Identifying risky merchants and writing rules to prevent fraudulent transactions is the name of the fraud prevention game, but for many financial institutions, that is an extremely reactionary process, based solely on data gathered internally.
That means a fraud event has to have happened so many times to your customers before the pattern will take shape, and the smaller the data sets you’re using, the longer that process will take. Because of this, your analysts have to get extra smart about rule writing, covering as many risk bases as possible, without going so far as to inconvenience customers with blocked transactions left and right.
They can approach rule writing from a variety of angles - based on how a card is being used, where they see fraudulent transactions take place, and which merchants seem to be repeat offenders. In this piece, we’re digging into the risky merchant part of the puzzle.
Read on for five types of risky merchants that you should be keeping an eye on…and possibly blocking transactions from.
This one is pretty self explanatory...if your analysts are seeing a high number of fraudulent transactions coming through a certain merchant, it’s likely one you should flag.
It seems too easy, but it really does happen…
Fraudsters are known to create new merchant IDs that are very similar to an older ID that has already been flagged, sometimes changing only a few numbers at the end. This makes it easier on you to identify and write rules accordingly.
Merchant acquirers - the organizations that register merchants, enabling them to accept transactions - should have their own rules in place to identify and reject fraudulent merchants before signing them up. However, it isn’t uncommon for analysts to see patterns of merchants with high fraud spend, who were all signed up by the same acquirer.
This could indicate a merchant acquirer who has faulty or more lax security processes than you’re comfortable with or who could be fraudulent themselves.
After stealing payment card information, digital criminals will make small test purchases (of a few cents or dollars) before selling the credentials or using them to make larger purchases.
Because these tests usually take place at larger, reputable retailers like Home Depot or Walmart, it should raise concerns when you see this happening at a lesser-known merchant.
Keep an eye on subscription-based merchants who significantly increase their fees after a period of time. This could be an introductory rate that the cardholder was aware of or it could be fraudulent. Serve your customers beset, by identifying these subscription increases and notifying cardholders immediately.
For many small to medium-sized financial institutions, rule-writing is a manual process, and like we said at the top, this process is fed with data collected from the purchasing behaviors of the bank’s own cardholders. With this model, it’s hard to know about a risk that your customers haven’t already experienced, let alone preventing said risk.
For those looking to build more proactive fraud prevention strategies, consider a solution that provides access to greater and more comprehensive sets of data, gathered by countless other financial institutions across the nation. With so much information at your fingertips, you’ll be able to detect patterns quickly and efficiently, writing new rules, and blocking fraudulent transactions before they happen.