For merchant acquirers, one of the most common and costly causes of financial loss is merchant fraud; fake merchant accounts that appear as legitimate businesses but are in fact just fronts for various fraud schemes.
While digital payment systems have enabled new ways to conduct business, their complexity and global reach also creates opportunities for fraudsters to deploy sophisticated deceptive schemes. Add to that, the ability to easily create fake companies expands the scale of potential loss and increases the number of targets.
Some merchant fraud schemes include:
Bust Out Fraud: A merchant account is set up with no intention of being legitimate; as many false transactions are processed before being closed down
Identity Swap: Individuals on watch lists or from a sanctioned country use another identity to set up merchant accounts to bypass Anti-Money Laundering (AML) rules
Transaction Laundering (Factoring): Merchants process unknown transactions for another business. According to one study, transaction laundering adds up to $352 billion a year in the US.
Business Format Change: Merchants lie about, or change, the nature of the products or services they sell to conceal high-risk activities
For merchant acquirers, preventing these fraud schemes requires thorough onboarding and monitoring processes. These processes protect the acquirers from charge-backs, regulatory compliance fines and sanctions and reputational damage that might affect the business long-term. Implementing measures to prevent merchant fraud is not only a smart risk-mitigation strategy, it is a compliance requirement as AML and Know Your Customer (KYC) laws require effective customer due diligence (CDD) procedures.
Know Your Business
While AML/KYC regulations that pertain to merchant fraud are the same that cover consumers, effective CDD processes for business customers entail different checks and analyses. As opposed to KYC, a more appropriate moniker is Know Your Business (KYB). While the steps to match the necessary requirements of KYC and KYB are similar, the processes require different data, from different sources and therefore, different systems.
Consider the Customer Identification Program (CIP), the first step of KYC compliance. Identifying an individual is substantially different from identifying a business. Initial business information is available on business registers. The question though is: is this information accurate? Does it offer any indication of business validity or is just a listing for a fake company? Unfortunately, it’s often easy to create an illegitimate listing in official business registers and there’s little to no actual checks on the information.
Beyond the business listing information, there are often requirements to perform enhanced due diligence steps to better understand the nature of the business and who is behind it. These Ultimate Beneficial Ownership (UBO) rules on obliged entities require acquiring banks to identify and verify the beneficial owners of legal entity customers. As these banks are “ultimately responsible for credit and fraud risks presented by merchant accounts,” identifying and verifying UBO information is another strong preventive measure to put in place.
Verifying and validating business information during account creation helps prevent fraudulent entities from performing any transactions.
Monitoring Technology and Operational Safeguards
Numerous merchant monitoring technologies and systems are available to manage and control risks. As fraudulent methods increase in sophistication, it’s advisable for merchant acquirers to upgrade their detection and mitigation systems. Accessing more complete and accurate information — smarter data — provides more avenues for insight into fraudulent transactions, patterns, and accounts.
What type of transactions are occurring? What are the usual amounts? Where are the transactions coming from? Are there any unusual activities or patterns happening, for example, multiple transactions at the same value? Are the transactions occurring at an unusual time? Are the number or type of chargebacks unusual?
There are many data points to analyze and many different patterns. Various vendors have staked out different types of data and pattern analyses to offer tools that deploy leading-edge technologies such as machine learning or neural networks. Merchant acquirers need to determine what works for their situation and profiles and might use multiple tools in combination to deliver the level of monitoring they require.
It’s not simply a matter of technology; an experienced fraud team that understands the dynamics of the various industry and customer profiles is required to set and adjust controls and interpret the results. A system that produces too many false positives hampers the discovery of true fraud activity and can lead to reduced sales, lost business and damaged customer relationships. According to a Javelin/Vesta study, 30 percent of suspected fraudulent transactions are actually legitimate; so while protecting a system from fraud is vital, having procedures that unduly affects genuine business is not effective either.
Accepting payments is a core business function; transacting business online makes this fundamental task more complicated, risky and challenging. However, for merchant acquiring businesses that help enable these new payment models, there are systems and processes to manage the complications and risk.
Follow the proven and required KYB rules; know who you are doing business with, perform your due diligence and maintain proper monitoring procedures. With effective technology, systems and processes fake merchants and other forms of merchant fraud are detectable and the risk mitigated.