Sign in 

Merchant fraud 101: What businesses need to know

  1. Introduction
  2. What is merchant fraud?
  3. How does merchant fraud work?
  4. What types of businesses are affected by merchant fraud?
  5. How does merchant fraud hurt businesses?
  6. How to prevent merchant fraud
  7. How Stripe can help
  8. Get started with Stripe 

Launching a new merchant business has never been easier. In just a few minutes, digital entrepreneurs can set up a storefront and payment gateway and start accepting payments from customers. Yet the rise in global ecommerce retail—predicted to increase by 56% to more than $8 trillion dollars by 2026—has also created more opportunities for fraudulent actors to exploit vulnerabilities in the payment system—a liability for both consumers and businesses.

The average volume of monthly fraud attacks increased 9% for US retailers year-over-year, while the average number of successful monthly fraud attempts increased nearly 45% for mid to large retailers and 27% for small business retailers.

Merchant fraud affects businesses of all sizes and types. Consequences can be severe, including financial losses, harm to reputation, and legal penalties. We’ll cover what businesses need to know about merchant fraud, how it works, the damage it can cause, and how businesses can protect themselves.

What’s in this article?

  • What is merchant fraud?
  • How does merchant fraud work?
  • What types of businesses are affected by merchant fraud?
  • How does merchant fraud hurt businesses?
  • How to prevent merchant fraud
  • How Stripe can help

What is merchant fraud?

Merchant fraud is a type of fraud in which someone poses as a legitimate business to deceive consumers and make illegitimate profits.

At its core, merchant fraud is a type of criminal activity in which an individual or group seeks to exploit the payment systems and processes that underpin the world of commerce, in order to steal from unsuspecting businesses and consumers.

Merchant fraud can take many forms:

  • Credit card fraud
    One of the most common types of merchant fraud is credit card fraud, in which criminals use stolen or counterfeit credit cards to make purchases. In cases of merchant fraud, stolen credit card numbers might be used to transact with fake businesses to defraud credit card companies. The prevalence of credit card fraud highlights the need for businesses to have tight security protocols and to be able to quickly detect and respond to suspicious transactions.

  • Account takeover fraud
    Account takeover fraud occurs when fraudulent actors gain access to a customer’s account credentials, such as their username and password, to make fraudulent purchases. This type of fraud can be more difficult to detect, as it frequently appears as though the legitimate account holder is making the purchase.

  • Phishing scams
    Phishing scams involve fraudulent actors sending emails or messages to individuals, often in an attempt to obtain sensitive information, such as login details or credit card numbers. These scams can be highly sophisticated and can fool even the savviest internet users, making phishing a significant threat to businesses and their customers.

  • Identity theft
    Identity theft occurs when fraudulent actors get possession of an individual’s personal information, such as their name, address, and Social Security number, to make fraudulent purchases or open new lines of credit in their name. Identity theft can have devastating consequences for both individuals and businesses, highlighting the importance of strong data protection and privacy measures.

How does merchant fraud work?

Merchant fraud scams that involve fraudulent actors posing as legitimate businesses can take many forms. In some cases, the fraudulent actors may create fake online storefronts or social media accounts that look like legitimate businesses, with the goal of tricking customers into making purchases. These fraudulent storefronts may offer goods at extremely low prices or advertise hard-to-find items to entice unsuspecting customers.

In some cases, once a customer has made a purchase, the fraudulent actors may either send a counterfeit or inferior product, or may simply disappear without delivering the product at all. In other cases, the fraudulent actors may use the customer’s credit card information to make additional fraudulent purchases, leading to further financial harm.

Another example of merchant fraud scams involves the sale of counterfeit goods through online marketplaces. Fraudulent actors may create fake product listings and use stock photos to make it appear as though the products are genuine. Customers who purchase these counterfeit items may receive low-quality or dangerous items, such as toys that are poorly constructed.

What types of businesses are affected by merchant fraud?

