Sunday, May 11, 2008

Package delivery redirect fraud (Credit Card Fraud), Identity Theft

Somehow, someway my credit card information found its way into the hands of evil. I heard from eCost.com, an online computer shop that someone ordered a computer and verified my “home address” as the deliver to address. What that evil person did not expect was that the eCost would double check the IP geography of the ordered from computer and the geography of my published home address IP location. The evil doer was using an IP from an upper western state and my published home address just happens to be in a mid-west state. Alarm bells went off for eCost and they called me using the telephone number verified with my credit card account. I denied the purchase and they canceled the order. I called my credit card company and reported the incident.

Another situation arose with another credit card; this one involved Dell. There was a $3000.00 computer purchase that was denied by Dell, another purchase of $49.00 and yet another for $99.00. When the fourth purchase was attempted, Dell contacted me and asked if I authorized these purchases. I denied the purchases and contacted that credit card company to report that one too.

Here is the process from what I can discover:

· A credit card number is captured and used to make a purchase
· The evil doer uses an email address other than the credit card holder for information on the purchase order
· The evil doer confirms the credit card holders delivery address
· When shipping conformation is delivered to the evil doers email a redirect, delivery intercept or reroute is ordered from the shipping carrier to cause the delivery of goods to another address (the evil doers)

Solutions to the aforementioned fraud

· Credit Card Company validates customer email address verification anything other than the email of the credit card holder will cause the charge to be denied
· Shipper to maintain an Opt-out of redirect or reroute capability
· Merchant checks the IP address of the order to validate the geography of the order placer and the card holder.

One of the problems that I have encountered is the lack of information that I have gotten from the merchants or credit card companies. I would like to be able to report this to my states attorney general and Sheriffs Office, but do not have the necessary details.

What can be done to protect credit card holders and businesses from this kind of identity theft and credit card fraud? Feedback and comments requested.

Darrell Mishler

M & D Creative Concepts LLC

Web Design Services

M & D Online Shopping

Posted by at
Labels: , ,

2 comments:

Tom said...

With that many attempts close together, it sounds you need to insist that the bank cancel the card and reissue a new number. I'm surprised that they haven't done it already.

It is possible that your account has been hit with "account takeover" where someone has changed the bill-to address of record at the bank. Remember that no merchant that knows what he's doing should ship to anything but the bill-to address unless you're a repeat customer.

Be aware that banks and processors don't have an email address to verify - they normally don't collect them and they don't use them in any automated fraud screening.

Tom Mahoney, Director
Merchant911.org
Over 3700 merchants united to protect against credit card fraud

6:15 PM
Darrell of M & D Creative Concepts said...

Thank you for your response - the banks have been contacted and been very responsive to my requests to cancel and re-issue the cards.

I agree that ethical merchants should only ship to the bill-to address - the obvious fraud here is in the delivery carrier redirect or reroute of the package.

6:23 PM

Post a Comment

Subscribe to: Post Comments (Atom)