Who’s using stolen payment cards?

Hint:  They’re deliberate schemers. 

Part 1 | Part 3

Fraud is a fact of life for anyone conducting online and card-not-present commerce. The better you know how the bad guys operate, the better positioned you’ll be to protect against their attacks. 

In Part 2 of this three-part series, we’ll look at the intricate, in-depth plans devised by payment criminals. We’ll also look at how these plans affect yours in the world of online goods and services.  

When it comes to payment fraud attacks, it’s natural to focus on stories of shady, overseas black-market operators who deal in lucrative, easily-fenced goods. All you need to do is simply blacklist your shipments to all the well-known offending nations and you’ll be safe, right? 

Not so fast. 

These foreign marketplaces are often supplied by lengthy and sophisticated schemes that allow merchants to mistakenly assume they are dealing with buyers in the United States. The manner in which these products make their way overseas is often far more revealing than the high-profile endgames.  

Last March in Boaz, Alabama, a well-meaning woman unwittingly found herself contributing to the schemes by a group of alleged payment criminals. In what is typically referred to as “reshipping fraud,” the woman was hired by the group (masquerading as a legitimate business) to serve as a Logistics Coordinator—a convenient “work at home” job. 

She was paid in exchange for receiving packages, inspecting the payload, and repackaging and shipping to another address. She was sent virtually everything from iPhones, to computers, to hunting equipment. The catch is that these products were bought fraudulently by the orchestrators of the scheme using stolen payment cards, and the new shipping address provided by the “company” was used to move those products out of the country (Russia, specifically) for fencing on the black market.  

While the motivation is undoubtedly criminal, one can’t help appreciate the extensive infrastructure required to execute this long-running attack. The criminals not only procured stolen payment cards and placed fraudulent online orders, they also built out an extensive online presence, forged legal employment agreements, and cultivated a relationship with a freight forwarder for international shipments.

Along the way, their exploits left merchants with a false sense of security that they were serving their local markets. The cards were issued locally and the ship-to address was nearby as well. One of the rightful cardholders defrauded by this scheme lived only about 20 miles away in Guntersville.  

What can you do to defend against these single-minded, well-planned fraudsters? While fraud impacts every business and industry uniquely, it’s a mistake to assume that you truly know who your customer is. Fraudsters employ a variety of methods to cloak their true identity and location. Use your in-house and third-party fraud tools to take a closer look.  

In the final part of this series, we’ll look at how fraudsters are flexible and constantly adapting their exploits to counter the challenges and changes designed to thwart them.  

Neeraj Gupta, Product Manager, Vantiv eCommerce