Group helps US DOJ in fraud stings

A group representing online merchants said it helped the US Department of Justice hunt down online scam artists, in an sweep of online criminals dubbed "Operation Web Snare".

The Merchant Risk Council collaborated with federal agents to catch Nigerian criminals who were ordering goods from US retail websites using stolen credit card and account information.

The group helped federal agents and Nigerian police to track and deliver dummy shipments of goods purchased from US e-commerce sites. Recipients of those packages were arrested, helping investigators crack  fraud rings that used stolen credit card information to purchase goods, according to Julie Ferguson, co-founder of ClearCommerce and co-chair of the Merchant Risk Council.

US Attorney General John Ashcroft announced 103 arrests in Operation Web Snare, a huge US Department of Justice (DOJ) action against online fraud and other internet-related crimes.

The operation included 160 investigations across the US for a variety of internet-related crimes, including online identity theft or "phishing" attacks in which scammers send victims legitimate-looking e-mail soliciting bank or credit card numbers.

The Merchant Risk Council co-ordinated the efforts of its members with the government's Internet Crime Complaint Centre and the Federal Bureau of Investigation.

Council members tracked suspicious purchases at their e-commerce sites from online fraudsters in Nigeria. The purchases were often routed through reshippers, US companies that receive online orders and ship them to their final destination.

When council members spotted such a shipment, they notified FBI agents in Nigeria who were training that country's Economic Financial Crimes Commission. Retailers often sent phony shipments, known as "controlled deliveries", to the destination address, where Nigerian authorities were waiting to arrest the recipient, Ferguson said.

In 30 days, Council members helped co-ordinate 14 controlled deliveries, which resulted in 17 arrests for fraud totalling $340,000 (£189,500), she said.

Those 17 arrests in Nigeria were not part of the 103 arrests announced by the attorney general, Ferguson added.

Online merchants looked for a number of clues to spot the fraudulent purchases, including the IP (Internet Protocol) address that initiated the exchange, and suspicious behaviour, such as multiple purchases using different credit cards all heading to the same address.

Using software from ClearCommerce, some merchants can also spot transactions initiated from compromised home computers used as "proxies" by the fraud artists, she said.

Online criminals often obtain credit card and personal identifying information using phishing attacks, obtaining enough information to satisfy security features on e-commerce websites or even change the billing address on credit card accounts, she said.

The Merchant Risk Council is a year old non-profit group created from the union of two similar groups: the Merchant Fraud Squad and the Internet Fraud Round Table.

The group uses education and the promotion of best practices to prevent cyberfraud and identity theft and prod online merchants to manage online risk better.

The council has more than 6,500 members and counts executives from American Express, Amazon.com, Barnesandnoble.com, Apple Computer and other leading retailers on its board of directors.

Paul Roberts writes for IDG News Service