Physical Items Fraud: Exercising Keen Vigilance

written by

Eddie Farrell

January 16, 2024

Malicious actors are in pursuit of high-value, popular, and easily resalable physical items, and their tactics are characterized by complexity and convolution.

There are all manner of highly intricate fraud schemes and exploitation attempts in the physical goods sector, with unique challenges not faced when protecting digital content. Given this complexity, machine learning (ML) models and risk score rule stacks – when used alone – often prove insufficient in quickly detecting fraudsters’ tactics.

Physical Items Fraud

This is where human intelligence emerges as a critical element of the defensive strategy for online merchants battling physical items fraud. Understanding your specific industry and effectively leveraging a skilled human intelligence team in collaboration with advanced technology is the key to protecting your business.

Addressing Low-Hanging Fruit

Before delving into how multi-layered and complicated physical items fraud schemes can be, it is essential to acknowledge that not all fraudsters employ these truly baffling and elusive tactics. Similar to many other domains, time is a valuable commodity for bad actors. If there are simple means to expedite the fraudulent purchase process, especially in large quantities by creating accounts in mass via scripts or bots, individuals with malicious intent will exploit these opportunities frequently and with recurrence. Whenever there is frequency and consistency deployed by the fraudsters, patterns emerge.

Fraudsters often use their own automation because it takes considerably less time than attempting purchases manually or one-by-one. If they consistently succeed with their purchase attempts, even if some are blocked but some make it through your defenses, then it’s a win for the bad guys. It’s the classic, if it ain’t broke, don’t fix it scenario. So, the bad guys continue to use the same automation and as a result you see familiar suspect activity in your systems. This is when ML is a great tool to deploy as part of your physical items fraud mitigation strategy because it excels with identifying known suspect activity.

Typical and readily-identified physical items fraud patterns include:

discrepancies in address verification systems (AVS) which, depending on the code type, serve as prominent red flags in certain regions.
browser language not aligning with the account or shipping location.
proxy IP usage, particularly in conjunction with new accounts.

A Quick Word on Bulk Investigations

Although many human intelligence teams use fraud tooling systems that operate in a one-by-one queued ticket system, you may want to add another layer to your physical items fraud defenses. Fraud patterns are often easier to identify during investigations that scrutinize lists of purchase attempts collectively, rather than evaluating transactions on an individual basis.

If your current approach for physical items fraud prevention does not include bulk assessment of customer activity, it should. Depending on your business’s transaction volume and the operational capacity of your fraud team, consider reviewing the last 24 hours, 72 hours, or even a week’s worth of purchases. Reviewing transaction details in this way, along with creation dates/timestamps, similar shipping locations, bank affiliations, and other pertinent information can simplify accurate identification of bad activity and subsequent blocking.

Efficiency is paramount in effectively countering physical items fraud and bulk review can add much needed speed to your program. The more proficient your team becomes in identifying bulk patterns, the more effectively you can safeguard your business against physical items fraud.

The Reshipping Conundrum

Reshipping services are popular among customers all over the world. For those unfamiliar with the concept, reshipping businesses assist consumers in using online retailers that may have shipping limitations. The limitation could be due to the retailer not offering international shipping or restricting deliveries to a limited number of countries. Reshipping services enable customers, and fraudsters, to place orders, have them shipped to a reshipper in an approved country, and subsequently forward the items to the intended recipient.

Reshipping service

There are numerous strategies to manage reshipper activity within your systems. While it may appear risky, it is important to note that many legitimate customers utilize these services. However, this area provides a fantastic example of how hard a fraudster will work for a valuable item.

Fraudsters have been known to establish their own reshipper processes for physical items fraud, instead of using legitimate third-party services. Bad actors post online job advertisements for reshipping work, appearing legitimate and enticing individuals by promising an easy side gig. Applicants are hired if they possess an address in the desired location and can receive and send packages. These “employees” work for the fictitious reshipper company, unknowingly receiving products purchased with stolen payment instruments, oblivious to the illegitimate nature of this activity. Frequently, these transactions direct products to be received at the individuals’ real office or home address, making it even more challenging for an investigator to confirm legitimacy.

In many cases, phone calls to the shipping contact – the unwittingly involved employees – can provide the missing pieces of the puzzle. These employees were likely trained on what to say if merchants or fraud prevention teams make inquiries. The fraudsters may have supplied scripted responses, for example. However, it’s still possible to identify this kind of complicated scheme. If the shipping contacts feel pressured or uncomfortable when asked about a purchase during a call, they often provide a well-trained human intelligence team the information needed to confirm fraud.

