In brief:
- Merchant fraud involves a legitimate merchant or an individual pretending to be a merchant deceiving businesses, consumers, or payment providers.
- Marketplaces need to ensure they prevent fraud to maintain marketplace integrity and encourage consumers and merchants to adopt their platform.
- A business verification and risk assessment system is essential for identifying fraudulent merchants during onboarding and monitoring for fraud attempts.
Online marketplaces are now a staple in the retail industry, generating $6.3 trillion in 2024 (and on track to reach $7.9 trillion by 2027). This popularity brings more merchants and consumers, but it also means fraudsters flock en masse as well.
To help marketplaces keep their systems secure and maintain marketplace integrity, we explore how to combat merchant fraud by covering the following.
- What is merchant fraud & what does it involve?
- 8 main types of merchant fraud
- Merchant fraud detection & monitoring: what to look for
- How to automate fraud prevention in merchant onboarding
- 4 merchant fraud statistics & future trends
Before diving into the main types of merchant fraud and how to actually detect and prevent it, we’ll explain what it is and how it works.
Merchant fraud is a type of fraud where a legitimate merchant or an individual (or group) posing as a legitimate business deceives consumers, businesses, or commercial payment systems. Merchant fraud can take many different forms, including merchant identity fraud, triangulation fraud, and bust-out fraud.
What is the difference between merchant fraud and buyer fraud?
The main difference between merchant fraud and buyer fraud is who is actually perpetrating the fraud. Merchant fraud involves someone illegitimately selling goods or services, whereas buyer fraud involves someone using deceiving practices when purchasing from a business or merchant.
- Merchant Fraud: Deceptive practices related to the sale or delivery of goods or services. Importantly, this covers both legitimate merchants acting illegally as well as fraudsters posing as legitimate merchants.
- Buyer Fraud: Deceptive practices by a customer against a business or individual merchant.
More than anything, merchant fraud and buyer fraud are distinguished by the individual that is perpetrating the fraud. If it’s a merchant — or someone posing or acting as a merchant — then it’s merchant fraud. If it’s a buyer exploiting a merchant, then it’s buyer fraud.
Who pays when merchants are victims of credit card fraud?
Assuming the merchant followed the proper security protocols, the issuing bank typically bears the cost of the credit card fraud. If the merchant didn’t follow the proper security protocols, the merchant may bear the cost of the fraud in the form of a chargeback from the issuing bank.
There are strict rules in place that protect cardholders from credit card fraud, which means cardholders almost never absorb the cost of credit card fraud themselves. Instead, these costs are almost always absorbed by either the merchant or the issuing bank.
Fraudsters exploit merchants in a few main ways, attempting to defraud the merchants themselves as well as their customers. Below, we cover the main eight types of fraud affecting merchants.
1. Fake storefronts & merchant identity fraud
In merchant identity fraud, fraudsters create fake storefronts and collect money from unsuspecting consumers, without providing any products or services of any kind. When fraudsters assume another businesses’ identity in this process, it’s a form of merchant identity theft.
Marketplaces need to be thorough in their vetting to ensure the merchants they onboard are legitimate merchants, and not fake storefronts looking for a quick cash grab. To do this effectively, merchants will want to set up robust onboarding verification checks to make sure they never platform fraudulent merchants operating fake storefronts or impersonating legitimate ones.
2. Bust-out fraud
In bust-out fraud, a fraudster uses a real, stolen, or synthetic identity to open a credit account. They then build trust and establish a credit history through normal account activity. Once they acquire a large enough line of credit, they ‘bust-out’, maxing their credit and disappearing with no intention of repayment.
While this is commonly done by individuals targeting credit card companies, this can also be done by merchants or individuals (or groups) posing as merchants. For merchant fraud, this involves fraudsters posing as a legitimate business to acquire access to capital from investors, creditors, or payment processors. After building up credit through trustworthy activity, they then bust-out, disappearing with whatever credit they’ve been able to acquire.
