Watch collecting enthusiasts trade expensive high-end watches directly among each other in online marketplaces and forums like TimeZone. Unlike eBay and Amazon, such marketplaces are community-driven and commission-free. They provide services for listing a watch but leave payment and shipping to the seller and buyer and offer no guarantee for such transactions.
Not surprisingly, a variety of online scammers employ elaborate tricks to cheat sellers and buyers out of watches and/or cash. Identity fraud is at the core of most reported exploits.
Next we briefly explain: 1) how a typical online watch marketplace works; 2) the basic scamming techniques used to attack it; and 3) how IDifier can be used to protect sellers and buyers.
Modus operandi of a watch marketplace:
Seller posts an ad describing the watch, asking price, terms of delivery, refund/return policy etc.
Interested buyers contact the seller through email or private message within a discussion forum.
Seller and buyer negotiate price, delivery terms, and method of payment.
The de facto method of payment is via inter-bank wire transfer into an account provided by the seller. Alternatives include PayPal, bank check, face to face meeting. Wire transfer is the most common however.
Upon reception of funds the seller ships the watch according to the agreed upon terms of delivery (typically via insured courier service).
Scamming the buyer out of his cash:
A variety of techniques have been used to cheat a buyer and get his cash without delivering the watch. An extensive list of incidents can be found here. The general pattern of the scam is something like the following:
A scammer posts a bogus ad using pictures of a watch that he picked up from a different source in the Internet. He prices the watch well below market price to make it appear as a deal but without raising suspicion.
The scammer creates an email or forum account that appears to belong to a trustworthy forum member that has sold watches in the past and for whom there exist online references and a high reputation score. If jsmith is the username of reputable seller John Smith with email john.smith@gmail.com, the scammer will create on the same forum a new user j.smith with email j.smith@gmail.com.
Upon completion of negotiations with the buyer, when asked for references the scammer will provide a url to the reference section of a reputable watch trading forum (like TimeZone) for jsmith.
Many buyers fail to check whether j.smith with email j.smith@gmail.com is indeed the user jsmith for whom the references are available. Even if one notices the difference, many people shy away from challenging the legitimacy of another person with whom they have been exchanging emails, might have spoken on the phone or skype, has provided them with address info and a banking account.
In some cases the references may actually be for j.smith but they are fake, created by other accounts that the scammer controls.
The bank account may or may not belong to the scammer. In many cases scammers use several intermediate companies and accounts to launder the money.
Upon receiving the money, the scammer stops any communication with the buyer and disappears.
The buyer will typically file a complaint with the police and the banks of the scammer. The police is notoriously slow in investigating financial crime that involves few thousands of dollars and the victim has very few clues to provide to the investigation.
If the bank account is on a different country the process of resolving disputes becomes even harder. The scammer can be using multiple accounts and can walk away from each one of them after a certain amount of scams has been carried out.
Scamming a seller out of his item:
In many cases the bank account receiving the funds does not even belong to the scammer. 3-way scams are very frequent in which the receiving account belongs to another seller selling a different item, e.g., a watch, a car, or something of similar value. This seller is unaware of the scam.
While scamming the original buyer, the scammer also approaches the legitimate seller holding the receiving bank account and promises to deposit the requested funds for the item that he sells.
The legitimate seller sees the deposited amount coming from the buyer of the watch and takes it as a deposit from the scammer. Thus he ships the item to the scammer. Typically to an address that is not associated with the true identity of the scammer. The scammer just has to show up and pick it up using the provided tracking info.
When the original buyer realizes that the scammer did not ship the watch he complains to the bank at which point the account of the legitimate seller can be frozen and an investigation be launched against the innocent seller.
In the end either the buyer looses his cash or the seller looses his item to the scammer.
Using IDifier to stop scammers:
IDifier allows sender and buyer to verify the identity of one another.
By tying up a verified legal name with the online accounts of a seller, scammers cannot pull impersonation attacks on buyers.
Using the verified location function of IDifier a seller can prove his location to a buyer. A buyer can also prove his allocation, and assure the seller that he is not threatened by a 3-way scam.
IDifier keeps on file photo ID and utility bills together with head shots of a user. In the rare case that falsified documents will be undetected, IDifier has in file hard proof of the scam that can be used for helping the investigations.
Online personals web sites are increasing in popularity as more and more people turn to the web in order to find new opportunities for friendship and/or romance with people that are not on their immediate social circle.
Despite the obvious value from extending one's options and opportunities to meet new people, many remain skeptical about initiating relationships online or continuing to face-to-face meetings.
