Here's a little secret: It's possible to go online and buy a knockoff — a generic version of the drug Adderall, a fake "North Face" jacket or "Gucci" handbag. Now, we're not telling you to do it. But a big reason you can, it turns out, is that major banks in China are willing to handle the money.
Say you want Beats by Dre headphones. You don't want to pay Beats by Dre prices. Type in the brand name in a search engine and add words like "cheap," "super-sale."
"That's kind of a signal to the counterfeiters probably that you're looking for a deal," says Damon McCoy, a computer scientist at New York University who is taking me online shopping. While it doesn't take a Ph.D. to find knock-offs, McCoy is leading a small investigation into how the counterfeit good trade works.
Let's start with marketing. On the third page of our Google search, in big blue letters, we spot "Beats by Dre cyber Monday." (It's clearly a little outdated.)
What's harder to spot, beneath that, McCoy points out, is the website dovermuseum.org.
Dover Museum got hacked and now, this nonprofit based in New London, Iowa, is unknowingly in the business of selling knock-off headphones. It's tricky because if you type in the museum's Web address directly, you get its legit site. The counterfeiters just hijacked the shell of that site (the part that talks to Google search) and, McCoy says, "some code has been inserted so that it can be used to redirect visitors to these counterfeit websites." (We were redirected to the Web address coolsound.co.)
Call it guerilla advertising.
We click and land on a very professional-looking page. No typos or neon signs screaming "fake."
The product that catches my eye is a Beats by Dre "Hello Kitty" edition. McCoy says counterfeiters often get creative and mash up brands. But in this case, it turns out, the mashup is really a thing. It's even got an official store commercial where Hello Kitty jet-sets around the world with her Dr. Dre headphones.
The headphones cost $69 on this site — instead of the original $149.95. Still, I thought it would be cheaper, like 10 bucks. McCoy says it's not that inexpensive because "they just want to make it cheap enough that you think that you're getting a deal and it still might be the real product."
I take out my Visa card to buy. The checkout window has the icon for "Verisign secured" — a payment technology used on many trusted shopping sites.
"They like putting lots of security labels all over their website to give people a sense that it's a legitimate site," McCoy says.
Counterfeits used to be a cash business. The Internet has changed that. And about two years back, luxury brands — the companies being knocked off — contracted McCoy to follow the money. He made more than 300 knock-off purchases using Visa. And he found a stunning 97 percent have linked back to three major Chinese banks.
Counterfeiters had merchant accounts with these leading banks: Bank of China, the Bank of Communications and the Agricultural Bank of China.
When luxury brands complained to Visa, McCoy says, Visa then complained to the banks; the banks shut down the accounts; and the companies popped right back up — often with the exact same Web address and using the exact same bank.
An internal Visa document obtained by NPR indicates that Visa is fining banks that process illegal transactions. The fines start at $5,000 and go up to $200,000 for repeat offenders.
But, McCoy says, Visa can't push the issue too hard. "They're put in a difficult position, right. On one hand, they have the luxury brand holders that are mad." On the other hand, these banks have tons of legitimate business and give Visa access to a huge market.
In a case involving Gucci, a federal judge in New York fined the Bank of China for refusing to disclose the names of clients selling knock-off handbags. The bank appealed the decision, citing privacy concerns.
A lawyer who specializes in counterfeit litigation, John Macaluso, says there are too many criminal websites involved, and so luxury brands need to stop the flow of money. "Trying to stop every site is like holding the ocean back with a broom. Go after the supply chain," he says.
Amid Silence, One Victim Speaks
The luxury brands that contracted McCoy declined to be named publicly (and risk damaging their reputation). Stephen Gaffigan, a lawyer who represents them, declined an interview because, he says, his clients would not grant him permission to even describe the problem. Visa and Apple, which owns Beats by Dre, declined to talk too. Apple did point to the Beats Safe Buying Guide, which explains the difference between real and fake headphones. The Chinese merchant banks did not respond to our inquiry.
NPR was able to find one victim in this global supply chain who would speak.
"One thing you need to know about: We are a very small museum. We have no staff. We have all volunteers," says Virginia Ekstrand, with the Dover Museum, the nonprofit that was hacked.
When NPR emailed to inform the museum, she thought it was a scam. "The first thing that I did was check and verify that you were a real person actually working for NPR," Ekstrand says.
She then spent the weekend scouting the Internet, trying to understand what happened. Ekstrand figures there are lots of groups like hers. "If I were hacking I'd find a bunch of these little bitty places that don't have any professional help," she says.
The company that hosts her website didn't see a problem at first. After repeated calls, they finally spotted it, she says, and recommended the site be taken down immediately — until it gets fixed.