Organized retail crime costs retailers billions of dollars. In an era, where retailers are closing stores or going completely out of business, it's logical to assume that organized retail crime is a contributing factor to retailers shutting their doors and people losing their jobs. With the sour economy inspiring more and more theft and fraud, it is becoming more critical than ever before for companies to control their losses in their struggle to remain viable.
When retailers lose money to theft, the end result can be (assuming they don't go bankrupt) that jobs are cut. Payroll is normally the largest and most controllable expense in any business. When businesses start to show negative earnings — like a lot of them are right now — payroll is normally the first place they look to cut when trying to avoid shutting their doors.
In an effort to fight what experts say is a $30 billion a year organized retail crime issue, the National Retail Federation is welcoming legislation being introduced to give them more tools to fight this problem. Yesterday, three bills were introduced in Congress to assist retailers and law enforcement in this effort.
The three bills introduced are "the Combating Organized Retail Crime Act of 2009, sponsored by Senate Majority Whip Richard J. Durbin, D-Ill.; the Organized Retail Crime Act of 2009, sponsored by Representative Brad Ellsworth, D-Ind.; and the E-Fencing Enforcement Act of 2009, sponsored by House Judiciary Committee Crime, Terrorism and Homeland Security Subcommittee Chairman Bobby Scott, D-Va. The measures are similar to legislation first introduced last summer" according to the press release and podcast on this matter by the National Retail Federation.
In case you are unfamiliar with "Organized Retail Crime," it involves organized retail theft activity for profit. Once the merchandise is stolen, it is fenced (sold) to get a cash value out of it. Traditionally, this merchandise was sold at flea markets/dishonest retailers, but more and more often nowadays, retail crime rings are turning to auction sites to unload their stolen goods.
The reason for this is if they sell it on an auction site, they make a lot more money than in the more traditional fencing venues. Experts believe they net 70 percent of the retail value by selling their stolen wares on an auction site versus the 30 percent of retail value they receive in more traditional fencing venues.
Another possible factor contributing the problem is that consumers — who are operating with ever-decreasing personal budgets — are flocking to these sites to stretch their buying dollars. Without knowing it, they might be adding fuel to the fire and unknowingly buying this stolen merchandise.
Even if the retailer can prove that merchandise on an auction site is stolen, it can be extremely difficult for them to get the site to cooperate in going after the criminals selling it. Due to a lot of red-tape imposed by these sites to release information, it requires a lot of time/effort to get the site to cooperate in an investigation. Because of this, the crooks are normally long gone before any effective investigative action is taken.
Another phenomenon called phishing makes the activity even more anonymous/hard to track on auction sites. Phishing is where a person (user) is tricked into giving up their credentials to an account. For years, eBay and PayPal have ranked as some of the most phished brands out there. Criminals use this information to take over an account and commit fraud using someone else's selling account. When investigating auction fraud, time is of the essence, otherwise the trail is often too cold to track. The crooks use one of these accounts for a short period of time and then move on to another phished account to avoid detection.
Organized retail crime is also taking advantage of the identity theft/financial crimes phenomenon and working with the hacking element that has been attacking the financial industry. Counterfeit payment cards (credit/debit), checks and identification are all being used to electronically boost merchandise and walk right out the store with it. In the TJX data breach — which was the largest hack of financial data to date — a group was caught using cloned payment cards to buy $8 million worth gift cards from Walmart. In the more recent data breach at Heartland Payment Systems — which looks like it might surpass TJX in the amount of data stolen — the only arrests made thus far were a group using the stolen data to clone gift cards. Since gift cards are redeemed at retailers, this is yet another example of how the financial hackers and organized retail crime types are working together. To me, this is evidence that organized retail crime is becoming more sophisticated in their theft techniques, which will likely make this problem get even worse than it already is.
The three bills being introduced will force auction sites to cooperate with retailers and law enforcement, define organized criminal activity as a federal offense and establish stricter sentencing guidelines for criminals convicted of organized retail crime. Too frequently, under current laws, criminals involved in this activity are treated like petty thieves and get a slap on this wrist when they are caught. Last, but not least, it will hold auction sites more accountable for the sale of stolen merchandise if it could have been prevented.
Besides fencing, there is a lot of other fraud on auction sites that isn't necessarily tied in to fencing and victimizes auction customers/sellers, more personally. Legitimate e-commerce sellers are frequently ripped off with bogus financial instruments. Buyers are also defrauded in a wide variety of scams on these sites. Like the major retail types, who are behind this legislation, the more ordinary victims are often hung out to dry when they try to get any assistance from the auction sites. There is little doubt (my opinion) that auction sites need to clean up all the fraud that occurs on them. While they do provide value and a fun way to buy things, there have been too many innocent people victimized on them.
While this legislation primarily focuses on fencing, it's a start in the right direction. Perhaps other groups should join in and support this legislation, which if passed, will likely set some needed legal precedents. It will also make it a little harder for the criminally inclined to operate on auction sites.
Supporting this legislation makes a lot of sense for a lot of different reasons. These are not victimless crimes and the consequences are being felt by innocent consumers and businesses.
Showing posts with label fencing. Show all posts
Showing posts with label fencing. Show all posts
Thursday, February 26, 2009
Sunday, June 08, 2008
NRF Survey shows Organized Retail Crime activity is growing!
According to FBI estimates, Organized Retail Crime (ORC) is a $30 billion a year business. The National Retail Federation's 2008 Organized Crime Survey shows another alarming trend, which is that the amount of e-fencing to sell stolen merchandise on auction sites like eBay and Craigslist has grown 6 percent.
Also mentioned in the survey are shady e-commerce sites being put up on the Internet to fence the proceeeds of ORC.
