On this page

3. Ecommerce Fraud

Ecommerce fraud is when a fraudster commits a crime via an online store by manipulating the transaction process using stolen or scammed credit card information to illegally obtain the product or payment.

An online store is naturally vulnerable to ecommerce fraud since transactions occur without the user being in direct contact, therefore allowing more opportunities for fraudulent activity.

One of the ecommerce fraud involves “reshipping scam”.The reshipping scam, which involves fraudsters who use stolen credit cards to buy items—usually expensive items—online. Instead of having the items shipped to the billing address, the fraudster sends them to what’s called a “re-shipper”. At the “re-shipper” location, the items are repackaged and usually sent overseas. There, they can often be sold at a high price on the black market.

3.1 Scenario

The scam begins when criminals buy high-dollar merchandise — such as computers, cameras, and other electronics — via the Internet using stolen credit cards. They have the merchandise shipped to addresses in the United States of paid “reshippers” (who may be unaware they are handling stolen goods). The reshippers repackage the merchandise and mail it to locations in Russia, Ukraine, Estonia, Lithuania, Romania, and Germany.

It works like this :

  • the criminals steal credit cards information ;
  • they buy goods on ecommerce websites ;
  • the goods are sent to a third party ;
  • the third party receives the goods and re-ships them to the criminal ;
  • the criminal sells the goods and receives cash ;

The third party, recruited via a job and promising a generous compensation, acts as mule.

3.2 Solution

There are a couple of things we can do with that data to identify fraud. A first step might be to compare the billing and shipping address. A difference between a billing and a shipping address might be indicative of a reshipping scam. Furthermore we can look into the IP address. If the IP address localization does not match the billing address or the shipping address, the situation is highly suspicious.

Graph Structure:

The graph data model below represents how the data is linked, and illustrates how one can find rings by simply walking the graph.

The graph data model represents how the data is linked. Ecommerce Fraud - BangDB

3.3 Steps to Implement

Step 1. Sample Data:

Creating graph data from CLI

CREATE (City:paris {"Name":"Paris"})

CREATE (City:chicago {"Name":"Chicago"})

CREATE (City:san_francisco {"Name":"San Francisco"})

CREATE (City:detroit {"Name":"Detroit"})

CREATE (City:lagos {"Name":"Lagos"})

CREATE (Country:france {"Name":"France"})

CREATE (Country:usa {"Name":"USA"})

CREATE (Country:nigeria {"Name":"Nigeria"})

CREATE (Transaction:order1 {"Date":"11/08/2014", "Items":"A Wonderful World","Amount":10})

CREATE (Transaction:order2 {"Date":"11/08/2014", "Items":"Nike sneakers, Football jersey","Amount":299})

CREATE (Transaction:order3 {"Date":"11/08/2014", "Items":"Perfume","Amount":99})

CREATE (Transaction:order4 {"Date":"11/08/2014", "Items":"Mobile phone","Amount":499})

CREATE (Transaction:order5 {"Date":"11/08/2014", "Items":"Laptop, gifcard","Amount":878})

CREATE (Address:address1 {"Street":"rue_dareau","Number" :"9","City":"Paris"})

CREATE (Address:address2 {"Street":"the47th_street","Number" :"21","City":"Chicago"})

CREATE (Address:address3 {"Street":"folsom_street","Number" :"98","City":"San_francisco"})

CREATE (Address:address4 {"Street":"the23th_street","Number" :"123","City":"Chicago"})

CREATE (Address:Address5 {"Street":"octavia_boulevard","Number" :"211","City":"San_francisco"})

CREATE (Address:Address6 {"Street":"duboce_avenue","Number" :"9","City":"San_francisco"})

CREATE (Address:Address7 {"Street":"carney_street","Number" :"16","City":"Detroit"})

CREATE (Address:address1)-[IS_BILLING_ADDRESS]->(Transaction:order1)

CREATE (Address:address1)-[IS_SHIPPING_ADDRESS]->(Transaction:order1)

CREATE (Address:address1)-[IS_LOCATED_IN]->(City:Paris)

CREATE (Address:address2)-[IS_BILLING_ADDRESS]->(Transaction:order2)