This level of complication involving job postings, recruiting, and coaching on dealing with verification calls may seem to fly in the face of the ‘time is money’ quick and easy fraud attempts so many businesses are used to seeing. However, the existence of physical items fraud attempts like this describes perfectly the extent to which a bad actor will go if the high-ticket item they’re after is viewed as worth the effort.

Embracing Novel Approaches

The difference between legitimate transactions with multiple inconsistent pieces of information and fraudulent transactions is sometimes barely discernable. This challenges both ML models and human intelligence teams. However, fraud investigators can develop a “gut feeling” about the risk of a transaction based on their experience in the industry. This is another specific advantage of human intelligence teams that ML cannot replicate. Intuition is an immeasurable asset to a good analyst. When assessing new accounts without robust customer history to consider, it can be tremendously challenging to achieve a level of certainty approaching 100%.

Sometimes, a purchase attempt will be so difficult, even for a human reviewer, that further information will be needed. Outbound calls to payment instrument holders can be beneficial, particularly when there are immediate indications of suspicious activity or when high-risk and expensive items are being purchased. These phone calls can yield valuable insights into the lengths to which malicious actors will go in order to execute a high-value fraudulent purchase.

physical items fraud phone verification

In the beginning, calls to the numbers associated with suspect accounts may result in perplexed cardholders confirming that they have not made any recent purchases. As your team continues to use this approach, fraudsters will likely recognize this hurdle, prompting adjustments in their physical items fraud tactics.

Perhaps, new accounts with phone information that bears no resemblance to the cardholder’s location could then emerge. Calls to these suspect phone numbers could be a swift means of identifying illegitimate transactions. The individuals on the other end of the line may confirm purchase details, but discrepancies in accents or responses to inquiries about account information that does not align should raise suspicions. Even if the fraudsters possess the necessary information, delays or fumbled responses could influence investigator decisions.

Because these purchases are often made in bulk, it’s worth noting that malicious actors may have to sift through hundreds of payment instruments and lists of attempted transactions to respond to a team’s inquiries about verification information. These small details should never be the sole reason a transaction gets cancelled, but a list of risky attributes combined with a questionable phone call can lead to an accurate Reject decision.

Later evolutions of this pattern may involve fraudsters resorting to disposable phone carriers like Google Voice to provide phone numbers with area codes more regionally or locally aligned with payment instruments. Human intelligence teams can identify this new change in the approach and adjust accordingly by adapting the tactics suggested above. Not all fraud attacks are this multi-layered. Some evolve through a few of the stages, but not all. The complexity of fraud attacks like this seem to never end. Some seem to get more convoluted with every iteration.

The Devil Lies in the Details

The extent to which the activities described in this article impact your business will vary depending on your size and the types of products you offer. Fraudsters’ motivation to expend significant effort to conceal their approach will vary greatly for a $5,000 computer compared to a $15 bracelet.

However, a common theme persists throughout: the critical role of third-party information in completing the puzzle of a fraud investigation. This may involve making that crucial phone call to the individual associated with a payment, whether they be a legitimate customer or a fraudster. It could entail extracting an explanation for a new shipping address through a Facebook post detailing a customer’s relocation to a different city and state.

Remarkably, we have even encountered cases involving sophisticated networks of fraudulent actors shipping items to addresses in seemingly consistent regions (in comparison to the cardholder’s information). Yet, upon conducting a Google Street View image search, it was revealed that these shipments were directed to abandoned houses or desolate fields just outside major cities, featuring only a mailbox and nothing more.


Regardless of the specific nuances, it is undeniable that fraud identification is a challenging endeavor, one that demands time and experience. While ML models can significantly contribute to mitigating risk associated with physical items fraud, they are not infallible. Consequently, a multifaceted approach is essential to stay ahead of malicious actors. Consider a mix of human intelligence and ML and bolster communications between your manual reviewers and your data science team. It will prove to be invaluable.

written by

Eddie Farrell

January 16, 2024

Table of Contents
    Add a header to begin generating the table of contents

    written by

    Eddie Farrell

    January 16, 2024

    Stay informed with industry-relevant emails curated by our team of experts.

    We send out emails once or twice a month relating to IP Services, industry news, and events we'll be attending so you can meet our experts in person.

    Eddie Farrell

    Eddie Farrell has been one of the Fraud Team Leaders for over 7 years. He enjoys inspiring his team members to rise above the status quo, he loves collaboration and creativity in problem solving, and he’s always willing to have a conversation about video games, board games or why he didn’t think the last season of Game of Thrones was all that bad. He enjoys physical fitness, carpentry projects and has a 9 year old Norwegian Elkhound that barks more than any other dog on planet Earth.