Hunting Down E-Commerce Bandits

Written by Evan Schuman
February 3rd, 2005

Somewhere in Arizona?they insist that their exact location be kept secret so that e-commerce bandits won’t recognize their address?sits a team of 18 Internet experts who hunt down people and companies that are either selling products illegally or are violating copyrights.

But the real work is done overnight, where a suite of homegrown applications crawls literally millions of Internet e-commerce locations, including Web sites, RSS feeds, Usenet newsgroups, private discussion groups (such as Yahoo’s), IRC chat rooms, mailing lists and spam.

Although financed by manufacturers (including JVC, Delphi, Pioneer, Kenwood, Alpine and Harmon) and being evaluated by a few retailers (including Circuit City and Best Buy), the effort is the project of a company called Net Enforcers, said company President Joe Loomis.

The company is searching for two kinds of problems: people or companies selling a particular vendor’s products who are not listed on that vendor’s list of authorized distributors, and anybody selling products at prices that the vendor considers suspiciously low.

“For example, Best Buy is an authorized retailer of HP [Hewlett-Packard Co.] products, but it competes against every guy on eBay selling HP,” Loomis said. Sometimes, illegal distributors will deliberately price merchandise super-low?at or near cost?but then make their money on inflated shipping costs, he said.

That is a direct violation of a manufacturer’s MAP, or Minimum Advertised Pricing, rule.

But Loomis’ goal is not to find some small fry looking to make $10 on an inflated shipping charge. He’s looking for the sources behind them, either a truly authorized (for the moment, at least) reseller who is unloading merchandise to unauthorized channels (black market) or a much larger illegal mass distributor.

“We want the dealers instead of the pushers. But we have get to the pushers to get at the major dealers,” he said. “We might effectively get rid of 15 [bad] Web sites by getting rid of one bad dealer.”

So, how does Net Enforcers take the next step and find the evil distributors behind the small fry they catch? Retailer and manufacturer clients give them a budget that they use to purchase selected samples of the bad merchandise, and the rest is a matter of tracking serial numbers. A typical month might see between 100 and 200 products purchased, Loomis said. Dealers who cheat by the supply chain die by the supply chain.

What Net Enforcers does is rely on its homegrown software suite?a lot of custom code sitting atop Microsoft SQL Server and open-source MySQL?to run all night and spider its way through as many Internet places as it can, identifying any suspects.

The software is called NetForce and was crafted from ColdFusion (for most of the interfaces) and a lot of Java (for the search spiders), said Adam Cohen, vice president for business development at Net Enforcers. It all runs on 20 Dell servers, running a combination of Windows 2000 and 2003 plus FreeBSD and Red Hat Linux.

After the spiders complete their data collection, the software assigns all discoveries a “threat level,” which is pretty much the software’s statistical opinion of how likely it is that this suspect is truly doing bad things, Cohen said.

That software triage is essential because “on any given night, we literally see many tens of thousands” of suspect sites identified, Cohen said. But the software factors in prior discoveries, such as whether the identified site “is one we’ve flagged before 50 times.”

The company works with eBay, which is an easy place for a small fry to unload merchandise. But it’s not as appealing to large operators because of the process involved. “They have to go through quite a process to keep changing handles,” Cohen said.

Cohen is proud of the extensive nature of where his spiders look, going well beyond the typical Web sites into newsgroups, RSS feeds and IRC chat rooms. But they also post public messages deliberately trying to attract spam, and their software analyzes that as well. “We can get ripe spam on almost any topic,” Cohen said.

After the software makes its report, it’s up to human agents to evaluate the suspect sites and make a decision. If the site is considered worthy of investigation, the agents first check into the site?starting with a whois search and moving on to other databases?to make sure that it’s not “an authorized dealer posing under another name” and to “see where servers are really located,” Loomis said.

If all looks dark, the lawyers are then called in. The next step is that simultaneous letters go to the site operator and to their ISP. Initially, they used to give the site operators the option of fixing matters before the ISP was alerted, but they were too often ignored, Loomis said. “If they get a letter from us, they don’t do anything about it. When they get a letter from their ISP, they know that their only choice is to follow our request or lose their Web site.”

It works most of the time, he said, but not always. “Some are ignorant, and they lose their Web site anyway,” he said.

Net Enforcers also spends a lot of time trying to protect copyrights and trademarks. Its software, for example, also searches for unauthorized use of logos and stolen Web site pictures. Although it can’t actually “see” the images, it looks for obvious file names, such as “jvc.gif” when looking for improper JVC images.

The company experimented with watermark protections of logos, but found it far too inaccurate, Loomis said.

Today, Net Enforcers limits its efforts to just U.S.-based sites. “Overseas is just a whole other world,” he said.


Comments are closed.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.