Trade Me Trust and Safety Compliance Governance Liaison.

Trade Me

Trust and Safety

Compliance

Governance

Liaison

Trust & Safety

Why?

Giving money to someone you don’t know for something you

haven't seen

Make people feel safe.People transact where they feel safe. Safety builds trust. Without their trust, there is no

business.

So?

How?

• Skilled Staff

• Online tools

• Good Processes

• Good Liaison (Govt./Private)

Online Advice

Self Policing

Everybody can be a sheriff

FEEDBACK RATING

ADDRESS VERIFICATION

• Sales acceleration• Mass use of “buy now's”• Multiple credit cards per member• Multiple memberships per credit card• Many auctions for new member• Multiple high risk items (laptops/PS2/Mobile phones)• New Members selling vehicles • Members asking to many questions on classifieds• Members offering to sell to many car parts • And on and on

Fraud Indicators

General Complaints screen

Quarantine Auctions/membership

Government Liaison

Police 76

Med Safe 3

WINZ 1

IRD 25

ECCA 1

Land Transport New Zealand 1

Commerce Commission 1

MAF 2

Military Police 1

NZ Food Safety Authority 1

Civil Aviation Authority 1

Ministry for Culture and Heritage 3

Courts 41 (26)

Govt Total in Last Month 98

July Govt. contacts

Police Liaison(80% of Contact)

• Counterfeit and pirated goods• Selling stolen goods• Receiving• Identity theft • Credit card fraud• Money laundering• False pretences• Obtaining by deception• Buying items for offences against M.O.D.A, (clan lab equipment)• Accessing computer systems• Using computer for dishonest purposes

Snapshot of July LiaisonPolice

• Woman threatening to kill herself and

children.

• Homicide in Auckland. (login activity).

• Sale of home made pepper spray.

• Child Pornography

July Liaison – Other

• Sale of Speleotherms – (WEG)

• Bio security – stock movement – (AHB)

• Sale of Medicines/devices – (Med Safe)

• Introduction of new organism – (MAF)

• Lasers for plane spotting - (CAA) • Home kill meat – (NZFSA)

• Unsafe dirt bikes – (MCA)

• Sale of wild animals – (DOC)

Information Release

• Privacy Act Principle 11e

• Specific

• Protection, prevention, investigation prosecution/enforcement of the law

Current Fraud/Compliance Issues

Offshore Scammers

Phishing

Sneaky

Phishers

Innocent Seller

Scammer

Innocent Buyer

1. Scammer makes purchase and obtains acc no.

2. Scammer sells non existent item, buyer puts money into legit account

3. Scammer contacts seller advises $ in wrong acc. Please refund.

Car Scammers

Stage One - Present Good Ad

Stage Two - Build Rapport

Stage Three – Send false payment details

Stage Four – Reel them in

Result: Victim all the while aware he should not be passing money via anon payment method, pays 3 x $7000 prior to seeing any proof the car existed. Result: T.M , new daily alert for new members listing a vehicle.

Money Laundering

1. Victim advertises for flat mate

2. Reply from South Africa

3. 3 month tenancy agreed to be paid in advance

4. Travelers cheque arrived and cashed

5. Victim advised that to much money sent by mistake and refund can be sent by money gram

6. Bank advises cheque is counterfeit

Phishing Inroads

Members Banned

Those with Auctions Removed

Auctions Removed

% Of Auctions

April 571 141 307 0.0071

May 596 143 377 0.0092

June 422 116 329 0.0077

July 456 68 164 0.0036

August 254 17 32 0.0007

What’s having the effect?

• 24 Hour Policing

• Direct contact with hosting sites

• Agency Interaction and information sharing

• Continued education

• Direct Contact with affected members

• Collation and alerts of offending I.P’s

• I.S.P blocking of I.P’s

NZ Based Offenders

&

Scammers

GOING THE EXTRA MILE

• Offence Reports

• Summary of Facts

• Affidavits

• Evidence preparation

• Depositions

• Court Presentation

Information

Quarantine Police Prosecution Removal

Investigations Staff

Feedback/Questions

PC identifiers

Unique Identifiers Financial Info

GEO IP

Investigation

Detection/Identification

Offender Identification

Level One

Between memberships (Links)

Level Two

From memberships to offender in dock

(Banks, Computers, buyers)

Current Prosecution

Geoff Selby

• April – May 07 Set up four false memberships

• Sale of engines/gear boxes

• Encouraged victims outside of auction process

• Contact via wanted advertisements

• Ten victims - $16,000

• Two bank accounts

• File prepared

• Selby Chased all over country

Wanted Advertisements v Auctions

Captive Audience

Result

Geoffrey Selby arrested

Appeared in Court 13 August

New Alert in toolbox

(Any member posting more than two classified messages within 24 hours.)