Merchant fraud is a growing problem that affects businesses of all types and sizes. While all businesses are at risk of merchant fraud, there are certain industries and business types that tend to see the highest occurrence of fraud:

  • Ecommerce
    Ecommerce businesses typically see a high occurrence of merchant fraud because online transactions are harder to verify than in-person transactions. Fraudulent actors can exploit vulnerabilities in the payment processing system to steal from businesses and their customers. Digital products, such as software or online courses, are particularly vulnerable because a fraudulent actor, posing as a legitimate customer, can claim they did not receive the product or did not find it satisfactory.

  • Travel and hospitality
    The travel and hospitality industry is also at high risk of merchant fraud, as it often involves high-value transactions and complex payment processing systems. Fraudulent actors may use stolen credit card numbers to book hotel rooms, flights, or rental cars. For example, in 2018, Marriott International experienced a data breach that exposed the financial information of over 500 million customers. The breach was later linked to a Chinese state-sponsored hacking group.

  • Retail
    Retail businesses are also at risk of merchant fraud, since they often sell high-value goods and operate in a fast-paced environment that can make it more challenging to detect fraud in real time. Fraudulent actors may use stolen credit card numbers to purchase high-priced items, such as jewelry or electronics, or may engage in “return fraud” by claiming they returned a product in order to receive a refund, without actually returning the product.

  • Digital goods and services
    Businesses that sell digital goods and services, such as software or online courses, are also highly vulnerable to merchant fraud. In these cases, fraudulent actors might use stolen credit card numbers to purchase digital goods or may dispute the charge after accessing the product and receiving the benefit.

How does merchant fraud hurt businesses?

Merchant fraud can target consumers directly without specifically targeting a legitimate business, or can involve the penetration and exploitation of legitimate businesses. Not only can these scams pose a financial risk to customers, but they can also damage the reputation of the legitimate businesses targeted by fraudulent actors. Here are a few key areas where these impacts are felt:

  • Business reputation
    Merchant fraud that involves fraudulent actors posing as legitimate businesses can damage consumer trust, leading to a decline in sales and revenue. This is especially true in industries where merchant fraud is more prevalent. If a certain type of business becomes associated with fraudulent activity, then even legitimate businesses might have a harder time gaining and keeping consumer trust.

  • Financial losses and chargebacks
    Businesses that fall victim to merchant fraud scams may be subject to chargebacks and other financial liabilities, resulting in revenue losses and additional fees and penalties.

  • Legal consequences
    Businesses that fall victim to merchant fraud scams may also face legal consequences, such as fines or lawsuits, if they are found to have been negligent in their fraud prevention measures.

  • Higher payment processing fees
    Elevated frequency of merchant fraud in some industries or sectors can result in higher payment processing fees for legitimate businesses. Payment processors may charge higher fees to businesses in high-risk industries or to businesses that have a high incidence of chargebacks to compensate for the increased risk. Read more here about how Stripe defines and handles high-risk merchants.

How to prevent merchant fraud

Merchant fraud is a complex and multifaceted problem that requires constant vigilance and a proactive approach to prevention. It’s important for businesses to understand the risks of merchant fraud, take measures to protect themselves, and create playbooks for tackling merchant fraud proactively. By educating themselves about the different types of merchant fraud and implementing robust fraud prevention measures, businesses can protect themselves and their customers.

Here are some measures that businesses can take to prevent, detect, and combat merchant fraud:

  • Implement fraud prevention tools
    Fraud prevention tools such as fraud detection software, address verification systems, and device fingerprinting can help businesses prevent fraudulent transactions. These tools use algorithms to detect and flag suspicious transactions, such as purchases made with stolen credit card information or from a high-risk location.

  • Use 3D Secure authentication
    3D Secure is an extra layer of security that requires customers to enter a password or code to verify their identity when making an online purchase. This can help prevent fraudulent transactions and protect businesses from chargebacks, which occur when customers dispute charges and demand a refund from the business.

  • Train employees on fraud prevention
    Businesses should train employees to recognize the signs of fraud, such as unusual customer behavior or suspicious transactions. Employees should also know how to report and respond to suspected fraud incidents. This includes proper handling of personal information and secure payment processing.

