eCommerce Chargebacks & Fraud Consultant Karisse Hendrick visits Fraud Busting. She’ll tell us all about how she’s used card info to discover who’s cheating, How she helped bust a Biggie Smalls Impersonator operating a stolen credit card ring and also why she stopped a suspicious purchase from a very famous rock star. (You gotta listen in to find out who it is.) She’ll tell all about how she helps big companies detect and stop fraud losses and give us tons of tips to protect yourself online. This one is fun.
Traci Brown: Karisse, thank you so much for coming on Fraud Busting. It’s an honor to have you on. I’ve listened to so many of your podcasts. I feel like I know you, but we just met about five minutes ago.
Karisse Hendrick: Face to face, yes. Thank you so much for having me on yours.
Traci Brown: You bet. You bet. Now, before we get started, tell us how’s your pandemic been? Has it been going good for you?
Karisse Hendrick: Does anyone say yes?
Traci Brown: No. They all say no.
Karisse Hendrick: Argh. I’ve been trying really hard to find the silver linings in things. Okay. I usually would be traveling a ton, especially this time of year. Okay, I get to spend more time with my family. I have never not traveled internationally or just even nationally for this long. I’m finding that as a silver lining. It was off to a really rough start, but I’ll say the last few, two or three months, have been pretty great. I’m starting to get my stride.
Traci Brown: Ooh, I love to hear that. Yea, I’ve been missing being on the road as well. I do a lot of keynotes. Here’s the thing, you know this, when the economy goes down, fraud goes up. Tell us about you, because you have a niche specialization, that’s why we have you on. Now is your chance to brag and make yourself sound amazing, which won’t be hard to do, but let’s hear it. Tell everybody what you do.
Karisse Hendrick: What do I do? A little bit of everything. My primary focus is ecommerce fraud prevention. I got into it on accident, like most people that are in ecommerce fraud, but I stayed on purpose, as I say. I really got into it at the right time when ecommerce, the second boom, not the first one, but the second one, and really the span of my career has been, I’ve been growing up about the same rate as online fraud has been growing up. I just turned 40 a couple weeks ago, and I already have a lifetime achievement award which is crazy.
Traci Brown: Wow!
Karisse Hendrick: I won the Legend of Ecommerce Fraud Award last year at FraudCon which is in Tel Aviv, so that was an awesome trip.
Traci Brown: Dang.
Karisse Hendrick: Yea. That was a total accident. I didn’t even know. I just got an email saying I was nominated, and I won. Oh, okay. I didn’t even know I had to apply. That was pretty awesome.
Traci Brown: Better go to that event.
Karisse Hendrick: And I did. Right. Like, oh, is this a scam? You never know with emails these days.
Traci Brown: It’s true.
Karisse Hendrick: But fortunately, I knew of the person, so I knew it was legitimate. But yea, the first half of my career was really spent in operations and ecommerce fraud, working kind of on the ground, so to speak, for online merchants. Most notably, I started the Fraud Department for Bag, Borrow, or Steal, which was the first online rental company for something other than DVDs, so lots of risk there. Some of the items were as much as $40,000 but someone could “rent” them for as little as $1,000 a week or it went down from there, but it was a risky business model where they didn’t think about fraud and so that was really trial by fire and that’s the way I learned. Then I moved on and built what’s called the friendly fraud process for Expedia and worked with them. Yea, so just everything about my career really was the right time, right place, more or less, and then the last seven or eight years, I’ve really fallen in love with supporting online merchants. Through working for the largest trade association in fraud which is the Merchant Risk Council and I did that in 2012 to 2014 or 2015, I really became the go-to person in my role for the largest companies in the world, saying hey, we don’t know who else to ask. Can you help with this? I just fell in love with that, so that’s what led to becoming a consultant. I’ve since helped develop conference content and educational content for CNP – Card Not Present.com, and now I’m full fledged. I was doing that simultaneously as building my consultancy, and now I’m fulltime working for myself and I currently host the Fraudology podcast, which is pretty new. Prior to that, I was the co-host of the Online Fraudcast with former cyber criminal Brett Johnson, who I know you’ve had on your show.
Traci Brown: Absolutely. Okay.
