For merchant acquirers, one of the most common and costly causes of financial loss is merchant fraud; fake merchant accounts that appear as legitimate businesses but are just fronts for various fraud schemes.
While digital payment systems have enabled new ways to conduct business, their complexity and global reach also create opportunities for fraudsters to deploy sophisticated deceptive schemes. Additionally, the ability to easily create fake companies expands the scale of potential loss and increases the potential number of fraudsters.
The amount and cost of online fraud are increasing. For example, between 2019 and 2020, U.S.-based eCommerce merchants saw a 24.2% increase in fraud attempts, with fraud costs going up 6.6% for mid to large merchants. While these numbers are not specific to fake merchants, the general trend towards higher levels of all types of digital fraud is clear. The significant increase in online activities due to the pandemic is creating more opportunities for fraudsters.
According to a post on the topic by Digital Commerce 360,
Identity verification is a main web and mobile web challenge for U.S. eCommerce merchants, along with being able to balance fraud prevention and customer satisfaction.
Some merchant fraud schemes include:
Bust out fraud: a merchant account is set up with no intention of being legitimate, and many false transactions are processed before being closed down
Identity swap: individuals on watch lists or from a sanctioned country use another identity to set up merchant accounts to bypass Anti-Money Laundering (AML) rules
Transaction laundering (factoring): merchants process unknown transactions for another business. According to one study, transaction laundering adds up to $352 billion a year in the U.S.
Business format change: merchants lie about, or change, the nature of the products or services they sell to conceal high-risk activities
For merchant acquirers, preventing these fraud schemes requires thorough onboarding and monitoring processes. These processes protect the acquirers from chargebacks, regulatory compliance fines and sanctions and reputational damage that might affect their businesses long-term. Implementing measures to prevent merchant fraud is not only a smart risk-mitigation strategy, it is a compliance requirement as AML and Know Your Customer (KYC) laws require effective customer due diligence (CDD) procedures.
Know Your Business
While AML/KYC regulations pertaining to merchant fraud are the same as those that cover consumers, effective CDD processes for business customers entail different checks and analyses. As opposed to KYC, a more appropriate moniker is Know Your Business (KYB). While the steps to match the requirements of KYC and KYB are similar, the processes require different data from different sources.
Consider the Customer Identification Program (CIP), the first step of KYC compliance. Identifying an individual is substantially different from identifying a business. Initial business information is available on business registers. The question though is: is this information accurate? Does it offer any indication of business validity, or is it just a listing for a fake company? Unfortunately, it’s often easy to create an illegitimate listing in official business registers, and there are often little to no actual checks on the information. Verifying and validating business information during account creation helps prevent fraudulent entities from gaining an account before they perform any transactions.
Business onboarding due diligence
Beyond the business listing information, there are often requirements to perform enhanced due diligence steps to understand better the nature of the business and who is behind it. These Ultimate Beneficial Ownership (UBO) rules on obliged entities require acquiring banks to identify and verify the beneficial owners of the legal entity. As these banks are “ultimately responsible for credit and fraud risks presented by merchant accounts,” identifying and verifying UBO information is another substantive preventive measure to put in place.
Merchant fraud detection — monitoring technology and operational safeguards
Numerous merchant monitoring technologies and systems are available to manage and control risks. As fraudsters and their methods increase in sophistication, merchant acquirers should consider upgrading their detection and mitigation systems. Accessing complete and accurate information — smarter data — provides more avenues for insight into questionable transactions, patterns and accounts.
As part of this process, there are several questions to consider. What types of transactions are occurring? What are the usual amounts? Where are the transactions coming from? Are there any unusual activities or patterns happening, for example, multiple transactions at the same value? Are the transactions occurring at an unusual time? Are the number or type of chargebacks extraordinary?
There are many data points to analyze and many different patterns to examine. Various vendors have staked out different types of data and pattern analyses to offer tools that deploy leading-edge technologies such as machine learning or neural networks. Merchant acquirers need to determine what works for their specific situations and risk profiles and might use multiple tools in combination to deliver the level of monitoring they require.
It’s not simply a matter of technology; an experienced anti-fraud team that understands the dynamics of various industries and customer profiles is required to set and adjust controls and interpret the results. A system that produces too many false positives hampers the discovery of true fraud activity and can lead to reduced sales, lost business and damaged customer relationships. According to a Javelin/Vesta study, 30 percent of suspected fraudulent transactions are legitimate; so while protecting a system from fraud is vital, implementing procedures that unduly affect genuine business is problematic.
Having the technology and expertise to deploy an effective fraud risk management program gives your business a framework for identifying, assessing, preventing, mitigating, monitoring and reporting fraudulent activities. Preventing fraud isn’t just about protecting revenues and bottom lines; it also minimizes reputational harm and helps build customer trust.
Accepting payments is a core business function; transacting business online makes this fundamental task more complicated, risky and challenging. However, for merchant acquiring businesses that help enable these new payment models, there are systems and processes to manage the complications and risk.
Follow the proven and required KYB rules, know who you are doing business with, perform your due diligence and maintain proper monitoring procedures. With effective technology, systems and processes, fake merchants and other forms of merchant fraud are detectable and preventable.