What is Triangulation Fraud?Three Players: Two Victims. One Scammer.
What is Triangulation Fraud? Definitions & Overview
In a triangulation fraud scheme, everyone loses…except the scammer, of course.
With this sophisticated scheme, a bad actor sets up a fake eCommerce store, receives orders from a real buyer who is none the wiser, and then purchases and fulfills the orders from a legitimate eCommerce store using stolen payment information.
While the fraudster is busy making illicit profits by “selling” what are essentially stolen goods, both the legitimate eCommerce merchant handling the fulfillment and the cardholder whose card details were stolen stand to lose. Arguably most disadvantaged, however, is the merchant: while the cardholder can file a chargeback against the fraudulent transaction, the merchant has no recourse. In this chapter, let’s take a look at triangulation fraud and the scammers behind it.
Triangulation Fraud
In a triangulation scam, a fraudster sets up a fake eCommerce store, attracts real buyers, and uses stolen payment details to dropship an item from a real store. This guide explains how triangulation fraud works, the financial impact of this threat, prevention best practices, and more.
What is Triangulation Fraud?
- Triangulation Fraud
Triangulation fraud occurs when a customer makes a genuine purchase on a third-party marketplace, like eBay or Amazon, but the seller fraudulently purchases the product from another merchant. The name comes from the tri-lateral relationship between three involved parties: the unsuspecting customer, the legitimate merchant, and the fraudster middleman.
[noun]/trī, ● aNGjyə ● lā ● SHən ● frôd/
Triangulation fraud happens when a fraudster hijacks the eCommerce buying process. At least, that’s a simple way to think about it.
It involves three main players:
A scammer
A legitimate customer
A digital storefront
The scammer is operating as a merchant and accepting orders. But, instead of maintaining their own inventory, they’re using stolen cardholder data to purchase goods from a third party and then ship them to the buyer. Once the cardholder realizes they’ve been the victim of fraud, they file a chargeback to get their money back.
Does this sound confusing? Well, it’s meant to be. It’s a lot harder to track down the source of fraud if no one is really looking for it. Triangulation scammers operate by using that fact to their advantage.
We conduct a lot of our business online nowadays, from paying bills to shopping and sharing private information. Unfortunately, attacks like these are bound to become more commonplace. The stakes, as they say, are high. That’s why it’s more important than ever to know what you’re up against, and have a plan to respond.
Who is Committing Triangulation Fraud?
Triangulation fraud may be perpetrated by organized, professional scammers, or by semi-professional and novice actors.
Like triangulation fraud itself, triangulation fraudsters aren’t all the same. Bad actors who carry out these attacks vary significantly in scope, sophistication, and intent, though they generally fall into one of three categories:
Organized Crime Networks
We’re talking about sophisticated cross-border fraud rings that operate at scale, often spanning multiple states or even countries. Unlike solo criminals, these networks use professional infrastructure, including dedicated servers, automated systems, and even fake customer service teams to maintain a veneer of legitimacy as they process large volumes of fraudulent orders.
Semi-Professional Operators
These fraudsters are typically individuals or small groups who focus their efforts on marketplaces with known vulnerabilities, such as eBay or Amazon. By niching down their fraud efforts to one or two channels, these operators can more easily exploit platform-specific loopholes, which allows them to fly under the radar of standard fraud detection algorithms.
Opportunistic Individuals
Solo fraudsters are the least sophisticated of the bunch, but they can still purchase stolen card data from the dark web to conduct small-scale fraud. However, these amateur fraudsters often make mistakes that trigger merchant fraud prevention systems, so they can usually only get away with a few dozen transactions before they’re caught.
Savvier individuals may leverage fraud as a service (FaaS) to conduct triangulation fraud attacks at the level of sophistication of semi-professional fraudsters or even organized crime rings.
