Foreign Flimflam

International thieves set up U.S. addresses to foil E-tailers.

One of the latest cyberscams involves international thieves using stolen credit cards to buy goods from U.S. Internet merchants.

The crooks are setting up stateside addresses to receive the stolen property and then forwarding the goods overseas, primarily to Asia, Europe, Latin America and Russia.

Just about every major Internet retailer has been hit, costing millions of dollars, though few will talk about it publicly, said Alvin Cameron, an online credit-card security specialist at Digital River, an e-commerce software and systems company.

Digital River got stuck with $20,000 in fraudulent charges from a thief in Germany using stolen credit-card numbers to buy goods to ship to a Houston address, Cameron said.

Cameron tracked the thief down and discovered he had used more than 300 stolen credit cards to buy $900,000 worth of goods worldwide. The crook is now being prosecuted in Frankfurt, Germany. Cameron even received an e-mail message from the thief apologizing for the heist and asking him to drop the charges.

Tracking down the scammer was not easy, Cameron said.

"I have had to deal with the Department of Justice, the [Federal Bureau of Investigation], Securities and Exchange Commission, the [Central Intelligence Agency], Scotland Yard, Interpol — every law enforcement agency in the world."

Online credit-card fraud is estimated to cost as much as $24 million per day in bogus charges, totaling nearly $9 billion this year, according to Meridien Research of Newton, Mass.

Just last week, the European Commission launched a three-year action plan designed to crack down on the growing problem of fraud and counterfeiting on cards and other noncash means of payment used for cross-border transactions.

Last year, European credit-card fraud hit $544 million, up 50 percent, and a large portion of that increase concerned payments made by phone or over the Internet.

Getting a handle on the scope of the problem in the U.S. is difficult because MasterCard International and Visa International do not release specific information on credit-card fraud committed online. American Express does not talk about fraud at all, said Joanne Fisher, the companys spokeswoman.

Internet merchants bear the costs of online looting. Thats because their sales are not accompanied by signed credit-card slips. In such "card-not-present" transactions, if a charge is disputed by the rightful owner of a card, sellers must cover the cost of the item, an occurrence called a "charge-back." Many e-tailers do not prosecute larcenists or talk about the problem, because they dont want to draw attention to it.

The merchant with a disputed sale is also charged fees ranging from $20 to $30 to cover the banks costs in processing the dispute. Charge-backs can account for up to 30 percent of some Web merchants overall sales, said Mark Rasch, vice president for cyberlaw at Predictive Systems, a Reston, Va., network consulting company.

"The problem with Internet fraud is that it can be lots of people doing little amounts of fraud," Rasch said. "Its driving some e-commerce companies out of business." receives more than $5,000 worth of fraudulent purchase attempts every week, primarily from Indonesia and Pakistan, said Michelle Rahm, the companys owner in Loveland, Colo. She no longer accepts overseas orders and she double-checks all U.S. orders to make sure addresses and credit cards are valid.

Although Rahm doesnt fill the fraudulent orders, she still gets charged 30 cents for processing each credit-card transaction. "Its just really sad to see this much fraud online," she said.

Many Internet merchants have stopped shipping overseas because of the fraud problems, said Julie Fergerson, vice president and co-founder of ClearCommerce in Austin, Texas, a vendor of payment processing software. To get around that roadblock, international thieves are establishing U.S. addresses at commercial mail drop sites, she said.

The most popular items thieves buy with stolen credit cards are electronic devices: cameras, DVD players, radios, stereo equipment and VCRs, Fergerson said. Most of the goods cost from $100 to $200, though some thieves target high-ticket items like desktop and laptop computers, she said.

The thieves buy the items from numerous merchants using a variety of stolen credit-card numbers, Fergerson said. They get the numbers by hacking into Web sites; off discarded credit-card receipts; and from clerks, waiters and others who regularly handle credit cards .

A thief in Hong Kong used a free U.S. address at, a commercial mailing service, to receive clothes and other goods bought with a stolen credit card during the Christmas season.

Post2Post got stuck with $1,000 in shipping charges before it cut off the crook, but the company was able to return thousands of dollars worth of clothes, electronics and other goods to Internet merchants, said Gail Blauer, the companys chief executive.

Like many Internet merchants, Post2Post got very little help from law enforcement officials once the crime had been committed. "No one seemed to care," Blauer said.

These scams continue to increase in frequency because the Internet has become the perfect channel for conducting crime, Fergerson said. "Its anonymous, there are no security cameras and the stores are just one click apart."