Karisse Hendrick: Passed all that.
Traci Brown: You’re a bad ass. We got that. Let’s say, I have a company. Why would I call you? Let’s say I own Target, which I don’t. Let’s say I do. If I called you, what would you do?
Karisse Hendrick: Very good question. It really varies the gamut, but the basic crux of it, online fraud is so important because when a credit card is stolen and used online, that merchant has to pay that cardholder back through the chargeback process. Whereas when a card is stolen and used at an in-person location, it’s gotten a little more complicated with the chip cards and everything, but let’s just blanketly say that most of the time the merchant doesn’t have to pay for that, so they don’t even know when credit card fraud happens in their stores. But online, you receive a chargeback and it’s generally 60 to 90 days after the transaction so your product’s gone, now you have to give the money back, and Lexis Nexis has a survey, and it says that the true cost of fraud is actually over $3, so for every $1 of fraud on a stolen credit card on your website, it’s actually costing your company over $3.
Traci Brown: Oh boy.
Karisse Hendrick: So when you put that in the millions, if your website is attractive to consumers, if you’re making money selling items or services online, a criminal can make money selling your services and goods online too, and they will. Really that’s why ecommerce fraud is so important, and so back to your question of what I do, a lot of times I really work with merchants to reduce their chargebacks. Chargebacks don’t just happen when a credit card is stolen. There is also a pretty decent sized percentage of consumers who have learned if they call their bank and say they didn’t make a purchase they all of a sudden get their free TV or their vacation for free, so they’ve learned how to exploit that system. I’ve really figured out how to look at the behavior and look at the root cause and help merchants prevent that from ever happening and also when it does happen, helping them regain as much revenue as possible and recover that. But these days I still do those cases, but I also do a lot of thought leadership and education piece as well, so speaking at conferences, doing trainings for teams in fraud, or if a company says, okay, we know we need a fraud technology but there is over 200 now and they all sound like they do the same thing. I can cut through the noise, and go, okay, what are your problems? These are the two or three companies I would talk to.
Traci Brown: Okay. Got it.
Karisse Hendrick: It’s a lot of things.
Traci Brown: It is a lot of things. It really runs very deep when you think about that $3 of fraud per dollar. But a lot of these companies, like some of the big box retailers, they have a pretty high threshold for paying attention to a certain case, don’t they? It’s quite a bit of money before it they’re like, okay, now maybe we shouldn’t just give this money back. Like maybe we need to dig a little deeper here. Can you tell us what some of those numbers are, or is that not okay?
Karisse Hendrick: There are two different parts. There is the at time of transactions, there is fraud prevention at the time of transaction based off of a lot of great technology that we have as well as people that grew up like me, without the technology, having to figure out just using a few different data points, being able to guess someone’s intentions, and learning how to really trust your gut and knowing. Okay, if the billing address and shipping address are different, that could be totally fine. You could be sending an item to your niece or you could have stolen a credit card and be shipping it to yourself. At the time of transaction, there’s a lot that goes into fraud prevention and trying to just ensure that you’re canceling the right transactions without, on the flip side, impacting a good customer who looks a little bit risky and just cancelling that order. It’s a real art and science of being able to know. Right now, it’s really done by data at a high level. Back when I was doing it on the ground, a lot of it was more like hand-to-hand combat, but now it’s a little more at a high scale of looking at the data and saying, okay, what percentage of these type of transactions turned into chargebacks. Okay, let’s put some rules around that, or let’s use machine learning to be able to look at all these little tiny behaviors that a human wouldn’t know, but that’s going to help. These days you can know everything from the browser of what someone’s using, their type of phone, the language on their browser, how they’re holding their phone, how they type in their password. There are so many different behavior biometrics that can help on that front end. It’s really important. There are a lot of tools for that, but not all tools are the best tools, so trying to sort out through that noise is important. That’s the first side, the prevention side, and it’s almost like whack-a-mole where you have one down and then another comes up. That’s almost a whole department on itself.
Then on the backend, I think what you’re talking about is the investigations piece, and that’s when they’re able to start tying those together and saying, wow, all of these transactions were done by the same person or the same group. How can we work with law enforcement to be able to get prosecution on those? It’s less about . . . I think the big box retailers that have those thresholds, it’s because when they’ve worked with law enforcement, law enforcement has had those thresholds.
