Preventing Merchant Account Fraud
UNDER BLOG read
Thursday August 18, 2022

Preventing Merchant Account Fraud

Andy Roth

  • Today’s cyber criminals can slip through the tiniest cracks to exploit vulnerable merchants and their customers
  • Merchant account fraud takes place when identity theft occurs and opens an account to process credit cards illegally
  • KYC/KYB checks help eliminate the risk of fraudsters gaining access to opening an account
  • Under’s founders come from the payments space and implemented a system focused around reducing merchant account fraud

If your ISO sells its services online, taking the steps to avoid merchant account fraud is essential. Today’s cyber criminals can slip through the tiniest cracks to exploit vulnerable merchants and their customers. There will always be customers taking advantage of generous return policies, leaving your merchant with a chargeback and products they can’t resell. The most significant percentage of merchant account fraud still comes from a third party with stolen identity data. All they need is some basic information from a victim to open new accounts or make exorbitant purchases. After that, the perpetrator disappears or moves on to the next stolen identity. 

Of course, there are practical steps merchant account holders can take to improve security and protect from security breaches that put sensitive customer data at risk. Consumers are protected from fraudulent activity and can usually recover their stolen assets within a week or two. This protection is mandated by the Fair Credit Billing Act, passed in 1974. Unfortunately, merchants don’t have that safety net to protect them and are ultimately liable for chargebacks. To protect their revenue and reputation with acquirers and payment processors, merchants must spend considerable time and resources fighting nefarious chargebacks.

How Does Merchant Account Fraud Work?

The most common form of merchant fraud is referred to as a “bust out.” For this scam, a fraudster opens one or more merchant accounts acting as a legitimate merchant. Once approved, they open lines of credit and process transactions that will never ship.

Some savvy fraudsters set up realistic storefronts and “sell” non-existent products to real customers. Others use their merchant accounts to process transactions with stolen credit card numbers. Once the merchant accounts are full, the crooks cash out and vanish.

Merchants who have been blocked from opening accounts due to past fraud may swap accounts with entities that can open local merchant accounts. Similar schemes involve merchants who engage in “high-risk” activity, such as online gambling. But, don’t want to pay the higher fees associated with those high-risk merchant category codes. Instead, these cheaters will open a merchant account claiming to be engaged in low-risk sales activities. Once they’re up and running, they switch to their intended business model.

Merchant accounts can also be used to launder the sale of illegal goods. Credit card payments associated with criminal activity are processed through another company’s merchant account in violation of the merchant’s agreement with their acquirer. 

How Can I Reduce Fraud?

By following Know Your Business (KYB) and Know Your Customer (KYC) regulatory requirements, you can be sure that you’re doing business with the person you think you are.

What is KYC?

KYC is a regulatory requirement that banks, Fintech, and other financial institutions must fulfill by positively identifying their customers before opening an account. With KYC verification, financial services businesses can put a customer’s name, SSN, DOB, and address together. This is a central part of preventing online fraud and financial crimes. KYC verification also ensures compliance with anti-money laundering (AML) regulations.

What is KYB?

Verifying a consumer’s identity can be straightforward. Still, with KYB, businesses often need to do a little more legwork to vet and verify a range of corporate and business entities that can cross borders, with varying tax regulations and regulatory environments. That can involve manually searching legal filings, gathering documents, and cross-checking stacks of financial statements. In addition, KYC and KYB checks must be completed whenever a finance company onboards a new customer. 

How Can You Prevent Fraud?

Under empowers ISOs, Agents, PayFacs, and Financial Services companies with automated identity and banking verification. By minimizing supporting documentation and expediting approvals. Under can deliver transactions that are both simple and secure, with support from our integrated partners like:

Twilio: Twilio Frontline is a programmable mobile application that enables digital relationships over messaging and voice to improve sales efficiency and outcomes. Integrate the app with any CRM or customer database to build more meaningful relationships with customers.

Alloy: Alloy is a global identity-decisioning platform that helps banks and Fintech companies automate their decisions for onboarding, transaction monitoring, and credit underwriting.

Plaid: Plaid is a world-leading open banking platform that uses its global network and more local expertise, so customers can see their financial data and make payments from your existing app.

Though we may never be able to prevent fraud entirely, we can stay one step ahead of most threats. Hackers lurk around every corner of the web, searching for and exploiting any weakness they can find. Under‘s data engineers never stop working to predict and block their next move.  

Why is Fraud a Risk with Merchant Accounts?

While fraud from the customer’s perspective mostly comes from a third party, there are situations where the merchant is the one committing the fraud. This scenario is most disappointing because there is a good faith agreement in place that outlines how the parties will work together to prevent fraud.

As these outliers cheat the system, innocent merchants are often affected. If fraud rates are exceptionally high in a specific vertical, the good guys may be punished with higher rates and lower approval rates from banks that aren’t willing to take on any additional risk.

Though significant data breaches, identity theft, and phishing attacks are the types of fraud that get the most media attention. They can affect large populations of online buyers; therefore, it’s vital to notify as many potential victims as possible. Merchant fraud often involves fewer targets, but they make it up by pilfering more money from each one.

Customers who fall victim to merchant fraud are generally protected by their chargeback rights under the FCBA. Thus leaving acquirers to carry the liability and suffer the most financial harm from merchant fraud. In addition, new payment methods connect merchants directly to customers without needing a merchant account. Unfortunately, these payment methods not only make it far easier to commit merchant fraud, but they don’t offer the same protections as customers that use credit cards.

Merchant fraud often causes higher costs and stricter regulations that affect all merchants in specific industries. While legitimate merchants can’t directly do much to prevent or minimize merchant fraud, they should be familiar with its common forms. This benefit is to adapt and/or develop strategies for stopping it.

How Does Selling Online Increase Fraud?

Ecommerce sales continue to soar as retailers have either moved entirely online or have at least embraced the opportunity to appeal to a new segment of consumers who prefer the convenience and safety of shopping on their terms. Unfortunately, with this new revenue stream comes a new breed of criminals scheming to benefit from digital anonymity. 

Card-not-present transactions always come with an inherent risk. But stolen credit cards are certainly not the only scam in a hacker’s arsenal. There’s also account takeover, which happens when a bad actor secures login credentials and takes over some unsuspecting victim’s online account. They’ll immediately change the account password before draining all the available funds. 

And it doesn’t stop there. Everyone wants you to open an account with them, from your local grocery store to your streaming media sites. You sign up for loyalty programs, travel sites, credit monitoring, and even home security companies. Many merchants will store credit card information to make future transactions faster and more convenient. However, when you use the same email and password combinations for multiple sites, you make it quicker and more convenient for a criminal to access all your accounts. Data breaches and sophisticated phishing schemes have netted billions of login credentials that are available for purchase on the dark web. And as one crack is repaired, fraudsters are already hard at work looking for a new vulnerability to exploit. 

Friendly Fraud

It makes perfect sense that eCommerce fraud increases when the economy takes a hit and inflation puts the squeeze on an already tight budget. Friendly fraud occurs when a legitimate cardholder leverages the “zero liability” rules of the credit card networks. They do this by ‘claiming’ fraud on purchases they make. They keep the product and pocket the refund. There’s little risk of getting caught if they don’t take it too far. Not so friendly after all.  

Under.io Knows how to Prevent Merchant Account Fraud

Under looks to empower ISOs and agents with tools in order to increase their conversion, decrease time from lead to account approved, while eliminating merchant account fraud with identity verification services. Under’s founders come from the payments space and understand the pain you have. Luckily, they can help.

Subscribe for new articles delivered directly to your inbox!