New SE Asia Ecommerce Fraud Ring

Asia Pacific (APAC)
Malaysia
Vietnam
Indonesia
Fraud prevention innovation
Fraud
News
Merchant Risk Council
Feb 27, 2023
MRC News

Ecommerce sites in the US and Asia-Pacific lost an estimated $700 million in fraudulent sales to criminals in Southeast Asia during the fourth quarter of 2022. Operating mainly from Malaysia, Vietnam and Indonesia, the fraudsters targeted sellers of smartphones, computers and semiconductor chips. 

Illegally obtained goods were delivered to freight forwarding companies and other reshippers who unsuspectedly packaged the stolen merchandise in the same containers they use to transport legitimate goods. 

In the fight against ecommerce fraud, law enforcement agencies in many Asian jurisdictions are a decade or more behind their Western counterparts. The Southeast Asia-based criminals mentioned here were so unconcerned with prosecution that they typically used their real names, emails and IP addresses when making fraudulent transactions. It could be years before law enforcement drives these perpetrators out of business.

It is not known whether these fraud rings were working independently or were collaborating  as a syndicate. What they have in common is that they all used malicious software, code and playbooks purchased on the dark web. All started slowly, testing their targeted ecommerce sites in September 2022, and then quickly expanded their efforts during November 2022. Also noteworthy is the level of sophistication immediately available to newly organized criminal rings. They hit ecommerce sites simultaneously on multiple continents, an alarming threat.

It is known that, like other organized gangs committing card fraud, these criminals used message boards to share intelligence on topics including the best ways to avoid detection from fraud fighting systems.  

The Merchant Risk Council (MRC) is a forum that discusses ways to combat all kinds of ecommerce fraud, including the ongoing threats from organized crime rings in Eastern Europe, China, Nigeria and elsewhere. A year ago, the MRC opened a branch in Asia-Pacific to complement branches in the US and Europe. They will expand to Latin America in July of this year.

What remains badly needed is the means to obtain faster involvement from law enforcement in local jurisdictions when new, sophisticated threats arise. The Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) plays a role for merchants, card issuers and consumers in the US victimized by the many forms of cybercrime. 

The IC3 provides a reporting mechanism for all segments of society to submit information to the FBI. That information is analyzed for investigative and intelligence purposes and can lead to alliances with law enforcement agencies outside the US.

INTERVIEWED FOR THIS ARTICLE

Julie Fergerson is Chief Executive Officer at the Merchant Risk Council in Seattle, Washington, julie@merchantriskcouncil.org, www.merchantriskcouncil.org.



© Copyright 2023 Nilson Report




Posted with permission of the Nilson Report, Issue 1235

Blue-tinted background of a man watching a webinar

Host a Webinar with the MRC

Help the MRC community stay current on relevant fraud, payments, and law enforcement topics.
Submit a Request

Publish Your Document with the MRC

Feature your case studies, surveys, and whitepapers in the MRC Resource Center.
Submit Your Document

Related Resources