In case you've never heard the term, Organized Retail Crime, here is a good description of the activity:
The report acknowledges that these groups are using cloned credit cards to steal merchandise and or get the necessary receipts to refund the merchandise for cash.
In the wake of the TJX data breach, where up to 94 million personal and financial records were hacked, a group was caught in Florida using data from the breach (cloned cards) to buy a reported $8 million worth of gift cards.
Please note that TJX is hardly the only retailer, or financial services institution that has had personal and financial records hacked from their systems in recent history. Attrition.org does a good job of recording the known breaches on their Data Loss Database - Open Source .
Although not addressed in the current report, I suspect the use of fraudulent checks are used to obtain merchandise and receipts, also.
This could be fueled by another organized crime activity. Portable technology has made the counterfeiting of identification documents another growing trend. Over the past two years or so, I've had the pleasure of being able to speak with Suad Leija and her husband about this organized criminal activity on a semi-regular basis. Suad, the step-daughter of one of the top players in this game was recruited in an intelligence operation and eventually exposed a cartel operating throughout North America to the government. Prosecution of members of the cartel is ongoing in this case and Suad is currently working on a book.
These documents, which are available throughout the United States, can be easily used to support both check and refund fraud by using names that get past the data bases designed to protect retailers from these types of fraudulent activity.
Portable technology is also being used to clone payment cards and some of it is easily found on auction, or shady e-commerce sites set up to sell these devices. As of this writing, I was easily able to find credit card encoders for sale on eBay. A site called HackersHomePage.com provides an array of devices that could be used to steal and produce payment (credit/debit) cards. They also provide tools to make counterfeit checks and even, paper for fake prescriptions. They do have a "disclaimer" stating that none of their products are to be used for illegal purposes, but it is pretty obvious someone could.
There is no doubt that there is a lot of technology that is enabling a lot of criminal activity out there!
NRF's Vice President of Loss Prevention, Joe LaRocca, made what I consider a sage comment on this activity:
When I stated that this activity hurts all of us, the reason is that retailers have to make up the $30 billion they are losing to this activity somewhere. This normally equates to higher prices, or in extreme circumstances (especially in tight economic times) cutting payroll. Simply stated, people might be losing their jobs because of this activity.
So far as health risks, the report sums up the obvious risks rather well:
I decided to see if I could find baby formula on eBay. As you can see - there seems to be a lot of it for sale on the site at discounted prices. At the time I checked 26 pages of it were for sale on the site.
Actual cases in the report that support how organized this activity has become are a $60-$100 million dollar case in Florida involving health, beauty, cosmetic products and over-the-counter medicines. Another case mentioned involved a high ranking member Gambino Crime Family and a sophisticated ticket/UPC switching case and extortion. In this case, a planted employee was making up the labels and providing temporary credit cards to move the merchandise through point-of-sale systems.
Recent initiatives to combat Organized Retail Crime include launching LerpNET, which is a crime database available to both retailers and law enforcement. Also highlighted was legislation against ORC throughout the country to "reduce the rewards and increase the risk" to the groups involved in it. Several States have already passed this legislation and more are considering it.
Full 2008 ORC Survey, here.
Also mentioned in the survey are shady e-commerce sites being put up on the Internet to fence the proceeeds of ORC.
In case you've never heard the term, Organized Retail Crime, here is a good description of the activity:
Organized retail crime (ORC) refers to groups, gangs and sometimes individuals who are engaged in illegally obtaining retail merchandise through both theft and fraud in substantial quantities as part of a commercial enterprise. These crime rings generally consist of “boosters” who methodically steal merchandise from retail stores and fence operators who convert the product to cash or drugs, as part of the criminal enterprise. Some of the more sophisticated criminals engage in changing the UPC bar codes on merchandise so they ring up differently at checkout, this is commonly called “ticket switching.” Others use stolen or cloned credit cards to obtain merchandise or produce fictitious receipts to return products back to retail outlets.
The report acknowledges that these groups are using cloned credit cards to steal merchandise and or get the necessary receipts to refund the merchandise for cash.
In the wake of the TJX data breach, where up to 94 million personal and financial records were hacked, a group was caught in Florida using data from the breach (cloned cards) to buy a reported $8 million worth of gift cards.
Please note that TJX is hardly the only retailer, or financial services institution that has had personal and financial records hacked from their systems in recent history. Attrition.org does a good job of recording the known breaches on their Data Loss Database - Open Source .
Although not addressed in the current report, I suspect the use of fraudulent checks are used to obtain merchandise and receipts, also.
This could be fueled by another organized crime activity. Portable technology has made the counterfeiting of identification documents another growing trend. Over the past two years or so, I've had the pleasure of being able to speak with Suad Leija and her husband about this organized criminal activity on a semi-regular basis. Suad, the step-daughter of one of the top players in this game was recruited in an intelligence operation and eventually exposed a cartel operating throughout North America to the government. Prosecution of members of the cartel is ongoing in this case and Suad is currently working on a book.
These documents, which are available throughout the United States, can be easily used to support both check and refund fraud by using names that get past the data bases designed to protect retailers from these types of fraudulent activity.
Portable technology is also being used to clone payment cards and some of it is easily found on auction, or shady e-commerce sites set up to sell these devices. As of this writing, I was easily able to find credit card encoders for sale on eBay. A site called HackersHomePage.com provides an array of devices that could be used to steal and produce payment (credit/debit) cards. They also provide tools to make counterfeit checks and even, paper for fake prescriptions. They do have a "disclaimer" stating that none of their products are to be used for illegal purposes, but it is pretty obvious someone could.
There is no doubt that there is a lot of technology that is enabling a lot of criminal activity out there!
