You may recall in an earlier piece my anecdote about a Chinese businessman who proclaimed that he was turning white hat. He had offered his assistance in identifying fraudulent publishers from China, and, of course, he wanted money in return for the intel he provided.
Editor’s note: This is the last in a series from Dianna Koltz, director of best practices and email marketing at Memolink, on how to use business standards to combat online fraud. She can be reached at firstname.lastname@example.org
Readers have been reaching out to me asking “Why didn’t you take him up on his offer?” One of three things would have happened as a result of my taking advantage of this pseudo-opportunity: We potentially could have been doubly duped, the fraudsters could have collected more information about our process, or the tactics could have changed as soon as we received the information.
First, the deal that was proposed did not guarantee any legitimacy of the information. I may have negotiated a payment method that allowed me to stop payment, but I doubt that he would have agreed to providing me information without first having money in hand. We would have been in perpetual deadlock.
The gentleman could have conducted deuce diligence, a term my team has coined to describe the process a fraudster uses to reverse engineer our due diligence process. It is an intense cat and mouse game. Or, discovering that their buddy had sold them out, the fraudsters may have immediately changed tactics. The patterns of fraud we had been tracing would mark a dramatic shift and become more aggressively covert.
Beyond my hypothesis of what might have happened had I gone that route, let me tell you a secret: His secrets are anything but secret. Sshh, don’t tell anyone.
How does my team identify the fraudulent publishers from China and elsewhere? My compliance analysts make the difference in the process; they are experts at what they do. The people are what set a great due diligence program apart from a good due diligence program, and we are extremely disciplined with the execution of The Best Practice Approach.
What does my team analyze in order to identify the fraudulent publishers? Here are a few data points and current trends that we monitor:
1. International criminals are recruiting U.S.-based individuals via industry web forums to act as their front men. The U.S.-based identity-for-hire will register a website in his or her name, then sign up for advertising networks. The fraud operation is handled by the international business associate and the identity-for-hire sits back and receives a 50% cut. What this means for you: All of the information in the publisher application will appear legitimate, and he or she most likely will pass all of the other checks you do.
2. Identity theft is the number one complaint online according to the FTC, and it ranks toward the top of our list too. What this means for you: In order to validate identity you may need to request additional sensitive information, like a social security number or a government-issued ID. Anytime you are dealing with personal information, privacy is a concern. Make sure you have someone on staff that is trained on how to handle this type of data appropriately.
3. It is not uncommon to find that a telephone number provided to you by a prospective partner is the number for “Big John’s Rib Joint.” These invalid phone numbers are easy enough to identify, but how do you know when a domestic number is forwarding to an international number? The latest trend in fraud related to telephone numbers is call forwarding, and fraudulent individuals use this tactic along with masking their IP address to fake their business location.
What this means for you: Telephone verification vendors have not developed the technology to determine if a call is being forwarded (if you know of a vendor that does, please let me know). The good news? The other checks you run will flag this publisher as fraudulent 99.9% of the time.
I have been comparing notes with representatives from other advertising networks, and many of the checks conducted are the same, but how we do what we do differs. For example, one major flaw in the process our counterparts use is the timing of their due diligence execution.
Many are waiting to identify the fraudulent individuals until after they enter the network. Would you allow a stranger into your home, sit them down in the living room, offer them a cup of tea, and then ask who they are? You would not risk putting yourself or your family in harm’s way, so why in business would you expose your partners to this kind of harm when it can be avoided?
If you would like to join in on the dialogue, please contact me, my information is in my bio.