uses stolen credit card information to purchase the goods from an e-commerce store and ships it directly to the auction winner. This is effective because auction winners get what they bid on and pay the criminal, and the only party left to dispute the charges is the original and legitimate cardholder.
This popular scam of using stolen credit cards to buy merchandise won by other eBay members is by no means new, but as time goes on, is getting more automated and sophisticated. One retailer who wishes to remain anonymous, was achieving quite a bit of success with e-commerce, and was experiencing fast growth, and was amongst the Top 50 Online Retailers for the past two years, as ranked by Internet Retailer.com.
Unfortunately, this did not protect them against falling victim to the scam. The retailer received more than 40 orders in the span of just a few weeks that were traced back after the fact to stolen credit card data. The retailer was successful in stopping a small number of the transactions before they were shipped, but many of the sales resulted in losses that needed to be absorbed by the victim.
How It Works
Understanding exactly how triangulation fraud works might be a bit confusing. The process is simplified below for clarification:
- Step 1 – Auction fraudsters set up one or more eBay account and begins to sell legitimate products. Once a customer buys an item, the money is placed into the fraudsters PayPal account.
- Step 2 – The fraudster sells the order by going to another online retailer, and purchases the item using stolen credit card data. The goods are direct shipped to the actual customer, and the fraudster gets the money.
This scam is particularly crafty because the purchasing eBay customers are satisfied and have received a product, so there’s never any concerns about the company that provided them the product. For large retailers doing considerable amounts of volume, this process raises no concerns with them, and goes virtually unnoticed. The only way they can be made aware of such activity is by using sophisticated fraud screening programs, or when the owner of the credit card initiates a “chargeback” with the credit card company.
EBay has publicly stated that the use of stolen credit card information in the purchasing of goods is by no means a new concept, and has said that cooperation and coordination is required with both retailers and law enforcement to get a handle on such cyber crime.
Detection of such fraud relies on the tools used by merchants and implementing correct credit card authorization protocols.
EBay does not wish to share the technology and practices they have implemented to handle this sort of fraud activity, out of concern it will provide information to the cyber criminals. Representatives for the auction site did however say that they use a range of internal tools, as well as risk models that identify suspicious activity. They also provide training to hundreds of retailers, as well as law enforcement on various types of fraud.
Make sure you and your staff members never fall victim to triangulation fraud. Contact DS410 for help at (646) 583-0410 or send an email to firstname.lastname@example.org. We provide managed IT services in New York City that keep your company safe against all types of cybercrime.