As online shoppers, we take for granted that when we make a purchase from an ecommerce website, our goods will arrive: on time, in good condition, and matching their description.
But what about when those goods don’t arrive at all? Sometimes it can be due to a clerical error. Sometimes the item might have been delayed at customs, or during the shipping process.
Sometimes, though, the cause can be far more insidious – rogue merchants.
This proved to be the case recently, when it came to our attention that cardholders who were buying from a discount fashion website – a sub-merchant of a legitimate payment facilitator that uses Checkout.com – were not receiving the items they’d purchased. Many of these cardholders were then raising disputes against this sub-merchant; and the chargebacks were beginning to pile up when Checkout.com’s detectives stepped in.
Working with Lloyds Bank, we obtained details of the disputes, along with the parent merchant’s Acquirer Reference Number (ARN), and began to investigate the increasingly suspicious circumstances around this sub-merchant’s fashion site. What follows is the story of that investigation: what we did, what we found, and how Checkout.com remains committed to safeguarding cardholders from the threat of rogue merchants.
Our proactive collaboration with issuers is key to addressing challenges and concerns, building trust, and adding value without compromising performance. By leveraging our strong issuer relationships, we ensure that issues are resolved efficiently, resulting in a win-win situation that benefits all parties. This partnership ultimately enhances acceptance rates across the board, reinforcing our commitment to supporting the ecosystem and driving mutual success.
What are rogue merchants?
Rogue merchants are ecommerce websites set up with the sole purpose of defrauding their customers: tricking them out of their money without delivering the goods or services paid for.
Often, a rogue merchant looks like a reputable ecommerce site; they may even be attempting to pass themselves off as a legitimate, well-known business or brand to gain your trust. In actuality, though, it’s a website set up and operated by a fraudster, who will have spent weeks – perhaps months, or even years – driving traffic to the rogue website. And who will have gained merchant services (again, by masquerading as a legitimate business) from an acquirer.
How a rogue merchant scams their victim
Then, rogue merchants acquire their targets: a process which often takes place through social media. You might be on Facebook, for example, and see an ad for a premium-looking product in your feed – perhaps it’s a pair of designer sneakers or a Gucci handbag – at a fraction of the cost. From there, a familiar process plays out: you click the ad, land on an ecommerce site, and enter your credit or debit card information to complete the process.
All looks fine – that is, until the product you ordered doesn’t arrive, or what does arrive is either a cheap-looking counterfeit or an item that bears zero resemblance to what you ordered.
Bemused and disappointed, you check your bank statement, and realize the billing descriptor for the company doesn’t match the name of the brand whose website you ordered through. Digging further, you revisit that site to find that, beneath its thin veneer of respectability, it’s actually riddled with spelling mistakes, grammatical inconsistencies, and formatting errors.
It’s a fake – and you’ve fallen prey to a rogue merchant.
What happens next
These scammers know that, when their ‘customers’ wise up to the fact they’ve been defrauded, the cardholder might raise a credit card dispute (which, when it is upheld, results in a chargeback against the merchant). They also know that they will lose a significant portion of their ill-gotten gains because of this. However, rogue merchants also rely on the simple reality that most of their victims – be it because of apathy, forgetfulness, a lack of time, or the inconvenience of it all – won’t dispute the charge.
When this happens, the rogue merchant gets to keep the cash. And, by the time the acquirer they’ve gained access to credit card processing services through catches wind of the scheme, it’s usually too late – often, the rogue merchant has already shut up shop, closing down their fraudulent online store and escaping with the profits.
But back to the case of the fraudulent sub-merchant, and our inquest into its activities.
Initial investigation
Our first foray into the data that the sub-merchant (which, you’ll remember, was selling heavily discounted fashion items through an online store) was sending through our API turned up a trio of suspicious patterns. We observed that the sub-merchant had:
- Multiple billing descriptors with minor differences showing up in statements.
- A website structure similar to other suspicious dropshipping businesses.
- A ‘Contact Us’ page attached to an email address that, when entered into search engines, brought up several scam complaints.
The red flags were beginning to wave, but we needed more information.
We needed reinforcements.
Collaboration with the payment facilitator
To continue our investigation into the discount fashion site (which was beginning to look more and more suspicious), we got in touch with the payment facilitator.
