FBI Provides More Details on FatWallet / Nordstrom Fraud Scheme

April 26, 2012 · 0 comments

I’ve been fascinated by this Nordstrom cashback fraud case involving Allen and Andrew Chiu and FatWallet, and another court filing provided some interesting additional details.

On March 13th, the U.S. Government requested forfeiture of the Chius’ funds that they had confiscated in January as part of their investigation.  Attached to the claim was a 28-page affidavit sworn by Cory L. Cote, a 16-year veteran of the FBI who investigated the case, describing in detail how the scheme worked and how the brothers were eventually caught.

This is it in a nutshell.  Note from the above graphic that the brothers were ripping off Nordstrom and FatWallet for nearly four years, but within a month of buying FatWallet, Ebates had caught on and banned them, and within 6 months of that, the brothers were charged with wire fraud.  Ebates is on the ball!

Here are the details:

Allen & Andrew Chiu

Allen Chiu (age 35), joined FatWallet in 2001 with the username achiu99, but he didn’t use this account to place Nordstrom orders until Jan. 2008.

His brother Andrew (age 27) joined FatWallet in January 2003, as username andyschiu.  Andy started placing Nordstrom orders through this account in October 2004.  (In checking his FatWallet profile, his last login at FatWallet was on 2/29/12.  Returning to the scene of the crime?  Lotta nerve there, dude.)

It’s not clear when the brothers got the idea to start perpetrating “friendly fraud” (placing orders and then claiming the order wasn’t delivered or items were missing).  But the FBI says that between Oct. 2007 (when only Andy was a FatWallet member) and Sep. 2008 (when both were, Allen having joined just that January), Nordstrom refunded to the brothers around $1,500 between around 40 “friendly fraud” orders.  Nordstrom processed these as refunds, and FatWallet was able to identify this and reverse their pending cashback.  So the brothers’ angle at this point was just getting free merchandise from Nordstrom.

Burberry Raincoat $1,195 at Nordstrom

But Nordstrom wised up.  The last straw was in Sep. 2008, when Allen ordered two Burberry coats for $1,195 each, then told Nordstrom that he just received one.  Nordstrom refused to credit him and in October 2008 sent both brothers a “termination” letter for excessive suspicious orders.  Addressed to “A. Chiu,” they sent it to four known addresses the guys had used.  Nordstrom told the brothers that there would be no more refunds for any loss claims and that they wouldn’t provide any service to the Chius in the future, banning them from shopping at Nordstrom.com.  Accordingly, Nordstrom’s internal records marked the two as undesirable customers residing at the four different addresses.

However at that time, fraud detection was a manual process, and the brothers kept at it, submitting orders through FatWallet to Nordstrom, with several orders slipping through the cracks.

The FBI agent’s affidavit says that around the end of 2009, Nordstrom implemented a new automated online fraud detection system.  This system had one teeny tiny glitch that the Chius discovered and exploited.  (They’re smart guys — Andrew has a master’s in computer science and Allen has an MBA in finance and operations management, both from Washington University in St. Louis, which, btw, charges around $40,000 a year in tuition.  Education dollars well spent!)

Nordstrom successfully added the Chius’ information to the new fraud detection program’s blacklist, and the system properly blocked and auto-denied orders that either brother would submit.  No credit card was charged, and no items were shipped.  However, the fraud detection system still reported the sales to Linkshare (the network that connects merchants like Nordstrom to websites like FatWallet)…and Linkshare reported them to FatWallet as if they were legit.

Allen first noticed this when Nordstrom cancelled a $3,700 order he placed on January 4, 2010, but FatWallet cashback credited anywayAha!  A glitch!  Let’s exploit it!  That is, after all, the FatWallet way!   So, the brothers amped up their activity:  the two months prior to 1/4/10, they had placed a combined 19 Nordstrom orders through FatWallet.  The next two months, it was game on:  they placed 77 orders.

And the good times just kept on rollin’ — between January 5th, 2010 and September 30th, 2011, a 22 month period, together the brothers did some serious damage:

  • Placing approximately 4,000 Nordstrom orders through FatWallet,
  • Totaling around $23.7 million,
  • Which generated around $2 million in total sales commission to FatWallet.
  • And at an average of 4% cashback, earned the Chius $1.1 million.
  • They were actually paid $650,000 by way of 787 individual checks cut by FatWallet to one or the other of the brothers…before they got caught in October 2011.

What changed in October 2011?  The prior month, Ebates bought FatWallet.  The FBI agent said that it was Ebates’ staff that caught the Chius.  (Well, they say it was PMB, the parent company…which is basically Ebates.  Ebates’ CEO is the CEO of PMB.)  Ebates noticed the suspicious activity and investigated, found the glitch and notified Nordstrom, then put a hold on the brothers’ remaining unpaid $450,000 of pending FatWallet cashback.

For whatever reasons, Nordstrom did not immediately fix the glitch.

