This story shows that even large organizations like Amazon and iTunes can be vulnerable to fraud and sometimes its not just about getting money out, on occasion fraudsters will use your business as pipe-line and will bring in sales into your business, in order to get money out.
In this case it was about creating, content, in this case music, for which they generated fraudulent sales so that they could then be paid revenue and royalties even if the sales eventually fell through.
This reminds me of an early fraud case where BT were defrauded by a guying who was using drinking bird toys to constantly dial premium rate telephone numbers!
This is where businesses need to look at the fraud risk, of not just where money goes out, but what checks they do on any person or organisation that will bring them sales and money in. In addition they need to look at the risk of collusion between buyers and sellers and what happens in the case of a chargeback from the sale, do the fees/royalties to the seller get reversed? If you look at this situation from a normal point of view, a business may say, hey reversing out those things may be expensive so why bother generating systems to deal with this normally minor process, but from a fraud risk point of view they would have opened up an opportunity for a fraudster, one which if you think about it, is easy to test even from outside the organisation. Do it once and see if the royalties were reversed, no, then we are onto a winner!
Of course its not just fraudsters that may want to use your business as a money pipe-line, but it may be people involved in money laundering who are using your site to make and receive payments, and in the process using your companies good name to clean their dirty funds for a small percentage fee that you charge. In this case there may be no immediate financial loss to the e-commerce business but it may be lose reputation or suffer other loss through lack of controls and gaining indirectly from criminal activity.
This especially applies to any site running either drop-shipping or marketplaces, where the business may take a percentage of the sales but not actually be involved in the delivery of physical goods. In this case how does the business know that real business is actually taking place?
Further details on the fraud here.