Traci Brown: Oh! Because it’s like $10,000 or $15,000 or more.
Karisse Hendrick: Oh, a lot of time it’s in the seven figures at this point.
Traci Brown: Really!
Karisse Hendrick: It’s infuriating sometimes. It’s kind of like the Wild Wild West where most people who are committing credit card fraud online are never going to be caught because, if you think about it, especially in the U.S., our enforcement, a lot of times they talk about jurisdiction, where local law enforcement says, well, yea, the person who’s credit card was stolen was here in Seattle, but the credit card was actually used in Colorado. The merchant, the company that it was used with, they’re based in California, so who’s jurisdiction is it? It kind of become this “not it” game.
Traci Brown: Oh.
Karisse Hendrick: That’s part of it. That’s really challenging. Then the other is with federal law enforcement, it’s the FBI or the Secret Service, and they have a lot of safety issues that they have to prioritize before the financial piece. The FBI doesn’t have time to look at it. It’s very frustrating sometimes. Even then, even if you have a case in the seven figures, the merchant really has to be able to dedicate a person or a team to be able to put all that together and put it on a silver platter and a nice bow, so to speak, for law enforcement. But even then, you kind of have to find the right law enforcement agent to care and want to dig in and want to explain to the U.S. district attorney what IP spoofing is, all these high tech things that are hard to understand. We certainly have a long way to go on prosecution. I never want to seem like I’m being Debbie Downer, but I think it’s important to be realistic. That’s why so many more companies are putting so much more effort in the prevention side at the time of transaction. There is honestly very few ecommerce companies that even have investigations unit because they are not going to see their money come back.
Traci Brown: That’s just the thing with all kinds of investigations. Do you really care about exactly how much you lost down to the penny because you’re paying the investigator and you’re out the money. You ain’t getting it back. It’s not there. It sounds like what you’re saying is a lot of what you do is help people get the right programs going with the right algorithms to fit their needs because it’s just not a manual process anymore.
Karisse Hendrick: No, no. It’s a real strategic thing too because you want to be able to really balance the customer’s experience. Are they going to have to enter in all their information all the time? Are they going to have to send you a picture of their driver’s license? No. Not when it’s for a $1,000 item. How do you be able to narrow it down to be able to let all of the people who are for sure in the green go, a category that they can have their transaction approved quickly and shipped out the door very quickly, and then the people who are a little more risky are reviewed. A lot of it is in the strategy and then really aligning it with the company. I’ve worked with two different competitors that will have completely different problems or completely different issues. Or others, I mean, if you think about it, within the online community, an online retailer with physical goods is going to have completely different fraud than an online gaming company or an online dating company. Online dating obviously is . . .
Traci Brown: Oh man, that is crazy. Online . . . .
Karisse Hendrick: Romance scams and those guys aren’t going to use their own credit cards. They’re going to steal one. Online gaming is going to have a lot of online currency and sometimes money laundering risks as well as kids who are using their parents’ credit card. How do you know? We can go down to so many rabbit holes, but it’s just so unique because every vertical is so different. I’ll talk to somebody who works for a really large travel company like I did, and then they go to retail, and they’re like, oh, I thought I knew how to fight fraud, but I don’t anymore. It’s like, no, you do, the basics are the same, but there is a lot that’s different.
Traci Brown: Wow. Okay. Let’s go back to the start. With Expedia, tell us about travel fraud. You’re covering your mouth.
Karisse Hendrick: I was coughing. Sorry.
Traci Brown: Oh, okay. Alright. I was like, oh, she’s got a story.
Karisse Hendrick: Well, there are stories. I put it on mute and was coughing.
Traci Brown: Oh, funny. You are hilarious. Okay. What goes on at Expedia with travel fraud? How can regular people like us? We need to watch out for some stuff too. Companies need to watch out and then the consumer does. Let’s go both sides.
Karisse Hendrick: Yea.
Traci Brown: What’s the story?
