December 14, 2006, 12:00 AM

Criminals’ use of web phone service rings trouble for online retailers

Criminals’ use of anonymous IP addresses backed by Internet-based phone numbers is making it more difficult to identify potentially fraudulent orders, security chief Ezzie Schaff says. But special software can keep the bad guys in check, he adds.

One of the latest scams facing online retailers is criminals’ use of anonymous IP addresses backed by Internet-based phone numbers acquired with stolen credit cards, warns Ezzie Schaff, vice president of risk management at The combination makes it difficult to identify fraudulent orders, though special software can keep the bad guys in check, he says.

“It’s a great scam now, criminals are getting more sophisticated,” Schaff says. Criminals, many based in Ghana and Nigeria, he says, will attempt to use the Internet and hide their locations by piggybacking onto an IP address that makes it appear as if they’re in the U.S. The chosen IP address is typically one at a public organization, such as a school or library, with a relatively low level of network security.

The scam effectively provides criminals with an anonymous IP address, making it more difficult for security systems to flag potentially fraudulent orders from high-risk areas, Schaff says. Criminals further complicate security efforts by entering phone numbers from Internet-based phone services, often acquired with stolen credit cards, when filling out online forms designed to prevent fraud in online transactions. The use of Internet-based phone numbers, instead of conventional phone numbers tied to a physical address, makes it more difficult to check a would-be purchaser’s identity and location, Schaff says.

So what’s an e-retailer to do?, where average order values are high-about $350 at but $15,000-$20,000 at its recently acquired, Schaff says-the retailer has stemmed the tide of criminals by using risk management policies backed by software from MaxMind LLC that uses geolocation technology and other software to flag attempted online purchases that may be trying to use anonymous IP addresses or other techniques to hide their identity and true location.

As a result, he says, Ice “has been more surgical. We’re canceling more bad orders while letting more legitimate orders in.”

Ice also takes the extra step of alerting the true credit cardholder whenever it learns that a stolen card was used to attempt a fraudulent online purchase. “We probably spend 30-40 minutes trying to find the legitimate cardholder, but the sooner the cardholder gets the card canceled, the less fraud that will be on the card,” Schaff says. “They’re usually not our customers, but maybe they’ll tell their friends about us.”



comments powered by Disqus




From The IR Blog


Terri Mock / E-Commerce

How online jewelers fared this Valentine’s Day

The key takeaway: Start early, because sales tail off in the last few days before ...


Cynthia Price / E-Commerce

4 tips for improving email marketing results

Every piece of data you collect can help you serve your audience exactly what they ...