David Khalaf, LegitScript

By lowering the barriers to entry into the payments system for many legitimate merchants, the payment facilitator model potentially becomes attractive to bad actors as well. This means that payment facilitators have to stay well-informed about the biggest risks to their own portfolios, so they can remain vigilant in protecting them.

This week, we continue an occasional series on the high-risk trends that are facing payment facilitators with a look at recent frauds and scams.

The ease and relative anonymity of conducting business online makes the internet a perfect ecosystem for cybercriminals engaging in fraud and other scams. According to the most recent Internet Crime Report, the FBI has received more than 1.4 million fraud complaints totaling more than $5.5 billion in reported losses. This doesn’t even consider losses from fraud and scams that go unreported.

Even as enforcement agencies attempt to crack down on scams online, cybercriminals are devising new and creative ways to defraud the public using the processing power of payment facilitators. While merchant fraud can take dozens of forms, below are some of the most recent trends payment facilitators should watch out for.

Get-rich-quick Schemes

Get-rich-quick schemes are one of the oldest scams around, but new technology and changing tactics make them one of the recurring annual high-risk trends. These merchants offer an opportunity marketed with unrealistic promises of high financial returns in a short amount of time. They typically require an upfront payment and often market their schemes as a low-effort way to make money fast. Popular tactics include using unauthorized celebrity images to imply an endorsement of the product or listing bogus glowing testimonials. An increasingly popular scheme involves merchants offering cryptocurrency investment strategies that promise unreasonable returns. Any merchant promoting an offer that sound too good to be true should raise a red flag. Get-rich-quick schemes are a common subject of regulatory scrutiny and present elevated risk for chargebacks as consumers realize they are unlikely to receive the monetary gains originally promised.

Gambling Fraud

Gambling merchants offer a prize for participants in a game of chance that requires payment to enter. This includes merchants who are offering lotteries, sweepstakes, sports and fantasy sports betting, horse racing shares, and raffles if the prize or entry fee is significant. In addition to the legal issues surrounding online gambling, which vary by state, merchants engaged in games of chance are at a higher risk of committing fraud or scams. For example, the merchant may be manipulating the game to ensure players lose, or the merchant may sell or illegally use customer data to commit credit card fraud or personal data theft. Furthermore, gambling is frequently used for transaction laundering and money laundering. Most payment facilitators forbid gambling, but some gambling websites can fly under the radar by presenting themselves as online games. Recent trends include websites offering luxury raffles for exotic trips, new cars, and high-end electronics.

Unauthorized Aggregation (Fundraising Scams)

Aggregation typically refers to merchants who are allowing other merchants’ transactions to flow through their accounts, rather than requiring platform users to sign up for their own merchant accounts. This type of relationship includes payment facilitators, of course, and it can take many other legitimate forms, most frequently crowdfunding websites (such as Kickstarter), services that facilitate transactions between two parties via a website or an app (such as Uber), and marketplaces where third-party merchants can post their merchandise (such as eBay). Any merchants engaged in aggregation may face elevated risk and must avoid introducing high-risk merchants downstream. One of the greatest risks for crowdfunding platforms, for example, is fundraising scams. As part of a fundraising scam in late 2018, three people were arrested on suspicion of defrauding 14,000 donors out of more than $400,000 by launching a GoFundMe campaign based upon a fabricated story about a Good Samaritan helping a stranded motorist. These scams are so common that there are websites devoted to tracking and stopping them. To combat any type of unauthorized aggregation, payment facilitators should make sure they have strong Know Your Customer policies in place.

Negative Option Billing

Negative-option billing is a practice in which the customer’s failure to reject an offer or cancel an agreement is used as confirmation that they want to be charged for goods and/or services. Negative-option billing merchants can exploit consumers by using deceptive business models to return a profit. Merchants engaged in negative-option billing pose a risk for regulatory and card brand scrutiny, as well as elevated risk for chargebacks. The problem is that their practice is rarely obvious. Red flags to watch out for include billing terms in small print that are difficult to find on the website, complex and misleading billing terms, and contact information that is incomplete or difficult to locate, making it difficult for customers to cancel their orders.

Nondelivery Schemes

Nondelivery schemes (also called 419 scams) occur when merchants accept payment for products they intentionally never send. Merchants engaged in high-risk industries, especially the marketing of illicit pharmaceuticals or other illicit products, will almost always be at a higher risk of nondelivery schemes. This is because customers are far less likely to file complaints with enforcement agencies for fear of being prosecuted for participating in the sale of an illicit or high-risk product. Nondelivery also happens frequently in the context of online auction fraud. According to the FBI, nondelivery auction fraud happens most frequently with high-end electronics and other luxury goods that are listed for prices significantly below their market value. Payment facilitators should watch out for merchants marketing in-demand or expensive products priced suspiciously low. In the context of drug merchants especially, payment facilitators should be wary of merchants with suspiciously diverse product catalogs, marketing everything but the kitchen sink (e.g., pharmaceuticals, designer drugs, steroids, and opioids all on one website).

Tech Support Scams

In 2018, the FTC received nearly 143,000 reports regarding tech support scams. These scammers send people pop-up windows, email, or phone calls to supposedly warn them about viruses or other problems on their computers. These tech support imposters then “fix” the problem for a fee, or sometimes get customers to download software that gives the scammers access to their computers. These criminals often target more susceptible populations, such as people over 60. Payment facilitators should be wary of tech support merchants with domain names that look suspiciously similar to large technology companies, such as Microsoft, Apple, or Google. Merchant websites that look “scammy,” with aggressive pop-up windows or alarmist language, should also be a red flag.

This is the second in PaymentFacilitator’s series on high-risk trends. Our previous post discusses problematic products, and our final post explores merchants posing reputational risk.