third party fraud featured image

How to Protect Your Business From Third-Party Fraud

August 28, 2024 / Posted in Merchant 101

The expansion of e-commerce has kept its pace, even after the COVID-19 pandemic has long since passed. It’s true that the pandemic sparked an accelerated demand for an online shopping experience, but its convenience is what kept it expanding even further. With it came third-party fraud and other new ways scammers tried to abuse business’s vulnerabilities.

What Is Third-Party Fraud?

Third-party external fraud, also known as identity theft, is when someone else uses your name or personal information to get credit or goods without your permission or knowledge. It also includes fake names, where the fraudster uses stolen or false information to make a new identity. Just in 2021, about 15 million Americans fell for third-party scams. The quantity of incidents has been known to double every year.

How Do They Gain Our Personal Data?

Identity theft isn’t a new invention. However, the ways how scammers gain personal data have evolved with technology. They are using computers to get personal information they can use to commit identity fraud. They might look into a number of options to get this kind of information:

  • They might search the hard drives of stolen or discarded computers to find retrievable personal information that wasn’t properly erased,
  • They might break into individual computers or entire networks belonging to different types of businesses and corporations to access sensitive data,
  • They might use computerized public records, which often contain personal details that can be exploited,
  • They might use information-gathering malware that infects computers and transmits data back to the fraudster,
  • They might scour social networking sites to find users who could unwittingly share personal information that can be used for fraudulent purposes,
  • They can send phishing emails or text messages that trick recipients into revealing personal details or clicking on malicious links.

What to Do in Case You Are a Victim of Identity Theft?

It can take a lot of time and work to get back on your feet after identity theft. If your identity gets stolen, you must act quickly to minimize the impact. You can report the theft at IdentityTheft (Federal Trade Commission) or by calling 1-877-438-4338. They will help you figure out what steps to take to protect your identity and start the recovery process.

person pressing numbers on an ATM machine

What Does It Mean for a Merchant?

Imagine you’re a small business owner and your establishment is slowly becoming more successful. You offer good customer service and a lot of different e-commerce payment options, and you’ve invested in secure merchant services. You’re gaining new customers and everything is going smoothly until you realize something’s amiss – some of the new customers are fraudsters.

It turned out that the new customers weren’t really customers – they were scammers, and the real cardholders had their identities stolen. This is an example of third-party retail fraud. To put it another way, stolen data was used to buy something without permission.

Cybercriminals get the confidential data of a single cardholder (or several) and either open new accounts or take over the current ones without the victim’s knowledge. Most of the time, these credit card accounts are used to buy goods. Often, third-party schemes are used to make transaction scams easier. But that’s not always the case. For example, criminals use it to apply for large-sum loans and mortgages using fake names.

E-Commerce Is More Vulnerable to Identity Theft Scams

People have always had trouble with this type of fraud. It’s just that the situation is much worse now than it was before the expansion of the internet and eCommerce took off. When a transaction takes place in person, the merchant can see the actual cardholder and their card and may ask for additional proof of identity. E-commerce stores don’t have those advantages, so they are much more vulnerable to fraud.

Some shopper verification is possible, but in the end, an e-commerce merchant has to make a choice based on the little information they have. In essence, third-party fraud happens more through online shopping, and in the end, the merchant is usually the one who has to give the customer a refund. It means the criminal gets away with the deed while the merchant is left with the bill.

woman shopping on a laptop holding a card

Types of Third-Party Fraud

Third-party fraud, which is often the same thing as “identity theft,” is when fraudsters use someone else’s digital name without their permission. This broad category includes several different types of fraud:

  • Account takeover happens when a fraudster gains access to an individual’s account, alters the information to lock out the legitimate owner or redirects purchases to another address. This type of fraud can cause significant disruption to the victim’s financial and personal life.
  • Synthetic fraud is when a fraudster doesn’t steal one identity but instead makes a sort of “Frankenstein” identity with pieces of personal data from several people. This type of fraud is very hard to track and deal with because the identity doesn’t correspond to a real person.
  • Loan stacking is when a fraudster applies for multiple loans using a fake identity, with no intention of repaying them. They then collect those loans and vanish.
  • New account fraud involves opening new accounts with false or stolen credentials. Once they are maxed out, they are typically abandoned, or used for other criminal activities.