CREATE (Address:address2)-[IS_SHIPPING_ADDRESS]->(Transaction:order2)

CREATE (Address:address2)-[IS_LOCATED_IN]->(City:chicago)

CREATE (Address:address3)-[IS_BILLING_ADDRESS]->(Transaction:order3)

CREATE (Address:address3)-[IS_LOCATED_IN]->(City:san_francisco)

CREATE (Address:address4)-[IS_SHIPPING_ADDRESS]->(Transaction:order3)

CREATE (Address:address4)-[IS_LOCATED_IN]->(City:chicago)

CREATE (Address:Address5)-[IS_BILLING_ADDRESS]->(Transaction:order4)

CREATE (Address:Address5)-[IS_LOCATED_IN]->(City:san_francisco)

CREATE (Address:Address6)-[IS_BILLING_ADDRESS]->(Transaction:order5)

CREATE (Address:Address6)-[IS_LOCATED_IN]->(City:san_francisco)

CREATE (Address:Address7)-[IS_SHIPPING_ADDRESS]->(Transaction:order4)

CREATE (Address:Address7)-[IS_SHIPPING_ADDRESS]->(Transaction:order5)

CREATE (Address:Address7)-[IS_LOCATED_IN]->(City:detroit)

CREATE (City:chicago)-[IS_LOCATED_IN]->(Country:usa)

CREATE (City:detroit)-[IS_LOCATED_IN]->(Country:usa)

CREATE (IP_Address:ip1 {"ip_address":"214.77.224.225","ip_City":"Paris"})

CREATE (IP_Address:ip2 {"ip_address":"48.215.250.22","ip_City":"Chicago"})

CREATE (IP_Address:ip3 {"ip_address":"147.170.219.106","ip_City":"San_francisca"})

CREATE (IP_Address:ip4 {"ip_address":"217.54.121.65","ip_City":"Lagos"})

CREATE (IP_Address:ip1)-[IS_USED_FOR]->(Transaction:order1)

CREATE (IP_Address:ip2)-[IS_USED_FOR]->(Transaction:order2)

CREATE (IP_Address:ip3)-[IS_USED_FOR]->(Transaction:order3)

CREATE (IP_Address:ip4)-[IS_USED_FOR]->(Transaction:order4)

CREATE (IP_Address:ip4)-[IS_USED_FOR]->(Transaction:order5)

CREATE (City:lagos)-[IS_LOCATED_IN]->(Country:nigeria)

CREATE (City:paris)-[IS_LOCATED_IN]->(Country:france)

CREATE (City:san_francisco)-[IS_LOCATED_IN]->(Country:usa)

Step 2. Performing Graph Queries

1. Let’s start by looking at the transactions recorded

S1=>(@t Transaction:*);RETURN t.name AS OrderID, t.Date AS BookingDate, t.Item AS Item, t.Amount AS Amount

2. See the transactions where the billing and shipping addresses are different

If the shipping address and the billing address are different, maybe we are looking at a reshipping scam. We want to identify these transactions for analysis.

S1=>(@a Address:*)-[IS_BILLING_ADDRESS]->(@t Transaction:*)<-[@i IS_SHIPPING_ADDRESS]-(@q Address:*);
RETURN a.name AS BillingAdd, t.name AS OrderID, q.name AS ShippingAdd, t.Amount AS Amount,a.City AS BillingCity, q.City AS ShippingCity

3. Checking for transaction where billing and IP_address used are different cities

S1=>(@a Address:*)-[IS_BILLING_ADDRESS]->(@t Transaction:*)<-[@i IS_USED_FOR]-(@q IP_Address:*);
RETURN a.name AS BillingAddress, t.name AS OrderID, t.Amount AS Amount, a.City AS BillingCity, q.ip_City AS IP_City

4. Checking for transaction where shipping and IP_address used are different cities

S1=>(@a Address:*)-[IS_SHIPPING_ADDRESS]->(@t Transaction:*)<-[@i IS_USED_FOR]-(@q IP_Address:*);
RETURN a.name AS ShippingAddress, t.name AS OrderID, t.Amount AS Amount, a.City AS ShippingCity, q.ip_City AS IP_City

 

Was this article helpful to you? Yes No