Triangulation fraud continues to be a prominent emerging fraud trend. The onset of the pandemic led to a visible increase in first-party misuse and refund/retunr fraud. The rollout of PSD2 led to more credential breaches and account-takeovers. Now, with the hard economic times hitting much of the population, we see the bitter rise of triangulation fraud.
Why is it Called Triangulation Fraud?
As it’s name suggests, triangulation fraud requires three parties to be involved with the order.
- The Customer who places an order for a product or service from a marketplace or auction with their own credentials.
- The Fraudster who has offered the deal through some form of marketplace, auction site or social media post, group or discussion and places the order to the actual merchant for the customer but uses someone else’s stolen payment credentials to do so.
- The Merchant who unknowingly fulfills the fraudulent order and sends it to the customer.
How Does Triangulation Fraud Work?
There are several variations, but the general method is this…
The fraudster sets up a fake marketplace online and offers items at discounted prices.
The customer, looking for a deal as customers tend to do, finds the fake listing and places an order through them. They believe they are making a genuine purchase and enter all of the required payment information for their transaction to go through.
The fraudster collects all of the customer’s personal information and payment details.
From there, the bad actor charges the customer’s card and uses a previously compromised set of payment credentials to order the items from a real marketplace that offers the customer’s desired product.
The genuine marketplace processes the fraudulently paid order and sends the item to the customer.
The customer receives the discounted item and is happy with the price they paid and the service they received from the fraudster.
The cardholder who actually paid for the order, however, eventually sees the charge on their statement for an order that they did not place. So, they file a dispute with their bank which reverses the charges and hits the genuine merchant with a chargeback.
What Happens Next?
At the end of everything, the fraudster walks away with the customer’s payment and all of their supplied PII and payment details. Along with the agreed upon funds for the purchase, the bad actor can now add the customer’s details to a list of credentials to use for a later customer or sell them elsewhere for a different scammer to use.
Since the customer is happy and has no idea, there is no report to anyone with regard to any sort of fraudulent activity from the marketplace. There is just the word of mouth praise to others for the great service and price they had received.
Even later, when the customer’s card details are eventually used, they will have no way to connect the activity back to the shady purchase they had made from the murky marketplace. They will simply file a dispute with their bank for whatever unrelated purchase was placed using them. By that time, the fraudster has already made more money from their details and has new credentials from that customer to continue funding their scheme.
When the genuine seller receives the chargeback, they are out the original purchase price paid for the order, any shipping/packing costs, the physical product and issuer chargeback fees. On top of the monetary costs, the supplying marketplace also faces potential reputational damage and negative effect on their score upon the issuer’s fraud monitoring program.
Of course, this is when the true trader takes action against the fraudster’s account that was used to place the order, which is typically prevention from placing additional orders. Unfortunately, the account is unique to their platform, contains replaceable fake PII, the details of the customer’s delivery address and the genuine cardholder’s payment information. There is really nothing to connect the activity back to the actual fraudster and the shop that had listed the discounted offer without a lot of off-platform digging or luck.
If the activity somehow comes to light and the fraudulent marketplace gets shut down, the fraudster simply moves on to create another and continue doing the same thing.
Why is There More Triangulation Fraud Happening Now?
The present economic state in many areas of the world has drastically increased the cost of living within those effected areas and their salaries have not risen to keep up with it. People are feeling the pinch but still need to purchase things. To do so, they are searching for deals and discounts to stretch their paycheques as far as possible without losing out on any previous quality of life. These baddies are taking advantage of this increased pool of potential victims and opportunity by setting up a variety of these schemes.
On top of being opportunistic based on the state of the world, fraudsters also work schemes that are easy to setup, keep running and make them the most money. As things are right now, all three of those boxes are being checked by this method.
What Are Some of the Triangulation Fraud Variations
As touched on at the very beginning of this article, this method can be used through marketplaces, auction sites and through social media-type groups, posts and discussions.
When listing using a professional service, such as reputable eCommerce marketplaces and auction sites that process the payments through their own processes, this is simply a means to make money by being a “middleman” of sorts and evade detection. They almost literally make money from nothing. They have no product to offer. They just sell someone else’s merchandise by buying it with stolen credentials and take the funds given to them by the customer for doing so. It basically costs them time.
Using their own storefronts, their schemes can get rather elaborate. The sites can look extremely professional and even have partnering services, offering marketing advantages that will increase revenue. Those partnerships pay a fee for their services and do see an increase in sales, but they come from this sort of process. To go even further, the same scheme, their partnerships and efforts can be used to perpetrate transaction laundering on some platforms.
How Can We Detect and Prevent Triangulation Fraud?
