How to recognize fraudulent orders

How to Recognize Fraudulent Online Orders
Brian Gongol

The "John Cole" scam:

This crook (who went by the name "John Cole") first contacted us via e-mail, asking for a quote on ten of a certain model of pump. We replied with a link to the page on which the pump was located, indicating that the price would be shown on the page. He again replied, demanding a quote via e-mail. We sent the quote, and he replied almost immediately, wanting shipment of all ten pumps at once. He offered a credit card number via e-mail, which was declined. When we replied to indicate that the card was declined, he replied again via e-mail with three different credit-card numbers, asking us to spread the charges equally among all three cards. The address given didn't match the addresses on the cards, and we notified the credit card companies; their fraud departments confirmed that the names on the cards didn't match the name we were given. The crook then proceeded to leave a series of harassing telephone messages demanding to know why we hadn't shipped him the pumps he had "ordered". The messages became more frequent and abusive until finally tapering off.

What were the crooks planning to do? Probably one of two things:

Use a site like eBay to sell the stolen merchandise. If they had gotten the pumps, they could have put them up for sale at some absurdly low price and made a quick profit on stolen goods. The real owner of the credit card would have gotten the bill, and if they had noticed, they could have gotten the credit card company to reverse the charge. That would have left us in the hole for the full price of the pumps, with no recourse but to try to get them back -- which would have been impossible.
- Cost to the credit-card victim: $50, which is the usual limit on fraudulent charges
- Cost to the merchant (us): The price of the pumps, plus our time and incidental costs like shipping
- What the crook would have gotten: Whatever price they could have sold the pumps for
Take delivery of the pumps, but complain that they were broken and demand a cash refund. Assuming we had taken the return, we would have lost the value of a refund check for the total amount of the sale.
- Cost to the credit-card victim: $50, which is the usual limit on fraudulent charges
- Cost to the merchant (us): The price of the pumps, plus our time and incidental costs like shipping
- What the crook would have gotten: A check for the price of the pumps

Warning signs that the order was fraudulent:

The crook was unwilling to take the time to look at the page we sent. Any normal person placing an order for $5,000 worth of equipment would probably be willing to take a minute or two to ensure that the pricing and terms offered on the website were acceptable; a crook only interested in stealing would not.
The crook had no qualms about sending credit card numbers via e-mail. Smart consumers know that sending credit-card details via e-mail is only a little bit more secure than posting those numbers on the side of a Goodyear Blimp. Our website (like any responsible online store) offers a number of security features, like SSL encryption, that help improve the security of a transaction. While the legitimate owner of a credit card has reason to care about security, an identity thief does not.
The pushy, rushing nature of the order. People in a hurry to get equipment usually have a story -- perhaps they need pumps to clean up after a flood, or something similar -- but the story makes sense. This crook just wanted to get the products ASAP, with no explanation.
The abusive phone messages. Some people are hotheads, but anyone with half a brain knows that it's probably not going to help if you just start shouting at the person who's trying to help you. This is especially the case when the person who is trying to help you has a last name that also appears in the name of the company. That's a hint that you may be talking to an owner. Owners really don't like to be abused.
The shipping address didn't match the credit card's billing address. There are some legitimate reasons for this to happen; sometimes a business has multiple offices, or someone is sending a gift to a friend. But $5,000 worth of pumps hardly makes for a good gift, and the shipping address given was in an apartment complex in Chicago, a fact that was easily confirmed using Google Maps.
The e-mails were sent from Africa. Even though the crook was using a regular Yahoo e-mail account, the message header still included his IP address. A little checking via whois.net and ripe.net confirmed that the e-mails originated from an IP address in The Gambia. Since the crook claimed to be in Chicagoland, it's hard to believe he was traveling to Africa just to send us his e-mail.

An important element learned from this experience is that the credit card companies have next to no interest at all in helping online merchants prevent or track down fraud. Since the burden of paying for the fraud falls squarely on the shoulders of the online merchants, the issuers don't care because they don't lose any money. In fact, they charge service fees on every transaction, so even in cases of fraud, they still make money.

The Internet Relay scam:

Thanks to the Internet, deaf people are able to place telephone calls via a service called Internet Relay. Internet Relays are offered by the major phone carriers, like AT&T and Sprint. They are certainly a great service for legitimate users, but they've also opened up an avenue for criminals to attack online merchants.

We received a call via Internet Relay during which the supposed "customer" claimed to be in Iowa and asked for the price of a certain model of pump. We offered to send the address of the website via e-mail, which they accepted, but asked that we stay on the telephone line while they checked. We sent the link, on which the price of the pump was clearly shown. Via the Internet Relay, the crook -- having confirmed that he was looking right at the page we had just sent -- asked what the price was. We confirmed the price was exactly as shown on the website, and the crook (again, via the relay call) asked about getting a quantity of twenty shipped via overnight service. Noticing the similarities to the "John Cole" scam, we asked them to send us a message via e-mail asking for the shipping details. We made the same check of the actual IP address from which the e-mail was being sent as we had in the "John Cole" story, and found that this scam was being conducted by someone using Ghana Telecom. We terminated the call immediately, since it was clearly just going to be a waste of our time. Ghana is a full ocean away from Iowa, so anyone claiming to be in one who is actually in another obviously isn't confused; they're just lying.

What's unfortunate about this scam is that there are legitimate customers who might need to use Internet Relay to place their calls. Criminals to use this helpful service aren't just crooks looking to scam legitimate businesses, they're lowlife scum hogging resources that are supposed to be used to help the deaf and hard of hearing. Unfortunately, in this case, Internet Relay was being exploited to help a criminal from overseas place a free phone call to America.

What were the crooks planning to do? Most likely, they were planning to have us ship the pumps to a freight forwarder in the US, who would've sent the pumps on to Ghana. In all likelihood, the credit card number used would have been stolen, just like in the "John Cole" incident, and yet another time, the honest online merchant would've been left paying for the crimes of a crook in Africa, far beyond the reach of US law.

Warning signs that the order was fraudulent:

The rush to get an unusually large quantity of pumps
The willingness to relay credit card details via an unsecure means when a secure alternative was available
Lies about the crook's true location
Insistence that we repeat and confirm prices and details that were clearly obvious on the Internet site the crook had used to find our telephone number in the first place