  • Monitor transactions for unusual patterns
    A good rule when it comes to fraud detection: if something looks odd, it’s worth digging deeper. Businesses should monitor transactions for unusual patterns, such as multiple transactions from the same IP address or multiple transactions from different cards with the same billing address, as these patterns may indicate fraudulent activity. By identifying and flagging suspicious transactions, businesses can prevent fraud before it occurs.

  • Conduct background checks
    A key part of preventing merchant fraud is making sure you know exactly who is on your team. Businesses should conduct background checks on employees and vendors to ensure they do not have a history of fraud. This helps to minimize the risk of insider fraud, which occurs when an employee or vendor intentionally commits fraud.

  • Establish robust policies and procedures
    Businesses should establish policies and procedures for preventing and detecting fraud. This includes guidelines for accepting credit cards, verifying identities, and handling chargebacks. Policies and procedures should be regularly reviewed and updated as needed to keep up with new fraud trends. Fraud detection and prevention solutions like Stripe Radar, which leverages millions of data points from businesses globally to refine and update its approach to combating fraud, can make this process more effortless for businesses by automating it without requiring significant internal resources.

  • Use encryption and secure data storage
    Businesses should use encryption to protect customer data and secure data storage to prevent unauthorized access to sensitive information, including physical and digital storage. By safeguarding customer data, businesses can help prevent identity theft and protect their own reputation with customers.

  • Stay up-to-date on fraud trends
    Businesses should stay informed about the latest fraud trends and update their fraud prevention measures. This includes attending industry events, subscribing to newsletters and other publications, and networking with other business owners.

How Stripe can help

For modern businesses, defending themselves against fraud means adopting the right operational protocols and tech solutions, both in-house and using third-party providers. For example, Stripe offers a variety of features and tools that can help businesses protect against merchant fraud.

  • Stripe Radar
    Stripe Radar is a powerful, comprehensive fraud detection solution that uses machine learning to identify and block fraudulent transactions. It analyzes a variety of data points, such as the customer’s location, device information, and purchase history, to determine the likelihood that a transaction is fraudulent. If a transaction is flagged as high risk, Stripe can automatically block it or require additional verification steps, such as 3D Secure authentication.

  • Chargeback protection
    Chargebacks can be a major nuisance for businesses, especially when they result from fraudulent transactions. Stripe offers chargeback protection, which covers businesses against fraudulent chargebacks. If a chargeback occurs, Stripe will automatically dispute it on behalf of the business, saving them time and money.

  • Real-time transaction monitoring
    Stripe Radar provides real-time transaction monitoring, which uses machine learning to identify and flag suspicious transactions as they occur, such as those with high-value amounts or those made from high-risk locations. This decreases the amount of time between when a fraudulent transaction is attempted and when it’s detected.

  • 3D Secure 2
    Stripe supports the 3D Secure 2 (3DS2) on all payments APIs and Checkout, which lets businesses apply 3D Secure to high-risk payments. 3DS2 is the main card authentication method used to meet Strong Customer Authentication (SCA) requirements in Europe and allows businesses to request exemptions to SCA.

  • Cutting-edge customer authentication
    For businesses that operate in Europe, customer authentication is another important consideration that Stripe upholds. SCA is a requirement of the European Union’s Payment Services Directive 2 (PSD2), and it requires customers to provide two-factor authentication, such as a password or code, when making certain types of online payments. Stripe solutions support adherence to SCA, which can help businesses prevent fraudulent transactions and reduce the risk of chargebacks.

  • Customizable fraud rules
    Stripe allows businesses to customize their fraud prevention rules to fit their specific needs. For example, businesses can set rules based on the customer’s location, IP address, or purchase history. This allows businesses to tailor their fraud prevention measures to their particular business model and risk profile.

Across the range of interlocking fraud protection solutions that Stripe offers, these fraud prevention and detection tactics and parameters are constantly evolving to keep up with new fraud trends and help businesses stay one step ahead of potential fraudulent actors. By partnering with Stripe, businesses have access to a best-in-class fraud strategy that performs across their entire commerce ecosystem, without needing to devote significant internal resources to manage it. Learn more here.

More articles

Ready to get started?

Create an account and start accepting payments—no contracts or banking details required. Or, contact us to design a custom package for your business.