The Next New Fraud Type
A large part of all e-commerce fraud can be tracked back to orders where the fraudster provides a BILL-TO address that differs from the SHIP-TO address. Think about it – if I have a stolen card, and know the billing address, I can take that card, change the SHIP-TO address, and have the product delivered. At the e-commerce show this week, we were hearing about how one of the newest fraud schemes was to provide the same BILL-TO and SHIP-TO address on the order. As soon as the order zips through the order approval process, the fraudster then gets the UPS or FedEx tracking number and “re-routes” the transaction to an alternate address.
However – I am going to go out on a limb and predict the next new fraud scheme that is not being protected. If you think about the situation above, there is another way in which the fraudster can receive the fraudulent goods without re-routing the order. Intead of rerouting the order, once they receive the stolen card, they call the card issuer and change the address on the account. Once accomplished, the BILL-TO address is now the alternate address, and the fraudster is free to enter the same BILL-TO and SHIP-TO. Suddenly, the order flies right through as there is a match.
Once discovered, the bank ends up writing this off as Account Takeover. Once UPS and FedEx begin to shut down the re-routing of fraudulent orders, we are predicting that Account Takeover fraud will suddenly see a big increase.
One more piece of evidence suggesting that sharing the bank activity with the merchant activity is the only way we can protect the entire channel.