NRF's Vice President of Loss Prevention, Joe LaRocca, made what I consider a sage comment on this activity:
“Law enforcement and retailers alike are fed up with organized retail crime rings and are stepping up efforts to stop them in their tracks,” said NRF Vice President of Loss Prevention Joseph LaRocca. “The brazen and unethical behavior of organized retail crime suspects results in possible health risks for consumers, adds unnecessary fees to consumers’ purchases and funds criminal enterprises, including the mob and terrorist organizations around the world.”
When I stated that this activity hurts all of us, the reason is that retailers have to make up the $30 billion they are losing to this activity somewhere. This normally equates to higher prices, or in extreme circumstances (especially in tight economic times) cutting payroll. Simply stated, people might be losing their jobs because of this activity.
So far as health risks, the report sums up the obvious risks rather well:
For example, criminals may not keep stolen merchandise in a temperature-controlled environment, so merchandise like baby formula and over-the-counter medicines can easily spoil. When criminals sell these items online through third party auction sites consumers are left with no way to guarantee they are getting safe and reliable healthy and beauty products.
I decided to see if I could find baby formula on eBay. As you can see - there seems to be a lot of it for sale on the site at discounted prices. At the time I checked 26 pages of it were for sale on the site.
Actual cases in the report that support how organized this activity has become are a $60-$100 million dollar case in Florida involving health, beauty, cosmetic products and over-the-counter medicines. Another case mentioned involved a high ranking member Gambino Crime Family and a sophisticated ticket/UPC switching case and extortion. In this case, a planted employee was making up the labels and providing temporary credit cards to move the merchandise through point-of-sale systems.
Recent initiatives to combat Organized Retail Crime include launching LerpNET, which is a crime database available to both retailers and law enforcement. Also highlighted was legislation against ORC throughout the country to "reduce the rewards and increase the risk" to the groups involved in it. Several States have already passed this legislation and more are considering it.
Full 2008 ORC Survey, here.
Friday, April 11, 2008
eBay/Craigslist praised by Congressman for efforts to curb sales of stolen military equipment on their sites (?)
I've written a few things about scams and fencing stolen merchandise on auction sites. Recently, the GAO discovered that items stolen from the military are for sale on eBay and Craigslist.
Even more interesting were the results of narrowly focused hearings (my opinion) on this matter in Washington, which can be seen at the bottom of this post. The reason I believe they were "narrowly focused" is because there is no shortage of fraud, phishing and financial misdeeds on auction sites.
Of course, there is also no shortage of ordinary citizens and businesses that have been taken to the cleaners on an auction site. Stolen government items are only a small part of the overall problem.
From the GAO report:
The obvious concern would be terrorists, or other not very friendly people getting their hands on some of this stuff.
Given the organized effort on a lot of auction sites to fence stolen merchandise via some pretty sophisticated methods, it's not surprising that the GAO found military equipment for sale on the sites. Many have speculated that these sites are used as a means of fencing the proceeds of what is known as organized retail crime. Of course, less organized criminals obviously sell their goods on auction sites, also.
Organized retail crime obtains their goods by a variety of methods from common theft to using stolen financial instruments. A lot of stolen financial instruments are used to purchase items on auction sites and e-commerce sites. Of course, they are used in more traditional store settings for the same purpose, also.
On eBay, account credentials and payment accounts (PayPal) are phished all the time, enabling an additional layer of anonymity to the schemes. In fact, over the years, many experts have stated that eBay and PayPal are the two most phished brands out there.
One thing not mentioned in the report is that people don't always get what was advertised on these sites. It isn't inconceivable that a complete fighter jet might be put up for sale, paid for and in the end a toy, or "nothing at all" is received by the buyer.
Trust me, this wouldn't be the first time something like this has happened on an auction site.
A lot of counterfeit (knock-off) merchandise is sold on the sites, advertised as the "real thing," also.
Our leaders in Congress reacted by calling Jim Buckmaster (Craigslist) and Tod Cohen (eBay) in to speak with them on the matter.
Anne Broache (CNet) writes:
Based on her article, which reports that Buckmaster and Cohen were treated with "kid gloves" during the session, my prediction is that little is going to be done to regulate the sale of stolen goods on auction sites as a result of this.
Meanwhile, everyone running for office is saying they will be the one doing something about the problem of special interests in Washington.
On a closing note, I want to commend the GAO for their efforts to expose a problem. I'm just saying it's a shame that no one listened to what they were saying, very carefully.
HTML version of the GAO report, here.
PDF version, here.
Even more interesting were the results of narrowly focused hearings (my opinion) on this matter in Washington, which can be seen at the bottom of this post. The reason I believe they were "narrowly focused" is because there is no shortage of fraud, phishing and financial misdeeds on auction sites.
Of course, there is also no shortage of ordinary citizens and businesses that have been taken to the cleaners on an auction site. Stolen government items are only a small part of the overall problem.
From the GAO report:
GAO found numerous defense-related items for sale to the highest bidder on eBay and Craigslist. A review of policies and procedures for these Web sites determined that there are few safeguards to prevent the sale of sensitive and stolen defense-related items using the sites. During the period of investigation, GAO undercover investigators purchased a dozen sensitive items on eBay and Craigslist to demonstrate how easy it was to obtain them. Many of these items were stolen from the U.S. military. According to the Department of Defense (DOD), it considers the sensitive items GAO purchased to be on the U.S. Munitions List, meaning that there are restrictions on their overseas sales. However, if investigators had been members of the general public, there is a risk that they could have illegally resold these items to an international broker or transferred them overseas.Apparently, body armor, MRE (meals ready to eat), uniforms, night vision goggles, NBC (Nuclear Biological Chemical) equipment and even F-14 components were some of the items purchased on eBay and Craiglist by undercover investigators.
The obvious concern would be terrorists, or other not very friendly people getting their hands on some of this stuff.