Sells to viaWanted Ad ‘06’

Sells to via Wanted Ad ‘04’

Sells to via Auction ‘01’

Sell to via Auction ‘01’

CLARKE

Purchased Evo Motor01.04.07

$800

RUSSELLPurchased Evo Motor01.04.07$3,500

KHANPurchasedEvo Motor 01.04.07$3,600

McGOVERNPurchased Evo Motor01.04.07

$500

McLEANPurchased Gearbox

Out of Trade Me $1,500

BRAYPurchased

Transfer case21.05.07

$550

MILLETTPurchased

Skyline Parts08.05.07

$600

THOMASPurchasedCar Parts 17.05.07$2,120

WHYTEPurchased

Toyota Parts31.05.07$1,000

KEYSERPurchased Turbo Kit

Out of Trade Me $1,800

MembershipSteven Laing ‘Silkboy290’

MembershipJohn Smth‘ma.daz2’

MembershipKatie Wood

‘Rota chic69’

MembershipRichard T‘richrist’

ComputerCookie 8156

$

UsesBank Acc:

389004040251800

Used by Used by Used by

Sells to via Auction ‘01’

Sells to via Wanted Ad ‘02’

Has used mobile phone number 027 3294289

To supply contact details on wanted adverts

Sells to via Auction ‘01’

Sells to viaWanted Ad ‘03’

Sells to viaWanted Ad ‘05’

Sells to viaWanted Ad ‘07’

27/07/07Prepared by Dean Winter

Selby Case

Trade Me

Used by

Offender

Uses

$

Uses Bank AccASB 012-3098-00277852-00

Bank Video

Richard Cullum -Convicted August 2007

LEGISLATION Deception

Every one is guilty of obtaining by deception or causing loss by deception who, by any deception and without claim of right

obtains ownership or possession of, or control over, any property, or any privilege, service, pecuniary advantage, benefit, or valuable consideration, directly or indirectly

Section 240 (1) (a) – Obtains by Deception

Penalty 7yrs – Over $1000

1yr - Over $500

3 months - Under $500

LEGISLATIONComputer Related

Offences

Crimes Act section 249 (1) Directly or indirectly, dishonestly accesses computer systemobtains property or causes loss 7 Yrs

Crimes Act section 249 (2)

Directly or indirectly, dishonestly accesses computer system with intent to obtain property or cause loss 5 Yrs

Christopher Cullum

Police Accesses a Computer X 14 Non existent Laptops$14,000

12 Months Imprisonment Full reparationNo Home Dtn

Bianca Judge Police Accesses a Computer x 2< $1000(Long history)

10 Months imprisonment

Anthony Sutton

Police Obtains by Deception x 3$1720.00

180hrs Community Service Full Reparation

Aaron McDonald

Police Obtains by Deception x 3>$3000

6 Months Imp. Leave for Home ‘D’ after 2 months

Mark Wright Police Receiving, Poss. class ‘A’, Theft, Obtaining by Deception, Importing class ‘C’.

2 yrs 8 months

Judiciary taking notice

Trader

Internet Banking Customer

The Bank

12

3

4

5

6

7

1. Hacker steals trader’s identity – likely via trojan or key stroke logger.

2. Hacker buys item via hijacked identity.

3. Hacker accesses hi-jacked bank account.

4. Hacker pays seller & they ship goods.

5. Address is empty Avondale house.

6. Hacker picks up goods.

7. Hacked bank customer contacts bank.

Mark Hayes

Seller

Hacker

Empty AvondaleHouse

Convicted

Penalty: 2 yrs 11 Months

Estimated three times that had charges been laid for non computer specific offences .

Appealed

Dismissed

Appeal on Sentence Dismissed (Nov 06)

Para 76 - Factors to take into account when sentencing for these matters:

1. Loss to business enterprise2. Financial/emotional harm3. Costs incurred relating to security and risk management4. Loss of confidence in business enterprise5. Loss of confidence in computer systems generally6. Effect of undermining use of computers in commerce7. Possibility of harm continuing after apprehension (e.g. - Virus)

“There is a public interest in providing strong sanctions against behavior which could inhibit or undermine the use of electronic communication devices both generally and, more specifically, in

commerce”

Simpson Grierson’s

commentary/review

QUESTIONS