Triangulation FraudHow Fraudsters Manage to Middleman Sales Without Ever Touching a Piece of Merchandise

Triangulation Fraud: A New Scheme That Lets Fraudsters Pose as Merchants

The ease with which consumers can search, shop, and purchase pretty much anything they want with a few taps on a smartphone or tablet provides a veritable breeding ground for scammers.

We’re not just talking about those basic, familiar tactics like identity theft or account takeover. Fraudsters are getting a little more sophisticated these days.

Triangulation fraud is one of the big threats you need to be on the lookout for online. Let’s talk about it — examine what it is, how it works, and what you can do to insulate your business against attacks.

What is Triangulation Fraud?

Triangulation Fraud

[noun]/* trī, ● aNGjyə ● lā ● SHən ● frôd/

Triangulation fraud occurs when a customer makes a genuine purchase on a third-party marketplace, like eBay or Amazon, but the seller fraudulently purchases the product from another merchant. The name comes from the tri-lateral relationship between three involved parties: the unsuspecting customer, the legitimate merchant, and the fraudster middleman.

Triangulation fraud happens when a fraudster hijacks the eCommerce buying process. At least, that’s a simple way to think about it.

It involves three main players:

The scammer is operating as a merchant and accepting orders. But, instead of maintaining their own inventory, they’re using stolen cardholder data to purchase goods from a third party and then ship them to the buyer. Once the cardholder realizes they’ve been the victim of fraud, they file a chargeback to get their money back. 

Does this sound confusing? Well, it’s meant to be. It’s a lot harder to track down the source of fraud if no one is really looking for it. Triangulation scammers operate by using that fact to their advantage.

We conduct a lot of our business online nowadays, from paying bills to shopping and sharing private information. Unfortunately, attacks like these are bound to become more commonplace. The stakes, as they say, are high. That’s why it’s more important than ever to know what you’re up against, and have a plan to respond.

How Does Triangulation Fraud Work?

First, the fraudster sets up operations on a marketplace site. eBay is a popular option, but any site with a marketplace that allows third-party sellers to operate will work. The criminal then lists products for sale at unusually low prices.

When a cardholder makes a purchase, the fraudster then turns around and buys the goods from a legitimate seller using stolen cardholder information. The fraudster sets the shipping address to match that of the customer. The legitimate merchant then ships the product to the buyer.

The fraudster pockets the money from the original sale, while the legitimate merchant gets paid using a stolen payment card. This triangulation fraud loop can be repeated over and over again if the merchant lacks appropriate fraud detection tools and other safeguards in place to prevent abuse.

Of course, this becomes the merchant’s problem when the owner of the stolen information notices unauthorized charges on their statement. The cardholder disputes the charges, and the merchant ends up facing a wave of chargebacks as a result.

How Much of a Threat is Triangulation Fraud?

Many fraudsters have an attitude that suggests triangulation fraud is a victimless crime. After all, the consumers in question get the products they ordered, while the owner of the stolen credit card is not liable for fraud. As we pointed out above, though, merchants end up paying for the crime through chargebacks directed at their businesses.

Merchants caught up in triangulation fraud are often targeted over and over again. This forces consumers to exercise their chargeback rights to get their money back from the fraud they never instigated. In turn, the merchant is charged twice for every instance, which leads to a never-ending loop of lost revenue, rising prices, and legal headaches.

These losses reverberate out, eventually impacting everyone in the payment ecosystem. Through escalating inflation, supply chain issues, and uncertain markets… absolutely everyone suffers because of triangulation fraud.

Triangulation fraud is especially hard to detect and identify, too. The scammer is typically using stolen credit card numbers that are usually bought in bulk on the dark web. But, they’re fulfilling genuine customers’ orders, using real shipping information.

Having that degree of separation makes the entire process appear random and hard to pinpoint. It could take months — or even years — before investigators pin down the source of a triangulation attack.

It sounds grim, but don’t worry: there is good news, too. Triangulation fraud is actually pretty easy to eliminate once you identify it.

Identifying Triangulation Fraud

If you suspect you’ve been targeted for a triangulation scheme, the first step should be to review your analytics.

You want to look for those items which fraudsters seem to purchase repeatedly. These scammers involved are probably running a specialty operation, so they’re typically buying the same item (or items) over and over. Cosmetics, for instance, are a common target for triangulation fraud.

If you identify problematic items, you can refine your fraud scoring rules and set a lower threshold for these goods.

You can also look at the payment method used. Are all the sketchy transactions coming from a specific banking identification number? Are they all using the same payment method? This can be a sign of fraudulent activity, too.

Another tactic you can employ if you suspect abuse is to put risky purchasers through additional checks. For example, you can charge two micropayments to the account in question and ask the buyer to verify the amounts.

Other “Red Flags” for Triangulation Fraud

I outlined a few general fraud tips above. But, I also wanted to give you some specific, recognizable fraud indicators to watch for, too.

Below are a few common warning signs associated with a triangulation attack:

• New Customers:
  A new account that suddenly starts buying the same items on a regular basis.
• Conflicting Addresses:
  The buyer’s billing and shipping information are different.
• Low Dollar-Value Transactions:
  Triangulation fraudsters typically focus on commonplace items not usually targeted by fraudsters.
• Transaction Velocity:
  Triangulation attacks are usually committed by small groups operating repeatedly from a few devices.

How Do You Prevent Triangulation Fraud?

All the above-mentioned practices can help you detect and stop triangulation fraud. But, the best approach is always to avoid becoming a target in the first place.

You can’t afford to appear vulnerable. Fraudsters know that the more people who are engaged in fraud against a single merchant, the harder it becomes to detect bad orders and identify fraudsters. So, your fraud losses will grow quickly once a criminal ring identifies you as a target.

It creates a feedback loop over time. Undetected fraud attacks generate bad data, making fraud detection less accurate, and the problem worsens over time. Overall, your best move is to stop fraud quickly and prevent it in the long term by adopting a multilayer strategy.

A dynamic, comprehensive approach to fraud management should include:

• Address verification (AVS)
• CVV verification
• Geolocation
• 3-D Secure 2.0 technology
• Proxy piercing
• Blacklists to ban known fraudsters
• Velocity checks
  

Learn more about fraud detection tools

It’s true that adding more fraud tools to your screening process can be costly. But, you have to look at the overall cost to implement a solution and weigh it against the potential losses you could avoid.

Think of fraud prevention tools like a net: the more tools you incorporate, the finer the mesh. The finer the mesh, the more fraud you catch. And, the more fraud you catch, the better your long-term performance.

Triangulation fraud is just one of many threats that can separate you from your hard-earned cash. But, with an effective approach to fraud and chargeback management at your disposal, you have the power to prevent losses, recover revenue, and protect the long-term viability of your business.