Karisse Hendrick: Obviously, I worked there 10 years ago, so obviously what we saw there is going to be a little different, but I do still work with a lot of the biggest travel companies online internationally, so I do know what goes on there. A lot of people think that travel fraud would be difficult to commit because when you fly you have to have your ID, but there are just so many siloed entities that if you make a purchase of an airline ticket on a third party travel site then they have to get it through the airline and there is duh, duh, duh, duh. Anyway, there are so many broken down siloes that it’s not as simple for the online travel company to contact the airline and say, hey, when that person checks in, can you make sure they have the right ID because there is just so much fraud. You can’t do that. A lot of what we saw, a lot of what travel sees as well is just a lot of interesting purchases. We would notice, oh, this is probably a man cheating on his wife.
Traci Brown: Oh! Like what?!
Karisse Hendrick: What does it look like? Or worse, a lot of time we saw – I’m trying to think of the right term for it – sex workers that would steal a credit card from their customer, customer A, and then they would make a purchase with customer A’s credit card for customer B, to reserve a room for customer B and would continue it. They would, say they have a customer, they would also take his credit card in addition to whatever cash he paid them, and then they would use it to book future hotel rooms. But we would also have wives that would call and get their credit card statement and say, I never went to this hotel. It’s like, I can look up in the system and see that your husband checked in with his ID and with his credit card. I can’t tell you who was with him, but I can tell you that he was there. There were definitely those kinds of things. We, as a former team, as well as just all online travel probably, have broken up a few marriages. I mean, we’re not the ones making the . . . or, we’ll have to call and verify. Like, this looks suspicious. It would look suspicious because the husband made up a new email address because he didn’t want his wife to find him or he would make up a fake name. When your credit card information doesn’t match or when the email address has never been used before, that looks suspicious. We would have to call and say, “Hey, we just wanted to know if you made this purchase.” Sometimes it would be, “Yea, but I’m with my wife. Can I call you back?” It would be like. Or, I do remember at least one time that someone called, a very angry man called because we had left a message on their voicemail and to their wife’s knowledge there were no trips booked to a hotel anywhere soon, so certainly not meaning to pick on the men, but I would say more often than not it was men that were cheating and weren’t super smart about it.
As far as regular fraud, I will say that there is a serious component to travel fraud where terrorists, including the ones for 9/11 as well as other organizations, overseas, etc., they don’t want to use their own money. They don’t want to use their own credit cards because it can get tied back to them. But also, why would they? They’ll use stolen credit cards to make purchases for plane tickets or a train, hotel, etc. That’s definitely a darker side and one of the bigger reasons why the fraud department has to have aliases, so when we would call or talk to any customers, we had a second name that we used. Being a newcomer to the team was really hard. You would meet somebody earlier, and they said their name was Josh, and then he picks up the phone and says, “This is Gene.” You’re like, “Wait. Who are you?” But it was for protection because just in case anyone came to the office and said, “This person made me mad” or, “This person cancelled my trip” and they were a terrorist or a violent person, it would be easier for the company to know, oh, that person is not employed here. That must be an alias.
Traci Brown: Oh, my goodness. Did you have an alias?
Karisse Hendrick: I did.
Traci Brown: Can you share it or not?
Karisse Hendrick: I can. I haven’t used it since. I had no time, so I didn’t come up with a good one. I just used my middle name and a family member’s maiden name.
Traci Brown: Okay. Alright.
Karisse Hendrick: It was Grace Jackson. It wasn’t very exciting.
Traci Brown: That’s not bad. That’s a good name. That’s actually a pretty neat name. It’s believable. It’s not like when you call customer service in a foreign country, and they’re like, “Oh my name’s Tina.” It’s like, “No. Your name is not Tina.” (Laughing).
Karisse Hendrick: (Laughing). Yea. Very true. We were all in the U.S. There were definitely . . . something that was really cool back then, because this is fairly common now, but not common back then was that we would have international people that were really specialized in the culture and in the country. For instance, there is one person I still keep in touch with who is from Italy. She worked out of Seattle, but she spoke fluent Italian as well as understood the riskier areas of town. If you saw an order in Manhattan you might think a little differently than an order in Brooklyn, maybe not now, but that kind of juxtaposition.
Traci Brown: Yea, yea.
