Why merchant due diligence should not stop with onboarding

It’s a common misconception that when an acquiring bank or payment processor wants to onboard a merchant, the only thing required is a thorough underwriting. In reality, underwriting is just the first step of an ongoing due diligence process that ends with a viable and risk conscious merchant portfolio.

To illustrate this, let’s examine a practical example. Due to confidentiality reasons, it is a fictionalised one here. Rest assured that it draws heavily from real-life cases that Web Shield’s own underwriters investigated.

Why underwriting alone doesn’t cut it

Lets take a look at a rather common case that most underwriting professionals face regularly: a nutraceutical merchant requests card acceptance. This type of merchant is usually considered moderately risky, which means there are a few crucial points to look out for: Are all of the products ingredients named – and are they approved by the corresponding regulator? Are the claimed benefits backed by clinical studies? Are there prescription drugs on the website? Does the merchant offer risk-free trials? Do they operate a subscription service? These are just a few of the questions underwriters should pursue in their investigation.

The problem is that our example merchant just recently incorporated and operates a brand-new website. This makes life harder for investigators, as their digital footprint is rather small, and most avenues of inquiry will come up short.

Sometimes underwriters can dig up information about the people behind a company, for example the beneficial owner or director. If they have a problematic history with fraud or have dabbled in any illegal activities, this might be unearthed. Then again, if you are dealing with experienced fraudsters, they will probably use a fake beneficial owner anyway. Another fruitful line of inquiry is investigating contact details, which at times can be used to connect seemingly unrelated websites to vast networks of fraudulent online shops. The country of incorporation shouldn’t be overlooked either. Be sceptical of merchants using secrecy jurisdictions to obfuscate their ownership structure, as this leaves room for anything from tax evasion to money laundering.

Nonetheless, this initial investigation often doesn’t uncover anything that would prevent the initial merchant onboarding. As is the case with our example merchant: Nothing negative comes up for the name, the address, connected persons or the contact details. The merchant only does one-time sales and the product portfolio is compliant with regulations. In an ideal world, this would be the end of it. But, unfortunately, some merchants don’t stay harmless.

How monitoring can protect you

Setting up a monitoring regime for your merchants’ websites, especially if they are recently incorporated, is crucial. On digital platforms, things can change from innocuous to odious very quickly. Take our example merchant: After a few months, their website’s visitor traffic starts to pick up. This in itself isnt a bad thing. What’s suspect is the traffic’s source.

A traffic and backlink analysis reveals that users are funnelled to the merchant’s online shop via affiliate websites with a very questionable marketing strategy: through pop-ups on shady websites that aren’t even advertising nutraceuticals. Instead they promote a lottery which claims that for a marginal amount of money, you can improve your chances of winning. Any visitor gullible enough to fall for this scam is sent to our merchants payment page where they unwittingly sign up to a nutraceutical subscription with their credit card – all the time thinking they are just a click away from their big win. Apart from the illegal pay-to-win lottery scheme, this is clearly deceptive advertising, enabled by a change in the merchant’s terms and conditions that modified their one-time sales model to a subscription one.

Not surprisingly, this change in the merchants modus operandi also leads to a lot of new complaints by customers who didn’t know they were signing up to a nutraceutical subscription. This is also reflected in a drastic decrease in the merchant’s Better Business Bureau ratings. What’s more, chargebacks take a sudden hike. This is not only the result of the merchant’s fraudulent marketing strategy, it also reflects their misleading billing descriptor that doesn’t even name the merchant or website but directs baffled customers to a non-descript support website with a customer service hotline that is virtually unreachable around the clock.

(click to expand)

Underwriters should catch all of the above before its too late, chargebacks go through the roof and the card associations warning letters arrive. The problem is that this kind of monitoring is not easily accomplished without technical solutions - and most existing ones only offer a simple keyword scan on the merchant website. When it comes to complex problems like deceptive marketing, we need analysis that take more than one factor into account and empower underwriters and risk professionals.

Fortunately, the industry is becoming aware of the problem and Merchant Monitoring Service Provider like Web Shield step up to the plate with new solutions to this problem.

About Christian Chmiel

Christian A. Chmiel, the CEO and founder of Web Shield, is responsible for the development and implementation of investigation techniques to identify fraudulent or brand damaging online merchants. He is also a lecturer at the Web Shield Academy and published several books in the fields of fraud, investigations and accounting.

About Web Shield

Web Shield equips the payments industry with tools that protect businesses from merchants involved in illegal or non-compliant activities. Their highly precise solutions provide acquirers, PSPs and other financial organisations with the information they need to make valuable decisions about prospective clients, and alert them when existing clients behave dubiously. With Web Shield, you keep your business out of risky situations, saving time and money.