Maritza Dominguez has seen some impressive attempts at payment fraud in her 18 months as trust and security lead at Patreon, a site that allows online artists and web content creators to get paid by running membership businesses for their fans. The scheme she uncovered this summer proved to be one of the most impressive to date, not only for its innovation but for its sheer complexity.
In a multi-account takeover scheme, fraudsters would take over a content creator’s account, then take over dozens of patrons’ accounts, which they would use to make fraudulent pledges using stolen credit card data. The fraudsters would then create a PayPal account, change the artist’s payment method to the account and then cash out. “It takes a lot of skill” to pull off a fraud like this one, Dominguez says.