Carnegie Mellon University researchers are using an old adage to develop anti-fraud software for Internet auction sites like EBay: It's not what you know, it's who you know.
Sites such as EBay rely on users to warn others if they have a bad experience with a seller by rating their transactions.
But the CMU researchers said savvy fraudsters get around that by conducting transactions with friends or even themselves, using alternate user names to give themselves high satisfaction ratings -- so unsuspecting customers will still try to buy from them.
The CMU software looks for patterns of users who have repeated transactions with one another, and alerts other users that there is a higher probability of having a fraudulent transaction with them.
"There's a lot of common sense solutions out there, like being more careful about how you screen the sellers," said Duen Horng "Polo" Chau, the research associate who developed the software with computer science professor Christos Faloutsos and two other students.
"But because I'm an engineering student, I wanted to come up with a systematic approach" to identify those likely to commit fraud, Chau said.
The researchers analyzed about 1 million transactions involving 66,000 EBay users to develop graphs -- known in statistical circles as bipartite cores -- that identify users interacting with unusual frequency.
They plan to publish a paper on their findings early next year and, perhaps, market their software to EBay or otherwise make it available to people who shop online.
Catherine England, a spokeswoman for San Jose-based EBay Inc., said the company was unaware of the research and would not comment on it. But England said protecting the company's more than 200 million users from fraud was a top priority.
"A lot of time auction frauds involve huge amounts of money and when law enforcement arrests them, they find that it's one or two people or a small group that steals millions of dollars," Chau said. "A small group of people can cause a lot of damage."
Online auction fraud -- when a seller doesn't deliver goods or sells a defective product -- accounted for 12% of the 431,000 computer fraud complaints received last year by Consumer Sentinel, the Federal Trade Commission's consumer fraud and identity theft database.
Auction fraud was the most commonly reported computer fraud on the database.
And the scams run the gamut.
Last year, a federal grand jury indicted an Ohio man on charges he sold hundreds of thousands of dollars of stolen Lego merchandise on the Internet. Earlier this year, a New Mexico woman was sentenced to nine years in federal prison for selling forged hunting licenses on EBay, over the phone and by e-mail, and then not delivering trips paid for by out-of-state hunters.
Earlier this month, a man who failed to deliver tickets to the 2005 Ohio State-Michigan football game to 250 online auction customers was sentenced to 34 months in federal prison.