The main reason is that the famous "On the Internet, nobody knows you're a dog" adage is well planted in the mind of many users. Most personals ads use aliases or actual names that, however, cannot be verified. Therefore, the web abounds with stories of long online correspondence that in the end proved to be a hoax, with one of the parties being nothing like who he or she claimed to be.
Even if an online acquaintance seems to be going well, many people are hesitant to make the next step to a face-to-face meeting, being fearful mainly of security. Unfortunately, rare but real stories of predators lurking in online personals sites are hard to overcome.
Using IDifier to increase the trustworthiness of online personals:
A user can add to his online personals profile a link to his IDifier badge revealing as much of his identity as he is willing to, e.g., he can reveal his age, location, and profession, along with testaments of their validity, while concealing his actual name or exact address.
Before making the step to a face-to-face meeting a user can reveal his full identity, including photo id, along with validation scores to its originality and thus ease any fears of the other party.
You are browsing books on Amazon looking for the best latest novel to buy. You are one of those people always bragging that you read the latest box office hit in its book version. So you definitely want to read a book that good that will probably become a movie in the future. You are looking for the next “Gone Girl”.
Other than reading the book yourself to judge, there is not much you can do besides reading the reviews on Amazon and elsewhere. But these reviews are not very helpful unless you can trust those who wrote them.
Suddenly, you come across a detailed review of the book that looks like the reviewer knows what he’s talking about. In the review, there is the claim “I am the first assistant of a famous Hollywood producer, and I tell you that a script from this book has all the right stuff to become an Oscar winner”. Interesting, but can you trust this guy? Is he really who he claims to be [1]?
Also, consider this real-life example. Alice is shopping for a food scale and she finds a rave review “Worth DOUBLE the Money” [2] from a user claiming “I was a chef for many years”. Should she believe this review, given that she is aware of authors or users with vested interests in a company who have been caught astroturfing, i.e., creating fake positive reviews for their own books [3], their company's products [4] or their hotels [5]?
Real-world remedies to this problem typically forgo a user's anonymity. For instance, Amazon provides a “Real Name” [5] to a user that wishes to sign his posts by his real name. Amazon verifies a user's name using his credit card information. Moreover, verifying a user's identity by examining official certificates or meeting in-person can be costly and time consuming.
Here comes IDifier. It enables the poster of a review to prove aspects of his identity to readers without having to reveal his complete identity. Using IDifier, our aforementioned Hollywood employee does not need to reveal his real name (or the name of his boss) and to give a credit card to Amazon to prove his identity and profession. He can instead use our tool to prove to IDifier his profession. He can subsequently use IDifier’s anonymous Profile Links to convince others of his real world profession.
Similar needs arise in many other online settings, such as Quora, Wikipedia edits, blog comments, etc.
For example, the Newsroom is a show about a team that works in a news channel. They try to report the news in an ethical and reasonable way.
On the 6th episode of the 1st season, while Will, one of the protagonists, presents a commentary, some unpleasant website comments were posted and he accidentally read them out loud. After this snafu, he asks his colleagues to change the policy for comments so that the news team knows the age, profession, etc, of the poster. Will succinctly describes the problem and Neal offers a suggestion.
IDifier can help them verify the identity of the posters. They can check their IDifier profiles to verify their age, location, or profession.
Our team's insight is that online users or services do not require strong authentication in many settings, and can benefit greatly from likely-to-be-true identity information. For example, a user who contemplates purchasing a kitchen scale may benefit by knowing that a reviewer's declared profession is more likely to be true than another reviewer's. Similarly, it may suffice for an age-restricted site (e.g., adult site or online alcohol retailer) to know that a user's age information is likely to be true. In the adult site setting in particular, the currently deployed solution relies solely on web sites asking the user to state, under the penalty of perjury whether he is of the proper age. This solution does nothing but transfer all the responsibility for a potential violation to the lying user. The web sites themselves are not required to pose any additional obstacles to the users.
On the other hand, our solution offers regulators the option to require online services to raise the bar for violators, while preserving user anonymity. IDifier is manipulation-resistant and can assist verifiers to make more informed decisions on whether to accept an identity claim.
IDifier can also be of great use to system administrators that wish to regulate access to resources based on affiliation. For example, a campus-wide WiFi network needs to be available only to people affiliated with the university. Currently, users need to obtain the required credentials from IT services. With IDifier, sys admins can simply provide access to anyone who can prove that he is a member of the university's academic community.