The holiday season means heightened skepticism for all the emails and text messages that I get. I probably didn’t win an iPhone and get texted about it. I surely didn’t have a relative pass away without my knowledge and leave me a massive inheritance that needs to be deposited directly into my bank account. Whatever the gift might be this year you can rest assured the grifters are never on vacation.
Did you know just how deep this rabbit hole goes? Fraud isn’t an isolated incident. This isn’t someone on a sidewalk trying to scam players with cards. This is an industry that has infrastructure and rules and methods for avoiding detection. The more you dig the more you uncover and the bigger the challenge of stopping it becomes. Even just educating your users about how these methods can be used to fleece them takes more than just a simple “don’t do this” warning.
Patrick McKenzie has a fascinating look at just how complicated the world of financial fraud can be. His position at Stripe lets him see a lot of this in action but the research he’s done on his own is just as enlightening. For example:
Other variants on cashing involve money laundering in the legitimate financial ecosystem, often using purloined credentials to buy things-that-aren’t-quite-money then reselling those things for actual money. For example, gift cards are very money-adjacent, and there are thriving businesses that buy and sell them online. Much use of them is perfectly legitimate. Carders could either use purloined credentials to purchase gift cards from an original issuer then resell them for value or use purloined credentials to purchase gift cards from a gift card marketplace. (Entrepreneurs who run gift card marketplaces either go out of business or become the payment industry’s most ruthlessly effective fraud busters.)
Make sure you read more about this excellent discussion on his blog here: The Fraud Supply Chain