Friday , March 29, 2024

Websnare Helps, But Internet Fraud Fight Is Far from Over

The arrests announced yesterday by the federal government in an operation directed against e-commerce fraud is cause for optimism, but there's still plenty to keep online merchants up at night, according to a key executive who helped carry out the latest law-enforcement action. The government's Operation Websnare led to the arrests in Nigeria of 17 persons on charges that they had defrauded U.S. Internet merchants through the use of illegally obtained credit card numbers, according to the U.S. Department of Justice. Authorities also recovered goods shipped by those merchants worth $340,000. The operation is the third in the past two years directed by the Federal Bureau of Investigation with the cooperation of the Merchant Risk Council, a trade group of online retailers formed to combat fraud. “We've made a lot of progress in the last two years,” says Julie Fergerson, co-chair of the council and co-founder and vice president of emerging technologies at ClearCommerce Corp., Austin, Texas,which produces tools to detect Internet fraud. But Fergerson cautions that there is no cause to be complacent. She points to a significant rise in fraudulent online transactions from Eastern Europe and stresses that U.S. merchants will have to be vigilant not only in detecting bogus transactions but also in helping to track down the source of the orders and in helping to arrest and prosecute the fraudsters, an often daunting challenge in foreign jurisdictions. “We can get a local guy arrested and get local law enforcement to prosecute [in North America],” she says. “But I wouldn't even know what local phone book to use in Nigeria.” One enduring advantage of Websnare, she notes, is that law-enforcement authorities in Nigeria have now received training from the FBI in building cases against online criminals. Still, the criminals who commit e-commerce fraud are becoming increasingly organized and specialized, Fergerson notes, which tends to offset gains Internet sellers are making in combating fraud-related chargebacks. As an example, she cites groups that specialize in compiling and selling lists of tens of thousands of Internet Protocol (IP) addresses belonging to computers that have been infiltrated with code that can control certain functions. Such malware can allow the computers to be used in sending bogus e-mail messages in phishing schemes, for example, or to mask fraudulent orders online. The ability to track down such lists and use them in scanning incoming orders helped crack the Nigerian case, Fergerson says. She also points out that phishing schemes are increasing in sophistication. Fraudsters now can place malware on computers that will capture users' keystrokes when they visit certain sites preprogrammed into the code. In this way, the criminals automate a crime that otherwise depends on their ability to gull victims into giving up account numbers, personal identification numbers, and other data, a technique known as social engineering. “The thing I'm most worried about is [fraudsters] are coming up with new schemes that don't require interaction with cardholders and don't require social engineering,” says Fergerson. In Operation Websnare, a variety of techniques led to the arrests in Nigeria. One was the use of the lists of hijacked IP addresses. Another was the cooperation of freight forwarders, companies whose street addresses fraudsters often use as shipping addresses, only to have the companies forward the goods to foreign addresses. Information from some of these forwarders helped lead authorities to Nigeria, Fergerson says. The FBI then set a trap in which merchants shipped empty packages in response to orders from the fraudsters, an operation known as a controlled delivery. The authorities in Nigeria arrested the persons who took delivery. Online transactions originating in Nigeria carry a chargeback rate of almost 12% for U.S. merchants, second only to the 13% rate on orders from Yugoslavia, according to statistics from ClearCommerce. The Merchant Risk Council, formed two years ago from the merger of two organizations, claims nearly 3,800 retailers as members at various levels of participation. Companies like ClearCommerce and American Express Co. and Discover Financial Services Inc. also participate in the vendor sponsorship and card advisory sponsorship categories.

Check Also

Buying Groups Might—or Might Not—Give Merchants More Negotiating Power with the Card Networks

Card-acceptance costs and network rules weren’t the only subjects covered by the sweeping settlement revealed …

Digital Transactions