Each of these categories is hard to deal with in its own way, so prevention is what can help merchants and their clients avoid a financial disaster that comes after these scams.

types of fraud infographic

How to Prevent This Type of Fraud?

While it may seem as though there’s no guarding against this type of fraud, there are several things a merchant can do to prevent them from happening.

First things first, when you’re opening an e-commerce store, it’s very important to use merchant services and credit card processing with protection tools in place. These tools look for anomalies while they analyze customer behavior and transaction patterns. For example, machine learning algorithms can find patterns that don’t make sense and could be signs of fraud. This helps to spot and stop fraud before it happens.

Another step is to make login processes stronger by adding more verification steps besides just the account and password. This could include confirmations by text message, email, or biometric checks like fingerprint or face recognition, especially for large transactions. In addition, it’s important to regularly check, patch, and update systems to defend against security vulnerabilities. Keep in mind that encryption and secure access protocols help in securing sensitive customer data.

Additional Security Measures

The goal of fraud prevention is to protect both the business and clients. But as the scammers get more savvy with technology, having a few more security measures in place won’t hurt. Here are some additional methods of protecting data:

  • Use solutions like address verification services (AVS) and card verification value (CVV) for additional checks. This helps determine whether the cardholder is authorized to use the card.
  • Inform customers about the importance of protecting their personal information and recognizing phishing attempts. Encourage them to report any suspicious activity related to their accounts.
  • Set limits on the size or number of transactions that can be processed with credit card processing services in a certain time frame. This prevention can stop large-scale scams, especially with new accounts or accounts that show unusual buying patterns.
  • Choose credit card processing companies that provide payment gateways that follow the latest security standards, like PCI DSS. It will make all the transactions secure, and protect both the merchant and their clients.

Check each transaction on the merchant statement by hand if fraud detection tools flag it or if it seems like suspicious behavior, like when a new customer buys something expensive. This helps find e-commerce fraud early, which stops possible losses.

A card with a lock on top

Actual Cases of Third-Party Scams

Let’s mention some well-known cases of 3rd party fraud that show how smart scammers are at using other people’s names and money to commit fraud. These cases show just how important it is to be alert and have strong security means in place to stop these kinds of scamming activities.

The criminals in these cases were caught and given their sentences, but many cases of this type of fraud go unnoticed and, as a result, unpunished. A lot of times, this kind of criminal activity isn’t detected nor reported, which shows how stealthy and common this type of crime is.

The Case of Kenneth Gibson

In 2017, a fraudster named Kenneth Gibson created approximately 8,000 fake PayPal accounts using the identities of employees from his workplace in Nevada. To remain under the radar, he transferred only minor sums of money, which he then withdrew from an ATM. The frequent ATM withdrawals ultimately led to the exposure of his scheme, which he executed using a programmed script.

How Anthony Lemar Taylor Impersonated Tiger Woods

Anthony Lemar Taylor has exploited the identity of famed golfer Tiger Woods. He obtained a driver’s license under Woods’ name and then made purchases worth up to $17,000. These purchases included a car and a 70-inch TV screen. Taylor’s actions led to a controversial sentence of 200 years under California’s strict “Three Strikes” law.

David Matthew Read’s Expensive Impersonation of Demi Moore

In another case in 2018, a scammer named David Matthew Read started a spending spree worth $169,000. He managed to get a hold of a replacement American Express Black card in the name of the actress Demi Moore and used it for various high-ticket items.

person using keyboard on mac and a card

Use Safe Credit Card Processing With Merchant Chimp

As technology evolves, so do the ways fraudsters abuse vulnerabilities for personal gain. That’s why businesses need to stay ahead by using advanced fraud detection tools and effective fraud prevention strategies.

Merchant Chimp is a credit card processing company that offers secure processing and other solutions that can benefit your business. From Point-of-Sale systems to additional options like our discount program, we can help you elevate your business and attract more customers. Contact us today to find out more about how our services can help you focus on growth while keeping finances safe.

GET A QUOTE

It never hurts to know how much you can save.

Get a Quote

Step 1 of 2

50%