Dropshipping vs Triangulation Fraud
A friend contacted me one day to ask me, quite urgently, if I could give her a Paris Saint-Germain soccer jersey. I asked her two things: “What for? What makes you think I have one?”
She answered that it was her nephew’s birthday that evening and that she hadn’t planned any gifts. To my second question, she simply answered:
“Well, because you are a PSG fan!”
Makes sense, I guess…
She had a EUR 60.00 budget. It wasn’t much, but I did accept the challenge. I promised to find her one within the evening. I called another friend who works in a sports store and bingo! He had what I needed for EUR 59.00.
Fantastic. I’d keep my reputation as a man of my word. I then sent EUR 59.00 through Lydia to the seller and called my friend, assuring her that it was settled: I had advanced the funds and she could get the jersey for her nephew.
An hour later, my friend would get the jersey back, thank me for saving the day and pay me off EUR 60.00 followed with: “Keep the change, bro’ ;)”
And then, the epiphany:
“If I do 1 million friends a favor, I’ll be a millionaire.” Except I don’t have a million friends. That’s when I thought I could create a website where I would offer to buy what people need in exchange for 1 euro. Except it already exists: this is called Dropshipping.
So, what is Dropshipping?
Dropshipping is a tripartite system where a buyer (in my example, the friend looking for a soccer jersey) makes an order on a distributor’s website (mine in this case), then said distributor relays the order information to a supplier (the friend who really owns the soccer jerseys) so that they can ensure the delivery.
In this system, everyone is satisfied and benefits from something, somewhere.
The retailer, who will be called the Dropshipper, will offer products on their website that they do not possess. They have no stocks to manage, no logistics (shipping, delivery, etc.). These tasks will be conducted by the supplier. The supplier doesn’t have to deal with payment issues or online fraud since the purchases are made on the Dropshipper’s website. They don’t have to manage customer service or marketing anymore, which is now in the hands of the Dropshipper. Besides, the Dropshipper now enables the supplier to sell, indirectly, to customers he wouldn’t have reached otherwise.
The buyer is happy, because they receive their product (even if though they could have obtained it for less with a little more effort. But that’s another story).
There are even SaaS platforms nowadays that allow Dropshippers to create their E-commerce website by adding suppliers’ products directly into their online store. All that being said, we are not here to advertise Dropshipping nor its related platforms, but to talk about fraud.
Indeed, Dropshipping can be very cool, especially when it is done according to the rules, but what about its fraudulent derivatives? We’ll specifically talk here about Triangulation fraud.
Triangulation fraud is inspired by Dropshipping but let’s be clear. It is not the same thing.
Triangulation fraud is based on Dropshipping, i.e. the tripartite system of Buyer — Distributor — Supplier, except that the distributor is a fraudster (and the other two are not aware of it).
Let’s now describe the fraudulent process of this deceitful distributor.
First, they will create an online store with products that they don’t own, but that they can retrieve at any time from another online store or E-Commerce website. So far, so good.
Then, they will receive a payment from a buyer interested in “their” product with all the information related to the order. Among other things, the name and delivery address.
At this stage, the legitimate Dropshipper would have placed the order with their supplier, while keeping a small margin for themself. Except that the fraudster does it differently. They will place an order on the merchant’s e-commerce website who really owns the product, but with a stolen credit card.
In order not to trigger any suspicions on the buyer’s side of things, the fraudster will enter their postal address during the fraudulent purchase so that the buyer may receive the order.
Finally, the seller receives the order from the fraudster, but when the real credit card holder then reports the fraudulent transaction to the bank (which results in a chargeback), the merchant ends up at a loss of both goods and money.
Unlike the Dropshipper, here the fraudster does not settle for a small margin; they recover the entire amount of the initial order.
The merchant, once they take note of the fraud, will have a name and an address: that of the legitimate buyer. Remember, the fraudster has entered the information of this buyer during the order and any procedures will now be initiated against them (blacklisting, product return claim, complaints, etc.) … albeit wrongly.
The Fraudster-Distributor wins on all fronts. Not only will they recover all the money from the legitimate buyer, but they also remain completely anonymous, because at no time do they provide their personal information during the payment.
In summary:
— The Buyer gives their sensitive information to a fraudster and is subject to legal action by the merchant.
— The Merchant loses the money as well as the product, and turns against the wrong person (the legitimate buyer).
— The Fraudster gets the money back from the buyer, leaving no trace.
That being said, data analysis can help merchants identify this fraud:
First, through the analysis of the products sold. Indeed, if the sale of a particular product shoots up in an online store, it may be because the product in question has been targeted by the fraudulent vendor. It might be that the fraudster has put this particular product up for sale and is trying to get it delivered through the legitimate merchant. If this is the case, it may then be wise to analyze the information from the various purchases of the products in question. IP, fingerprint, checkout behavior, email structure of the buyers are all relevant information to determine if we are dealing with the same buyer under several names, buying the same type of product.
3-D Secure is another way to reduce the impact of this fraud, but it’s no secret that it will also factor in your authorization rates.
For our Anglo-Saxon friends, AVS (a checking procedure essentially present in the USA which allows to verify if the delivery address matches with the billing address) is a formidable weapon against Triangulation fraud but beware, fraudsters can still easily bypass it. All they have to do is ask the e-merchant for a change of address once the order has been validated.
At the end of this article, we cannot say that we have the miracle solution against Triangulation fraud, but at least we have been warned.
Black Friday and Christmas are coming. Let’s be ready!