Karisse Hendrick: Yea, it was interesting. As far as customers go, I think there is always three things that all customers should do to try to protect themselves online, and I agree with you that if you let companies do all of it, like they’re never going to be able to get ahead of it, and that really is making sure that you’re not using the same password for multiple accounts which is really, really hard to do.
Traci Brown: It’s hard to do! Yes.
Karisse Hendrick: It’s really hard to do but so important. I can’t tell you how many times . . . when people say like, “Oh, my Instagram got hacked” or “My Amazon got hacked.” First of all, I don’t like that term because it’s not really what it is. It’s just me getting hung up on terms. It’s an account takeover. That is when basically, for instance, there was a breach with Hulu years and years and years ago, and you can go to a website called HaveIBeenPwned and put in your email address and see if there are any passwords that correlate to your email address from any breaches. I know for me, mine comes up from the Hulu breach. I had to make sure that I changed that because any account that had the same email address, even though the Hulu breach was like five, six, or seven years ago, I mean, that was a while ago, criminals say, “I wonder if they use the same password for their Amazon or for their Facebook or their Instagram” and that’s how they do it. They do. That’s how. You can be as safe as possible but think of all the online accounts that you have a stored credit card on. They don’t have to get access to your credit card. They can just use your account.
Traci Brown: It’s pwned.com
Karisse Hendrick: Yes, I think so.
Traci Brown: Yea, that’s what it is.
Karisse Hendrick: Okay, good. I’m glad you looked.
Traci Brown: A friend of mine just told me about it.
Karisse Hendrick: Oh, yea.
Traci Brown: Beth Z. She’s so cool. She terms herself your nerdy best friend, and this is what she does. She spends hours doing this and of course she is a presenter. She had a webinar, and I was like, “Oooh, I think you need to write that down.” I had someone contact me last night, yea, that was last night, because they were like, “I just got a note that my MySpace account was breached. Isn’t MySpace, like that’s over?” I’m like, “No. It’s not over.” MySpace is still . . . it’s there.
Karisse Hendrick: Yea, yea.
Traci Brown: Okay, okay.
Karisse Hendrick: That’s one of them for sure that I always tell people because honestly online companies, it’s very challenging for them to know, well, is it you logging into your account on a new phone that you have, or when you’re traveling, or is it someone else logging into your account? Being able to have . . . it just makes it so easy for criminals. They don’t even have to get a credit card if they don’t want to. There are several companies that, on the dark web, or even just on fraud communities where you can buy an account to a food delivery app, for example, for like less than $3.
Traci Brown: Yea, yea. It’s like $3 or $4. That’s what Brett was telling, our friend, Brett Johnson. I was like, “Brett, come on. I’m worth more than that.” He’s like, “Nope. Sorry.” He’s like, “You are not.” Okay. We got number one. Different passwords. Number two, what is it, Karisse?
Karisse Hendrick: Number two is to freeze your credit.
Traci Brown: Yes, I’ve done that.
Karisse Hendrick: Good, good. And your kids’ credit as well, if you have kids, because honestly kids are very attractive to cybercriminals who want to open new credit cards in their names because the kid isn’t going to look at their credit statement in a while. I think what a lot of people don’t realize in the U.S. is that the credit agencies and the Social Security Administration don’t talk to each other, so there is no credit created for you. They don’t know what your social security number is until you put it in. If a cybercriminal is creating a credit profile for your child, for instance, they can say they are whoever they want to, and it’s just attached to the social security number. That’s definitely another. That’s more for having new accounts in your name. If you have a credit card and it gets stolen, that’s not going to show up on your credit report, but there are definitely several different frauds that happen there. Lastly also, well, there are several, but the other is to ensure that you. . . Why am I forgetting the last one? I say these all the time.
Traci Brown: I don’t know, Karisse. Brain freeze.
Karisse Hendrick: No, no. It’s just a brain freeze. I’m like, wait, I know this very well.
Traci Brown: (Laughing).
Karisse Hendrick: Oh, I know, see, this is why I’m like. . . it’s the simplest one, honestly, and that is just to keep an eye on your credit accounts, especially the ones that you don’t use very often, and to be very judicious about what links you click on when there is an online email because that is another way that cybercriminals will get your information. They’ll send you an email from Paypal, from Target, etc., and it will look just like that and it will say, “Your information was breached. You need to re-enter your password.” If you click that, you’re entering your password onto a fraudulent website. There are a lot of other nuanced ones, but those are really the three general ones that I recommend. A lot of times I have friends, family, former classmates from high school who reach out to me whenever they’re victims of fraud.