Given the organized effort on a lot of auction sites to fence stolen merchandise via some pretty sophisticated methods, it's not surprising that the GAO found military equipment for sale on the sites. Many have speculated that these sites are used as a means of fencing the proceeds of what is known as organized retail crime. Of course, less organized criminals obviously sell their goods on auction sites, also.
Organized retail crime obtains their goods by a variety of methods from common theft to using stolen financial instruments. A lot of stolen financial instruments are used to purchase items on auction sites and e-commerce sites. Of course, they are used in more traditional store settings for the same purpose, also.
On eBay, account credentials and payment accounts (PayPal) are phished all the time, enabling an additional layer of anonymity to the schemes. In fact, over the years, many experts have stated that eBay and PayPal are the two most phished brands out there.
One thing not mentioned in the report is that people don't always get what was advertised on these sites. It isn't inconceivable that a complete fighter jet might be put up for sale, paid for and in the end a toy, or "nothing at all" is received by the buyer.
Trust me, this wouldn't be the first time something like this has happened on an auction site.
A lot of counterfeit (knock-off) merchandise is sold on the sites, advertised as the "real thing," also.
Our leaders in Congress reacted by calling Jim Buckmaster (Craigslist) and Tod Cohen (eBay) in to speak with them on the matter.
Anne Broache (CNet) writes:
By calling Craigslist CEO Jim Buckmaster and eBay government relations chief Tod Cohen to Washington for the hearing, the subcommittee seemed to be preparing to place those executives in the hot seat. But the tone of that questioning was actually quite cordial. At the end of the panel, Tierney even praised the companies for "trying very hard" to keep sensitive military goods off their sites and acknowledged the rules of the road aren't the most clear.
Based on her article, which reports that Buckmaster and Cohen were treated with "kid gloves" during the session, my prediction is that little is going to be done to regulate the sale of stolen goods on auction sites as a result of this.
Meanwhile, everyone running for office is saying they will be the one doing something about the problem of special interests in Washington.
On a closing note, I want to commend the GAO for their efforts to expose a problem. I'm just saying it's a shame that no one listened to what they were saying, very carefully.
HTML version of the GAO report, here.
PDF version, here.
Sunday, February 24, 2008
On eBay, the buyer better beware!
Despite a lot of publicity that eBay is going after fraud, the bottom line is that the buyer better BEWARE when they purchase something on eBay, or for that matter, any digital auction site.
This morning, I read a story from Wales, where a person just got caught selling laptops that didn't exist.
From the Evening Leader:
Please note that at least some of the fraud victims used eBay's preferred method of payment, PayPal.
And Mr. Whitefruit, who I gather is a gambling addict, didn't get into very much trouble for swindling about 100 people. He was ordered to pay some restitution and got a 12 month suspended sentence.
I'm sure eBay fraudsters around the world are quivering in their boots!
I ran into another story in the ChronicleHerald (Halifax, Canada) describing a significantly larger operation involving selling neat "tech toys" that never existed:
The story also indicates that PayPal was used on some of these transactions:
Even when you get the merchandise you paid for on an auction site, you are taking the chance that it is a cheap "knock off," or might be some of the stolen merchandise being fenced on some of these digital marketplaces.
Knock off merchandise can be dangerous when it doesn't work as well as the item it is passing itself off does. Buying stolen merchandise poses certain moral issues, also.
When buying something on an auction site, it is up to the buyer to make sure (beware) they are getting what they paid for. This can include using some good old "horse sense," and being able to realize when the deal you seem to be getting is a "little too good to be true."
Previous posts, I've written about fraud on eBay, can be seen, here.
Evening leader story, here.
I've also written about a company called buySAFE, who certifies sellers and guarantees what they sell. The seller pays for this -- and while I suppose the cost is included in their cost of goods sold -- this might be a good way to avoid fraud without having to do a lot of homework.
buySAFE's CEO, Steve Swoda does a blog, which I read from time to time can be seen by clicking, here.
This morning, I read a story from Wales, where a person just got caught selling laptops that didn't exist.
From the Evening Leader:
Christopher Malcolm Amos, from Green Lane, Shotton, admitted swindling customers of the online auction site out of thousands of pounds to fuel his gambling addiction.
Under the user name 'Whitefruit,' the 22-year-old accepted payments from 130 bidders wanting to buy laptop computers.
Some used eBay's PayPal facility, while others transferred the cash directly into Amos's bank account, but nobody ever received their orders.
Please note that at least some of the fraud victims used eBay's preferred method of payment, PayPal.
And Mr. Whitefruit, who I gather is a gambling addict, didn't get into very much trouble for swindling about 100 people. He was ordered to pay some restitution and got a 12 month suspended sentence.
I'm sure eBay fraudsters around the world are quivering in their boots!
I ran into another story in the ChronicleHerald (Halifax, Canada) describing a significantly larger operation involving selling neat "tech toys" that never existed:
Police said Wednesday several complaints about alleged electronic commerce crimes have come in during the past week to 10 days. Customers are from such countries as Australia, Sweden, Norway, the United States, Italy and Estonia. Const. Jeff Carr, a spokesman with Halifax Regional Police, said Canadian EBay users have allegedly been victimized as well, but there are no complaints from the Maritimes.The person behind this, who hasn't been caught yet was selling laptops that didn't exist.
The story also indicates that PayPal was used on some of these transactions:
He said one complaint, from PayPal of San Jose, Calif., includes more than 100 alleged victims. PayPal, which was acquired by EBay in 2002, is an online money-sending service that provides users worldwide an opportunity to buy and sell goods without sharing personal financial information.
Even when you get the merchandise you paid for on an auction site, you are taking the chance that it is a cheap "knock off," or might be some of the stolen merchandise being fenced on some of these digital marketplaces.
