Get Ready to Go to Work
By Bill Marcus
About five years ago, in Toronto, thieves put out word via online classifieds that they had $8.2 million in stolen office equipment to sell.
But here’s the thing about internet ads: Anybody can read them.
“We found them through online searches,” says private investigator Whitney Joy Smith, who was hired to find the stolen equipment.
Smith posed as someone from a logistics firm looking for warehouse space. A real estate agent led her right to the building where fraudsters were keeping the stash. After a number of days staking out the location — keeping cool with the air conditioner in her truck running — Smith was chased by a big man in his mid-50s.
Not fun, “but getting chased by them helped us to get further information. We were able to find out more about the people who were involved by kind of hiding around the area,” Smith says. “We followed them to two smaller warehouses that had some additional stuff.”
One was actually being used by the thieves as a showroom and sales space.
Yes, online fraudsters are brazen. And they’re smart. They use stolen credit cards or hijack innocent consumers’ accounts. They know what merchants look for in a safe online order and play the part in their digital transactions. They’re versatile, stealing ideas, intellectual property as well as goods.
And because fraudsters’ inventory comes to them free-of-charge, they look to sell for pure profit. The key to finding cyber-jacked items, says Canadian private eye Smith, is to consider who would be in the market for those goods.
“Once you have an idea of the industry that it’s going to go to – whether it’s going to go to a regular consumer or it’s going to go to a business – then you know where to start looking,” she says.
That’s where the internet ads come in.
Crime stoppers textbook: Read the internet
“They were basically putting different on-line advertisements to different companies offering this product. They were basically saying, ‘If you have an office and want this product, contact us.’”
And while Smith’s ability to recover the office equipment was good news, it didn’t mean the experience was painless for the merchant. In fact, the crime cost the retailer $4 million in legal fees and payments to Smith’s firm.
So, what to do? Smith said Canada’s Kijiji, the online site where the equipment was being advertised, was no help. Her advice to online retailers? Conduct solid due diligence.
“Maybe get a little bit more information on people… they can locate the person later to then try to get a refund or charge them, whatever the situation is.”
Philip Rooke, CEO of Spreadshirt, a Leipzig, Germany-based online retail company that enables customers to design and order custom T-shirts and sweatshirts, has his own answer for the scourge of fraudsters. He takes matters into his own hands and tracks down fraudulent competitors who rip off his client’s designs by policing Amazon, eBay, and Craigslist. When stolen goods appear, he mails out a form letter.
“When we find people selling our fake things on Amazon, eBay, Etsy, Craigslist, we complain to the platform. Under U.S. and European law they are normally required to take that down if you can prove that you’ve got exclusive rights for that product,” he says. “But that’s not always easy.”
Most of the $200,000 he spends each year for fraud control pays for staff. “We have a team of people who are checking our Amazon, eBay listings,” says Rooke.
“The costs of taking them to court is not going to be worth it,” he adds.
But, if he can locate an address for a fraudster, a cease and desist letter often will do the trick. But even his do-it-yourself method tends to result in something of a game of whack-a-mole, in which the same perpetrator simply bounces back up on Amazon or eBay under another name.
“You know it’s the same people because it has exactly the same text, exactly the same designs.”
The key in dealing with the platforms and the fraudsters is to be just a little bit more annoying than anyone else, says Rooke, “so they go and copy somebody else’s stuff, not us.”
“I don’t have to be the best in the world at policing this,” he explains. “I just have to be a little bit better than my competitors and let them take the fraud.”
Still, following 10,000 uploaded designs a day requires the efforts of more than just Rooke’s staff. He also relies on the crowdsourcing community of designers who use his site to monitor theft of their own intellectual property.
“We have 70,000 people selling on our platform and that’s 70,000 pairs of eyes out there noticing things are not right.”
Rooke says maintaining good brand identity also helps him combat fraud. That’s because customers expect high quality products and service, two things a fraudster tends not to deliver. By not tolerating lower-quality work and less than standard service, customers themselves become fraud-busting agents because they will complain too, he says.
