Previously seen in Green Sheet

Navigating the Threat: Identifying Fraudulent Merchant Applications in the Digital Frontier

 

As Merchant Level Salespeople (MLSs), our role extends beyond sales. We must safeguard the payment ecosystem. We need to vet prospective merchants fully. This helps avoid many fraudulent applications submitted daily. ISOs, processors, and technology service providers receive these.

In the past, MLSs mailed paper applications. They included Polaroid photos. Today, most merchant applications are online. It's also easier now to start a home-based e-commerce, SaaS, or drop-shipping business. In this new digital world, we must stop fraud. We do this by authenticating applicants. We vet their identities, business locations, documents, and financial accounts.

 

Fight Deep Fakes

 

Why are fraudulent merchant applications spiking? Our information is often already compromised. Many high-profile data breaches occurred recently. Criminals on the Dark Web sell our data. Fraudsters buy it for pennies. They use it to fund attacks. These attacks threaten payment processing integrity.

Scammers combine bits of data. They use readily available software. This creates fake IDs, Social Security numbers, checks, bank statements, and merchant account statements. Many of these look very real.

sponsored by

End Bust-Out Attacks

 

Fraudsters launch sophisticated attacks. This includes "bust-out attacks." These happen when fraudsters key-enter stolen card data. They get this data from the Dark Web. They create fraudulent transactions. If a bank or ISO doesn't stop them, funds land in a bank account. Fraudsters quickly sweep these funds. They leave a trail of chargebacks. Merchants and customers are left frustrated.

Sometimes a business owner is caught in a bust-out attack. They may end up on the MATCH list. Other times, an unsuspecting person, who doesn't even own a business, suddenly faces $50,000 in chargebacks. This happens from signed leases and ruins their credit. Security analysts recommend freezing accounts. Do this with all three credit reporting bureaus: Equifax, Experian, and TransUnion. When we spot a fake identity, we must find the real person. We make them aware. They can then take steps to freeze their credit.

Fast-moving processors often approve deals quickly. This increases the risk of bust-out attacks. Scammers use stolen identities to get merchant accounts. This ruins victims' credit. It also permanently damages ISOs, processors, merchants, and customers.

We must get ahead of this trend. We review all applications before submitting them. It's also wise to change our systems. This prevents auto-submissions. We implemented this. Now, no apps go to underwriting until we fully vet them. Eight out of 10 are usually fake!

 

Practice KYC

 

How well do we know our merchants? Fraudsters force us to create our own challenges. We must second-guess every merchant application. We constantly educate merchants about KYC (Know Your Customer). In today's threat environment, MLSs must practice our own KYC.

Technology can help these efforts. But the best approach combines artificial intelligence, biometrics, and advanced authentication with human oversight. Here are recommended ways to identify legitimate applicants.

• Authenticate business owners: Call people who fill out forms on your website. Confirm their identities. A merchant who doesn't answer or uses text-to-voice is a major red flag.

• Perform virtual site inspections: Search online for a business address. Confirm the location exists.

• Scrutinize uploaded documents: Study all documents carefully. Check checks and driver's licenses, even if they look real.

• Verify business activity: Look up a business owner's social media. Check Facebook and LinkedIn profiles to see if they are active. Obtain corporate papers. See where their business was incorporated. Scammers often flock to Wyoming, Delaware, Nevada, and other states. These states do not show corporation ownership. Banks and processors must vet merchants incorporated in these locations. This prevents fraud risk.

 

Befriend Risk, Underwriting

 

Remember, risk managers and underwriters have tools. They have advanced technologies. Do them a favor by vetting your applications. Don't risk your reputation. Don't risk your credibility by sending in bad paper. If you get a reputation for passing bad deals, analysts will scrutinize every one of your applications. Your overall approval ratings will drop. It's also good to tell them about web applications. Say if you're unsure they're legitimate. They will appreciate your honesty. They won't hold it against you.

Another way to stay in their good graces is to collect all necessary documents upfront. Do this before submitting paperwork. They might occasionally ask for more documentation. But you need to cover all bases. This avoids your application landing in pended status.

 

Stay Vigilant

 

Fraud is rampant in our society. No one reacts much anymore to news of the latest security breach. No one reacts when a legitimate-looking deal turns out to be fraud. We've seen it all. We know our personal data, and millions of other records, have been compromised.

Experts note that advanced authentication can significantly reduce fraud. It does this without inconveniencing customers. MLSs have helped merchants harden security for years. We've done it without causing customer friction. Now, it's time for us to apply our own playbook. Let's find ways to weed out bad actors. We do this without disturbing great new merchants who are signing up.

Advanced technologies can help detect deep fakes. But there's no substitute for good old-fashioned due diligence. Roll up your sleeves. Take time to scrutinize each application. Stay alert for red flags. These simple actions help us keep fraudsters at bay. They keep our companies and partners profitable.

Previously seen in Green Sheet

FAQ: Frequently Asked Questions