The rise of small card-not-present transactions for virtual goods and other online services is helping to fertilize runaway growth of micropayment-based card-fraud schemes, at least one consultant contends.
The number of fraudulent online card transactions ranging from less than $1 to $10 is rapidly increasing around the world and may amount to several hundred million dollars this year, Michael Schultz, CEO of GenMobi Technologies Inc., a San Jose, Calif.-based digital-identity security firm, tells PaymentsSource.
“Fraud from card-not-present and [automated clearinghouse] transactions are on the rise, but online micropayment fraud is a fast-growing problem that is much bigger than most people realize,” he says. “Because the transactions are so small, no individual or bank sees big dollar losses, which is one reason the problem is escalating.”
Moreover, the ingeniousness of many micropayment schemes, which usually rely on stolen consumer-identity data, makes it difficult to track and thwart the crime, Schultz says.
The Federal Trade Commission on June 28 asked the U.S. District Court for the Northern District of Illinois, Eastern Division, to halt an international identity-fraud scheme that it says generated more than $10 million in fraudulent micropayment charges on U.S. consumers’ credit and debit cards (
More than 1 million consumers since 2006 received bogus charges ranging from 20 cents to $10 on their credit and debit cards. Fraudsters participating in the scheme routed the charges through more than 100 merchant accounts set up for 16 phony U.S. corporations, according to the FTC complaint.
The defendants used fake company names and stolen consumer-identity data to establish the merchant accounts, each with legitimate-seeming addresses, phone numbers, websites associated with a real company’s tax identification number, found on the Internet, the agency said.
Some 14 U.S.-based “money mules” recruited via spam e-mail opened bank accounts to receive the card payments and transfer the funds overseas.
Most of the consumers defrauded in the scam took no action. Those that called toll-free numbers associated with the transaction on their bank statements received no answer.
The alleged crooks routed funds from the scam to bank accounts in Lithuania, Estonia, Latvia, Bulgaria, Cyprus and Kyrgyzstan. The FTC said the defendants so far are the 16 bogus corporations and “one or more persons” the agency has not yet identified.
Micropayment-fraudsters typically move quickly so that by the time an individual or a company discovers the charge is bogus, the funds have been transferred to an offshore account, Schultz says. “Most bogus micropayments aren’t caught until it’s well past the time to contest them.”
Most phony online payments are associated with Internet addresses that digital-security firms can track, Schultz says. To protect themselves from online fraudsters, banks can set up systems easily to protect themselves from transactions coming from IP addresses known to be associated with fraud, he advises.
“Banks should also increase identity-validation procedures for setting up business accounts online,” he suggests.
What do you think about this? Send us your feedback.