Traci Brown: Oh, ouch, ouch. Okay, okay. What’s the biggest dollar amount fraud case that you’ve worked on?
Karisse Hendrick: Oh my gosh. I mean, there have been several that are multiple millions of dollars. But that’s more on the, again, after the fact.
Traci Brown: What did they steal? How did they do it?
Karisse Hendrick: One that comes to mind quickly is I was actually asked to be an expert witness – sorry, I’m like, my brain is just going on crazy things – but for a federal case against . . . this is the part that’s so funny. He was a Biggie Smalls rap impersonator. There was this guy in Southern California that had a group of people and some people referred to it as a gang. Others call it a posse. I don’t know.
Traci Brown: He was an impersonator?
Karisse Hendrick: He really loved to rap, and he looked like Biggie Smalls, and he sounded a little bit like him. I would say he had a small amount of fame on MySpace. Back then in was MySpace with a musician’s page and everything. He would get hired to do small concerts or venues in California, so locally, and then a few in Vegas. Actually, every time he would travel from California to Vegas, the FBI when they did all their research and everything, were able to map out every single gas station and store between southern California and Vegas that he would use stolen credit cards at every trip.
Traci Brown: Oh, wow.
Karisse Hendrick: It was almost like a shotgun blast or a cannon blast from where he lived. They were mapping out all the transactions and they were very concentrated close to his house and then would get a little less all the way to Vegas and all the way up to San Francisco. In that case they were physical credit cards that were being stolen. That was before EMV, so it was much easier to do back then, to clone the cards. It actually became this huge case where the federal prosecutor out of Seattle actually went . . . It started with a pizzeria that got breached and a guy in Russia got the credit card numbers from this pizzeria place and several other POS systems that had the default password set up for their POS in the computer. He pulled the credit card numbers, and then he sold them to this Biggie Smalls impersonator. The Biggie Smalls impersonator had this whole group that would put them on gift cards usually, but they’d just steal stacks of gift cards from a grocery store. They didn’t need to have them activated or anything. They just needed the mag stripe on the back. They would load the information, the track one, track two data on those cards, and then he would have his people, his posse, or his gang, whatever just use it as much as possible and buy as many things as they could so they could sell them for a discounted price, like on Craigslist.
Traci Brown: Yea, like half price TVs and things.
Karisse Hendrick: Yea. It was quite the story.
Traci Brown: This proves that impersonation does not pay near as much as the real thing. He just had to have different diversification it sounded like to me. Wow.
Karisse Hendrick: It was $4 million I think was the amount that they were able to track to him, but I’m sure there was a lot more. Another funny part was whenever he would go to Vegas, usually he would go – gosh, I’m talking a lot about cheating spouses, and I don’t mean to, but . . .
Traci Brown: You’ve uncovered a little thing here.
Karisse Hendrick: (Laughing). Yea. Like, huh, what is in my subconscious that these are the stories that are coming up, but when he would go to Vegas.
Traci Brown: I’m not going to ask too many questions. (Laughing).
Karisse Hendrick: Right. Geez. Oh boy. (Laughing). I’ve been locked in the same house with my spouse for seven months, so I don’t think he . . . if we could, but we wouldn’t. I don’t think it’s that. But no, it was about, yea, $4 million total but it was interesting when he would go to Vegas, he would go with a different female every time, and he would spend a lot of money at name brand luxury stores, you know, $5,000 purses.
Traci Brown: Prada stuff, yea.
Karisse Hendrick: Yea. I’m so used to not saying names because I usually work with most of them, so that’s why I don’t.
Traci Brown: I’m saying it.
Karisse Hendrick: No, no. You can say it. I’m just saying that’s why I’m not saying them. That’s why I’m like . . .
Traci Brown: Okay, okay.
Karisse Hendrick: No. You can say whatever you want. I just want to make anyone mad that I know.
Traci Brown: (Laughing).