Knock off merchandise can be dangerous when it doesn't work as well as the item it is passing itself off does. Buying stolen merchandise poses certain moral issues, also.
When buying something on an auction site, it is up to the buyer to make sure (beware) they are getting what they paid for. This can include using some good old "horse sense," and being able to realize when the deal you seem to be getting is a "little too good to be true."
Previous posts, I've written about fraud on eBay, can be seen, here.
Evening leader story, here.
I've also written about a company called buySAFE, who certifies sellers and guarantees what they sell. The seller pays for this -- and while I suppose the cost is included in their cost of goods sold -- this might be a good way to avoid fraud without having to do a lot of homework.
buySAFE's CEO, Steve Swoda does a blog, which I read from time to time can be seen by clicking, here.
Monday, December 10, 2007
SIRAS offers guarantee that it will reduce retail crime
The reason SIRAS' product registration and smart return service perked my interest is because it protects people's privacy and is an effective means of reducing losses.
SIRAS tracks an inanimate object (merchandise) instead of a customer's personal information.
Now they are now offering a "guarantee" the technology will add dollars to a organization's bottom line by reducing fraudulent returns.
In their own words from the press release regarding this matter:
In case you haven't had to refund any merchandise in a long time, most retailers require you to give them your personal statistics before they approve your return.
This information is all maintained in a database, where it might be exposed to a hacker, or probably more frequently, dishonest employee. Information is worth a lot of money to anyone, who knows where to sell it.
A dishonest Certegy employee recently got caught selling 8.5 million people's information to an undisclosed data-broker. Since the mysterious data-broker still hasn't been identified -- despite being listed as a co-conspirator in court filings -- we really aren't sure where these records went?
Certegy provides check verification services for a lot of merchants.
Personal and financial information is marketed in carder forums (chat rooms) on the Internet. Anonymous payment methods, such as wire transfers, PayPal and eGold add to the problem. They make it relatively easy to buy and sell stolen information.
It also isn't unknown for criminal organizations to plant, or recruit employees to steal information from within an organization.
The press release quotes Peter Junger (SIRAS CEO) as saying, "And in all cases, regardless of ROI, clients retain all of the valuable POS data collected."
This POS data also serves another important purpose. If the merchandise is found in a fencing operation, or on an auction site, it can still be tracked to the point-of-compromise.
This opens up opportunities to recover stolen merchandise and makes it more dangerous for the criminals fencing it.
Mesa Police Department tested these capabilities with SIRAS and FOX News did a story on it, which can be seen, here.
The technology, when deployed properly with a point-of-sale system can also identity fraudulent means of tender used to purchase merchandise.
SIRAS technology can be deployed by a merchant, or at the factory, itself.
They already makes their database available to law enforcement free-of-charge.
With all the identity theft and counterfeit ID available, using SIRAS reduces the possibility that an innocent customer will be wrongfully identified as an "undesirable" in a refund database.
Saying that, who knows how much of the information in these databases is one-hundred percent accurate anymore? With retail crime becoming more and more organized, the possibility exists that it is NOT.
One of the systems targeted in the TJX data-breach was their refund database. The information in this database is probably worth more than simple financial information because it contains the elements necessary to assume a person's identity.
It's relatively easy to shut down a bank account, or credit card number. Once a person's statistics are compromised, they can be at risk of identity theft for a long time.
Data breaches are becoming more expensive. TJX claimed a loss of $118 million in their second quarter earnings. Estimates vary widely on exactly how expensive data-breaches will become, but everyone agrees the cost of them is going up.
SIRAS seems more effective in resolving property crimes because it tracks the property, itself. It also protects customer privacy and protects a merchant from becoming the victim of a data-breach.
I doubt that SIRAS would make this guarantee if they weren't absolutely certain of the results. If they were wrong, I doubt they would be in business very long.
Press release from SIRAS, here.
SIRAS tracks an inanimate object (merchandise) instead of a customer's personal information.
Now they are now offering a "guarantee" the technology will add dollars to a organization's bottom line by reducing fraudulent returns.
In their own words from the press release regarding this matter:
Electronic Product Registration, is putting its money where its mouth is with a unique Return On Investment (ROI) Guarantee for any company using SIRAS’s product registration and Smart Return service to manage their product returns and warrantees. The program, designed to eliminate any risk for companies interested in implementing SIRAS’s technology, guarantees that over the course of a year companies will save more money through deflected product returns than it spends in transaction fees.
In case you haven't had to refund any merchandise in a long time, most retailers require you to give them your personal statistics before they approve your return.
This information is all maintained in a database, where it might be exposed to a hacker, or probably more frequently, dishonest employee. Information is worth a lot of money to anyone, who knows where to sell it.
A dishonest Certegy employee recently got caught selling 8.5 million people's information to an undisclosed data-broker. Since the mysterious data-broker still hasn't been identified -- despite being listed as a co-conspirator in court filings -- we really aren't sure where these records went?
Certegy provides check verification services for a lot of merchants.
Personal and financial information is marketed in carder forums (chat rooms) on the Internet. Anonymous payment methods, such as wire transfers, PayPal and eGold add to the problem. They make it relatively easy to buy and sell stolen information.
It also isn't unknown for criminal organizations to plant, or recruit employees to steal information from within an organization.
The press release quotes Peter Junger (SIRAS CEO) as saying, "And in all cases, regardless of ROI, clients retain all of the valuable POS data collected."
This POS data also serves another important purpose. If the merchandise is found in a fencing operation, or on an auction site, it can still be tracked to the point-of-compromise.
This opens up opportunities to recover stolen merchandise and makes it more dangerous for the criminals fencing it.
Mesa Police Department tested these capabilities with SIRAS and FOX News did a story on it, which can be seen, here.
