Many acquirers and payment service providers (PSPs) believe a rigorous onboarding process is enough to keep them safe from risky merchants. However, this unwise assumption leaves acquirers and PSPs vulnerable to fraud and abuse. Until merchants start transacting, acquirers and PSPs won’t know for 100% if they were right. Implementing a strong ongoing merchant acquiring risk monitoring strategy is a critical step to avoiding risky transactions.
Why Ongoing Monitoring Merchant Acquiring Fraud Risk is Critical
Merchant monitoring must be an ongoing process beyond the onboarding stage. Acquirers and PSPs should regularly compare merchants’ current behaviors with their initial expectations during the onboarding stage to ensure they still align. It also pays to ensure the merchants are behaving similarly to other merchants in the same category code.
Acquirers and PSPs must be able to quickly flag these merchant accounts for further investigation whenever a merchant is believed to be engaged in suspicious activity. Without rigorous due diligence and monitoring, these merchants will continue to engage in risky behavior and leave PSPs and acquirers vulnerable to different fraud schemes, financial crimes, and ultimately the financial liability of transactions they’ve processed.
The Top Merchant Acquiring Risks to Follow
PSPs must be able to quickly flag merchant accounts for further investigation whenever a merchant appears to be engaged in suspicious activity. These suspicious behaviors could be indicative of serious fraudulent activity, including:
- Bust-Out Fraud: This is arguably one of the most feared outcomes for acquirers and PSPs. But there’s certainly enough historical precedent of bad actors committing fraudulent transactions and leaving acquirers and PSPs to face significant financial losses. Worse yet, fraudsters are proving to be both clever and patient when it comes to committing bust-out merchant fraud. Some are taking the time to learn an acquirer or PSP’s different tiers of limits. They will continue to process what appears to be legitimate transactions taking months or even years until they can maximize the value of a bust-out event.
- Money Laundering Threats: Acquirers and PSPs will want to closely monitor their merchants’ risk profiles to ensure they aren’t enabling potentially criminal activities. For example, let’s say a merchant onboards offering an online marketplace to buy and sell used books or clothes. But a closer inspection of their transaction activity reveals their transactions include several high-risk – and possibly illegal – transactions. This could range from trading counterfeit goods, illegal drugs, weapons, and other illicit activities. Acquirers and PSPs will put their own organization at risk if the activity goes undetected for too long.
- Credit Risk Exposure: Sometimes, a merchant’s entire industry sees a rapid shift in risk levels. Take a look at the travel industry, for example. Just a few short years ago, numerous travelers canceled their trips when it became clear the pandemic was rapidly spreading. As cancellations rolled in, acquirers and PSPs faced a deluge of chargeback fees from disgruntled travelers looking for refunds. As industry risk levels change, so should acquirers and PSPs. Both parties should make sure to adjust their onboarding and monitoring procedures and protect their exposure from riskier merchants.
3 Steps to Implement a Strong Ongoing Merchant Acquiring Fraud Risk Assessment
The most efficient way for acquirers and PSPs to identify risky merchants is to overhaul their onboarding process. Pinpointing inefficiencies in the onboarding process is a proactive step that can offset bigger problems down the line. However, assessing a merchant’s risk level must continue well beyond the onboarding stage.
What does a strong ongoing merchant acquiring fraud risk management process look like? Here are three things acquirers and PSPs can do to upgrade the process.
Build a Cohesive Strategy and Culture
It’s too common for different departments and divisions to create silos around their different responsibilities. Meanwhile, many organizations lump together various point solutions for each challenge they uncover. This approach causes communication breakdowns between both teams and technologies.
Acquirers and PSPs need a cohesive team structure and processes to make sharing information easier. This approach allows Fraud Prevention and Risk Analysts to easily and confidentially share details with their Anti-Money Laundering (AML)/Compliance colleagues if they suspect a merchant’s behavior is raising alarms.
When it comes to technology, consider using a solution that offers a holistic view of risk instead of a system of disparate and disconnected point solutions.
Embrace AI and Automation
Automation is critical for acquirers and PSPs to detect risky merchant behaviors as they unfold. Artificial intelligence (AI) can not only detect bad behaviors, but AI can also benchmark good behaviors and flag unusual deviations, something that rules-based systems struggle to do.
Acquirers and PSPs that operate with higher-risk merchants need to be especially vigilant about their portfolio of merchants. This is especially true for merchants that are more susceptible to fraud and money laundering risks, such as those in online gaming, adult entertainment, or legalized gambling. Organized crime syndicates are heavily involved in these businesses and know how to avoid getting caught. Using automated and AI solutions to review transactions can connect multiple data points and shed light on emerging patterns that human analysts are likely to overlook.
Regularly Compare Merchants’ Performance with Onboarding Records
Review how a merchant is currently performing compared to how they were expected to perform at onboarding. Acquirers and PSPs should schedule regular touchpoints to perform merchant reviews as regularly as possible.
At the same time, regularly check how payment networks’ rules and regulations are changing. Following Russia’s invasion of Ukraine, for example, many acquirers and PSPs started to see a rise in merchants taking money from consumers intended for humanitarian charities. However, several of these charities turned out to be fake. Some card network operators issued new regulations and guidance to help acquirers and PSPs understand where charities should be listed and which ones could be trusted.
Acquirers and PSPs are never done keeping tabs on merchants. Practicing ongoing merchant acquiring risk monitoring is critical to avoiding financial liabilities and ensuring they treat merchants according to their appropriate risk level.
Download our Merchant Risk Management for Acquirers Solution Sheet to learn how our solution enables acquirers to quickly onboard new merchants with confidence.
Share this article:
James Hunt
James Hunt has over 20 years of experience preventing payment fraud across banking, eCommerce, and payment service providers, specializing in creating, leading, and refining fraud prevention teams. Believing that fraud and risk teams should be an enabler of business and not a bottleneck, he’s consulted with some of the world's largest global brands. Prior to joining Feedzai, James held positions at NatWest, GoCardless, and Visa.
Related Posts
0 Comments8 Minutes
Blocking Money Mules Starts with Inbound Payment Monitoring
Fraudsters have become highly innovative, manipulating legitimate customers with…
0 Comments4 Minutes
Elevating Fraud Prevention in Latin America: Feedzai’s Strategic Partnership with Dock
In the rapidly evolving world of fintech, security remains a paramount concern. As a…
0 Comments4 Minutes
Feedzai Named Top Category Leader in Payment Risk by Chartis
Feedzai, the world’s first RiskOps platform for financial risk management, has been named…