Karisse Hendrick: They know that their stuff is very popular stolen. They would go to all these different stores, and he would pick out a little something pretty for whatever girl who was with him. His girlfriend kept coming up to Seattle from southern California for his court dates, and the prosecutor had planned to ask me a question that said, “Hey, I see that he’s made all of these purchases at Louis Vuitton, all these different name brands. Why do you think that is?” I said, “Well, I believe they were for high-end purses.” Then they put her on the stand and said, “Ms. Whatever”, it was girlfriend or wife, “Do you have those purses?” and it clicked in her head that he’d been cheating on her, so she never came back. She never came back to his trial again.
Traci Brown: Oh, my goodness. Here you are. Breaking.
Karisse Hendrick: I know. It’s not intentional. It’s certainly not, I don’t take fault for it because other people made their choices. I was just answering questions.
Traci Brown: You’re almost like a home wrecker! (Laughing).
Karisse Hendrick: I know. I really just am most comfortable in payment fraud, but there are all kinds of things that are associated that yea, end up happening.
Traci Brown: Oh man, is that the craziest case, or you’ve got another one?
Karisse Hendrick: I mean, several. These are like the older ones that are fun. I mean the last eight years I have been supporting merchants and I definitely hear their stories, but it’s more like hearsay in a way. My own story is when I managed the fraud department at Bag, Borrow, on Steal, we had a new customer come in and want to rent a combined total of $38,000 worth of items, had never had any experience, never shopped with us before, never had any history. They were all white items. I don’t really know why, but sunglasses, purses, all different types of purses, name brands, etc. They had use five or six different credit cards and every single one had gotten a decline. They were in their own name. But then they had one in someone else’s name that was approved, so that looked super suspicious. You’ve got six credit cards and all of a sudden, you have got this one. It was a guy’s credit card. I thought, this is probably 90% fraud, but I’ll just give them a call. I called the phone number and it was an accountant’s office, and I asked for the cardholder. They said, “Oh, he’s not available for the next 60 days.”
Traci Brown: Uh-oh.
Karisse Hendrick: Yea, uh-huh. I said, “Oh, do you know this woman name ____?” He said, “Oh, yea, that’s his girlfriend.” I’m like, “Okay, I need to be able to pull his credit because it’s a high dollar amount and we need to know that he can pay us back if it doesn’t show up”, all the things. They had the girlfriend call me. I started kind of asking her basic questions. A lot of times in those calls you’re not looking for what they say, but kind of how they say it. So, I said, “Why did you use Steven’s card?” She said, “Because I’m all tapped out, baby.”
Traci Brown: (Laughing).
Karisse Hendrick: She was obviously on something. For almost a year anytime anybody asked me anything, my answer was, “I’m all tapped out, baby.” (Laughing). But the story got kind of funny because I would then say, “I need to talk to Steven, who is the cardholder. If you’re going to be renting these items, it’s on him if you don’t return them.” She said, “Well, he’s away. He can’t talk for 60 days.” I said, “Well, if that’s the case, then I can’t run this credit.” I cancelled the order, and said, “When he can call, let me know.” I got off the phone and afterwards I was like, “Where is he that he can’t get back for 60 days?” so I thought maybe jail. Right?
Traci Brown: That’s what came to my mind.
Karisse Hendrick: Mine too. So, I googled the cardholder name, which was Steven Tallarico. What I found out is that Steven Tallarico is the legal name for Steven Tyler of Aerosmith.
Traci Brown: No!
Karisse Hendrick: He was in rehab.
Traci Brown: Was it his wife or a girlfriend?
Karisse Hendrick: It was his girlfriend at the time. They ended up getting married. Yea. They were together for a while. Erin. I can’t remember her last name. Yea. They were together for a while. I think. . . I don’t know. Brett had me tell the story on our podcast like last year or something, and I just googled her quickly. They’re no longer together. He went to rehab first. She did not. Then she went to rehab later. That’s the being tapped out, but once I realized that, I was like, oh, I hope the cardholder calls and I can check his credit report.
Traci Brown: Yea. Uh-huh.