The technology, when deployed properly with a point-of-sale system can also identity fraudulent means of tender used to purchase merchandise.
SIRAS technology can be deployed by a merchant, or at the factory, itself.
They already makes their database available to law enforcement free-of-charge.
With all the identity theft and counterfeit ID available, using SIRAS reduces the possibility that an innocent customer will be wrongfully identified as an "undesirable" in a refund database.
Saying that, who knows how much of the information in these databases is one-hundred percent accurate anymore? With retail crime becoming more and more organized, the possibility exists that it is NOT.
One of the systems targeted in the TJX data-breach was their refund database. The information in this database is probably worth more than simple financial information because it contains the elements necessary to assume a person's identity.
It's relatively easy to shut down a bank account, or credit card number. Once a person's statistics are compromised, they can be at risk of identity theft for a long time.
Data breaches are becoming more expensive. TJX claimed a loss of $118 million in their second quarter earnings. Estimates vary widely on exactly how expensive data-breaches will become, but everyone agrees the cost of them is going up.
SIRAS seems more effective in resolving property crimes because it tracks the property, itself. It also protects customer privacy and protects a merchant from becoming the victim of a data-breach.
I doubt that SIRAS would make this guarantee if they weren't absolutely certain of the results. If they were wrong, I doubt they would be in business very long.
Press release from SIRAS, here.
Wednesday, November 21, 2007
Too good to be true employment opportunities
Patrick Jordan (Sunbelt blog) did a nice post about a huge problem that frequently occurs on the dark-side of the Internet.
The problem, I'm referring to is people being recruited (some might say duped) to assume the risk involved in collecting the proceeds of Internet crime.
With all the fraud occuring on auction and e-commerce sites -- criminals need a way to move they money they are stealing. This activity is often referred to as money laundering.
They accomplish this with money transfer scams, which are sometimes referred to as job scams.
These scams are nothing more than a way to trick people into negotiating bogus financial instruments, or launder the proceeds of auction fraud!
We've all probably seen a spam e-mail, or two (I get several daily) with job offers that seem a little too good to be true. Most of these jobs seek a financial representative to handle payments for a foreign company. In reality -- the person is moving stolen money overseas -- where it disappears into thin air.
Besides being offered in spam e-mails, people are also recruited off job sites and sometimes even from the classifed sections of newspapers and magazines.
A sister scam to money transfer scams is referred to as a reshipping scam. The difference is in this job a person reships hot merchandise (normally from auction sites) to their bosses.
In most of these scams, they prefer you use Western Union or MoneyGram to send them their money. Once the money is picked any efforts to recover it will most likely be useless. Please note that there are many e-cash venues that are used, also.
While these jobs might have fancy titles, a lot of people refer to someone doing this as a "mule."
(courtesy of mattcoz at Flickr)
In Patrick's post, he reveals another twist to this activity, which are websites set-up to make these jobs appear to be legitimate.
Here is a screen shot (courtesy of the Sunbelt blog) of the site Patrick discovered:
He also lists some other sites to avoid from the same IP in his post, which can be seen, here.
Most of these scams are pretty easy to discover because they are offering too much money for too little work.
These job offers are nothing more than a way for criminals to get other people to take all the risk, while they reap the rewards of their illegal efforts!
Besides facing almost certain financial ruin, some of these employees are ending up living in new digs:
The problem, I'm referring to is people being recruited (some might say duped) to assume the risk involved in collecting the proceeds of Internet crime.
With all the fraud occuring on auction and e-commerce sites -- criminals need a way to move they money they are stealing. This activity is often referred to as money laundering.
They accomplish this with money transfer scams, which are sometimes referred to as job scams.
These scams are nothing more than a way to trick people into negotiating bogus financial instruments, or launder the proceeds of auction fraud!
We've all probably seen a spam e-mail, or two (I get several daily) with job offers that seem a little too good to be true. Most of these jobs seek a financial representative to handle payments for a foreign company. In reality -- the person is moving stolen money overseas -- where it disappears into thin air.
Besides being offered in spam e-mails, people are also recruited off job sites and sometimes even from the classifed sections of newspapers and magazines.
A sister scam to money transfer scams is referred to as a reshipping scam. The difference is in this job a person reships hot merchandise (normally from auction sites) to their bosses.
In most of these scams, they prefer you use Western Union or MoneyGram to send them their money. Once the money is picked any efforts to recover it will most likely be useless. Please note that there are many e-cash venues that are used, also.
While these jobs might have fancy titles, a lot of people refer to someone doing this as a "mule."
(courtesy of mattcoz at Flickr)
In Patrick's post, he reveals another twist to this activity, which are websites set-up to make these jobs appear to be legitimate.
Here is a screen shot (courtesy of the Sunbelt blog) of the site Patrick discovered:
He also lists some other sites to avoid from the same IP in his post, which can be seen, here.
Most of these scams are pretty easy to discover because they are offering too much money for too little work.
These job offers are nothing more than a way for criminals to get other people to take all the risk, while they reap the rewards of their illegal efforts!
Besides facing almost certain financial ruin, some of these employees are ending up living in new digs:
Sunday, November 04, 2007
eBay shoppers crack QVC fraud case
eBay and auction sites are found to have HOT merchandise being sold on them too frequently (my opinion). I ran across a story in the Register, written by Dan Goodin, where two eBay customers cracked a $412,000 fraud case being committed against QVC.
As reported by Dan Goodin:
This would also make me wonder if this woman was the only one who has defrauded QVC in this manner?
There is a lot of controversy surrounding the sale of stolen merchandise on eBay and other auction sites. I've heard that some companies now have a dedicated person in their security departments to watch these sites for stolen merchandise.
Register story, here.
For other posts, I've written concerning stolen merchandise on auction sites, click here.