Payment facilitators (also known as PayFacs) are companies that provide payment processing services on behalf of other businesses, known as sub-merchants. This allows sub-merchants to undergo less rigorous approval processes to gain access to credit card processing services, although the PayFac itself – as the holder of a master merchant account with Checkout.com, the payment processor – must go through a far more stringent series of verification processes.
After reaching out to the payment facilitator, the PayFac began to work with the sub-merchant in question to improve the clarity of its policies – including the wording of the website’s terms and conditions, and the length of its shipping timelines – as well as increase the speed of its deliveries to customers.
The case took another turn, however, when Lloyds Bank found an instance of the sub-merchant’s website masquerading as that of a well-known retailer. On top of this, there was little indication that the sub-merchant was providing clear delivery time scales to its customers.
It was clear that further investigation was required.
Learn more: How to detect online transaction fraud and protect your business
Investigating the scam
When Checkout.com again became involved, we soon found even more worrying signs – that the suspicious sub-merchant was displaying different websites to customers depending on the browser they were accessing the internet from.
Further investigation – this time, relatively straightforward inquiries into the sub-merchant through search engines – uncovered several websites claiming the site was a scam.
Following this, we asked the payment facilitator to provide a complete onboarding package for the sub-merchant under investigation. This included the PayFac's due diligence as well as a full summary of its investigation into the additional issues we had identified.
Outcome and actions taken
The result? The suspension – effective immediately – of the fraudulent sub-merchant.
Checkout.com’s investigation, conducted with the involvement of Lloyds Bank and the payment facilitator supplying the illegitimate website’s credit card processing capabilities, concluded that there was clear evidence of the site masquerading as respectable, well-known businesses.
We also found that, while the PayFac had fulfilled its extensive due diligence responsibilities – including implementing a monitoring and certification solution – the fraudulent discounted fashion site’s masquerading behavior had evaded detection. To mitigate the risk of cardholders falling prey to similar schemes in the future, we have flagged a range of additional due diligence behaviors to the PayFac: such as implementing email address verification and remaining vigilant around website and domain inconsistencies.
The sub-merchant has since been permanently offboarded, and the rogue website it was operating through shut down.
Lessons learned and future steps
Each time red flags are raised in relation to a merchant in the Checkout.com ecosystem, how we investigate and resolve the issue isn’t just a valuable opportunity to protect our cardholders – it’s a chance to learn, to improve, and to minimize the chances of future consumers becoming the victim of these kinds of scams going forward.
The case of this rogue sub-merchant taught us that:
- Due diligence processes must constantly evolve. In this case, the PayFac implemented the appropriate level of due diligence – but the fraudster still slipped through the net. With bad actors constantly tweaking their tactics and advancing their arsenal of fraudulent techniques, merchant services providers must raise their games to keep up.
- As a customer, you need to be aware of how to spot a rogue merchant. In this case, the signs were multiple billing descriptors, a suspicious website structure, and a “Contact Us” email address with complaints made against it. However, identifying a rogue merchant can be as simple as looking for spelling or grammatical errors, or even as basic as asking: “Does this look too good to be true?” If in doubt, always walk away.
Going forward, the team here at Checkout.com is more dedicated then ever to stopping rogue merchants in their tracks to protect cardholders – and we have the technology to do it.
Partnering with issuers like Lloyds Bank has been key to enhancing both performance and consumer protection. We’re committed to expanding these partnerships, and we invite other issuers to join us in shaping a more secure and efficient payments landscape.
Gavin Evans, Senior Manager for Consumer Cards at Lloyds Bank, said: “Using payment dispute analytics, we have been able to identify and flag rogue merchants directly to Checkout.com, helping to prevent payments to suspected scam websites and protect customers. Alongside this, we also identified that the merchants suspiciously displayed different webpages, depending on the type of web browser that consumers used to access the website. We’re pleased with the collaborative relationship we’ve built with Checkout.com and we will continue to work together to protect our customers and the wider industry.”
Fight fraud with Checkout.com
To learn more about how Checkout.com helps businesses like yours manage fraud and risk – or how our suite of fraud-fighting, customer-centric payment solutions work to maintain a secure credit and debit card processing environment – get in touch with our team today. A friendly, no-obligation conversation about what we can do for your business awaits.