Karisse Hendrick: We did have several D-list celebrities that would rent handbags because they would be on the red carpet or something. That was just the start of reality TV in 2008 to 2010. We had a couple Real Housewives and things like that, but that was just such a funny story because I thought for sure it was fraud and it wasn’t. It was just. Yea. The girlfriend of Steve Tyler.
Traci Brown: Did you re-receive the order? What did you . . . ?
Karisse Hendrick: No. I didn’t trust her and without him knowing that was on his card and that it wasn’t a purchase, it was a rental, I didn’t trust it with $38,000. I didn’t really trust her. She didn’t sound super on top of things. Remember, oh, my rental is up and I need to return these items and go to the Post Office. Yea, that was . . . There were a million stories from that place. That was definitely one of my more memorable ones.
Traci Brown: Oh, I love it. Okay, Karisse, we’ve got to wrap this up. What is your one last tip for people? Because we did your three tips.
Karisse Hendrick: Yea.
Traci Brown: You got one more thing, like to leave people with, to be like, this is what you’ve got to do so that you’re safe?
Karisse Hendrick: Yea. I mean, you really said it towards the beginning that when – oh geez, I just, I talk with my hands and I drop things, sorry!
Traci Brown: What was that?
Karisse Hendrick: Oh, it was a book.
Traci Brown: Alright, alright.
Karisse Hendrick: I’ll kind of go back. You really said it best at the beginning. When the economy goes down, fraud goes up. We are seeing that at a speed online that is just unprecedented. A lot of it is targeting people who may not be able to see their family, but these fraudsters are saying, “Hey, I’ll order food for your family and you just have to pay me $20, and I’ll get you whatever groceries you want” or whatever it is, so there is that need there. There are so many things I could talk about there, but I think the biggest thing I would say is be really hypervigilant. The ads and the things you see online does not mean that it’s a credible company. Double check the who is domain to know when the website was even registered. There are several newer websites being posted out there that have items for significant discount, and chances are those were used with a stolen credit card. I would say just be super vigilant, both about the emails you receive, all the links you click, anything that you click. If you get an email from someone and you weren’t expecting it, go out to their website and re-enter your password. Don’t use the link. It’s a little extra work. If somebody calls you and says that they’re from your bank but they don’t even the say the name of your bank, that’s a red flag.
Traci Brown: Oh, that’s a good one.
Karisse Hendrick: I always say too, when you get a phone call and you weren’t expecting it or they say they are from Visa, sometimes they do know your bank, I always offer to call them back. I say, “I’m sorry. I don’t give any information to someone who calls me.” Even if they say, “Hey, you have a bill at your doctor’s office” and I know that’s my doctor, I say, “Hey, I’m just going to call you back.” I always call them on the phone number on the website, not the phone number that they gave me.
Traci Brown: Oh, that’s good. That’s good.
Karisse Hendrick: Yea. If they’re like, “No. You can’t call us back.” One time someone was saying they were representing my bank, said that their fraud department didn’t take calls. I said, “Well, that’s not accurate because I know you do.” That’s a dead giveaway too. They don’t want you to call. Those are just some of my tips, but I think this year more than ever, be skeptical. If it’s too good to be true, it most likely is.
Traci Brown: Yea, yea. We have learned here that you are a wealth of knowledge and you’ve got some stories to tell. I know you do a lot of keynotes and you do consulting. How can people get a hold of you?
Karisse Hendrick: I think the best way is on LinkedIn. My name is hard to spell, but I know you’ll have it on the podcast.
Traci Brown: Yea.
Karisse Hendrick: People can just spell it out that way. Also, my consultancy is called Chargelytics. I took the word chargeback and analytics and smooshed it together.
Traci Brown: There you go.
Karisse Hendrick: Chargelytics Consulting. I have a lot of information there as well. Then the Fraudology podcast. Just like you, I really am passionate about sharing information with people, especially in this weird little corner of the internet that nobody really thinks about until their credit card has already been stolen or for an online business they’ve already lost three times as much as the item that was purchased.
Traci Brown: Exactly. Thank you so much for coming on Fraud Besting. You are a gem.
Karisse Hendrick: Thank you so much, Traci. I really appreciate it. I’m looking forward to having you on the Fraudology podcast soon as well.
Traci Brown: Oh, yea. We’re going to do it.