There is not a lot that one can do for the activities that are not upon our own platforms. As much as we could take the time to scour the internet for these offerings, even if they get reported and taken down, another just pops up again in their place. Off platform, it is really up to those offering the services for these shops to be setup in the first place to stop them. Since that is the case, you need to fight the fraud that you experience within your own domain.
If you are an independent marketplace, with no partnerships, a lot of this follows what you will see with classic credit card fraud schemes…
- New accounts placing orders to various addresses using multiple payment methods seeing failures, chargebacks and/or amassing large values of debiting across multiple accounts
- Mismatched billing and shipping addresses with no other location generating detail matching either one
- These accounts typically fall into some form of pattern with their manually entered PII
- You can also see repetition of other behind-the-scenes details like device ID, user-agent, IP address, language and more…
- Geolocation methods can often narrow or even pinpoint these activities to one small area of source
- Ordering patterns where the same items are ordered by accounts these accounts
These are all things that many of us are used to using and it is a little difficult to determine that what you are seeing is triangulation fraud without being able to see what is happening throughout a connected network of varying details. To be perfectly candid, this is best achieved through graph link analysis, where you can visually see the connections and their paths, so you know where you should look deeper.
Doing a Triangulation Fraud Analysis
If you have partners upon your platform, where they are merchants themselves or you are handling the payment and logistics of their storefront, there are some additional things you could do to help detect and deter these baddies.
Fraudsters are people, too, and fall into patterns and they wish to keep things as simple as they can. Above, I had mentioned ordering patterns. The same items ordered by these suspicious accounts. If you are putting forth partner offerings, you can also see a pattern of partners being targeted. In many instances, especially those where the fraudster has developed some from of agreement with a partnering merchant, they will receive more of these orders than others. You can use that to your advantage. You can look into different partner activity based velocities with relation to this targeted activity. Many of your transaction laundering indicators could end up flagging a lot of this activity to you. Open up your threshold to be a bit wider than your prevention flags and that may expose more of this kind of activity. Once exposed, you can then fight the customer aspect of the fraud based on the patterns observed.
Many who offer retailers and other merchants to use their platform to sell their own products see them as customers. They absolutely are. That leaves there a strong desire to keep the processes they need to follow to use your services as frictionless as possible. However, to protect everyone and every genuine customer (partner and purchaser), there have to be dilligent verification and validation processes in place.
You should both verify and validate manually entered PII where you can. Include authentication of contact details like phone number and email address. Use data enrichment to get further information surrounding these datapoints. Are they using a VOIP, online SMS service or a temporary email provider? If you cannot enrich the data coming into your platform, after verification, wait and verify again. Given a little time, a lot of falsely verified information will no longer capable of access or simply not used by the fraudster any longer.
Research for a genuine presence where and when you are able. If your process allows for a little time before approval, go through the web and look for them. Most people and businesses have a visible digital footprint because they want to be found… even some who don’t want to be. If someone is selling something, they have more than likely said so and advertised it somewhere. If it is a physical location, pull up streetview or satellite view and look. Look at government business registrations at the address or under the account holder details. There are a lot of free resources out there to help you look, and there are also some paid services that are created to do this for you and give you a result in seconds.
If you need any form of official government identification to legally allow use or to cover your assets, I would recommend subscribing to a service that can check the submission for accuracy and validate its authenticity. Although these are also not 100% accurate nor available for every global entity, they cover a good amount of the planet and are faster than a human, offering more insights than just manual scrutiny for doctoring.
Just like linking customers, linking partners should also be a part of your defense. If someone who was running one business that was doing this then tries to establish a new one upon your platform, you should either prevent that from happening or flag it for monitoring.
Don’t limit to just conencting on the typical phone, email, name… Remember the physical address, as well. New sources with the same motive can crop up from the same location. In some of these instances, they will try to turn things around quickly using the same address. For this, many time, the online presence and registrations would not be updated anywhere.
If you have deeper tech or payment/subscription details, look to keep those from your network, as well, where necessary.
If they do successfully gain use to your platform, monitor earnings for sharp increases. These can come and go in waves to attempt to deter detection and confirmation of the activity. Look for nothing but good reviews or nothing but bad, depending on if they are actually buying products for the customer correctly and supplying them or not. Watch for those ordering patterns. Scrutinize offers based on alerts based on common sales category prices and if a merchant offers sales on everything all of the time.
We have to do our part as best we can to defend against triangulation fraud, especially with it being on the rise. The holidays during these hard times are going to open a very large cargo door of opportunity for this fraud to grow. Be aware and be ready.
This article was contributed by Shawn Colpitts, Senior Fraud Investigator at Just Eat Takeaway.com
