Industry

Triangulation fraud: how to protect your organization

Triangulation fraud occurs when a scammer acts as a secret middleman in online purchases. Learn more.

An icon of a person being identified for a fraud attack.
Last updated:
1/31/2024
Read time:
Share this post
Copied
Table of contents
⚡ Key takeaways
  • Triangulation fraud starts with bad actors offering products for sale on marketplaces, auction sites, and fake ecommerce websites, often for a steep discount. Consumers purchase the products, the bad actor places an order using stolen payment information, and the merchant ships the product directly to the consumer. 
  • Marketplaces and ecommerce sites may receive a chargeback and have to eat all the costs associated with triangulation fraud. The consumer might never realize what happened. 
  • Certain risk signals might help you identify fraudsters’ seller accounts and purchases. Link analysis can also help you quickly identifying fraud rings’ accounts and orders to shut down large operations. 

In late 2022, a fraud ring launched a large attack that involved attracting consumers with low-priced listings on marketplaces and fulfilling the orders using stolen payment details — a tactic called triangulation fraud. 

Some fraud fighters dubbed the fraud ring the Master Manipulators because of their ability to use social engineering and quickly change tactics to overcome fraud prevention measures when placing orders. If the attack is a harbinger of what’s to come, marketplaces will want to be especially wary of triangulation fraud in the coming years. 

What is triangulation fraud?

Triangulation fraud is a type of ecommerce and card-not-present (CNP) fraud that involves three players: 

  • The consumer: A consumer places an order on a marketplace, auction site, or fake ecommerce website. Items are generally listed for well under the usual price. 
  • The fraudster: The fraudster sets up seller accounts on a marketplace or creates fake ecommerce websites. They accept the payment for the sale, place an order with the actual retailer using stolen payment information, and have the product shipped to the consumer.
  • The merchant: The merchant fulfills the fraudster’s order. Later, they might receive a chargeback when the legitimate cardholder discovers the fraudulent purchase. 

Two parties in the triangle typically benefit from these schemes: the fraudster receives the consumer’s payment, which is nearly all profit because they're not paying for the products. And the consumer receives the product at a great price — they may even leave the seller a positive review. Consumers might not realize that there’s fraud involved, or they might not care if they think no one is getting harmed.

Of course, that’s far from true, as the merchant or marketplace could be out the cost of the product, the refunded order amount, and any associated costs for the chargeback and customer support. 

How does triangulation fraud work?

The process outlined above is a good overview of how triangulation fraud generally works, but there are variations to keep in mind.

For example, fraudsters who set up fake ecommerce websites have more to gain because they can collect the consumer’s payment information and use it to fulfill future orders. However, creating and maintaining websites can be expensive and require technical expertise. 

Alternatively, fraudsters and fraud rings may prefer to create seller accounts on marketplace and auction sites like Amazon, eBay, Etsy, Mercadolibre, and Shopee. 

Even if they can’t steal new payment information, the fraudsters may prefer this approach because they can benefit from the marketplace’s infrastructure and name recognition. Fraud rings can also scale up and create dozens of different seller accounts that specialize in particular products or types of goods. 

How do the fraudsters obtain payment details?

Fraudsters can also obtain the stolen payment details on various ways. Understanding these differences can be important for detecting and preventing triangulation fraud. 

  • Stolen card details: Fraudsters may purchase stolen card details that come from data breaches, phishing campaigns, and other types of cybercrime. Some fraudsters and fraud rings also steal card details that they can use for triangulation fraud and other schemes. 
  • Collected via fake seller websites: When fraudsters create fake ecommerce websites, they might be able to collect the buyer’s personal and payment details during the checkout process.
  • Account takeovers: Sometimes fraudsters use stolen accounts with saved payment details, store credits, or gift cards. Even if they can’t use the saved payment details, they can use the compromised account with other stolen payment information in an attempt to avoid detection. 

Identifying triangulation fraud in your marketplace

You can use several tactics to detect fraudsters in your marketplace. Here are a few red flags that might help you identify bad actors trying to buy products or set up a shop on your platform. 

Detecting bad actors buying products

  • Mismatched billing and shipping addresses: The nature of triangulation fraud requires fraudsters to use a billing address that’s different from the buyer’s address. Mismatched addresses don’t always mean fraud — you’ve likely bought gifts online and had them shipped directly to friends and family members. But it can be a useful warning sign.
  • Abnormal buyer behavior: Repeated odd behaviors could also help you pinpoint bad actors. For example, they might repeatedly buy the same products, always ship orders to different addresses, and frequently pay for expedited shipping.
  • Signs of account takeovers: Look for indicators of account takeover attacks, such as someone logging in from a new device, location, or IP address, or requests to change the account’s contact details. 

Detecting bad actors selling products

  • Abnormal seller behavior: On the seller side, fraudsters’ seller accounts might stand out from your standard seller profile. Perhaps they have an unusual number of positive (or negative) reviews, always offer steep discounts, or sell a wide range of products from different brands. 
  • Attempts to conceal multiple seller accounts: Legitimate merchants and sellers may create multiple accounts to separate product lines or brands, but they rarely try to hide it. In contrast, fraudsters attempt to hide the fact that they’re managing multiple seller accounts. However, if you can identify links between these seller’s accounts, you may be able to quickly shut down an entire network. 

