Foiling Internet Fraudsters

Preventing Internet credit card fraud

By Joel Bartow, CFE, CBM, LPI, CPP

Batman once said, "If only they would use their genius for good instead of evil!" While Internet fraudsters will never stop finding new ways to use cyberspace to victimize, fraud examiners now have methods to prevent their crimes rather than just trying to investigate after the fact. 

A Nigerian Criminal Enterprise (NCE) has been using computers in Lagos, Nigeria, to perpetrate a version of the forwarder scam - placing thousands of Internet orders using randomly generated credit card numbers and expiration dates on the Web sites of hundreds of U.S. businesses.

Members of this NCE recruit U.S. citizens to receive merchandise and forward the goods back to Nigeria where they sell them on the black market. Christian Internet chat rooms are their favorite recruiting grounds. Preying on the willingness of their recruits to help out those in need, the NCE operative poses as a young woman trying to get needed computer equipment or clothing ostensibly without paying oppressive Nigerian import taxes. The good-deed doer begins receiving stolen property and sends it to Nigeria using a stolen account number for an overnight delivery company supplied by the NCE operative. By the time authorities ring the doorbell of the unsuspecting accomplice, the NCE has recruited a new forwarder to take that person's place. One company received more than $4 million in fraudulent orders in one year from an NCE using 23 different forwarders.

With no possibility of arrest or prosecution, fraud examiners have to protect their companies from such attacks without interrupting the flow of legitimate customer orders. Fraud examiners need to concentrate on foiling Internet fraudsters rather than trying to investigate after the fact.

Not all companies are fully aware of the tools used to protect Web sites from this menace. While almost all companies use a credit card verification system of some kind, not all such systems are equally effective.

The simplest verification system for Internet credit card numbers affirms that a specific number has in fact been issued and that the expiration date matches the credit card number provided. While this will prevent an order from using an unassigned number, this doesn't tell the merchant company to whom that number has been issued only that it has been issued. Since the NCE has the ability to predict the expiration dates of credit card numbers (using a computer program), such systems are insufficient to stop an NCE attack.

For full access to story, members may sign in here.

Not a member? Click here to Join Now. Or Click here to sign up for a FREE TRIAL.