How to spot a third-party transfer scam in 2019
Mar 28, 2019
One of the oldest confidence tricks in the book has evolved to remain relevant in the modern age. So what does it look like, and how can merchants avoid becoming a victim to it?
“One of the oldest and most attractive and probably most successful swindles known to the police authorities has again come to the surface … It is known as the ‘Spanish Prisoner’ game, and it has been in operation for more than thirty years.”
These words, taken from the New York Times were written in 1898. And yet, 121 years later, variations of this scam continue to swindle victims to the tune of $328 million in 2017.
Old trick, new approach
These scammers traditionally follow a similar modus operandi; they impersonate someone, gain your confidence, create a problem or make a promise of riches, and then ask for money. However, thanks to the rapid growth of eCommerce, a new avenue has emerged for confidence tricksters, namely third-party payments.
In this version of the scam the imposter approaches a business portraying himself as a prospective new customer with the desire to spend lots of money. Contact with the business is usually established via email, sometimes telephone, but rarely in person. The fraudster will enquire about the goods or services, place a large order, and provide a credit card number.
Then just before they agree to the sale they will ask for a favor. Often this favor involves helping them pay some third party, which for some extreme reason they cannot do themselves. Under this pretext they will ask the business to charge their credit card a little extra to cover those third-party fees, and then transfer that amount to that third party via Wire or bank transfer. Some generous fraudsters have even thrown in a tip to the business owner to thank them for their help; while other thoughtful con men have assured businesses that may pause when faced with such a request not to initiate any transfer to the third party until the credit card sale has cleared and posted in their bank account.
So, nothing can go wrong, right? In the short term that is what the business believes, they may even feel great about the large sale, that is until a few weeks later when chargebacks start posting to their merchant account and they realize they have been deceived. Unfortunately, by that time the fraudster has usually disappeared along with the money sent to the ‘third party’.
There are a few reasons that businesses may fall for such a scam. Some may be motivated by the large financial incentives that are dangled in front of them; some feel the pressure to go above and beyond for their clients; and others simply do not see the risk that they are exposing themselves to by making this type of transaction.
Even ‘Nigerian princes’ need to work out
All merchants must be on the lookout for this type of scam as it does not discriminate when it comes to potential targets, but one business sector that should remain particularly vigilant is the gym and sports platforms industry.
In this scenario, the imposter contacts the gym and attempts to pay for membership or classes totaling a much larger than usual value before introducing the third-party transfer as a condition of the sale.
Under no circumstances should these requests be granted, and a credit card payment taken. Platforms should speak to their local law enforcement immediately if they have any suspicions that they are being targeted by this type of scam.
How to limit your exposure: next steps
If you are presented with a similar situation to the one above, there are several steps you should take to ensure you maintain best practice and minimize your exposure to risk:
1.) As a business accepting credit cards it is important to understand that you are liable for chargebacks and that processing charges outside of those that you are approved for is against Card Scheme rules.
2.) Unless you have the proper PCI controls in place you should not accept credit card numbers by email, as this further exposes your business to additional compliance requirements and potential exposure.
3.) Maintain vigilance at all times. There are certain red flags you should watch out for, such as:
- The consumer using multiple credit cards
- Decline error codes for lost/stolen or pick up
- The consumer only communicates by email and uses poor grammar or spelling
- Any request to send money to a third party
Additionally, your payment service provider can enable certain basic checks such as Address Verification Service (AVS), or CVD. In addition to these procedures, at Paysafe our Risk team can also implement customized risk rules, or work with you to provide guidance if ever you are faced with a situation that just seems too good to be true.