Merchant group helps DOJ in fraud stings

 A group representing online merchants said it helped the U.S. Department of Justice hunt down online scam artists, in an sweep of online criminals dubbed “Operation Web Snare.”

The Merchant Risk Council collaborated with federal agents to catch Nigerian criminals who were ordering goods from U.S. retail Web sites using stolen credit card and account information. The group helped federal agents and Nigerian police to track and deliver dummy shipments of goods purchased from U.S. e-commerce sites. Recipients of those packages were arrested, helping investigators crack fraud rings that used stolen credit card information to purchase goods, according to Julie Ferguson, co-founder of ClearCommerce Corp. and co-chair of the Merchant Risk Council.

On Thursday, U.S. Attorney General John Ashcroft announced 103 arrests in Operation Web Snare, a huge U.S. Department of Justice (DOJ) action against online fraud and other Internet-related crimes. The operation included 160 investigations across the U.S. for a variety of Internet-related crimes, including online identity theft or “phishing” attacks in which scammers send victims legitimate-looking e-mail soliciting bank or credit card numbers.

The Merchant Risk Council coordinated the efforts of its members with the government’s Internet Crime Complaint Center and the Federal Bureau of Investigation (FBI). Council members tracked suspicious purchases at their e-commerce sites from online fraudsters in Nigeria. The purchases were often routed through reshippers, U.S. companies that receive online orders and ship them to their final destination.

When Council members spotted such a shipment, they notified FBI agents in Nigeria who were training that country’s Economic Financial Crimes Commission. Retailers often sent phony shipments, known as “controlled deliveries,” to the destination address, where Nigerian authorities were waiting to arrest the recipient, Ferguson said.

In 30 days, Council members helped coordinate 14 controlled deliveries, which resulted in 17 arrests for fraud totalling $340,000, she said.

Those 17 arrests in Nigeria were not part of the 103 arrests announced by the Attorney General on Thursday, Ferguson said.

Online merchants looked for a number of clues to spot the fraudulent purchases, including the IP (Internet Protocol) address that initiated the exchange, and suspicious behavior, such as multiple purchases using different credit cards all heading to the same address, she said.

Using software from Austin, Texas-based ClearCommerce, some merchants can also spot transactions initiated from compromised home computers used as “proxies” by the fraud artists, she said.

Online criminals often obtain credit card and personal identifying information using phishing attacks, obtaining enough information to satisfy security features on e-commerce Web sites or even change the billing address on credit card accounts, she said.

The Merchant Risk Council is a one year-old nonprofit group based in Austin, Texas created from the union of two similar groups: the Merchant Fraud Squad and the Internet Fraud Round Table. The group uses education and the promotion of best practices to prevent cyberfraud and identity theft and prod online merchants to manage online risk better, according to a statement.

The Council has more than 6,500 members and counts executives from American Express Co., Amazon.com, Inc., Barnesandnoble.com Inc., Apple Computer Inc. and other leading retailers on its board of directors.

(With additional reporting from Grant Gross in Washington, D.C.)