In late 2022, a fraud ring launched a large attack that involved attracting consumers with low-priced listings on marketplaces and fulfilling the orders using stolen payment details — a tactic called triangulation fraud.
Some fraud fighters dubbed the fraud ring the Master Manipulators because of their ability to use social engineering and quickly change tactics to overcome fraud prevention measures when placing orders. If the attack is a harbinger of what’s to come, marketplaces will want to be especially wary of triangulation fraud in the coming years.
What is triangulation fraud?
Triangulation fraud is a type of ecommerce and card-not-present (CNP) fraud that involves three players:
- The consumer: A consumer places an order on a marketplace, auction site, or fake ecommerce website. Items are generally listed for well under the usual price.
- The fraudster: The fraudster sets up seller accounts on a marketplace or creates fake ecommerce websites. They accept the payment for the sale, place an order with the actual retailer using stolen payment information, and have the product shipped to the consumer.
- The merchant: The merchant fulfills the fraudster’s order. Later, they might receive a chargeback when the legitimate cardholder discovers the fraudulent purchase.
Two parties in the triangle typically benefit from these schemes: the fraudster receives the consumer’s payment, which is nearly all profit because they're not paying for the products. And the consumer receives the product at a great price — they may even leave the seller a positive review. Consumers might not realize that there’s fraud involved, or they might not care if they think no one is getting harmed.
Of course, that’s far from true, as the merchant or marketplace could be out the cost of the product, the refunded order amount, and any associated costs for the chargeback and customer support.
How does triangulation fraud work?
The process outlined above is a good overview of how triangulation fraud generally works, but there are variations to keep in mind.
For example, fraudsters who set up fake ecommerce websites have more to gain because they can collect the consumer’s payment information and use it to fulfill future orders. However, creating and maintaining websites can be expensive and require technical expertise.
Alternatively, fraudsters and fraud rings may prefer to create seller accounts on marketplace and auction sites like Amazon, eBay, Etsy, Mercadolibre, and Shopee.
Even if they can’t steal new payment information, the fraudsters may prefer this approach because they can benefit from the marketplace’s infrastructure and name recognition. Fraud rings can also scale up and create dozens of different seller accounts that specialize in particular products or types of goods.
How do the fraudsters obtain payment details?
Fraudsters can also obtain the stolen payment details on various ways. Understanding these differences can be important for detecting and preventing triangulation fraud.
- Stolen card details: Fraudsters may purchase stolen card details that come from data breaches, phishing campaigns, and other types of cybercrime. Some fraudsters and fraud rings also steal card details that they can use for triangulation fraud and other schemes.
- Collected via fake seller websites: When fraudsters create fake ecommerce websites, they might be able to collect the buyer’s personal and payment details during the checkout process.
- Account takeovers: Sometimes fraudsters use stolen accounts with saved payment details, store credits, or gift cards. Even if they can’t use the saved payment details, they can use the compromised account with other stolen payment information in an attempt to avoid detection.
Identifying triangulation fraud in your marketplace
You can use several tactics to detect fraudsters in your marketplace. Here are a few red flags that might help you identify bad actors trying to buy products or set up a shop on your platform.
Detecting bad actors buying products
- Mismatched billing and shipping addresses: The nature of triangulation fraud requires fraudsters to use a billing address that’s different from the buyer’s address. Mismatched addresses don’t always mean fraud — you’ve likely bought gifts online and had them shipped directly to friends and family members. But it can be a useful warning sign.
- Abnormal buyer behavior: Repeated odd behaviors could also help you pinpoint bad actors. For example, they might repeatedly buy the same products, always ship orders to different addresses, and frequently pay for expedited shipping.
- Signs of account takeovers: Look for indicators of account takeover attacks, such as someone logging in from a new device, location, or IP address, or requests to change the account’s contact details.
Detecting bad actors selling products
- Abnormal seller behavior: On the seller side, fraudsters’ seller accounts might stand out from your standard seller profile. Perhaps they have an unusual number of positive (or negative) reviews, always offer steep discounts, or sell a wide range of products from different brands.
