posted on June 22, 2001 04:54:19 PM new
Some users had wondered what the fraud rates are. This article explains what we do to combat fraud and why the majority of transactions go through without an issue.
PayPal and FBI Team Up
To Combat Wire Fraud
By PAUL COX
THE WALL STREET JOURNAL ONLINE
At least once a month, agents from the Federal Bureau of Investigation show up at the Palo Alto, Calif., offices of PayPal Inc., a fast-growing online payment company.
After flashing their identification and checking in, the agents wind their way through the company's "cube farm" to a small private conference room equipped with computers and white boards. There they log on to IGOR, a sophisticated piece of software developed by PayPal to track and combat wire fraud.
FBI agents trade information with PayPal antifraud investigators and use the software to comb through the activity of PayPal's more than eight millions users to track online transactions that may involve fraud.
The arrangement highlights the magnitude of online fraud. The FBI and other law-enforcement officials have long worked behind the scenes with financial institutions in an effort to solve crimes such as wire fraud. But the Internet has spawned a new breed of financial institutions such as PayPal -- and the cyberthieves that prey on them -- and law-enforcement officials are finding they must evolve new ways to contain fraud.
But Paypal's efforts are paying off. Late last year, Paypal used IGOR to help authorities build fraud allegations against Gametek, a Garden Grove, Calif., company that authorities say accepted online orders for $1.2 million in for Sony PlayStation 2 video-game consoles that were never delivered.
No charges have been filed against Gametek. The case soon will be handed over to the U.S. attorneys office in California, says Jeff Mock, a detective for the Palo Alto, Calif., police.
Gametek couldn't be reached for comment.
Paypal says IGOR -- named after a Russian national whose fraudulent activities were uncovered using the software -- works like this: The program scans customer records looking for patterns in the activity that matches certain criteria that suggest fraud is going on. Once identified, suspicious accounts are blocked until a human investigator takes a look.
The company avoids discussing specifics about how the software works, fearful fraudsters will modify their patterns in response. A Paypal spokesman did disclose, however, that the software scans for such things as the size of payment amounts, the frequency of use of certain accounts, and any similarities in the information the fraudsters use when opening accounts.
"Fraudsters have different patterns than [legitimate consumers] do," says Max Levchin, chief technology officer of PayPal and developer of IGOR.
The FBI declines to comment on its involvement at Paypal other than to say that its work is part of an ongoing cooperation.
Sensitive to clients' concerns that the company's cooperation with the FBI, Paypal says it takes pains to protect customers' privacy. The agency, for instance, isn't given access to any specific client's identity or personal records unless the FBI obtains a subpoena or other court order. Absent that, the data accessed by the agency are anonymous, Paypal said.
James X. Dempsey, deputy director of the Center for Democracy & Technology in Washington, D.C., says Web businesses with proper privacy policies can legally do this type of screening of customer data. The "gray area," he says, is how closely the private company follows its procedures about turning over suspected wrong-doing to law-enforcement agencies in the face of suspected fraud.
Apart from IGOR, PayPal has taken steps to block hackers from using automated computers to quickly open hundreds of dummy PayPal accounts that potentially could be used for fraud, Mr. Levchin says.
One of the techniques involves a unique visual aid. Some users who register to open an account with PayPal are asked to view a number of patterns speckled with dots and dashes, and then are asked pick the one pattern that appears to form a word. The dot-and-dash words can be identified by humans but not by machines, according to Mr. Levchin, so accounts where the patterns are incorrectly chosen are flagged as being suspect.
PayPal officials feel their antifraud efforts are working. They cite figures from the Gartner Group showing a 2.64% fraud-loss rate for all Internet transactions. The rate on PayPal transactions was about 0.85% in 2000 and is running at 0.45% now, company officials say.
"The bottom line is that by working with the FBI and other law-enforcement agencies we have been able to stop an enormous amount of crime in its tracks and prosecute those who temporarily succeed," says Peter Thiel, chief executive officer of PayPal.