Since it’s a long term strategy where criminals are intentionally lying low and mimicking legitimate customer behavior, it can be very hard to detect by marketplaces, investors, and creditors
Having robust KYB screening will ensure you catch these bad actors during onboarding, identifying merchants that may not be who they claim to be. Credit checks may also reveal inconsistencies with their business identity. With the right signals in place, behavior monitoring can help you detect the difference between a legitimate merchant and someone trying to appear like a legitimate merchant.
3. Merchant identity swap
In merchant identity swap fraud, a fraudster attempts to open a merchant account by using a false identity that allows them to bypass security measures they would otherwise be flagged under. This can be done using fake, stolen, or legitimate business details. It’s typically done to avoid known regulatory requirements like AML or marketplace requirements.
The challenge here is that these fraudsters are very aware of the typical onboarding process, and are prepared to provide false details that help them circumvent these checks. To stop them, you’ll need a robust KYB onboarding solution that can reliably verify a business is who they claim to be. Not only will this catch bad actors, but it will also deter fraudsters from attempting this form of fraud on your platform.
4. Business model swap
A merchant sets up a legitimate business account on your marketplace. Once established, they swap it out for a different business type or payment model — one that is not authorized on your marketplace. Essentially, they’ve set up a business using an improper model to bypass your security measures, only to change their business after clearing your protocols. Merchants do this to conceal their real intentions on your marketplace.
This isn’t always outright illegal; sometimes it just breaks the rules of the marketplace itself. However, it’s still a breach of the rights of use and marketplaces will want to monitor for this so they can prevent it.
While KYB checks during onboarding will help you identify suspicious businesses, these fraudsters are harder to catch at this step, as they are actively attempting to bypass your onboarding security checks. Typically, they have deep knowledge of what is and isn’t allowed, as well as the security checks they’ll likely have to do to successfully complete onboarding.
Having a behavior monitoring solution will help you track merchant behavior after onboarding so you can not only watch for outright suspicious behavior, but also make sure they’re activity lines up with the type of business they claim they conduct. If you detect anomalies, you can further review this merchant and potentially remove them from your marketplace. It’s a good practice to monitor customers closely after onboarding, even if they passed with flying colors, as these customers typically change their habits shortly after onboarding.
5. Transaction laundering
In transaction laundering, a fraudster creates a fake merchant account (or partners with a legitimate merchant) to process fraudulent payments. By using a legitimate merchant (either knowingly or unknowingly), they can get transactions approved that would otherwise be declined.
KYB checks during onboarding will help you identify these fake merchant accounts from inception, stopping fraud in its tracks. But it’s harder to identify fraud tied to legitimate merchant accounts, as they are more likely to pass basic security checks. With behavior monitoring, marketplaces can monitor for abnormal activity, identifying signs of transaction laundering, even if the merchant accounts themselves are legitimate.
6. Triangulation fraud
In triangulation fraud, a fraudster poses as a legitimate merchant, selling another company’s products (often for an abnormally low price). A real customer purchases from this fake storefront, believing it to be a real retailer. The fraudster then uses a stolen credit card to purchase the goods the customer ordered from a legitimate retailer and ships the item to the customer’s address, essentially ‘filling’ the order for the customer.
The fraudster pockets the money the customer paid them. Even if they collected less than what they paid for the item from the legitimate retailer, they are still profiting because they used a stolen card to make the purchase. Having gotten what they ordered, the customer is none the wiser. This often isn’t identified until the victim of the stolen card reports the fraudulent charge(s). In the end, the legitimate retailer absorbs this cost in the form of a chargeback.
Now, it’s true that these costs typically don’t fall back on the marketplace that is platforming the fraudulent merchant. Instead, it’s the legitimate retailer that commonly pays for these fraud losses. However, as a marketplace, you want to ensure marketplace integrity, or you may risk damaging your reputation (and leading to merchants and customers abandoning your marketplace). Moreover, you want to make sure you aren’t contributing — although not intentionally — to the legitimate retailer’s reputation.
