Merchant911 member uncovers a big scam

Posted on April 14, 2008 by Tom Mahoney

GM4L1P002.jpgThis afternoon, one of our Merchant911 members filed a fraud report that once again shows us that banks just don’t have a clue about fraud prevention – or maybe they just don’t care. We’re not talking about a little bank here, folks. We’re talking about Washington Mutual – WaMu – one of the largest credit card issuers in the country. It shows, once again, that AVS is just about as useless to a merchant as a bicycle is to a fish.

The scenario

It went like this:

  • Merchant got two transaction notice – AVS approved and shipment requested to the Billing Address
  • Merchant ran manual checks and found discrepancies between GeoLocation and telephone number locations.
  • Merchant called the phone numbers and heard accents that didn’t sound right for the names.
  • Merchant called WaMu and got verbal verification of billing address but phone numbers were wrong
  • Merchant insisted that WaMu contact the cardholders.
  • Cardholders denied transactions and said they had not changed their addresses.
  • WaMu confirmed that someone other than the cardholder had changed the billing address of record.

    • Kudos to the member for doing the manual fraud checks recommended at Merchant911 and in the online course, Preventing E-Commerce Chargebacks. If the merchant had not done the manual checks, she would have been nailed with two large chargebacks. The transactions passed AVS but the merchant caught the fact that GeoLocation and the telephone number cross reference didn’t seem right.

    Analysis

    It looks like the bad guys were able to change the billing address for the WaMu credit cards undetected. This resulted in transactions passing AVS which could have meant that expensive merchandise was sent to the bad guys door. Had the bad guys changed the telephone number on the account, the fraud would have gone undetected until the cardholder disputed the charge and the merchant got the chargeback. Of course, in this case, there might be good news for the merchant – the billing address was changed so the real cardholder may never get a bill to dispute.

    I have to wonder how many times this has happened. I suspect it happens a lot. It certainly explains the reports we get from merchants telling us about chargebacks on shipments to AVS approved addresses. Of course, banking officials will tell you it can’t happen and blame it all on the merchant so they can pass the loss to them and collect a chargeback fee on top of it.

    About Tom Mahoney

    Tom Mahoney is the Founder and Director of Merchant911, a site dedicated to helping e-commerce merchants.
    This entry was posted in credit card fraud, e-Commerce, fraud, fraud trends, merchant, Merchant911.org, profit from fraud and tagged , , . Bookmark the permalink.
    Post comment as
    twitter logo facebook logo
    Sort: Newest | Oldest
    Malcolm

    The trans did pass AVS all the way. if not for the fact that I use my gut as much as my skills, this dude would have gotten a 1k stroller from us. I just thought it interesting that the same thing happened basically and it was a WAMU card too. I always scrutinize orders that use cell numbers as a contact medium, especially if it is shipping to a different address. same goes for a free email account. I appreciate all the helpful hints and articles provided via Merchant911, it has always been an invaluable resource for me.

    share
    • spam
    • offensive
    • disagree
    • off topic
     Like
    Tom Mahoney

    At this point, there is no reason to suspect a breach. Lax security appears to be the problem in the one case reported.

    Did your transaction pass AVS?

    Your situation proves the point that we make at Merchant911 all the time - never use the phone number supplied with the transaction to contact the 'customer.' Use the bank verified phone number! Any bad guy can give you their disposable cell number and give you the right answers.

    share
    • spam
    • offensive
    • disagree
    • off topic
     Like
    Malcolm

    I was just reading this,and had to do a verification as we here do them manually, and the fraudster on the phone told me it was a BOA card, and I did not believe a word from his mouth because he was just too fishy, and called me from another cell number because the one on the order was disconnected. Well aftet calling the card in, i find out it is a WAMU card and I am glad I called it in because it was a 1k item this person ordered via our reps! I told them to contact the cust and let them know that the card they have has been possibly breached! Has there been a breach at WAMU or are they just laxed on the security?

    share
    • spam
    • offensive
    • disagree
    • off topic
     Like