Earlier this week I bought a television online at a major electronics e-commerce outfit. Unlike the last time I purchasing something over $1,000 online, I was called afterwards by the vendor’s credit department who asked some skill-testing questions. While I’m used to being asked personal questions by my credit card company, I had no idea what kinds of questions an online vendor could ask.
Well, their questions were fascinating, and while I don’t want to screw up their anti-fraud procedures by disclosing their specifics, it is interesting how they approach the problem. The questions they asked were tricky both in style and in substance, and the result, I’m sure, is that they catch some of the less professional e-commerce fraudsters out there. As for the professional fraudsters, well, as this WSJ article from today shows, they are in a brazen “class” of their own:
All of a sudden, Goldspeed.com was getting orders that showed no obvious signs of fraud on his computer-screening system, but seemed suspicious nonetheless. On Jan. 9, for example, when a customer placed separate orders on the same day, he thought “something looked wrong.”
A Vincenza Wells of Detroit had ordered a $1,199 Aqua Master men’s diamond watch. Four minutes later, the same customer ordered a $1,259 men’s diamond and tanzanite ring. The Bank One Visa credit-card number she supplied was good for the full amount, and she had provided the validation code from the back of the card. Visa’s address verification system showed a match.
But the order’s size, and the strange two-step ordering, had Mr. Kugelman’s radar up. The next day, he called the card issuer, J.P. Morgan Chase & Co., which had acquired Bank One. He says a bank representative confirmed that the name, address and phone number on the order matched the bank’s own account information, except for one small detail about the address.
Mr. Kugelman called his customer, who explained the disparity to his satisfaction. Mr. Kugelman called back the bank representative with the revised information. She told him that bank security had phoned Ms. Wells separately, and verified her identity.
Still wary, Mr. Kugelman tested the card number again to see if it had been maxed out, a hallmark of identity theft. It hadn’t. So he released the watch and ring for shipment.
That afternoon, the same customer phoned in a third high-ticket order for a $3,077 men’s platinum chain and a $2,849 diamond engagement ring. Again, the Visa card was good for the full amount. Goldspeed shipped both items to Detroit, bringing Ms. Wells’s total bill, with shipping, to $8,432.
More than 100 miles from Detroit, in Sandusky, Ohio, the real Vincenza Wells, proprietor of the Seacrest Motel, had no idea someone was running up thousands of dollars of bills in her name. Last August, she had received a phone call, purportedly from her cable company, offering her three months of free service if she paid her bill in full a month early. She happily provided credit-card information, her Social Security number and other personal information. The caller was a crook. Shortly thereafter, Bank One alerted her to questionable charges, and she canceled her card.
In April, another bank representative called her to inquire about some $15,000 in unpaid credit-card bills. She responded that she didn’t even have a card any more. “These people had opened new accounts in my name,” she explained recently, expressing astonishment that, given the previous fraud, J.P. Morgan had opened a new account in her name with a new address. To set up the account, the fraudsters apparently used the personal information that she had been tricked into providing over the phone.
To be fair, this isn’t exactly high fraud finance: All of this started because someone did something dumb in disclosing credit card and personal information over the phone to an unknown party. Nevertheless, the article is well worth reading.
Related posts: