The first party is the fraudster who acts as a seller on a popular auction or marketplace site. The fraudster “sells” a product to the second party, the buyer that knows nothing about the scam. The buyer pays the seller for the product or service, often never realizing that anything is amiss. The seller then needs to deliver the product or service to the buyer and does so by placing an order with the third member of the triangle, a manufacturer or another retailer of the product or service. The order placed with the victim merchant will contain the buyer’s information for shipping but someone else’s stolen credit card information for billing. When the legitimate merchant receives the order, it just looks like it is being ordered as a gift. The billing and shipping information is valid, so the merchant delivers the product or service.
When the card holder for the stolen credit card finds a fraudulent charge on their card, they may file a dispute with the credit card company resulting in a chargeback for the merchant, who already shipped the merchandise to the buyer. That buyer never realized that they were receiving goods that hadn’t actually been paid for. Meanwhile, the fraudster was able to transfer the stolen credit card into cash quickly by obtaining the money up front from the buyer.
This scheme is often much more complex as it is often led by overseas criminals who recruit established sellers (often referred to as mules) on auction or marketplace sites to “sell” the products. Once a sale is completed, the mule will forward the buyer information and the bulk of the money to the fraudster to place the fraudulent order. Once a mule becomes trusted, they are often allowed to recruit other mules, leading to a complex pyramid of fraudsters and mules.
According to the IC3 alert, many in the online merchant community have been made aware of this scheme and have had great successes with stopping the illegal activity using fraud prevention and detection solutions as well as successful criminal prosecutions.