subject: What Are The Latest Scams In Credit Card Fraud? [print this page] Managing your credit card transactions through a payment gateway provider is by far the most secure way to avoid either regulatory scrutiny from the credit card industry or actual fraud. As fraud is escalating in the current economic climate, businesses should be vigilant towards the signs of fraud.
There are at least two types of fraud that have been doing the rounds for the past few months that are worth highlighting. The scams are known as "Triangulation" scams. Often these work best on auction sites like e-bay or Amazon, but they are not unique to them.
Triangulation scam 1 - The customer as victim.
1. Bogus seller on e-bay advertises product
2. Victim purchases item/wins auction
3. Victim pays bogus seller through PayPal (or worse by sending credit card details)
4. Bogus seller pays another "innocent" seller for goods using a stolen credit card using victim's details
5. Victim receives goods (important point - goods are actually delivered to the victim)
6. Bogus seller now has Victim's credit card details or money Using this technique, an online fraudster can hop from credit card to credit card, gathering money along the way.
It's obvious that the technique above can be further refined if a domain has been 'hijacked' and directed to a phishing website address. This occurs when a domain name is stolen by submitting a fraudulent registrar transfer request and tricking an unsophisticated domain owner or registrar into transferring control of the name. Once the hijacker has control, they will usually assume ownership of the domain and start redirecting it to their own web sites. It is also quite common for hijackers to ransom off domain names and redirect traffic to explicit web sites (both for profit and shock value).
At this point, legal options can be expensive and time consuming. Since the domain has been transferred away from the domain owner's original registrar, the registrar is often powerless in assisting. Domain hijackers are aware of this and commonly transfer domains to countries far away from the original owner, making legal recourse prohibitive.
Triangulation scam 2 - In this scenario the merchant is the one who suffers.
1. Bogus customer orders goods and services with stolen card.
2. Before card can be verified as stolen, goods/services are returned or cancelled and refund requested.
3. Bogus customer provides different refund details.
4. Merchant provides refund to new card number.
5. Bogus customer disappears with the cash.
This isn't exactly a sophisticated attack and could be conducted over the phone or face to face in a shop.
The point isn't that credit card scams are more prevalent on the web, just that some simple techniques could be combined to steal from you or your customers. The key thing to remember as a vendor is that you need to ensure that you protect your customers data at all times. There is no quick fix to prevent your company becoming one of the points of the triangle above. Vigilance and sound governance is required.
Here are some actions you need to take when dealing with credit cards online.
- Don't process credit card orders unless the information is complete.
- Don't process credit card orders that originate from free e-mail addresses or from e-mail forwarding addresses. In such a case, ask the customer for an ISP or domain-based e-mail address that can be traced back.
- If the shipping address and the billing address on the order are different, call the customer to confirm the order. You may even want to make it a policy to ship only to the billing address on the credit card. - Be wary of unusually large orders.
- Be wary of orders shipped to a single address but purchased with multiple cards.
- Be wary of multiple transactions made with similar card numbers in a sequence.
- Be wary of orders you're asked to ship express, rush or overnight. This is the shipping of choice for many credit card fraudsters. Call the customer to confirm the order first.
- Be wary of overseas orders, especially if the order exhibits any of the characteristics noted above.
