Fraudsters could use E-Commerce Websites to Swipe Out Money
The Hack: Online shopping is the rage among most people surfing the net primarily due to the variety of choices it offers as also the competitive pricing and auctions. Just as technology is a huge driver in creating the new digital economy, it has also helped enrich the pockets of criminals and fraudsters who have learned to use the platform to target online users and financial services.
One such fraud venture is called “triangulation fraud” which involves fraudsters setting up a legitimate auction on an E-commerce site and victims buying products at these auctions. The fraudster then uses stolen credit cards to purchase the product from other genuine retailers on the E-Commerce site and dispatch the product to the victim’s shipping address. As the victim has got the product they won at the auction and happy with the price, they do not bother to check on the retailer from where they received the product is the same as the one they were reached out at the auction.
The retailer is not concerned as they get the price for the product paid up. Thus the fraudster walks away with the money received from the buyer at no loss to them even though they purchased the product at a higher price then they sold it at the auction. The fraud comes to light only when the owner of the credit card receives their statement for purchase of un-authorized goods. Though some credit card companies now require two factor authentication to confirm payment and other security measures to prevent credit card fraud, the fraudster generally target those customers who have a good record and such measures are usually overridden for purchases involving smaller amounts.
The end loser is the financial services company that has to pay back their customer for the amount as also the E-commerce retailer whose reputation is tarnished. Though E-Commerce retailers have started using sophisticated security measures to keep a check on such transactions, the fraudsters are always one step ahead of the game. The Whack: Financial Services and E-Commerce retailers besides using the existing security measures (which come at a cost) can also use a simple method of phone verification before processing such fraudulent transactions.
Generally the fraudster is using bots hosted on Amazon cloud server instances to make these transactions. By involving phone verification requiring the original customer / card holder to give a miss call can put a spanner into most of these transactions. Customers need not actually dial a number but simply press a speed dial button on their phone or use a app to authorize or deny the transaction.
Companies such as SecureMyPass offer such a solution that is easy to deploy and use. They have already developed and deployed a COD Registry in India to prevent or put an end to Cash on Delivery frauds.
Source: Fraudsters could use E-Commerce Websites to Swipe Out Money Source Wikipedia.org