Marketplaces can do a few things to combat this. First, establish strict marketplace policies about reselling and falsely representing other companies or brands so that merchants know it’s forbidden (and are deterred from even trying). Beyond that, make sure you use a KYB verification solution that will screen merchants during onboarding, preventing these fake storefronts from operating in the first place. But don’t stop there, run routine monitoring that screens for abnormal merchant behaviors that could signal that triangulation fraud is taking place.
7. Account takeover (ATO) fraud
In merchant account (ATO) fraud, a fraudster hijacks a legitimate merchant’s account, exploiting access to conduct illegal activity, such as stealing profits, deceiving customers, acquiring loans, and defrauding payment processors.
The challenge here is that in all instances, the account has already cleared onboarding. Rightly so — because the merchant was legitimate before the account takeover. For this reason, KYB checks during onboarding won’t be enough. It’s crucial to have a tool that monitors for changes to account details and behavior that may be suspicious. With this in place, you’ll get notifications that allow you to take early action, before the fraud racks up.
8. Phishing & social engineering
In phishing and social engineering fraud, bad actors trick individuals at an organization into revealing sensitive business or customer information, like login credentials, credit card numbers, or customer PII.
Make sure you have clear security protocols in place that dictate how team members need to handle business and customer information. This should prevent most bad actors from ever gaining access to your system or data. Be very careful about when and how you share private information about your organization and customers to ensure these details stay private. Maintain a clean email list to limit overall exposure, updating it often so you aren’t sharing details with individuals that don’t need it (and could use it maliciously).
{{gated-content-block="/insights/ebook-liminal-research-bev-automation-isnt-just-a-checkbox"}}
Keep in mind, you aren’t just looking for each individual type of fraud as it is. More than that, you’re looking for a variety of signals that could help you identify fraud or fraudsters.
Here are some common things to look for when trying to detect and monitor for fraud:
1. Business name and address match
Every officially registered business will have certain basic business details — most notably, a business name and address. Running a basic check that the details the business provided you matches official records is a great starting point.
A business verification tool will do this for you quickly and efficiently. Simply input the name and address, checking these details against official records to ensure it’s accurate. In many cases, these systems provide other business details, such as their entity type, formation state, and more.
While it’s true that bad actors can lie about who they are, and even present false business details to do that, validating basic business details is a great starting point when determining a business’ legitimacy. Obviously, if these details don’t match, you should investigate the business further prior to onboarding them.
How to prevent this: An automated KYB tool is the fastest, most effective way to verify business information. Otherwise, you’ll need to manually check each state directory individually, searching the business each time. With Middesk, you only have to search the business details once, getting information for each state all at once. You also get additional details that help you assess the risk of onboarding a business and engaging in a B2B relationship.
{{related-content-block="/blog/kyb-automation"}}
2. TIN / EIN Match
While not every business has to pay taxes, every business has to have a Tax Identification Number (TIN) so the IRS can identify them for tax purposes. While not every business will have its own TIN, every business will have TIN attached to it. For example, depending on the business structure, a business may not be assigned a TIN of their own, and may instead use the business owner’s personal TIN. In any case, every business should have a TIN associated with it, and most businesses will have their own TIN assigned.
Important
Since almost every business is required to have one, a TIN / EIN match is an ideal verification check to ensure that a business is legitimate. Specifically, a TIN / EIN match is a great early indicator of how much due diligence is required. A business without a TIN or EIN match should always be escalated for further KYB screening, regardless of what the other risk signals turn up. When found early, this can help you quickly refer a case for further screening or send it down a speedier onboarding process.
This really helps you reduce the burden on your review process, as you’re able to fast-track low-risk customers. While it’s not impossible for a fraudster to find a company’s EIN or TIN, it’s a solid indicator that the business you are onboarding is legitimate and properly registered to pay taxes.
How to prevent this: Conduct a TIN / EIN match during onboarding for every single case. Ideally, it’s best to integrate this early in the process, as it’s a good early indicator of whether a business is even legitimate or not. If a business can’t pass this test, it will almost always require further screening before it’s approved or denied.
