Have You Fallen Into a "Triangulation Fraud" Scheme?
Thousands of online buyers are unknowingly guilty of participating in the credit card fraud scheme known as a “Triangulation Fraud Scheme.” Could you be one of them? If not, there is good chance that you know someone who is.
Triangulation Fraud is a three-phase scam. It’s been around for a very long time, mainly because it can be so difficult to detect. Here’s how it works:
PHASE ONE starts with a fraudster setting up an online storefront or resale account using a stolen or "synthetic" ID. These fake identities can be easily purchased on the Dark Web, a mostly invisible and partitioned portion of the Internet that can only be accessed using a special browser. The Dark Web was publicized widely in 2015 after the infamous Ashley Madison hack that exposed the identities of some 40 million people registered to a site designed to encourage extramarital affairs.
PHASE TWO involves the fraudsters using stolen credit cards to engage in online shopping sprees. The criminals fraudulently acquire thousands of dollars of high-end clothes, jewelry and accessories from legitimate online apparel and accessory retailers and websites.
The fraudsters then promote and sell this “inventory”—often at steep discounts—via their fake merchant storefronts set up in PHASE ONE, or through marketplaces and consignment sites. It’s important to make clear that none of these online marketplaces or consignment sites are complicit in promoting fraud. In fact, they are especially diligent in identifying and blocking fraudsters. Further, they provide strong guarantees in their Buyer Protection Programs, like Amazon's A-to-Z Guarantee and eBay's Buyer Protection Program. Nonetheless, nearly 6 billion data breaches in the last 10 years have provided so much weaponized data that it has never been easier for fraudsters to mask their true identities.
PHASE THREE occurs when shoppers unknowingly purchase the stolen items from the fraudulent online storefronts. The fraudsters actually ship the goods to the buyers, resulting in happy “customers” that receive authentic (although stolen) goods at deep discounts. These happy customers will return again and again to make additional purchases. Some may even give the fraudulent storefronts high marks (five stars) for offering great prices. All the while, the fraudsters use the fake identities and merchant accounts they established in PHASE ONE to turn the payments from unwitting shoppers (using legitimate credit cards) into cash.
Why would fraudsters go through all this trouble? Repeatability. The fraudulent storefronts provide a constant and continuing stream of money, without the fraudsters being exposed to the risks involved in “fencing” stolen goods. Even when the owners of the stolen credit cards used in PHASE TWO realize their accounts have been compromised and cancel the cards, the fraudsters simply return to the Dark Web to purchase new stolen credits cards and start the cycle all over again. And through it all, unwitting shoppers are completely unaware they’re participating in a Triangulation Fraud scheme.
Of course, the original sellers of the merchandise fraudulently acquired in PHASE TWO are the ones who get stiffed. Not only do they not receive payment, they also get hit with chargebacks and chargeback fees. And they are responsible for the original product costs, labor, shipping and reordering. They may even face additional fines from their merchant banks.
According to the 2016 LexisNexis True Cost of Fraud Study, nearly 2 out of 3 credit card chargebacks are fraud-related. In fact, chargebacks accounted for the majority of approximately $120 billion in fraud losses in 2015, the report states.
What’s the solution? A robust fraud protection system with enterprise-class capabilities helps stop Triangulation Fraud before it starts. For retailers, some of the most desirable traits of a fraud management system are:
- The ability to identify repeat transactions from the same point-of-sale device
- The ability to pinpoint the location of a transaction’s origin
- The use of a sophisticated and proven statistical scoring model
- The ability to detect fraud globally
- The ability to link orders that share few or no common elements
- The use of continuous transaction monitoring
- The availability of a custom rules engine
- The ability to customize workflow management
- The ability to interface with third-party verification sources
Merchants need to realize that fraudsters are intelligent, well-funded and, more importantly, resilient in their efforts to make money from fraudulent practices. They spend a great deal of time researching vulnerabilities. They looks for gaps in fraud detection capabilities, order response information used to validate or reject orders, call center response questions, changing/seasonal fraud strategies as well as weekend/after hours support. Their sole purpose is to discover any possible weakness in a merchant’s order process and exploit it to the fullest extent possible.
Buyers need to be aware of red flags that indicate the deals they’re getting may be too good to be true and are actually part of Triangulation Fraud:
- A product is advertised at an unbelievably low price.
- The seller may insist on payment by electronic funds transfer or a wire service.
- The seller may insist on up-front payment for vouchers before access is granted to a cheap deal or a give-away.
- The seller may ask to complete the sale outside of the marketplace or website (which means the buyer loses any protection offered by the website operator).
To learn more about mobile payments and current fraud trends, download the Mobile Payments & Fraud: 2017 Report, presented by CardNotPresent, Braintree, The Fraud Practice and Kount.