Chapter 7. Address Manipulation and Mules
Here, there and everywhereâ¦
The Beatles1
If your job includes protecting a retailer that deals in tangible shipping items, this chapter is for you. If you work purely in digital goods or financial services, this chapter may be less relevantâhowever, fraud analysts in banking should take note that some of these tricks are used against your customers occasionally, targeting new credit or debit cards. Essentially, if thereâs something physical being shipped, fraudsters are interested in targeting it.
So Many Different Ways to Steal
Even the most amateur fraudsters know that dealing with the shipping address is a fraud challenge. Unlike cookies, IP manipulation, device information, and other, more subtle signs of identity, physical address is a problem that stares the fraudster in the face when they try to place an order. They want to steal an object or objects. That means they need to get their hands on it. What are their options? They can send it directly to their own address, but that would be far too obvious a sign that the shipping and billing addresses have no connection and that fraud is in play, and would give their real address to people who might try to send law enforcement there. And besides, often the fraudster lives in a different country from the victim.
The problem boils down to this: the fraudster needs to look like the cardholder, or at least like someone the cardholder would plausibly be sending the item to (e.g., ...
Get Practical Fraud Prevention now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
