What type of illegitimate merchants do companies like yours have on their radar, and how prevalent is the issue of fake and illegal businesses for the payments ecosystem?
Along with the pandemic, a lot of businesses have been hit hard and there has been a rise in payment fraud around the world. We have seen a shift towards merchant initiated fraud and about 70% of the perpetrators are organised, criminal groups that have the resources to build or purchase existing, previously legitimate stores. Merchant initiated fraud means that businesses are processing payments with stolen credit cards and try to steal as much as possible before shutting down their businesses and moving on with the loot.
From our customers that onboard merchants primarily in the low-risk MCC (Merchant Category Code) categories (in LATAM and Europe), we have observed that around 3% of the new merchant accounts being onboarded are problematic. To quantify this situation, we observed customers that are onboarding thousands of merchants per month. Traditionally, certain categories have been considered to be high-risk such as gambling, adult, digital goods or drug stores and pharmacies, while merchants accounts in most other categories have been considered low-risk. The onboarding processes for opening a high-risk merchant account are intense and put the merchant under heavy scrutiny with extensive KYC and KYB procedures. This makes it difficult for fraudsters to obtain accounts. This is not the case with low-risk categories though where the opposite is true: acquirers have the incentive to relax onboarding checks so as to attract more and more business. Because of this, fraudsters are opening accounts in the least scrutinised segments and what was before considered ‘high-risk’ or ‘low-risk’ is now being reversed by these new trends.
What are the red flags that suggest a fraudulent merchant?
Several examples of patterns of fraudulent merchants that we detect are:
A merchant first behaves normally (for example, mostly CP transactions, low amounts, and a low ratio of failed transactions), but after the PSP/acquirer ‘trust level’ is increased and controls or restrictions are relaxed, the merchant starts behaving differently (more CNP transactions, large amounts, with stolen cards, resulting in many rejected transactions). This change of behaviour can be an indication of fraud.
A new merchant shows outlying behaviour compared to its peers. For example, when peers mainly process low ticket value card-present transactions during the day, this merchant processes bursts of large ticket value ecommerce transactions during the night.
A merchant processes normal ecommerce payments for a long period, but then starts receiving large amounts of credit transfers from different credit cards from the same country/bank, which never get charged back, followed by large outbound transfers by that merchant. This can be an indication of money laundering.
Are there any particularities to be considered when it comes to high-risk merchants, such as those working in gambling, adult industry or travel?
When it comes to this type of merchant initiated payment fraud, high risk is low risk and vice versa. High-risk merchants are heavily scrutinised during onboarding – heavy KYC and KYB. When it comes to direct financial risk to the acquirer, in some cases they present a high risk of financial bankruptcy, in other cases high compliance risk (they risk being forced to close), in some other cases they are prime fraud targets themselves because they sell digital goods or cash equivalents. Nowadays, it is very easy to open a new merchant account and to start processing payments both CP and CNP very quickly, due to these lax KYC/KYB processes. But what if they are themselves fraudsters? This is where Fraudio shines. We empower our customers to continue onboarding quickly while being able to stave off merchant initiated fraud by discovering these new, fraudulent merchants much rapidly, even weeks before they would have previously been detected.
Why should PSPs or acquirers partner with an out-sourced party instead of building their own technology and solution for the whole onboarding process?
Fraud detection and prevention are not a part of the core business for most companies in the payments chain. Building in-house means being in heavy control of your data and have a lot of it, because you will be only using your own data, which is very limited to only the patterns of fraud that you have seen before. If exposed to a new kind of fraud or grow into a new geographic region, you would be vulnerable. So, building in-house is costly and time-consuming and is very risky for a company that needs to focus on its primary target of acquiring new business.
For acquirers that have hundreds of thousands of merchants, they need to have several teams of analysts working very diligently, and would still not be as efficient as they need to be. With the power of our AI to monitor and prioritise the investigations, it allows acquirers to be far more efficient and the fraud investigations would be resolved much earlier.
For our customers, this could be a difference of hundreds of thousands of euros. Scaling a team of people is much more difficult since fraud usually happens in bursts, and this is why Fraudio is valuable for companies who wish to control fraud and scale in an organised and effective way.
There is an immense benefit and potential in working with a specialist company when it comes to mitigating risk and bringing value faster. We, at Fraudio, have already seen billions of transactions and millions of fraud events from around the globe. Instead of building machine learning models individually for each customer, we pool everyone’s data together by translating it into our own internal data schema and that is the reason why our AI is so powerful.
Artificial Intelligence seems to offer the most effective way of detecting fraud. How does Fraudio use AI to develop a leading-edge service that detects fraudulent merchants quickly, and what makes your company different from others that offer similar solutions?
Fraudio uses the latest, third-generation fraud detection technology. This means that Fraudio develops and trains its AI algorithm by using a centralised dataset. Billions of data points are constantly gathered and fed from both the acquiring and issuing sides of the industry into this centralised dataset. By constantly updating this diverse data, Fraudio leverages a powerful network effect to detect problematic activity more accurately and faster. Our merchant initiated fraud product is very simple to use and is especially valuable to acquirers in the low-risk segment. It allows them to onboard merchants very quickly, thus enabling them to grow at their own pace, without being overwhelmed by liability or financial losses.
This editorial is part of the The Fraud Prevention in Ecommerce Report 2021/2022, the ultimate source of knowledge that delves into the evolutionary trail of the payments fraud ecosystem, revealing the most effective security methods for businesses to win the battle against bad actors.
About João Moura
About Fraudio
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now