What is triangulation fraud & how to prevent it

Triangulation fraud is a big concern for financial firms, yet it can be challenging to detect because, at first glance, all the actors appear legitimate. Firms can improve triangular fraud detection and prevention with smart software that utilizes artificial intelligence (AI) and machine learning (ML).

What is triangulation fraud?

Triangulation fraud is a sophisticated type of card-not-present (CNP) fraud that is becoming more common. It occurs when a criminal ‘sits’ between a legitimate customer and a retailer. As with most CNP fraud, the criminals will have either stolen their victim’s card details directly or purchased them on the dark web following a data breach. However, triangulation fraud is more complex and can involve up to four unsuspecting parties.

With a fake storefront, fraudsters can intercept a customer’s payment while they are making a purchase. They take the money and can also steal the customer’s credit card details. On a third-party marketplace, fraudsters use fake seller accounts to accept customer payments, but they cannot view or steal credit card details. In both scenarios, the fraudster fulfills the customer’s order using someone else’s stolen credit card details.

In triangulation scams, there can be up to five parties involved:

•   The criminal.
•   The customer (the mule).
•   The marketplace (if applicable).
•   The retailer.
•   The person whose stolen credit card details are used.

Far from being a victimless crime, triangulation scams impact both customers and retailers. They also degrade the trust and reputation of third-party marketplaces that unwittingly allow triangulation credit card fraud to take place.

How does triangulation fraud work?

To conduct triangulation fraud, a bad actor sets up a fake storefront or fake seller account advertising popular items for sale at attractive prices that seem ‘too good to be true’. Common items involved in triangulation fraud schemes include digital products such as headphones, laptops, and game consoles and high-end items such as coffee pods and hair products. These may be offered with discounts for multiple or bulk purchases.

Attracted by the price, the customer buys the item using their credit or debit card or via an online payment service such as PayPal. The customer is unaware that the website or seller account is fake. If they pay by card, the criminal can steal their card details and use them later or sell them. Meanwhile, the criminal purchases the item from elsewhere – usually direct from the retailer – and uses previously stolen credit card details to fulfill the order.

In a triangulation scam, the cardholder whose details are used to fulfill the purchase can request a chargeback from the retailer once the fraud is discovered. For this reason, triangulation fraud disproportionally affects marketplaces as they are the only actor in the ‘triangle’ who ends up out of pocket – they lose both the product and the money.

Firms need to be aware of the consequences of triangulation fraud, including disputed transactions and chargebacks – which are reaching crisis levels for retailers, according to Forbes. The chargeback process takes time and resources, and there may be penalties for companies with high chargeback rates (above 2 percent).

Which methods are used in triangulation fraud?

The key differentiator with triangulation fraud is that the customer orders and receives an item and so is unaware they were involved in a scam. Triangulation scam gangs don’t own the items they are advertising, so they must run an efficient process whereby the product is ordered and sent to the customer promptly. It’s important that customers don’t realize anything is amiss. The online listing must be convincing, and the shipping experience flawless.

Because the delivery experience must be smooth, fraudsters often target semi-luxury retailers with fast shipping and low site security. They avoid premium brands where a human may need to get involved in the purchase, e.g., high-end cars. Firms in this space should take extra precautions to ensure triangulation fraudsters do not target them.

Triangulation fraud red flags

Triangulation fraud is difficult to detect and is thought to be underreported. Receiving desirable goods at a cheap price may deter some from reporting a potential case of fraud.. Sadly, older vulnerable people whose credit card details have been stolen and used in triangulation fraud may not be financially savvy enough to spot the fraud and initiate a chargeback.

Triangulation fraud red flags for third-party marketplaces may include:

•   Unusually cheap prices for high-end items.
•   Sellers posting multiple adverts for one item or one brand.
•   Seller account is brand new.
•   Account disappears after a short time and a new account is created with the same email address.
•   Seller’s account has no reviews or ratings.
•   Seller does not respond when contacted and/or uses a fake email and/or phone number.

For retailers, red flags may include:

•   High frequency and speed of transactions.
•   Discrepancy between billing address and shipping address.

What can firms do to detect and prevent triangulation fraud?

Triangulation fraud schemes are often run by small groups of criminals using multiple seller accounts. Using smart technology, marketplace firms can spot behavioral similarities between seller accounts, for example, account names, usernames, and passwords. There may be similarities between product listings, too, e.g., images and descriptions may be copied and pasted.

Marketplace firms should look for advanced software that offers protection against triangulation fraud, including:

•   Behavior tracking and profile building of sellers.
•   Scanning for commonalities between seller accounts, information provided, IP addresses, etc.
•   Cross-checking to see if seller email addresses are new.
•   Address and location verification.

Retails can deploy technology to:

•   Provide a secure payment gateway for customers.
•   Gather market information and pricing trends, i.e., how third-party retailers are pricing your products.
•   Check the volume of purchases/sales, also known as velocity limits.
•   Perform address and location verification.
•   Flag suspicious orders and recommend these are fulfilled manually.

Firms also need to share guidance with their customers to ensure they are aware of common triangle scams and how to spot fake websites. Businesses can educate customers on how to report discrepancies in shipping paperwork and overall customer experience. Customers should be encouraged to report suspected fraud even though they may not be out of pocket. In six months, they may find their credit card details used in triangular fraud.

To mitigate the threat of triangulation fraud, compliance teams should ensure they are utilizing a sophisticated fraud detection tool that can calibrate automatically and adapt to criminal behavior as it occurs in real-time. Systems that are powered by cutting-edge machine learning models can adapt in this way while also providing analysts with the explanations they need about why each alert was created.