Criminal activity, including fraud, is ancient. But there is a type of merchant-based, online fraud relatively new to the payments industry. Known as Transaction Laundering (TL), this form of fraud is spreading quickly, often undetected by Merchant Service
Providers (MSPs), including payment processors and acquiring banks.
MasterCard defines TL as ‘the action whereby a merchant processes payment card transactions on behalf of another merchant.’ One example of TL is when a flower shop merchant gets approval from an MSP and then links the flower shop’s payment page to other
types of businesses that it did not declare during its application process. By funneling payments through ecommerce websites, transaction launderers are able to link extended networks of unreported, hidden, and often illegal websites to MSPs’ payment networks.
These websites may include unlawful content such as extreme forms of pornography, illegal pharmaceuticals, gambling, and trading in drugs or weapons.
This new scheme has quickly pervaded the payment ecosystem, leading MSPs to unknowingly process illegal transactions, which result in millions of dollars in non-compliance fines, not to mention the huge reputational risk to their brands.
Easy set up for merchants. Easier for criminals.
How did this form of fraud get to be so popular? The answer is the proliferation of payment platforms combined with the micro merchant movement. For many years, merchants needed a computer programmer or Web designer to get an estore up and running. Today,
web platforms make it fast and easy to move a business online, display a product catalogue, add a payment page and then connect to a payment method such as a credit card.
The ease of setting up an online business has created a new layer of complexity and an unmanageable data overload. This makes it difficult for MSPs to filter out fraudsters and enables these fraudsters to engage in criminal activity with little or no interruption.
Since there are so many payment platforms available today, MSPs find it hard to understand where the money is coming from and where it is actually going. Our research shows that there are as many as 6% to 10% of additional unauthorized ecommerce sites on top
of a merchant portfolio that MSPs may be processing without their consent or awareness. In other words, for every 10,000 known merchants, one should expect an additional 600 to 1,000 unknown merchants. That means that MSPS need to handle an insurmountable
quantity of data, creating a massive problem.
Cyber intelligence to the rescue
As online technology evolves, so does online crime. Criminals are able to set up many businesses so they can hide the transactions across multiple layers, merchants and marketplaces. Up until now, the industry has onboarded and monitored their merchants
by only looking at visible ones. However, criminals have learned how to operate off the radar. MSPs use an underwriting process that often includes automated technologies as well as manual checks. However, these alone are not enough to deal with the sheer
volume of emerchants and their hidden ecosystems.
I would like to suggest that the industry build a different approach for managing merchants risk as well as utilize big data and machine learning technologies to combat the new challenges posed to existing merchant risk and KYC techniques.