At a FedEx facility in May of 2012, a surprising thing happened. A damaged box – addressed to someone’s home in Rancho Cordova, California – split open, and dozens of new, boxed Verizon iPhones spilled across the floor. A worker at the facility contacted Apple, and it was confirmed that the devices had been stolen and were on their way to being sold on the black market.
Wireless carriers often subsidize the initial cost of smartphones to lure customers into multiyear voice and data contracts. To obtain a top-notch phone, in other words, subscribers only pay a small fraction of the device’s actual market worth on the day the contract is signed, allowing them to walk out of the store with a phone worth over $1,000, for little or no money down. What many people don’t realize is that fraudsters are taking advantage of this system by using middlemen and mules to obtain high-end devices by paying their accomplices a relatively low fee – about $200 a phone – then selling them online for close to $1,000.
In these “muling” cases, groups of fraudsters recruit, or even physically intimidate, other people into acquiring phones for them. In some cases, the mules are tricked into becoming part of the scam. Typically targeting those in need of quick cash, fraudsters offer these folks a chance to make easy money. Homeless and low-income people with little or no banking history are the primary targets of these schemes. In a typical scenario, this person is sent into a wireless store to sign a contract for a high-end phone in their own name. They leave the shop and are then given cash in exchange for the phone by the fraudster that approached them.
What telcos have learned the hard way from the evolution of fraud is that fraudsters adapt. As soon as one point of attack is shut down, fraudsters will creatively find another way in.
We have seen this happen as ‘traditional’ credit card fraud has migrated to ‘card-not-present’ fraud. Since the introduction of the EMV standard (Europay, MasterCard, and Visa), fraudsters have had a harder time creating counterfeit credit cards. We are now seeing criminals move from using counterfeit credit cards, to using stolen credentials and personal data to commit their crimes. Using another fraud method, but with the same goal in mind, we are now seeing a growing number of purchases being made with gift cards linked to stolen credit card information, providing fraudsters a way to avoid credit card validation checking mechanisms. Often this works, allowing fraudsters to leave the store with a $1000 smartphone, with little to no money down and no intention to pay.
Despite the fact that most CSPs are improving how they verify customer IDs at the point-of-sale through electronic and physical security features embedded into identity documents, or using biometric identification, there is still an abundance of iPhones and other high-end devices suspiciously being sold through online marketplaces such as eBay and Craigslist, among others. Chances are, those phones were purchased with fraudulent gift cards or acquired through other nefarious means.
An Innovative Approach to Point-of-Sale (POS) Fraud
The push to reduce phone theft at retail stores is causing fraudsters to go online to commit their crimes. But this doesn’t mean that you should look at these two avenues as separate issues requiring separate solutions. During the February GMSA Fraud and Security Group (FASG) event held in Athens, WeDo Technologies presented an innovative approach to POS fraud detection that relies on monitoring online marketplaces to identify suspicious sellers of devices. We then analyze and use this data to alert retailers when these fraudsters try to open an account – before contracts are signed and devices leave the store.
Luis Brás from WeDo Technologies will present how to address these challenges during the upcoming RAG London Conference 2018 on Wednesday April 25. Be sure you don’t miss it.