As reported by Dan Goodin:
A woman has pleaded guilty to fleecing the QVC home-shopping networking of more than $412,000 by exploiting a gaping hole in its website that allowed her to receive merchandise without paying for them.I wonder if QVC offered a reward to the two eBay shoppers, who discovered this flaw in their system?
Quantina Moore-Perry ordered handbags, jewelry and electronics and then immediately canceled the transactions. The flaw allowed the North Carolina woman to take delivery of more than 1,800 items without being billed. Moore-Perry would then sell the booty on eBay, according to the Associated Press, which cited authorities.
This would also make me wonder if this woman was the only one who has defrauded QVC in this manner?
There is a lot of controversy surrounding the sale of stolen merchandise on eBay and other auction sites. I've heard that some companies now have a dedicated person in their security departments to watch these sites for stolen merchandise.
Register story, here.
For other posts, I've written concerning stolen merchandise on auction sites, click here.
Wednesday, September 26, 2007
Did Vladuz hack eBay, or is stockpiled stolen information being used to make it look like he did?
(Picture courtesy of Yahoo Group, eBay_scamkillers)
There is a lot of speculation that eBay was hacked once again, and that Vladuz might be behind the latest episode.
Vladuz, who takes his name from a famous Romanian prince, Vlad Tepes, has plagued eBay with a string of hacking attacks in the past. Vlad Tepes was the inspiration for the novel, Dracula. In Internet folklore, Romanian scammers are often referred to as "Vlads."
Of course, eBay is denying that they were actually hacked. I'll let the reader form their own opinion.
Auction Bytes (Ina Steiner) is reporting:
eBay closed its Trust & Safety discussion board for hours on Tuesday after threads began appearing listing the names and addresses of eBay members. eBay spokesperson Nichola Sharpe said, "We think the fraudster obtained the eBay User names and IDs from previous account takeovers." The credit card information that was published alongside 1,200 names, User IDs and addresses were not associated with the financial information on file for those users at eBay or PayPal, Sharpe said.
Unfortunately, with the amount of account-takeovers caused by Phishing, eBay can suggest other ways the information might have been stolen. Phishing is where users are tricked into giving up their personal details, or downloading malware (crimeware), which steals it right off their hard drive.
I don't know which is worse, that they were hacked in this incident, or that all this information was compromised a long time ago? If it were compromised a long time ago, as eBay states, how much more compromised eBay information is out there?
The Cappnonymous Buds Blog has put together a pretty visual demonstration that makes a pretty good argument that eBay was hacked.
Account-takeovers enable criminals to scam others, using someone else's information. They can also be used to fence (sell) stolen merchandise with a high degree of anonymity.
It should also be noted that stolen payment(credit/debit) card details are often used to purchase the merchandise, which is then fenced.
To cover their tracks, the scammers often dupe people into laundering the proceeds of these sales in work-at-home (job) scams and wiring the money, normally across a border.
Whether Vladuz is behind this latest attack remains to be seen. But the fact remains, that there is a lot of fairly organized crime targeting eBay (my opinion) and other auction sites, on a daily basis.
Previous posts, I've written about eBay and auction fraud can be read, here.
In case anyone is interested in the graphic photo at the top, here is a post I did about a Yahoo Group that call themselves the eBay_scamkillers.
They are an all volunteer group, many of whom have impressive credentials, that are responsible for putting a lot of eBay scammers, where the sun don't shine (prison).
Saturday, August 11, 2007
Self service stamp machines targeted by credit card thieves
Photo courtesy of Leff at Flickr
New scams are invented daily. Here is one, where self-service stamp machines (the kind that accept payment cards) are being targeted at Post Offices.
David Bowermaster at the Seattle Times is reporting:
In mid-July, three men left their homes near Los Angeles and traveled to Seattle to buy postage stamps.
But these were no ordinary collectors. Armed with at least 27 stolen credit-card numbers, federal prosecutors say, Artem Danilov, Stephan Melkonyan and Karapet Kankanian fraudulently purchased more than 3,200 books of stamps worth nearly $24,000 from Seattle-area post offices in just more than a week. A federal grand jury Thursday charged the men with an assortment of crimes.While these three were caught (two Russians and an Armenian), it appears this activity has been occurring throughout the Western United States.
Following a pattern that Postal Service investigators have uncovered in at least five Western states, the men made mass purchases of stamps after normal working hours from automated postal machines, which are accessible 24 hours a day in the lobbies of many post offices around the country, prosecutors allege.
The illegal stamp-buying scheme appears to be a novel breed of identity theft, one that blends high-tech thievery, online commerce and the retro currency of the U.S. mail.
James Vach, a spokesman for the U.S. Postal Inspection Service in Seattle, said investigators first encountered a wave of fraudulent stamp buys in the Los Angeles area late last year.
Since then, the Postal Service has uncovered illegal stamp-buying schemes in Washington, Oregon, Arizona and Colorado.
The Postal Inspectors suspect a larger ring is involved and some of the stolen credit card numbers used have been traced to a car wash in Southern California.
According to the article, here is how the suspects were using the stolen credit card numbers:
Danilov, Melkonyan and Kankanian allegedly used a credit-card reader to embed the stolen credit-card numbers onto the magnetic strips of gift cards from a variety of retailers, Brown said, a process that allows the gift cards to function like credit cards.
They then used the adulterated gift cards to repeatedly buy books of stamps from postage machines in one post office after another. Customers used to be able to buy dozens of books of stamps per transaction from the automated postage machines, but the Postal Service has since limited the number to try to fight such fraud.
Although the authorities don't know where all the stamps were being sold, according to a assistant U.S. Attorney, some of them are being fenced on eBay.