- Attempts to conceal multiple seller accounts: Legitimate merchants and sellers may create multiple accounts to separate product lines or brands, but they rarely try to hide it. In contrast, fraudsters attempt to hide the fact that they’re managing multiple seller accounts. However, if you can identify links between these seller’s accounts, you may be able to quickly shut down an entire network.
Additional red flags
- Velocity checks: An unexpectedly large number of purchases or sales from an account could also raise flags, especially if the account is new or has other red flags.
- Popular and moderately priced items: Luxury items might attract too much attention, so the fraudsters might instead offer and buy moderately priced items. Popular brand-name goods are often common, along with the year’s must-have gifts.
- Links to other fraudulent activity: Once you identify a bad actor, you may be able to use various passive signals (geolocation, IP address, device fingerprint, etc.) and active signals (name, phone number, email address, physical address, payment details, etc.) to identify their other orders and accounts.
How you can prevent triangulation fraud with Persona
Marketplaces that take a multi-layered approach to fraud prevention may have a higher chance of stopping illegitimate actors buyers and sellers without disrupting legitimate users. Persona offers several solutions that can help you verify legitimate users’ identities, spot fraudulent accounts, and uncover fraud rings.
Use risk-based identity verification processes during onboarding
Identity verification is an important part of detecting bad actors and building trust. A risk-based approach involves using different types of verifications depending on risk signals, such as:
- Email verification
- Phone verifications
- Government ID verification
- Document verification
- Database verification
- Selfie verification
For example, you might run a phone verification when onboarding new buyers and only request more robust verifications if the phone risk report indicates a high risk level. Using a dynamic approach based on risk signals can help create a great experience for your legitimate users, and Persona can help you automate much of the process.
In the US, online marketplaces also have to comply with the INFORM Consumers Act, which requires them to verify the identity of sellers who have at least $5,000 in gross revenue during a 365-day period or who complete at least 200 transactions.
To do this, marketplaces use know your seller (KYS) processes to collect and verify the seller’s name, contact information, banking information, and tax identification number. Implementing a similar process for all sellers, regardless of their expected sales, can help reduce regulatory and fraud risks.
Request reverification at crucial points
Reverification — requesting verification from existing users — can also help you stop account takeovers and prevent fraudulent purchases.
For example, you might require users to reverify their identity when they try to change the email, phone number, or address associated with their account.
Additionally, you might reverify anything trying to access an account that has been inactive for at least six months to identify when fraudsters purchase “aged” accounts. Or, whenever someone tries to log into the account using a new device or from an unfamiliar location.
Enrich user profiles and uncover fraud rings with link analysis
You can also continually and silently use Persona’s reports — email, phone, address, social media, adverse media, watchlists — to monitor accounts. Additionally, you can track behavioral data and device fingerprints to get a more complete view of your customers’ accounts.
As you fill out the details, links between fraudulent accounts may emerge. For example, someone who creates a seller profile might use the same device, name, email, phone number, address, or other identifying information to create additional accounts. Or, they might change details using a pattern that you can detect.
Persona's fraud investigation and link analysis tool, Graph, can help you identify and visualize connections between accounts — including connections that are several hops away. The tool can uncover clusters of potentially fraudulent accounts, which you can then quickly ban or flag for manual review.
You can also analyze the connections to discover new fraud signals, which you can use to keep bad actors from creating new accounts and placing orders in your marketplace.
Best practices for risk teams to stay ahead
Online marketplaces face unique risks, and their risk team needs to have trust and safety teams and policies in place to help protect the organization from fraud, regulatory risk, and reputational harm.
Tackling triangulation fraud can be tricky because it might take days or weeks for consumers to notice the unauthorized payments. But risk officers can take steps to train staff, educate users, and invest in technology that can help identify and prevent fraud before this point. And Persona offers the building blocks that organizations use to create robust identification, verification, and fraud prevention systems.
Want to learn more? Start for free or get a custom demo today.