Perfume helped Rooke develop a nose for fraud
Some of the lessons Rooke learned about how to recover stolen goods, he learned when he sold perfume online.
“It hadn’t occurred to me how fraudulent the perfume business was,” Rooke says. “At the time I was too busy celebrating this rapid revenue growth I got — until six weeks later when I had to pay all the money back.”
Chargebacks totaled 35 percent of sales. Police were no help. One time, to recover £2,000 worth of product from a Southeast London-based fraudster, he went and retrieved the stolen goods himself.
“As it happened I was in London,” says Rooke, who said he approached the fraudster’s home prepared, his sneakers tied tight so he could flee quickly if he had to.
“I’m a reasonably large guy, braver than most people, to be doing that. To be honest I had worked out that I could run away if he was beating on me.”
You might not want to try this at home.
“I banged on the guy’s door. And I said ‘You ordered a whole load of perfume here and it’s fraudulent because it’s bouncing back already,’” says Rooke. “He gave me back half my perfume. But he refused to give me back the rest of the money.”
Rooke also patrolled outdoor markets and British pubs where his goods were often sold. But these efforts could not realistically be scaled up, he says. At the root of his problem was what he called his fundamental failure — he didn’t do his due diligence.
Experts say due diligence is everything from requiring a customer who visits your site to fill out a complete registration, not a guest registration form, to verifying addresses and CVV numbers on cards.
Rooke weeds out high risk locations. “We also do a lot of analysis by payment types.”
Paying close attention to typical fraudster behaviors helps too.
“I’ve discovered over the years that fraudsters are not people who live by the rules,” says Rooke – including the rules of English grammar. “And because they do not live by the rules, they are not very good at capitalizing their addresses. They write everything in the lower case. Or, they don’t consider those things to be important. So when you see anything which is written, and there are certain things which just don’t conform to certain rules, that tends to also indicate fraud.”
As a company’s sales increase, however, it needs a more automated approach to spotting bad orders.
As online sales and the sophistication of fraudsters grow, so does the price being paid by the victims of fraud. Those who fail to do due diligence and find other strategies to reduce the risk of accepting bad orders are likely to fall victim to ecommerce fraud. It’s a crime that is projected to create 2017 losses of $48.2 billion in the eight key industry segments covered by the Q1 2017 Global Fraud Index, produced by Signifyd and PYMNTS.com
Safe But Not Sorry: How Not To Block Legit Customers
Despite the risk, preventing fraud is a delicate balancing act. If an online retailer adopts fraud-fighting measures that are too strict, it will deter legitimate customers who want to buy.
When he arrived at Spreadshirt seven years ago Rooke says security barriers were so high that for every fraudster the company was stopping, ten genuine customers also were barred from buying.
“None of my cards worked on the Spreadshirt site. But our fraud was none,” says Rooke. The red flag on Rooke’s account? He lived outside the country.
“I had English credit cards,” he says, “but lived in Germany and I had not been a repeat customer.”
And so he loosened the restrictions.
“I allowed the level of fraud up and it went up to 1 percent and sales went up by 5 percent. So then we took it to down to where it is now, which is about a half-of-one-percent, and our sales were still up by about four to five percent.”
Today a quarter of a percent of his annual $105 million in revenue goes to prevent rights infringement. That’s on top of the half-a-percent annual loss he says he’s resigned to accept from chargebacks due to fraudulent charges.
But there’s an easier way. Like most aspects of ecommerce, fraud protection can be automated. Machines and humans working together allows the policing of bad orders to scale up and provide protection not possible by humans alone. Signifyd uses data and machine learning to approve or reject orders, while providing a detailed summary behind the reasoning for each decision. More importantly, Signifyd provides a 100 percent financial guarantee for all approved orders.
Beats spending your days and nights in an idling truck, trying to stay cool while watching who’s coming and going from a lonely and possibly dangerous warehouse — doesn’t it?
Bill Marcus is a freelance writer covering business and technology.