Merchant Fraud

Table of Contents

  1. What Is Merchant Fraud?
  2. How Do Merchant Fraud Scams Work?
  3. How Do Acquirers Prevent Merchant Fraud?

In the world of chargebacks, it's often assumed that fraud occurs on the customer end of the transaction. Either the customer is a using someone else's payment credentials without their permission, or they're filing a friendly fraud chargeback against the merchant. While fraud from the customer's perspective often comes from some unknown third party, there are situations in which the one committing fraud is the merchant.

While merchants who don't commit fraud might not be directly affected by this, they can be indirectly affected if merchant fraud rates in a particular industry are high. Customer trust can be lost, and governments may even step in to create new laws and regulations. What is merchant fraud, and what should merchants know about how it may affect their customers?

New call-to-actionMassive data breaches, identity theft, brazen phishing attacks—these are the types of fraud that get the most attention in the media, and not without good reason. They can affect large swaths of the population, and it’s important to inform people about these scams so they can be aware of and avoid them. Merchant fraud often has far fewer victims, but makes up for it by extracting more money from each of them.

Customers do worry about being taken advantage of by fraudulent merchants, of course, but we’re a long way off from the early days of e-commerce when many people were still wary about giving their credit card number out over the internet at all.

Customers who fall victim to merchant fraud are generally protected by their chargeback rights under the Fair Credit Billing Act, leaving acquirers to carry the liability and suffer the most financial harm from merchant fraud. However, new payment methods are being used to connect merchants and customers directly, without the need for a merchant account. These payment methods not only make it far easier to commit merchant fraud, but also often don't have the same protections for customers that credit cards do.

Regardless of the form merchant fraud takes, it can often cause higher costs and stricter rules to flow downstream to all merchants. While legitimate merchants can’t directly do much to prevent or minimize merchant fraud, they should be familiar with the typical forms it takes and the industry’s best practices for stopping it.

What Is Merchant Fraud?

Merchant fraud occurs when a fraudster poses as a merchant in order to process transactions and steal the funds. This may involve obtaining a merchant account to process payments using stolen cards or convincing real customers to make purchases that will never be delivered.

Merchant fraud can be difficult to detect until the scam has run its course and the fraudster has already cashed out and disappeared.

Typically, fraudsters will use false personal information in order to open an account with a bank, processor, or payment platform. Depending on the level of scrutiny, this may require the use of stolen or synthetic identities.

Acquirers will follow careful “know your customer” guidelines and attempt to verify account holders during the onboarding process, but these guidelines don’t always go far enough and once the fraudster has passed the initial screening, they’re relatively free to charge stolen cards and sell fake goods until the billing cycle catches up with them and their victims realize something is amiss.

The Fair Credit Billing Act was written with merchant fraud in mind, and customers have the same chargeback rights whether they were victimized by a fraudulent merchant or a third-party cybercriminal. Acquiring banks are liable for the costs incurred from any merchant fraud they’ve unintentionally enabled.

How Do Merchant Fraud Scams Work?

The most common form of merchant fraud is a “bust out” scam where a fraudster opens one or more merchant accounts, poses as a legitimate merchant, and begins processing transactions and opening up lines of credit.

Some fraudsters may set up fake storefronts and solicit real customers (with no intention of fulfilling their orders), others may simply use their merchant accounts to process transactions against stolen credit card numbers. Once the merchant accounts are full, the fraudsters cash out and vanish.

Fraudsters offering to sell goods they don't have for bargain prices is nothing new, but the rise of peer-to-peer (P2P) payment apps has greatly increased the risk to customers who fall victim to these schemes. These apps were originally intended for use between friends and colleagues, but they are being increasingly used to facilitate purchases as well. While credit card payments have chargebacks as a remedy for fraud, most P2P apps have no way for a user to get their money back, even when fraud has occurred.

Manage Chargeback In-House Or OutshoreThere are a few other types of merchant fraud that can affect acquirers. Some actual merchants may find themselves blocked from opening a merchant account in a desirable market, either because of past fraud or misconduct or because of legal prohibitions against their country of origin.

These merchants may swap merchant accounts with entities that are able to open local merchant accounts. Sometimes the merchants involved in these identity swap scams just want to sell legitimate products and make money, but occasionally they will go on to engage in fraud or sell illicit goods.

A similar scheme involves merchants who want to engage in “high risk” activity, such as online gambling, but don’t want to pay the higher fees charged to high-risk merchant category codes. These merchants will open up merchant accounts under false pretenses, claiming to be engaged in low-risk sales activities, only to switch to their intended business model once they’ve got the account up and running.

Merchant accounts can also be used for transaction laundering, also known as “factoring,” in which credit card payments associated with criminal activity are processed through a merchant account in violation of the merchant’s agreement with their acquirer. As an example, a cybercriminal might sell illegal drugs on the dark web and accept payment via credit card, which it processes by running it through the merchant account owned by his associate’s auto repair shop.

How Do Acquirers Prevent Merchant Fraud?

The best place for acquirers to catch fraudsters is during the onboarding process, but fraudsters are constantly striving to improve their techniques for stealing and synthesizing identities.

Merchant fraud is easy to spot once the fraudulent charges show up on bank statements and cardholders start calling in to dispute them, but a lot of damage can be done before that moment occurs. Laundering and identity swapping scams can go undetected for even longer.

This speaks to the need for acquirers to engage in ongoing monitoring and data analytics in order to detect and identify the telltale patterns of merchant fraud before too much harm can be done.

Other than refusing to engage in it themselves, there’s not a lot that legitimate merchants can do to combat merchant fraud. There are some merchant fraud-adjacent scams, such as triangulation fraud, that can affect merchants and lead to chargebacks, but trustworthy merchants aren’t going to find themselves implicated in the schemes delineated above.

Just make sure you understand the agreements you’ve made with your acquirer or payment processor, follow their transaction guidelines, and inquire directly with them if you have concerns about a transaction you’ve been asked to process.

Thanks for following the Chargeback Gurus blog. Feel free to submit topic suggestions, questions, or requests for advice to:
Get the guide, Chargebacks 101: Understanding Chargebacks & Their Root Causes

Ready to Start Reducing Chargebacks?