Handling the Test Purchasing Process during OSINT Investigations
Investigators, working on behalf of law enforcement and private companies, monitor digital marketplaces to identify and remove IP infringements, stolen goods, or prohibited goods. Often, identifying an illicit good online is insufficient to support a prosecution. Determining if a good is illicit, legitimate, or fake, requires an investigator to see it in person. To get hold of an item from an online vendor usually requires the investigator to purchase the item through a test purchase.
A test purchase involves procuring an item or service from a seller for intelligence gathering or investigative purposes. Law Enforcement organizations frequently conduct in-person test purchases to determine if stores will sell age-restricted items to children. Premises are selected when intelligence indicates that the retailer has sold age-restricted products to a minor or when located in a ‘hotspot’ area.
Investigators can also use electronic means to conduct test purchases online on digital marketplaces and online stores. Investigators enact online test purchases when intelligence indicates that a retailer or individual has sold or is looking to sell an illegal product or service, grey market products, counterfeit knock-offs, or a stolen item belonging to an organization.
In the US, 21.3% of all transactions now take place online. Similarly, in the UK, 26% of all transactions occur online. With the widespread use of digital marketplaces, online platforms designed to connect buyers and sellers around the world to facilitate the exchange of an array of products, digital marketplaces have increasingly become an opportunity for the commission or facilitation of crime.
In addition to surface web digital marketplaces like Amazon, Alibaba, eBay, Facebook Marketplace, Etsy, and Craigslist, dark web marketplaces provide an encrypted hub for criminal activity where sellers and buyers using cryptocurrency can conduct transactions digitally and anonymously. Dark web marketplaces enable the trade of illegal goods and services, including child sexual exploitation materials, drugs, weapons, and stolen personal data.
Most transactions on online stores and digital marketplaces are legitimate, however, a small minority facilitates criminality, including tax avoidance and the trade of stolen items, counterfeit goods, wildlife, illicit drugs, and illegal weapons. Investigators may be required to conduct test purchases on both surface and dark web digital marketplaces to access goods for sale to support a prosecution.
Investigators conduct online test purchases for a variety of reasons, including;
- Identifying an unauthorized distributor engaging in grey marketing.
- Determining if goods are authentic or counterfeit.
- Determining if goods are those previously stolen from an organization.
- Determining the identity of an online vendor.
Operational procedure for online test purchasing is that they are conducted through “covert” operational means, where the identity of the purchaser, an employee of the investigating agency, will be withheld, as well as the real purpose for purchase, which will be to support an ongoing investigation.
During the test purchase process, direct engagement with the target will be a possibility. Each test purchase operation should undergo a review before any online activity takes place, to assess the planned process and determine whether direct interaction will be a necessary part of the process.
If direct interaction is likely required, such as during Facebook Marketplace transactions, the organization should consider if a trained undercover specialist should manage the communication.
Often, messaging between a purchaser and vendor to purchase or request an item is not assessed as constituting a “relationship” with the subject and is seen as a standard business transaction.
Test purchases on digital marketplaces, where the vendor cannot see IP information, do not necessarily require the use of VPNs and virtual machines or investigative platforms like Long Arm, however, test purchases on online stores owned by the subject require activity to be conducted on a non-attributable computer.
False Persona Account
Through a combination of strategy and necessity, test purchase investigations are conducted by stealth using covert accounts, also known as false persona accounts. The use of a covert account ensures that transactive activity does not link directly back to the investigator, whose identity is hidden.
When engaging in online commerce, buyers require a bank card for almost all transactions. Facebook Marketplace is one of the few exemptions as payment occurs outside the platform. During most transactions, vendors should be unable to view bank card details. However, this may not always be the case. Virtual payment cards can be exploited to reduce the risk of exposure of the identity of the investigator and their employer during transactions. Through services like Privacy, investigators can shield card details by creating virtual payment cards to facilitate payment instead of using traditional debit or credit cards.
During online transactions, buyers must provide an address for items to be delivered to. Using an organizational location could leak details of the investigations, so investigators may wish to use an address not linked to them or their employer. One option for investigators is to use parcel lockers like GoPost, Amazon lockers, or UPS Access Point. Parcel lockers enable investigators to have items sent to a secure neutral location to collect them from.
As with any internet-based intelligence operation or investigation, findings should be captured in an intelligence report. Test purchase intelligence reports should contain time-stamped screenshots and images of relevant items identified from online stores and digital marketplaces, as well as all purchase details, including receipts, covert accounts details, payment details, and address details.
It is also recommended that all activity related to a test purchase should also be recorded using screen recording software. Screen recording software will capture every step of the transaction process and any communication exchange linked to the purchase. Any captured screen recording can be used as part of an evidential package for legal action following a test purchase, demonstrating the exact process and ensuring the evidence stands up to scrutiny.
Organizations conducting test purchases should introduce a test purchasing methodology to ensure that the work is conducted in a standardized and fair way irrespective of the personnel employed and ensure all activity complies with all relevant legislation. If test purchase activity is presented in court, a formal test purchasing methodology is generally sufficient to evidence a process that stands up to scrutiny from the defense's legal team.
Investigators working on behalf of private organizations should ensure that they only conduct test purchases on items they are legally permitted to purchase, such as counterfeit goods. Investigators should only ever purchase illegal items when conducting law enforcement sanctioned investigations.
Skopenow works with customers to automate their investigations into online vendors. Skopenow is an investigative platform trusted by investigators to deliver intelligence insights. Employing image recognition and behavioral analytics on billions of data points, Skopenow detects and alerts actionable behaviors and risks like violent behavior, substance dependencies, and threatening language. Sign up for a 7-day free trial of Skopenow at: https://www.skopenow.com/try.