Beware The Bust Out

That includes Eduardo Perez, general manager of Sparco.com, who has practically made a living preventing scammers from bilking the Millington, Tenn., solution provider, whose business is about 95 percent Internet-based.

"Oh, Lordy. We must get at least 10 [suspected bogus orders] a day," said Perez. "Fortunately for us, only about one every two months gets through now. We have our internal flags and we warn the reps here not to touch those orders."

Perez has been especially busy the past couple months as the federal and educational buying seasons were in full swing. Scammers now pretend to be educational institutions and, brazenly enough, government agencies to secure products.

The scammers are always readjusting their techniques, he added. For example, just when his company learned to ensure that a shipping address was legitimate, the bad guys took to calling FedEx or UPS to change the ship-to address when the package was in transit.

"This is the worst one because the bank will not protect us because we didn't deliver it to the people we were supposed to deliver it to," Perez said. "Once we got better at recognizing their behavior, they switch."

Now, he's changed his guidelines with the carriers to guarantee that shipping addresses can't get changed en route.

In another example, Sparco.com learned to be suspicious of orders from first-time customers requesting overnight shipping. So the bad guys got creative. "They'd place a $20 or $30 order, pay that, then follow it up with a laptop request. We relax, we see they're repeat customers and then the chargeback comes. There's a similar pattern. They try to get your trust first," Perez said.

The warning system is still very manual, he added. Sparco.com tried several automated systems, but the margin of error was too high, he said. "Everything looks fine, but the e-mail address is bogus. Or everything is fine except the IP address where it comes from. [The e-mail order request] could be lower case, or everything is in caps. You watch for that," he said.

Recognizing Fraud
A former finance executive at a large, publicly traded reseller said his company vastly underestimated the amount of fraud being committed against it.

"We know there was a certain amount of fraud within the industry. It wasn't that we didn't think there was none. But the vast majority of it is hidden behind legit businesses and through bustouts. We had very limited fraud checks and procedures in place. We thought they were fairly sufficient," said the finance executive, who asked not to be named.

The company changed its tune when it made an acquisition and the company it was buying had a more thorough fraud prevention strategy, he said.

Even then, the executive said, his attitude was "prove it to me." The reseller gave 18 months worth of bad debt files to Verifraud, which came back with evidence that about one-third of what the reseller considered bad debt was actually fraud by characters well-known to Bares. The cost was more than a million dollars over that 18-month period.

"He did an unbelievable analysis," the finance executive said of Bares. "It was preventable fraud, too. We immediately said, 'OK, we've got a problem. What do we do?' "

Bares worked with the finance executive to develop some polices and procedures.

"Over the next two and a half years, only one fraudulent deal slipped through—that was it. And that was because we didn't follow our own policy," the executive said.

The criminals are smart because they tend to keep the orders at a size that put them below the radar of most warning flags, about $30,000 to $50,000, the executive said. But multiple strikes can quickly add up to more than $1 million annually.

"It was just little piddly stuff. The bigger stuff we were catching," the finance executive said.

And therein lies the problem for other solution providers. As distributors and large resellers put more sophisticated processes in place, the bad guys aren't going to give up. They're going to target the next level of channel company down the food chain, such as solution providers that can't afford elaborate fraud detection services.

Next: Why Aren't These Guys In Jail?