We have already discussed about credit card fraud on this blog by addressing how credit cards get stolen. But do you know what happens next? If you have been frequenting the internet at any point during the past 10 years you may have come into contact with a job ad for a re-shipping position. Reshipping is used by fraudsters to launder the money from their stolen credit card.
It works like this :
- the criminals steal credit cards information ;
- they buy goods on ecommerce websites ;
- the goods are sent to a third party (the mule) ;
- the third party receives the goods and re-ships them to the criminal (hence the term reshipping);
- the criminal sells the goods and receives cash ;
The third party, recruited via a job ad promising a generous compensation, acts as mule. His role is twofold. First, the mule helps deceive the ecommerce website. If the fraudster was asking for a delivery in Ukraine or Nigeria, it would probably ring some bells. However if during his checkout he asks for his goods to be delivered to an address in the US, it will seem normal.
The second role of the mule is to isolate the fraudster from investigations. When the ecommerce website, the credit card provider or the credit card holder detect the fraudulent transaction, they will turn to the mule. The mule will have to prove that he/she did not steal the credit card in the first place. Meanwhile the fraudster will be safe and sound, enjoying his cash in another country.
The most sophisticated reshipping organizations work as white-label money laundering services. The US authorities are noticing this : they have severely cracked down on reshipping rings recently. The rationale behind this is simple : make it harder to launder money and the incentive to commit fraud will decrease. Soldiers like to talk about the “kill chain“, the series of stages involved in an attack. A defense only have to stop the attack at one stage of the kill-chain to be successful.