A lot of stolen merchandise is fenced on eBay and other auction sites. A lot of this stolen merchandise is purchased with fraudulent credit/debit card information.
Out of curiousity, I decided to see if new stamps (the kind used for postage) could be found on eBay. Amazingly enough, I found what I consider a large selection with offers of free shipping and discounted prices. What I found can be seen, here.
Of course, at a glance, it can be hard to tell what is legitimate and what is not on an auction site.
A lot of stolen gift cards (used in this instance to clone the cards used) are also fenced on auction sites. I wonder if the value on them had already been used, or if our suspects lifted them at a retailer before a dollar value was loaded on them at a point-of-sale (register)?
Seattle Times story, here.
If you spot this type of activity during a visit to the Post Office, you can report it to the Postal Inspectors, here.
Although two of the suspects apprehended were Russian, the U.S. resident was an Armenian from Southern California. Recently, Armenians (from Southern California) have been tied into similar type activity. The previous posts, I've done on these stories can be seen, here.
Friday, July 06, 2007
If your car gets stolen, eBay might be a good place to look for it!
If your car was recently stolen, it might be a good idea to check out the listings on eBay, according to Dariusz Grabowski, a.k.a (also known as) as the "eBay king of stolen cars."
Rick Hepp at the Star-Ledger reports:
Grabowski learned how to do all of this by surfing websites that provide technical assistance to locksmiths, and interestingly enough, buying any hardware he needed, on eBay:
Grabowski and crew have all been convicted, but their victims are still paying the price for their misdeeds. New Jersey State Investigator, Jeffrey Lorman was quoted in the article as saying:
Our friend Dariusz, might or might not be the eBay king of stolen cars. If he is, he isn't alone, at least according to Google. A simple Google search reveals a large amount of information related to scams involving automobiles on eBay, here.
Fraud, Phishing and Financial Misdeeds a.k.a. (sometimes) FraudWar has a lot of information on auction fraud (if anyone is interested), here.
My advice is to be extremely cautious when buying a car on an auction site! If you choose to be cautious a good place to perform due diligence is CarBuyingTips.com, which can be seen, here.
The word is caveat emptor, latin for "buyer beware."
Star-Ledger article, here.
Rick Hepp at the Star-Ledger reports:
Grabowski and his crew would buy junked or damaged vehicles at auctions and look for similar newer cars to steal. Once they found a car they wanted, they would get its vehicle identification number, usually found in sales ads or right on the car's windshield.
Today's newer car keys can only be duplicated if their computer chips are programmed according to the vehicle identification numbers. Car owners who lose their keys and want duplicates generally go to locksmiths who program the new keys by getting "key codes" from database companies hired by auto manufacturers.
Posing as a locksmith, Grabowski got these codes from the database companies and then made brand new keys. His crew took the keys and simply drove off with the cars.
Before selling the cars, they made them look legitimate by switching the vehicle identification numbers with the ID numbers of the junked cars they had bought.
Grabowski learned how to do all of this by surfing websites that provide technical assistance to locksmiths, and interestingly enough, buying any hardware he needed, on eBay:
You go online, you find anything you need," Grabowski told the investigators in the videotaped interview. "You can go on eBay at this point and purchase any of the equipment you need. Of course, I might pick this up easier than other people.From there, Grabowski got a business license, which he made on a computer "real quick" and lavished special attention on a female owner of a company licensed to provide locksmiths with the necessary code to clone keys.
Grabowski and crew have all been convicted, but their victims are still paying the price for their misdeeds. New Jersey State Investigator, Jeffrey Lorman was quoted in the article as saying:
The buyers were happy with the cars, they got a great deal. Then we found out about Dariusz and the stolen cars were recovered. Some of these people are still paying for cars they no longer have.The article mentioned that Grabowski was affiliated with a lot of other Polish nationals, involved in the business of stealing cars, also.
Our friend Dariusz, might or might not be the eBay king of stolen cars. If he is, he isn't alone, at least according to Google. A simple Google search reveals a large amount of information related to scams involving automobiles on eBay, here.
Fraud, Phishing and Financial Misdeeds a.k.a. (sometimes) FraudWar has a lot of information on auction fraud (if anyone is interested), here.
My advice is to be extremely cautious when buying a car on an auction site! If you choose to be cautious a good place to perform due diligence is CarBuyingTips.com, which can be seen, here.
The word is caveat emptor, latin for "buyer beware."
Star-Ledger article, here.
Friday, May 04, 2007
You never know who might be selling hot merchandise on eBay
Normally, I avoid writing about petty crime, but this one is too good to pass up.
From SF Gate:
The teacher, who was placed on administrative leave pending the outcome of her trial, claims she found the jacket in the lost and found.
Of course, Mom claims she had already checked there!
With all the alleged fencing that occurs on auction sites, this person is either very unlucky, or doesn't cover her tracks very well. I would have to recommend, she sticks with teaching elementary students.
A couple of days ago, I wrote about what might happen to credit cards and identification left haphazardly in a lost and found:
Airline employees and correctional officer arrested for credit card fraud
Full story from SF Gate, here.
From SF Gate:
A Hillsboro mother found her daughter's missing winter coat on eBay, and now a teacher at the girl's elementary school faces charges of theft and computer crimes.
The teacher, who was placed on administrative leave pending the outcome of her trial, claims she found the jacket in the lost and found.
Of course, Mom claims she had already checked there!
With all the alleged fencing that occurs on auction sites, this person is either very unlucky, or doesn't cover her tracks very well. I would have to recommend, she sticks with teaching elementary students.
A couple of days ago, I wrote about what might happen to credit cards and identification left haphazardly in a lost and found:
Airline employees and correctional officer arrested for credit card fraud
Full story from SF Gate, here.
Subscribe to:
Posts (Atom)