Additional red flags

  • Velocity checks: An unexpectedly large number of purchases or sales from an account could also raise flags, especially if the account is new or has other red flags.
  • Popular and moderately priced items: Luxury items might attract too much attention, so the fraudsters might instead offer and buy moderately priced items. Popular brand-name goods are often common, along with the year’s must-have gifts. 
  • Links to other fraudulent activity: Once you identify a bad actor, you may be able to use various passive signals (geolocation, IP address, device fingerprint, etc.) and active signals (name, phone number, email address, physical address, payment details, etc.) to identify their other orders and accounts. 

How you can prevent triangulation fraud with Persona

Marketplaces that take a multi-layered approach to fraud prevention may have a higher chance of stopping illegitimate actors buyers and sellers without disrupting legitimate users. Persona offers several solutions that can help you verify legitimate users’ identities, spot fraudulent accounts, and uncover fraud rings. 

Use risk-based identity verification processes during onboarding

Identity verification is an important part of detecting bad actors and building trust. A risk-based approach involves using different types of verifications depending on risk signals, such as:

For example, you might run a phone verification when onboarding new buyers and only request more robust verifications if the phone risk report indicates a high risk level. Using a dynamic approach based on risk signals can help create a great experience for your legitimate users, and Persona can help you automate much of the process.

In the US, online marketplaces also have to comply with the INFORM Consumers Act, which requires them to verify the identity of sellers who have at least $5,000 in gross revenue during a 365-day period or who complete at least 200 transactions. 

To do this, marketplaces use know your seller (KYS) processes to collect and verify the seller’s name, contact information, banking information, and tax identification number. Implementing a similar process for all sellers, regardless of their expected sales, can help reduce regulatory and fraud risks

Request reverification at crucial points

Reverification — requesting verification from existing users — can also help you stop account takeovers and prevent fraudulent purchases. 

For example, you might require users to reverify their identity when they try to change the email, phone number, or address associated with their account. 

Additionally, you might reverify anything trying to access an account that has been inactive for at least six months to identify when fraudsters purchase “aged” accounts. Or, whenever someone tries to log into the account using a new device or from an unfamiliar location. 

Enrich user profiles and uncover fraud rings with link analysis

You can also continually and silently use Persona’s reports — email, phone, address, social media, adverse media, watchlists — to monitor accounts. Additionally, you can track behavioral data and device fingerprints to get a more complete view of your customers’ accounts. 

As you fill out the details, links between fraudulent accounts may emerge. For example, someone who creates a seller profile might use the same device, name, email, phone number, address, or other identifying information to create additional accounts. Or, they might change details using a pattern that you can detect. 

Persona's fraud investigation and link analysis tool, Graph, can help you identify and visualize connections between accounts — including connections that are several hops away. The tool can uncover clusters of potentially fraudulent accounts, which you can then quickly ban or flag for manual review

You can also analyze the connections to discover new fraud signals, which you can use to keep bad actors from creating new accounts and placing orders in your marketplace. 

Free ebook
Learn how to proactively fight fraud with link analysis

Best practices for risk teams to stay ahead

Online marketplaces face unique risks, and their risk team needs to have trust and safety teams and policies in place to help protect the organization from fraud, regulatory risk, and reputational harm. 

Tackling triangulation fraud can be tricky because it might take days or weeks for consumers to notice the unauthorized payments. But risk officers can take steps to train staff, educate users, and invest in technology that can help identify and prevent fraud before this point. And Persona offers the building blocks that organizations use to create robust identification, verification, and fraud prevention systems. 

Want to learn more? Start for free or get a custom demo today.

Published on:
10/26/2023

Frequently asked questions

Why is triangulation fraud a growing concern for online marketplaces?

Triangulation fraud can be particularly concerning for marketplaces because marketplaces are exposed to financial, regulatory, and reputational risk. A fraud ring also used triangulation fraud during a large, coordinated, and complex fraud attack in 2022. There may be fears that similar types of sophisticated triangulation attacks become the norm. 

What measures can online marketplaces implement to prevent triangulation fraud?

Online marketplaces can use identity verification and reverification processes to try to stop fraudsters from creating, taking over, and buying accounts in the first place. Ongoing account and transaction monitoring can also help raise red flags and identify accounts involved in triangulation fraud. And link analysis can help expose the fraudsters’ other accounts.

Continue reading

Continue reading

Know Your Customer (KYC) in Banking: A Comprehensive Guide
Know Your Customer (KYC) in Banking: A Comprehensive Guide
Industry

Know Your Customer (KYC) in Banking: A Comprehensive Guide

See why KYC is important, and how to make it work for your business

AI vs. AI: Why fighting GenAI fraud requires a multi-layered approach
AI vs. AI: Why fighting GenAI fraud requires a multi-layered approach
Industry

AI vs. AI: Why fighting GenAI fraud requires a multi-layered approach

If The Terminator, The Matrix, and every other cyberpunk series taught us anything, it’s that you can’t fight the machines with machines alone.

What is Watchlist Screening? A Complete Guide
What is Watchlist Screening? A Complete Guide
Industry

What is Watchlist Screening? A Complete Guide

A guide to using watchlists to keep your business safe.

Link analysis: How can it help you spot fraud?
Industry

Link analysis: How can it help you spot fraud?

Link analysis is a method of analyzing data that allows you to study relationships that aren't visible in raw data. Learn more.

Detecting fraud rings & protecting your business
Industry

Detecting fraud rings & protecting your business

Safeguard your business with insights on how to detect and thwart fraud rings.

Linked fraudulent accounts: A threat and an opportunity
Industry

Linked fraudulent accounts: A threat and an opportunity

Spotting a fraudster on your platform is like spotting ants in your kitchen. If you see one, there are probably hundreds or thousands hidden behind the wall.

Ready to get started?

Get in touch or start exploring Persona today.