Most online transactions occur between two entities: the business and the customer. When both entities are genuine, everyone's happy – the customer receives the goods or services, and your business receives cash flow in exchange.
However, online fraud often occurs when a fraudster impersonates one of those parties. In triangulation fraud, the fraudster acts as a third party and inserts themselves into a legitimate transaction as a secret middleman.
This type of payment fraud targets eCommerce businesses and online marketplace customers and can have significant impacts. If left unchecked, triangulation fraud can affect many transactions and result in the loss of thousands, even hundreds of thousands, of dollars in revenue. Additionally, it can damage the reputation of a business as a safe, trustworthy seller.)
Read on to learn how triangulation fraud works, how to identify it, and how to prevent it in your business.
What is triangulation fraud?
Triangulation fraud is a type of eCommerce fraud that involves three primary players: a genuine customer, a scammer acting as a secret middleman, and a legitimate eCommerce website fulfilling the genuine customer's order. It may also be known as a triangular scam or triangle fraud. It happens in CNP (card not present) transactions when an innocent customer purchases an item via a third-party online marketplace, and the item is then fraudulently purchased from another retailer's eCommerce site.
How does triangulation fraud work?
Here's an overview of how a typical triangulation fraud scheme might work:
- An unsuspecting customer orders an item through an auction site like eBay or an online third-party marketplace like Amazon. Popular choices include trending, relatively expensive items such as new electronics or luxury fashion items marketed at an attractive price.
- The fraudster, posing as the third-party marketplace seller, visits a legitimate eCommerce website and uses stolen payment information to order the item the customer ordered, pocketing the first payment from the valid customer.
- The legitimate eCommerce retailer processes the fraudster's order, ships the item to the genuine customer's shipping address… and is left on the hook for any chargebacks associated with that stolen credit card used to purchase the items without any recourse to reclaim the product.
- The innocent customer receives the item they ordered, completely unaware they were part of a fraudulent scheme.
Triangulation fraud is especially devious because it makes customers unwitting participants in fraudsters' scams. It also leaves eCommerce businesses responsible for the charges, with a paper trail pointing only to the customer who ordered and received the item.
The impact of triangulation fraud
Triangulation fraud can lead to significant losses for legitimate eCommerce retailers while providing fraudsters with large sums of money and anonymity to continue their scams. A successful fraudster can profit from the order placed by a valid customer and the opportunity to repeat the same scam. On the other hand, the legitimate eCommerce retailer loses the product and must refund the stolen credit card account's owner who was charged. Additionally, chargebacks can incur costly fees and penalties on top of the refunded amount.
In some cases, even innocent customers catch on to it. Nina Kollars' experience with Nespresso, where she received a brand-new box of Nespresso capsules and a machine from Nespresso itself after ordering half-price capsules from eBay, is a recent high-profile example of triangulation fraud. She discovered a fraud ring that had defrauded Nespresso of vast amounts of money and many senior citizens of their credit card information.
Research shows that triangulation fraud already has a significant financial impact on the eCommerce industry, and its effects will continue to grow. Experts estimate that CNP fraud losses, including triangulation fraud, will exceed $10 billion in the U.S. alone by 2024, making up 74% of all fraud.
How do fraudsters steal personal information?
A fraudster must access stolen credit card numbers for a triangulation scam to work. Here are four of the top well-known ways fraudsters steal personal information like credit card numbers:
Fraudsters use account takeover to gain access to a customer's account, login, and payment details, allowing them to complete financial transactions without the account holder's permission. Account takeovers occur by exploiting a customer's login and payment details through brute force or purchased credentials. Fraudsters can then perform fraudulent transactions that could cause irreparable damage to their unsuspecting victims.
Phishing is a cybercrime where malicious users attempt to obtain sensitive information, such as passwords, credit card numbers, and account details, by sending emails that imitate companies or organizations associated with the target. These emails are carefully crafted to encourage the recipient to open them, click on links, or even respond with personal data. Once fraudsters have obtained the desired information, they can use it for various nefarious purposes, such as identity theft or triangulation fraud. Fraudsters can be very persuasive, but phishing emails can be easily recognizable if you know what to look for.
Cybercriminals use social engineering to carry out online fraud. Through social engineering, a fraudster assumes the identity of a legitimate employee to obtain sensitive information, such as passwords or credit card numbers. While social engineering has proven to be one of the most successful techniques for defrauding individuals and businesses alike, organizations can mitigate the risk of social engineering by providing security awareness training for their employees and implementing robust authentication protocols with multi-factor authorization.
Criminals or hackers breach systems to steal data, like login information and credit card data, in data breaches. It has become increasingly difficult for companies to protect their data from these malicious actors, leaving countless customers vulnerable to data theft.
How businesses can prevent triangulation fraud
With effective anti-fraud strategies, businesses can successfully protect themselves from triangulation fraud. Successful implementation of each layer of defense requires effort and expertise, but the result is foolproof protection.
Educate your customers
To protect customers from this triangulation fraud, they must be educated on how to identify and prevent it. Consumers should be aware of any requests for confidential information or suspicious financial transactions and should contact authorities if they suspect fraud. Additionally, if an offer seems too good to be true, it probably is, so consumers must exercise caution when engaging with unknown sellers or pledging money online. Educating your consumers about triangulation fraud is critical to helping them stay secure.
Implement risk-based authentication
Another way to prevent triangulation fraud is by implementing risk-based authentication (RBA). RBA requires users to authenticate themselves with multiple factors, including email verification, phone number validation, or two-factor authentication, before completing a transaction or accessing certain services or features on your website. This helps ensure that only legitimate users are accessing your system and prevents malicious actors from using stolen information to gain access.
Monitor and investigate suspicious activity
Monitoring and investigating any suspicious activity on your website or app is essential. If you notice any unusual behavior or transactions that seem unusual, it's important to investigate as soon as possible so that you can take action if necessary. Ensure your team has the resources and tools needed for monitoring and investigating suspicious activity quickly and efficiently so that any potential incidents can be addressed before they become more serious.
Implement a digital identification solution
Digital identification, such as browser fingerprinting, is an invaluable security solution for online businesses, helping to strengthen digital boundaries and ensure customer experiences are protected and secure. By assigning a unique digital ID to each user, digital identification solutions can detect suspicious activity with pinpoint accuracy and speed. Online businesses can easily create an environment where customers can confidently shop, knowing their sensitive information will remain safe.
Fingerprint Pro's visitor identification API identifies 99.5% of returning visitors, even when they attempt to conceal their identity. Digital fingerprinting software like Fingerprint Pro can instantly identify malicious users with a history of fraudulent activity. It can detect payment fraud, safeguard against card cracking, and instantly and accurately identify malicious users with a history of fraudulent activity to stop at-risk purchases before they occur.
Create a Fingerprint Pro account here to prevent triangulation fraud in your business.