Back to Insights

Understanding Triangulation Fraud

Blog Post
By utilizing the depths of the internet, criminals are targeting many different industries with eCommerce being a prime mark.

There was a time when organized crime had a face to it. Faces like Al Capone, Whitey Bulger, and John Dillinger to name a few. These individuals had a sophisticated organization to handle their criminal activities, and they lived to make a profit. Today, organized crime has become more anonymous with no face or infamous figures. The reason for that is simple − the Dark Web − a collection of websites that are publicly visible, but hide the IP addresses of the servers that run them. Anyone can visit them, but it is very difficult decipher who is behind them. By utilizing the depths of the internet, criminals are targeting many different industries with eCommerce being a prime mark. One of the more sophisticated eCommerce attack schemes, Triangulation Fraud, uses a network of mules to commit fraudulent transactions.

What is Triangulation Fraud?

  • Triangulation fraud, per the name, denotes that there are three individuals who play a role in the purchase of the order.
    • An unsuspecting customer who places an order on an auction or marketplace using some form of credit, debit, or PayPal tender.
    • A fraudulent seller who receives the order and then places the order for the actual product with a legitimate eCommerce website using a stolen credit card.
    • A legitimate eCommerce website that processes the criminal’s order


What are the Characteristics of Triangulation Fraud?

  • Easily resalable products such as:
    • Baby/Kid products: strollers, cribs, etc.
    • Lego products
    • Pet supplies
    • Nutritional Supplements
    • Tools
    • Electronics
    • Small appliances
  • Clean data
    • This is in respect to the credit card, billing, and shipping information on the order. The criminal will generally make the order look as clean as possible to avoid raising suspicion.
  • Questionable email addresses or email domains
    • The billing name is John Smith. The email is

Who is the Criminal?

  • The criminals can consist of two parties: the seller and the employer
  • The seller is normally an individual engaged in a “work at home” job. A seller may not realize they are actually part of a fraud ring, and some do have a respectable selling history.
  • Postings for seller positions are easily found on the web, and typically advertise the seller keeps a significant percentage of the sale − typically 30%.

Sample Seller Job Posting:


  • The employer is the actual criminal with the stolen credit card information. They give sellers a list of items to sell including the product descriptions.
  • The seller posts the items to their site. Legitimate customers purchase the items and the seller sends the order information to the employer.
  • The employer places the same order on a legitimate website, pays with a stolen credit card, and forwards the tracking information to the seller.
  • The seller forwards the tracking information to the customer. The order, which is now fraudulent, ships to the customer from a legitimate website.
  • The customer, who unknowingly received stolen goods, and the legitimate website are now victims. If the fraud is discovered, the legitimate website will incur a chargeback, or a loss of funds on the order. The legitimate website can contact the customer to have the stolen goods returned, and the customer can file a fraud dispute with their bank against the seller.
  • There is also one additional victim; the person whose credit card was stolen. This individual is completely unaware of the transaction until he/she receives their credit card statement. This person will dispute the charge, which will inevitably result in a chargeback loss to the legitimate website.

What are Steps to Mitigate?

  • Speak with customers whom you suspect have been the recipient of Triangulation Fraud to determine the website used to purchase the product. It is important to gather as much information as possible about the seller.
  • Collaborate with auction and marketplaces that are known to have fraudulent sellers. Together, you may be able to uncover additional orders that may be part of the scam to help identify fraudulent sellers and/or employers.
  • Focus on products. Per the job posting earlier, the seller has a list of items to sell. They will continually sell the same items on that list until the employer supplies new items. By analyzing orders at the product level, you may uncover a pattern that will stop fraudsters in their tracks, or at the very least, slow them down.