5 Types of Merchant Fraud You Should Know

Among the numerous challenges business owners face today, one of the most pervasive and costliest is merchant fraud. In 2022 alone, global e-commerce merchants experienced substantial financial damages of over $40 billion due to fraud.

But that’s not all—for every dollar lost to illicit activities, businesses incur a total loss of $3.75 due to expenses for handling and mitigating fraud. These include the hefty burden of chargebacks and legal liabilities, as merchants are typically on the hook for reimbursing fraudulent transactions and covering associated fees.

With projected losses from online payment fraud expected to exceed $362 billion between 2023 and 2028, tackling merchant fraud is more critical than ever.

What Is Merchant Fraud?

Merchant fraud is a type of payment fraud where scammers exploit a merchant's identity or account to conduct deceptive activities. These can include using stolen credentials to access a merchant’s account, setting up fake merchant accounts, or hijacking legitimate merchant accounts to carry out illicit transactions.

Due to the difficulty of verifying online transactions, e-commerce businesses are particularly vulnerable, with fraudsters exploiting weaknesses in payment systems. Similarly, fintech companies and payment processors are highly targeted because their innovative approaches, like digital wallets and Buy Now Pay Later (BNPL) services, attract cybercriminals.

Due to the high value and complexity of their transactions, the travel and hospitality industries also contend with significant threats. Retail businesses, especially those selling high-value goods like electronics and jewelry, encounter considerable fraud risks as well.

5 Key Types of Merchant Fraud

Merchant fraud can take various forms, each with unique mechanisms. Here are the most common types that businesses must be aware of:

1. Bust Out Fraud

Bust-out fraud is a sophisticated scheme in which malicious actors establish fraudulent merchant accounts using false personal information or synthetic identity. Initially, they conduct small, legitimate transactions to build and maintain a credible fake account or identity over time. Once a sufficient credit line is established, they rapidly execute a series of large purchases and cash advances, maxing out the credit line before disappearing.

Aside from the significant financial losses of businesses from unpaid balances, this fraudulent activity can negatively affect the credit risk evaluations conducted by financial institutions, leading to more cautious lending practices and potential losses from incorrectly assessed risks.

2. Chargeback Fraud

Chargeback fraud is committed by someone who appears to be a trustworthy customer, as opposed to a traditional fraudster. In this type of fraud, a customer completes a purchase and subsequently requests a chargeback from their credit card issuer. They’ll claim the transaction was unauthorized or that they never received the item. This fraud is relatively easy for consumers to commit, especially in the e-commerce space, where the physical presence of a signature or PIN is absent. As a result, merchants suffer financial damage from losing the product originally sold to the customer.

Payment processors may also impose penalties on merchants with high chargeback ratios. With high chargeback ratios, merchants can face increased scrutiny, higher transaction fees, or even account termination by payment processors.

3. Transaction Laundering

Transaction laundering, also known as factoring, occurs when a fraudster processes illegal transactions through a legitimate business's merchant account—often without the business’s knowledge. The primary goal is to clean illicit money by making it appear legitimate business income.

Fraudsters first establish a relationship with the business, posing as a customer, partner, or service provider. They then gain access to the merchant account through social engineering, system vulnerabilities, or insider collusion. Once access is secured, they disguise fraudulent transactions as legitimate sales or services, using real product codes or altering transaction details.

Fraudsters can also add fake transactions to a mix of legitimate ones, increasing the number of transactions and making it more difficult to detect with regular audits. The implications for the business are severe, including potential legal action, fines, and reputational damage. They can also face compliance risks related to anti-money laundering regulations, such as enhanced due diligence requirements, freezing of accounts, and regular audits.

4. Triangulation Fraud

Triangulation fraud involves three key parties: the fraudster, a legitimate online store, and an unsuspecting customer. The fraudster sets up a fake online storefront, offering popular items at attractive prices to lure customers. When an unsuspecting customer places an order, they provide their credit card details to the fake merchant account, effectively transferring their payment to the scammer.

Next, the fraudster uses separate stolen credit card data to purchase the same item from a legitimate online store, which is shipped directly to the customer who originally placed the order. The customer receives the product and remains unaware of the fraud. Meanwhile, the legitimate store faces a chargeback when the actual credit card owner disputes the unauthorized purchase. This results in financial losses and potential reputational damage for the store.

The fraudster profits by pocketing the customer’s payment without incurring any direct costs for the product they “sold.” They might also use this customer’s credit card information to buy goods from another legitimate store and ship them to a different recipient, creating another instance of triangulation fraud.

5. Phishing

Phishing, another type of merchant fraud, involves tricking individuals or organizations into revealing sensitive information. Fraudsters send deceptive emails, texts, or social media messages that appear to come from reputable brands or institutions. These messages use spoofed addresses to mimic legitimate sources, such as banks or online retailers. They contain malicious links or attachments, leading to fake websites resembling genuine ones. Once on these fraudulent sites, recipients are prompted to input sensitive information like login credentials or credit card numbers.

The stolen data is then exploited for unauthorized transactions or identity theft. To evade detection, fraudsters often use proxy servers and other techniques to hide their identity and quickly alter or discard the stolen data.

Top Strategies for Combating Merchant Fraud

Businesses can successfully tackle merchant fraud by adopting a comprehensive approach that includes the following strategies and solutions:

Implement Multi-layered Security Protocols

Encrypt all sensitive data to ensure that even if it is intercepted, it stays unreadable to unauthorized parties. Replace sensitive payment information with unique identification symbols (i.e., tokens), such as credit card and bank account tokens, that retain essential information without compromising security. Apply multi-factor authentication and regularly update software to patch vulnerabilities and protect against exploits.

Real-Time Transaction Monitoring

Use advanced tools to monitor transactions in real-time, detecting unusual patterns and potential merchant fraud. These tools leverage machine learning and behavioral analytics to identify anomalies and flag suspicious activities, such as atypical spending behavior or transactions from unfamiliar locations.

Use of AI and Machine Learning

Deploy AI-powered anti-fraud systems to analyze large datasets and detect anomalies. These systems go beyond real-time monitoring by continuously learning from new data and improving their accuracy over time.

Machine learning algorithms can pinpoint complex patterns and trends that aren't immediately apparent to human analysts, such as subtle changes in user behavior or multi-dimensional data relationships.

Strong Payment Policies

Establish strict procedures for credit card authorizations and identity verification. Set transaction limits and use merchant fraud monitoring and prevention tools to flag suspicious activities. Constantly review and update these policies to adapt to new fraud techniques.

Fortify Your Fight against Merchant Fraud with Fraud.net

Secure a formidable defense with Fraud.net’s real-time transaction monitoring solution and end-to-end fraud platform. With Fraud.net’s powerful solutions, you can tackle merchant fraud head-on, strengthen your security posture, and uphold customer trust.

Join forces with Fraud.net to shield your business and outpace fraudsters before it’s too late. Book a meeting with us today.