Fraudsters can create merchant accounts that appear to be legitimate and create much financial havoc before they are discovered. As the following article reports, merchant acquirers and banks can be fooled by criminals that open what appear to be real businesses.
With all the hype about identity theft and other consumer-side digital crimes, it’s easy to overlook the fact that merchant fraud is still one of the most common and costly causes of financial loss for acquirers.
Merchant fraud can be very hard to detect – especially given the complexity of the digital payments ecosystem. Yet, the work put into detecting and preventing merchant based fraud is nothing compared to the costs involved in dealing with chargebacks, fees and fines. Merchant fraud exposes acquirers to the liability of facilitating criminal activity – placing them at risk of chargebacks, fines, brand or reputational damage, regulatory sanctions, and even legal action.
When tackling the challenges of merchant fraud, acquirers need to be aware of the many forms this fraud can take. Specifically, acquirers should be on the lookout for these three types of merchant fraud:
In a so-called bust-out fraud scheme, a merchant applies for a merchant account without any intention of actually operating a legitimate business. These merchant accounts are then used to process fraudulent transactions or to acquire lines of credit before abandoning the account altogether.
The aim of this type of fraud is simple: process as many fraudulent transactions as possible within a short amount of time, and before being caught, simply abandon the account. In the online world, it is extremely easy to falsify identities and set up fake businesses. For example, in what is probably the biggest synthetic identity fraud scheme to date, criminals managed to create 7,000 fake identities and apply for and receive 25,000 separate credit cards. They also created fake companies that did little or no legitimate business or worked together with other stores to run their credit card transactions. In total, the perpetrators managed to steal $200 million from banks between 2003 and 2013.
Most public attention is given to security breaches at merchant files and other data storage sites where consumer payment card data can be found. But some savvy fraudsters find other opportunities by creating false merchant credentials in order to secure a merchant account. Once approved, this allows them to run as many illegitimate purchase transactions as they can before being caught. As with consumer side payment fraud, advancing fraud detection systems using machine learning will be the best antidote. Expect merchant-side fraud and the ensuing cat-and-mouse game between enforcers and crooks to continue. But it’s just that we won’t be hearing much about it from any media outlet. It’s typically not revealed by the affected parties.
Overview by Raymond Pucci, Associate Director, Research Services at Mercator Advisory Group
Read the full story here