What you need to know about triangulation fraud

While online shopping has taken a lot of the stress and hassle out of buying things, its convenience has also created openings for new kinds of online scams. Sometimes, as in the case of triangulation fraud, customers and merchants can even become unwitting participants.

Triangulation fraud occurs when a scammer acts as a secret middleman for online purchases to steal the credit card information of someone making a purchase. In essence, it works like this: The scammer takes a buyer’s order using the buyer’s credit card and pockets the money. The scammer then pays a legitimate supplier with a stolen credit card. Since the order is received as expected, the buyer doesn’t realize they were the victim of a scam. (See below for a step-by-step breakdown.)

How does triangulation fraud work?

The typical triangulation fraud scheme has three stages and involves four parties: an innocent buyer, a victim of credit card theft, a merchant, and the scammer. 

  1. A scammer posts a sales listing for a desirable item, often for an unusually low price. A buyer comes along and enters their credit card information to purchase the item. 
  2. The scammer receives the payment, and now has access to the buyer’s account information. They then buy the item from a legitimate retailer using a separate stolen credit card and have it shipped to the buyer. 
  3. The buyer receives the item and may have no reason to question the purchase, so they don’t raise an alarm. Meanwhile, the owner of the stolen credit card is out the cost of the item. 

If you’ve been alerted to a charge on your credit card for an order you didn’t make, your credit card may have been used in stage two in this scheme. And if you receive an order that was suspiciously shipped from a merchant other than the one you used to order it, you may have been the buyer whose credit card information is now in the hands of a scammer. 

Here’s what cardholders can do to protect their card and identity. 

Take steps to prevent your account from being compromised

There are steps you can take to protect your credit card accounts from being compromised.

Some common security moves include: 

  • Using secure, unique passwords: The risk of using the same password repeatedly is that if a scammer gets hold of it, this single password will give them the opportunity to log in to multiple accounts of yours. 
  • Learning to recognize fake businesses: When shopping online, make sure the company is who they say they are. Check for spelling errors, make sure the website address starts with https:// and check for a “not secure” notification at the top of your browser. 
  • Watching for card skimmers: Card skimmers are small devices that thieves often place on easily accessed card readers, such as a gas pump or an ATM. These devices let you insert your card into the machine, but steal the card information as you insert it. To spot card skimmers, check for loose or protruding card readers. 
  • Avoiding shoulder surfers:  A scammer might happen to be standing behind you while you log in to your bank account on your phone in a public place. Shoulder surfers have long been notorious at ATMs, but now that everyone can access their financial accounts on their devices from anywhere, it’s more important than ever to be aware. 
  • Shopping on secure internet networks: Before entering your credit card on an e-commerce site, make sure it’s secure by checking for a lock icon in the URL bar. While this is not a surefire way to avoid a scammer, it makes it safer to enter your credit card details. 

For more information about security issues and your finances, see the following articles: