Fake Merchants, Real Losses: Identity Swap Merchant Fraud Explained

Fraud is a constant threat in payments. Most people tend to focus on buyer-side threats — chargeback abuse, card spinning and stolen credit card payments — that hurt honest merchants. But fraud committed by merchants is just as dangerous, especially for the acquirers who end up responsible for the losses. 

In this article, we look at one of the most commonly attempted types of merchant fraud: identity swaps.

Identity swap fraud is where fraudsters try to sign up for a merchant account while posing as someone else. It’s a type of identity fraud. It’s a huge issue on its own, but it’s also a stepping stone to other types of merchant fraud. So, how does identity swap fraud work and what can payments companies do to shut it down?

Identity swap fraud uses stolen vital information to fill out a merchant processing application (MPA) so that the fraudster can gain access to a merchant account for some type of fraudulent activity. It generally happens in one of two ways: 

• Fraudulent use of a real business owner’s personal identity
• Fraudulent use of an existing company’s details

Stolen Owner Identities

In the first type of identity swap, the fraudster attempts to set up a merchant account for their own “legitimate” business. But they use stolen personal information from another business owner. There are a number of reasons a fraudster might go this route, but one of the most common is skirting sanctions or criminal watch lists. In these cases, the business itself may seem to operate normally for the lifetime of its operations, fulfilling all of its obligations to buyers. But the proceeds go to an owner or group that would’ve been flagged and denied during anti-money laundering (AML) or know-your-customer (KYC) checks — a very serious issue for acquirers.

Stolen Business Information

In some cases, a fraudster impersonates an established business using its name, address, website and phone number, along with forged financial documents. The goal isn’t to run a real operation, but to slip through underwriting and KYC and AML checks to open a merchant account as part of a larger fraud scheme. The hope is that an underwriter will do only a cursory check, see that the information aligns, and approve the application without digging deeper.

Identity theft is particularly malicious because once a fraudster secures a merchant account under a false identity, it opens the door to a variety of additional fraud schemes. Two of the most common types include:

• Bust-out fraud: operating legitimately over time to set up one big payday
• Triangulation fraud: funneling payments through a fraudulent merchant account using stolen card data

What Is Merchant Bust-Out Fraud?

Bust-out fraud occurs when fraudsters build trust with potential victims over time in anticipation of stealing as much as possible in one final heist, before disappearing. It can happen on the consumer side with credit cards, and it can also happen with merchants looking to take advantage of lines of credit, business credit cards and end customers.

Having a merchant account helps the fraudster establish the legitimacy of their business. They then spend months or, in rare cases, even years operating normally. They pay bills on time and maybe even sell and deliver goods to customers. Then, once they’re ready, they “bust out” in one of two ways:

• Maxing out increased lines of credit and business credit cards before disappearing
• Making as many sales as possible with no intention of delivering, leaving acquirers on the hook for the chargeback losses

What Is Merchant Triangulation Fraud?

Triangulation fraud is a complex scheme that takes advantage of multiple parties and requires the fraudster to have access to their own merchant account. It’s a multi-step process that goes roughly like this:

1. The fraudster puts up a fake online store and makes a sale to an unsuspecting buyer. They take the payment into the merchant account they obtained through an identity swap or other illegal means
2. The fraudster uses a stolen credit card to purchase the same item from a real merchant and have it shipped directly to the original buyer
3. The fraudster keeps the payment from the original buyer, who has no idea they’ve been involved in a fraudulent transaction. The real merchant then inevitably ends up on the hook for a chargeback from the owner of the stolen credit card

Because the buyer gets the goods they paid for, a merchant account involved in triangulation fraud can stay under the radar for a while. That makes it more profitable than simply running off with the payments right away.

Like almost all fraud, identity swap fraud relies on volume. It takes relatively little effort for a fraudster to spam forged merchant applications to hundreds of agents and independent sales organizations, and they only need one to succeed to make it worthwhile. They can then repeat the process as many times as they’d like.

The majority of identity swap attempts will be caught and denied, but the occasional success relies on the flawed nature of traditional underwriting. Manual merchant underwriting is slow and error-prone. It’s also the biggest bottleneck in merchant onboarding, and underwriters are often buried in applications and under a lot of pressure to get accounts approved. As a result, checks get missed, shortcuts get taken and, inevitably, identity swaps slip through the cracks.

Underwriting Automation Is Key to Reducing Identity Swap Fraud

The best way to ensure identity swaps are caught is to ensure every application undergoes thorough and consistent merchant underwriting. That’s a tall order for human underwriters strapped for time. But it’s simple for automated systems, which never miss a check they’re programmed to perform.

Automated underwriting systems ensure each application is analyzed in depth, flagging any potential risks for human review. Best of all, they can complete a full set of checks in minutes (not days) dramatically accelerating the approval process without sacrificing accuracy.

Automation also frees up more of an underwriter’s time to focus on high-value tasks. That might mean digging deeper into high-risk files, making decisions about borderline flags or completing high-impact manual tasks, like calling up an applicant’s publicly listed business number to verify they submitted the application — a simple, but effective way to catch identity swap attempts.

NMI ScanX and MonitorX offer automated merchant underwriting that can track and update risk from day zero through the lifetime of a merchant’s processing.

ScanX runs 100+ checks on every new merchant application. It returns a risk score and approval recommendation, along with the details of any yellow or red flags found, all in as little as a few minutes. 

MonitorX automatically rescans merchants. It keeps a constant eye on activity, identifying changes in information or behavior that could represent new risks so fraud can be stopped before losses build up.

To find out more about how NMI’s automated underwriting tools can help you catch more merchant fraud, including identity swaps, reach out to a member of our team today.