3. Risk assessment
Preventing fraud isn’t just about checking if a business is legitimate and checking off basic KYB requirements. It’s about looking for the right signals — once that will help you determine whether or not it’s a good idea to onboard a business to your marketplace. Keeping your platform secure requires you to assess risk associated with onboarding new clients and entering into B2B relationships.
Marketplaces need a robust risk assessment system that connects them with critical details about a business’ potential risk.
How to prevent this: Develop clear risk profiles for the businesses you’re onboarding, factoring in potential signals that indicate a business may not be the right fit for your marketplace. Don’t just check this at onboarding, but continue to assess this risk profile over time to make sure they are still in good standing and are safe to work with.
4. Unusual transaction and behavior patterns
Savvy fraudsters are adept at mimicking authentic customer behaviors so they can circumvent detection and continue to operate. Despite their best efforts, fraudsters often display abnormal transaction and behavior patterns — even when they don’t mean to.
Abnormally large order values or quantities are a big signal of this type of fraud, especially if it doesn’t align with the account’s typical behavior. If they all of sudden start ordering big-ticket items, or their ordering behavior drastically changes, it could be a sign that someone has gained access to the account or a signal that they are about to commit bust-out fraud.
Screening for this behavior can help you not only detect bad entities, but actually stop fraud in progress, potentially stopping fraud losses from racking up.
How to prevent this: Use an ongoing monitoring solution that analyzes customer behavior, automatically alerting your team when suspicious activity is detected. This allows you to catch fraudsters in action, halting their activity. You can then review the entity altogether, potentially removing them from your marketplace entirely.
5. Attempted data breaches
Surprisingly, marketplaces aren’t just a place where fraudsters go to steal money — it’s also a place they go to steal PII of both businesses and consumers. Whether it’s through outright brute force account hijacking or phishing scams that use social engineering to extract information from unsuspecting customers, these attacks threaten merchant and consumer data, which put marketplace integrity at risk.
Typically, fraudsters target marketplaces with weak security protocols that make it easy for them to phish for private information.
How to prevent this: First and foremost, establish strong security measures that keep your marketplace secure. Screen for attempted data breaches on your marketplaces, identifying individuals that are attempting to steal business and consumer details from your system. Make sure you have systems in place that let you identify them and follow up.
Automating fraud prevention is all about implementing tools that let you manage the KYB process during onboarding and help you conduct ongoing monitoring that keeps your marketplace safe from bad actors. Below, we look at a few crucial steps to make that happen.
1. Use an API to automate ID verification checks
If a customer needs advanced screening, like Enhanced Due Diligence (EDD) or Politically Exposed Persons (PEP), it can be a tedious, time-consuming process — especially if it’s done manually. Integrating an automated API check at the beginning of the process gives you an early indicator of risk, allowing you to auto-approve low-risk cases while escalating high-risk cases for further screening.
Marketplaces rely on a thriving community of both merchants and customers. The last thing you want to do is hold up merchants from onboarding and deny your customers another option when shopping, but sometimes it’s unavoidable. Using an API as an early indicator allows you to fast-track low-risk merchants so they can get right to selling — without exposing your buyers to risky sellers.
2. Use a centralized SOS database source tool
Without a tool like this, you’ll need to manually search each Secretary of State (SOS) office directory individually. With a business verification tool, you can search a business just once to get SOS filing information from every state. As you can imagine, this drastically cuts down on processing time, getting you quick results — without the hassle.
When you’re onboarding hundreds of merchants a day, you don’t want to be left manually verifying each one by checking each SOS directory individually. Instead, get results quickly by searching for data from all states at once.
3. Monitor for status changes
Just because a business is in good standing when you onboard it doesn’t mean that will always be the case. It’s important to monitor businesses you have relationships with for changes to their registration status, tax registration, and other watchlists so you know immediately if their risk profile changes or they become a prohibited business so you can take swift action.
