Merchants are always running the risk of being victims of fraudulent transactions. In the eCommerce ecosystem there are many ways for criminals to exploit card-not-present transactions for their own gain, and it is usually the merchant who comes off second best.
A creative method of online fraud is the triangulation scam, in which there are multiple steps and several players.
In the first step, the fraudster will advertise goods for sale. These are most commonly not high-value items, such as cosmetics, toys, or small electronics. The fraudster will advertise these products, at almost too good to be true prices, on social media sites or third-party marketplace sites such as eBay. The sale may be done directly on the marketplace site, or the buyer will be directed to a separate storefront website. In order to entice more buyers quickly, the fraudster may claim to only have a few of the items available at the special price, or claim that the offer is only valid for a short period of time
In the second step, the buyer will purchase the items online in good faith from the fraudster. Everything will seem legitimate. However, the fraudster does not actually have the goods to sell to the customer.
In the third step, the fraudster will place an order for the actual items on a legitimate website at the regular prices, but will do so using stolen credit card information. If the legitimate merchant does not pick up on the fact that the card information is stolen then the sale will go through. The fraudster will set the shipping address to that of the buyer who purchased the goods in step two. The fraudster will then forward the shipping information to the buyer, who will receive the goods believing they got a great bargain.
Meanwhile, the owner of the stolen credit card used in step three may pick up on the charge at a later time and file a chargeback through their bank.
It may seem unnecessarily complicated, and at first thought you may be inclined to wonder why a criminal would bother with such an elaborate scheme. However, the fraudster scores on two fronts. Firstly the scammer pockets the cash that the buyer made the “discounted” purchase with. Cash, even smaller amounts, is desirable and it is much easier to have it willingly handed over by someone instead of going to the effort of re-selling high-value goods. Secondly, the oblivious buyer has freely handed over all their card and personal information to the criminal, thinking the online store was legitimate. After all, the buyer will actually receive the goods that they ordered, so they won’t think that anything is amiss for some while, if ever. But now the fraudster will use the buyers card information in step three of the scam, to fulfill the order of a different buyer. It is so much easier for criminals when their victims volunteer all their information. And as an added bonus the criminal can sell the credit card information to other criminals.
And by the time the scam is discovered the fraudster and their online store have vanished. Until the next time.
It is the merchant from the legitimate site that is likely to suffer losses all round from triangulation fraud. The owners of the stolen credit cards are likely to file chargebacks, resulting in the merchant losing the funds from the sale and handling, as well as being subjected to penalties. In worst-case scenarios the merchant could be classified as high risk or even have their payment services terminated. As a rule, goods do not have to be returned as part of the chargeback process, and the fact that the receiver of the goods actually paid for them, albeit to someone else, complicates the matter further.
And of course, further to this the merchant may find itself the victim of unfavorable reviews. If the public perceives an online merchant to be unsafe they will avoid buying from them. Word travels fast on the internet.
So what can merchants do to mitigate the risk of triangulation fraud? It is indeed a tricky one to deal with, but there are a few warning signs that the merchant may pick up on:
- A new account that suddenly buys a lot of the same items, or multiple new accounts buying the same items
- A sudden spike in sales of particular items without an advertised promotion, especially with lower value goods
- Inconsistent contact information on new accounts – for example billing and shipping addresses not the same, or contact names and email addresses not similar, or disposable email addresses used
And of course, merchants should make use of high-quality security and fraud monitoring tools, and ensure that they choose vendors such as payment partners with a strong emphasis on security. Price should not be the only factor when choosing payment partners, what may seem cheap at first may well turn out to be expensive in the long run.
At Baer’s Crest we know the risks that online merchants face on a daily basis in terms of fraud and chargebacks. We pride ourselves on being able to offer our clients a range of excellent payment services, at reasonable rates. Talk to us about the best and safest options for your online business.