And as a result, the brothers tried the scam elsewhere.  Foiled by FatWallet (and obviously ignorant of the recent merger between the two), Andrew reactivated a dormant Ebates account and then opened three more new ones, and in October 2011 he submitted around 25 more Nordstrom orders through Ebates, in amounts ranging from $3,400 to $15,260 (yeah, like they’re not gonna notice that…but then again, FatWallet didn’t!).

They also went back to FatWallet and tried different combinations of names, IDs, and mailing addresses to try to get paid there.  They even tried opting for PayPal.  But by then, their scheme had been exposed.

By November the feds were all over this investigation, eventually Nordstrom fixed the bug, and in January the government seized $972,000 of the brothers’ money as part of their investigation.  In March the wire fraud charges were brought against the Chius, and in April they pleaded guilty.  They may get some of their money back, depending on the restitution ordered by the judge in their August 10th sentencing.  As part of their plea agreement, prosecutors are asking for 24 to 30 months in prison, although the judge can choose to throw the book at them.

How did the Chiu brothers pull off this scam for so long?  They used 58 different credit cards from approximately 10 different financial institutions.  (33 were issued to Allen, and 25 to Andrew.)  This included multiple cards from AmEx, Barclays Bank, JP Morgan Chase, Citibank, Discover, Pentagon Federal Credit Union, and others.

They used multiple FatWallet usernames, too, to avoid detection, including cliftonx, dakota2k3dakota2k4 (through 2k9), drewstanton2000jdeepish, ttho1999, ttebow1999, dantebest2000, hharryson, stantongiant2000, and dfish1998.  When an account’s total orders would near $3 million, they’d ditch it and use another.
What did the brothers do with the money?  They deposited it into three separate checking accounts and co-mingled it with their own money, periodically transferring some into various investment accounts with Vanguard, where they bought stocks and mutual funds and made contributions to their IRAs.  (Remember, Allen’s master’s is in finance.  Handy!)  The feds seized these funds as “property involved in money laundering transactions, and subject to forfeiture.”

Canali Tuxedo, $1695 at Nordstrom (Out of Stock)

As an aside, the FBI agent noted that it was clear the brothers knew the orders would be cancelled just by the ridiculous number of high-ticket items they ordered.  For example, in January 2010, Allen ordered 8 designer tuxedos, and Andrew ordered 6.  (I wonder if one of the brothers was getting married?)

And another aside:  one of the addresses the brothers had FatWallet send checks to belongs to their parents.  Their father is a St. Louis anesthesiologist.  When the FBI was investigating Andrew in November to confirm his current address in Anaheim, they tracked him leaving his apartment and getting into a car licensed to his parents.  And the investment accounts the brothers opened up to launder the money (the FBI’s term, not an accusation on my part) were in their names but at the address of their parents.  Somebody’s getting a lump of coal in their stockings this year!

How Cashback WorksSo, to recap, here’s the money trail:  Nordstrom’s fraud auto-detection system properly cancelled the Chiu brothers’ orders but improperly reported them to Linkshare as if they were legit.  Then Nordstrom paid Linkshare sales commission in error, Linkshare paid FatWallet their cut (the Feds say it was 7% of sales), and Fatwallet paid the Chius their average of 4% cashback.

For those of you playing along with us at home:  Here’s a list of people who could have caught this:

1.  Nordstrom.  They had at least one marketing employee assigned to work with Linkshare.  Linkshare has significant sales reporting abilities.  If the Nordstrom employee had noticed a spike in large orders at Linkshare (some were in the thousands of dollars each), or the $23M jump in their overall sales numbers through the affiliate channel in under 2 years, or the huge increase in the sales generated by FatWallet specifically…this could have been caught early.  The employee didn’t catch anything.  According to LinkedIn, she’s still with the company.  Nordstrom also must have had at least one online fraud prevention employee who should have been monitoring how well the new programming was working.  It makes no sense that they would flip the switch on new programming code and have no one test to make sure it was working.  And obviously there’s also a programmer to blame.

2.  Linkshare.  They also had at least one employee (she’s still employed by Linkshare, my sources tell me, but managing another merchant’s account now), and probably a team, that was responsible for working with Nordstrom and managing Nordstrom’s affiliates.  This person would have been very familiar with Linkshare’s reporting system, which would have shown all of the large dollar Nordstrom orders through FatWallet, and FatWallet’s greatly improved performance trend for Nordstrom — they can see things like conversion rates, average order value, etc.  But no, no one noticed (or at least, no one reported it).

3.  FatWallet.  I’m not familiar with their internal structure but it seems logical that there are several people who could have caught this and stopped it early on:  their merchant relations staff, that works with stores like Nordstrom to see if they’re hitting sales goals (they sure were!), their accounting staff, that cuts checks to members (really, no one noticed all of these checks in two guys’ names going to different addresses… 787 checks in 22 months?), their administration and ownership, looking at their income statements and accounts payable, at one point in pretty close detail as the company prepared to sell to Ebates.

So, all of these people dropped the ball, and 22 months’ worth of fraud in the millions of dollars went unnoticed, and for a while the Chius had quite a profitable scheme going on.

Your thoughts?

Share this:
Facebook Twitter Pinterest Plusone Digg Stumbleupon Email

Leave a Comment