When you’ve got thousands of merchants operating on your platform, it can be incredibly difficult to stay on top of the status of all of them. Set up automated notifications that will trigger when the status of a business changes, alerting you of a change to a business status or a change to their risk profile.
4. Run ongoing behavior monitoring
Not all fraud will be readily identifiable during onboarding. Savvy criminals know the prevention strategies and are adept at circumventing these protections. For this reason, most businesses will want to conduct behavior monitoring on top of their KYB onboarding checks. With ongoing behavior monitoring that screens for suspicious activity, businesses are automatically alerted when customers act suspiciously, helping them detect, prevent, and stop fraud.
Marketplaces have to track both customer and merchant behavior when monitoring for suspicious activity on their platform. This means they’re sifting through many entities, all of which have different behavior patterns. With behavior monitoring, you establish the signals you want to watch for, and get automated notifications when businesses are acting suspicious — helping you identify high-risk behavior and keep your marketplace safe.
Did you know?
Over 500 companies rely on Middesk to onboard and grow, and it’s because we have a direct pipeline into 100% of registered businesses in the U.S., with over 100M business identities in our database, and 92% of our data is refreshed within the last 10 days. See how Middesk Verify does it.
Unfortunately, fraud trends aren’t looking good for merchants, with fraud rates and values increasing significantly for online marketplaces. As more consumers shop online, fraudsters shift their efforts to follow the money.
Below, we look at four of the most prevalent trends in merchant fraud:
1. Fraud losses are on the rise
Simply put, fraud losses are on the rise, with more money going to fraudster’s pockets instead of merchants. Online marketplaces in particular are facing growing fraud losses as criminals become more adept at stealing from online merchants and retailers. A study from Juniper Research from October of 2024 found that fraud will rise from $44.3 billion in 2024 to $107 billion in 2029. Others predict the same; ClickPost says that online payment fraud will cost businesses $206 billion globally by 2025, with Ecommerce companies alone estimated to lose $48 billion to fraud every year.
2. North American merchants suffer most fraud losses globally
According to MasterCard, North America has the highest fraudulent transaction value in the world, accounting for more than 42% of global ecommerce fraud. Back in 2024, the total global fraud losses were expected to reach $48 billion, meaning North American merchants lost more than $20 billion to fraud losses in that year.
3. Each dollar lost to fraud costs businesses much more
Every dollar lost to fraud actually costs businesses much more than what’s initially stolen. After all, there’s investigating and reporting that has to be done. ClickPost claims that every $1 in fraudulent orders costs businesses $2.07. But this can be far higher depending on the industry you’re operating in. Radical says that for U.S. financial service firms, each dollar actually costs them $4.23. For businesses to minimize these losses, it’s crucial they invest in fraud prevention and protection systems.
4. Promotion fraud is being exploited more
According to Mastercard, promotion abuse is the fastest-growing ecommerce fraud threat to marketplaces, with 52% of companies noticing an increase. This can be challenging for companies, as these promos are often designed to incentivize growth — when they’re abused, not only are you losing money to fraud, but you’re not actually acquiring new customers either.
Companies leveraging promos will need to set up clear guidelines and rules for the promos, ones that are airtight, with no loopholes. Beyond this, you’ll want to set up ongoing monitoring that screens for suspicious activity related to promotions.
{{related-content-block="/blog/emerging-trends-in-fraud"}}
Marketplace popularity, adoption, and success all depend on your ability to incentivize customers to actively participate by buying and selling. For both consumers and merchants to be confident buying and selling, you need to take marketplace safety, security, and integrity seriously.
Schedule a demo with our team today to see how Middesk can help you combat — and stamp out — merchant fraud.
Or if you want to see Middesk in action right now, check out our on-demand product demo of Middesk Verify, and see exactly how it can help with business identity verification that prevents fraudulent merchants from ever getting on to your platform.
{{gated-content-block="/events/productdemo-verify-june-2025"}}
