Triangulation fraud is a type of eCommerce fraud in which a bad actor, masquerading as a legitimate online seller, sets up a fake store. Real buyers, oblivious to the scam, make purchases from the fake site. The fraudster then fulfills these orders by using stolen payment information to place orders from real merchants. When the victimized cardholder discovers the charge, they dispute it, causing the legitimate merchant on the back end to ultimately bear the burden of the fraud.
Read MoreTriangulation fraud involves at least three parties: a legitimate buyer, a fraudulent seller, and a legitimate merchant. Unlike standard eCommerce operations, the fraudulent seller does not hold inventory. Instead, they dropship inventory from legitimate merchants to legitimate buyers. However, unlike standard dropshipping operations, the fraudulent seller uses stolen credit card information to place orders.
A triangulation scheme allows the scammer to extract cash from the stolen payment method without the legitimate buyer knowing that they are unwittingly participating in fraud.
Read MoreTriangulation fraud deals over $30 billion in annual losses to legitimate online sellers, a figure that’s been steadily increasing over time. To make matters worse, over 40% of Merchant Risk Council members say that they’ve been victimized by a triangulation fraud attack in the past year.
Beyond chargeback fees and lost inventory, merchants who experience triangulation fraud also suffer from operational disruption and reputational harm. Perhaps worst of all, being victimized in an attack just once makes re-victimization more likely, as fraudsters often target sellers whose defenses have previously been successfully compromised.
Read MoreDue to the sophistication of the scheme, it’s easy to think of triangulation fraud as a rare occurrence. But make no mistake: fraudsters who specialize in this tactic successfully steal millions of dollars from legitimate cardholders and merchants every year. From a Nespresso triangulation fraud scheme discovered by a US Naval War College professor to a $2 million eBay triangulation fraud scheme carried out by a single sophisticated individual over a seven-year period, these attacks happen regularly in the wild.
Read MoreMerchants who suspect that triangulation fraudsters are making purchases at their store can take a look at their analytics. Patterns of repeat orders involving high-value, easily-resellable goods can be a warning sign of triangulation fraud, as is a string of orders coming from a single geolocation. A sudden influx of new accounts, mismatched billing and shipping addresses, or high transaction velocity can also signal that a triangulation attack is underway.
Read MoreMerchants who want to prevent triangulation fraud need to be proactive about hardening their checkout environments. Beyond the basics, like AVS and CVV checks, merchants should also use 3-D Secure 2.0 to authenticate all purchases, and deploy velocity checks to limit automated orders or bot-like behavior. Multi-factor authentication, proxy piercing, and device blacklisting can also help make it more difficult for fraudsters to place orders using stolen cards.
Read More
Data breaches, mobile device hacks, phishing scams, and fraud as a service (FaaS) are all popular methods that scammers use to commit triangulation fraud attacks.
Triangulation fraud happens when a fraudster sets up an illicit online store on a third-party marketplace, accepts customer’s orders, and then uses stolen payment card details to fraudulently make a purchase from a legitimate merchant.
To stop triangulation fraud, you need to implement a multi-approach strategy that includes deploying fraud prevention tools at checkout, like Address Verification Services (AVS), proxy piercing, and velocity checks.
Triangle fraud does have some clear, recognizable signs to watch for. A few common warning signs associated with a triangulation attack include: conflicting addresses, low dollar-value transactions, invalid contact information, and a high transaction velocity.
As a merchant, you should watch for groups of transactions that display several of the warning signs outlined above. If you see these show up regularly, you may have a problem with triangulation fraud.
