Date: unknown
Location: getcho.app
A while back, Krebs dropped a piece about a guy caught in triangle fraud scheme; below is the infographic he used.
When this piece came out, we didn’t know what it was called, but Getcho had been blocking triangle fraud for about six months. Today, Getcho helps retailers with their local delivery strategy and fraud protection comes out of the box.
All over the world, bad actors buy and sell stolen credit cards on the black market. While you can buy things online with a stolen card, it’s not always easy to repay one’s “investment” and turn credit into cash. A naive strategy would be to buy merchandise and then sell it elsewhere — you could buy with credit and sell for cash.
There are two challenges with this strategy:
So criminals use a form of drop-shipping:
Just one more wrinkle: Victims often flag fraudulent purchases and asset protection departments investigate. Since the retailer knows the delivery address, the unknowing recipient can be contacted. They are then prone to charging back and reporting the fraud which could result in the online store being shut down.
So criminals don’t ship the merch directly. They exploit “buy online, pick-up in store” (BOPIS) processes.
Thus the link between the criminal and the fraud vanishes. Considering there are four stakeholders — the credit card victim, the unknowing buyer, the unknowing retailer, and the delivery service — it might be more aptly called square fraud.
Getcho closely monitors all deliveries. One week we had a few requests to deliver laptops from a brick and mortar stores to UPS. We use LLMs to clean-up and vet delivery notes and the system kept flagging sketchy instructions to photograph the UPS receipt. That triggers a human call to the recipient which revealed a suspicious pattern:
When we called, the person was combative and suspicious and even failed to pronounce the name on the order.
So we blocked the order, reported the card to Stripe and alerted the police, the store and the unknowing consumer. In one case, we got a hold of the cardholder who confirmed his wallet had been stolen. For a few weeks, we played a big game of whack-a-mole and prevented a dozen instances of triangle fraud.
One time, we received a request to deliver a big order of spark plugs from a dealership to a car mechanic. Spark plugs are small and expensive, making them prime currency.
Seeing the same patterns above, we called the dealership who confirmed that they had also flagged the credit card. They said they were leery of constant spark plug purchases, but couldn’t figure out what the scam was. The mechanic was less cooperative and didn’t reveal the online store he bought from.
To prevent triangle fraud automatically, we use a combination of great tools:
Finally, we help physical retail stores with their BOPIS process. It’s important to provide in-store pick-up options since these account for 20% of orders at some stores. And many customers do delegate others to do their pick-ups, so requiring a physical ID is too stringent. Since retailers refund unclaimed BOPIS purchases, it’s in their interest to encourage a smooth pick-up.
Getcho integrates directly with ecommerce experiences like Shopify to flag orders and enable delegated pick-up or local delivery. By the time the pick-up person arrives, the store can authenticate them with Getcho and sleep easy.