By Roy Urrico
Some merchant portfolios expose financial institutions (FIs), such as credit unions and banks, and payment service providers, to growing risks of fraud, according to Burlingame, Calif.-based G2 Risk Solutions (G2RS), which provides specialized risk management services to financial institutions offering merchant payment services.
“FIs face repercussions from regulators and card networks for the violative activity of merchants in their portfolios. They may face more serious financial implications than the merchants themselves,” said Niamh Lewis, vice president, compliance operations at G2RS.
Lewis sat down with Finopotamus to discuss the challenges.
Areas of Risk Concern
Generative artificial intelligence (GenAI) used to perpetrate widespread fraud. “Criminals are using GenAI to create thousands of sophisticated e-commerce websites that are difficult to identify as fraudulent,” Lewis said. Frequently these help to ‘launder’ illegal transactions and engage in non-delivery scams (i.e., where a buyer pays for goods or services but never receives them). “In addition, criminals are using GenAI to mass-produce synthetic identities, enabling bad actors using fake or stolen identities to open accounts, process fraudulent transactions, and disappear before chargebacks catch up or the financial institution identifies the illicit activity.”
Fake reviews and the evolution of “subscription-based fraud.” “Fake reviews and subscription-based fraud, two key trends observed by our risk analysts, should be major concerns for FIs that provide merchant payment services because they expose them to fraud risk, regulatory and card brand scrutiny, and reputational damage. FIs that facilitate payments for merchants engaging in deceptive practices—even unknowingly — can face penalties,” warned Lewis.
In 2024, G2RS saw a significant uptick in illicit merchants enrolling consumers in unauthorized subscriptions using stolen credit cards. The recurring low-dollar monthly fees often go undetected by consumers and allow bad actors to continue siphoning funds. Additionally, in 2024, the Federal Trade Commission (FTC) announced its “Click to Cancel” rule to address deceptive practices in subscription services. The rule, scheduled to take effect in 2025, aims to make it easier for consumers to cancel subscriptions and memberships, and increase card network focus on merchants offering subscription services.
Fake reviews as an industry. Fake reviews, testimonials, and likes/follows have become a serious problem in e-commerce, fueled by the growth of merchants that sell these services. In 2024, both the U.S. and the UK passed regulations banning the sale of fake reviews, allowing regulators to seek penalties against known violators. Yet, illegal sales continue to proliferate online. Card brand networks have begun assessing fines, and payments providers and online marketplaces face increasing pressure to monitor and prevent fraudulent review activity within their portfolios.
Transaction laundering-as-a-service. “Transaction laundering is a method of hiding illicit transactions. It is one of the chief activities that exposes banking and payment providers to serious risk,” explained Lewis. “To engage in transaction laundering, a criminal obtains a merchant account to process payments. Typically, the account is a ‘front’ for a benign-looking business used as for illegal or violative transactions from another website.”
Recently, noted G2RS, there has been an increase in criminals outsourcing transaction laundering to third parties. These operations automate and scale the laundering process, leveraging large numbers of shell companies, straw signers (i.e., when someone buys an item for someone else who cannot legally purchase it themselves), and thousands of sophisticated front websites to disguise illegal transactions. G2RS recommends payment providers implement stronger merchant vetting and monitoring to keep these illicit merchants out of the payments ecosystem and avoid card brand assessments.
Other Susceptible Banking Areas
The top categories for penalty assessments levied against FIs include illegal pharmaceuticals, illegal gambling, tainted nutraceuticals, and intellectual property infringement.
Tainted products, often containing undeclared pharmaceuticals or banned substances, pose significant risks to consumers—and payment providers. Sexual enhancement, weight loss, and bodybuilding supplements remain the categories most frequently found to contain undeclared ingredients. However, new categories are beginning to emerge. Regulators have recently issued alerts regarding supplements tainted with toxic yellow oleander, liquid kratom supplements associated with consumer harm, and supplements that contain undeclared corticosteroids. Payment providers need to take quick action in response to these alerts—or risk card brand assessments, according to G2RS.
“A multi-jurisdictional regulatory landscape complicates the risk environment,” said Lewis. For example, she pointed out, some drugs are classified as ‘over the counter’ in one country—but require prescriptions in another. “Payment providers must ensure that their merchants operate legally in all jurisdictions where they offer to ship products or provide services.”
What G2RS Offers
G2RS is a pioneer in the field of merchant risk, explained Lewis. “We maintain an unrivaled proprietary risk database, the Merchant Map. Assembled over 20-plus years, it combines billions of data points validated by expert analysts to provide financial institutions with valuable, actionable insights about risk.”
She further explained how G2RS helps financial institutions conduct thorough due diligence during merchant onboarding and maintain persistent merchant monitoring to identify illicit activity and reduce risk exposure. “Using artificial and human intelligence, we monitor billions of pages of merchant web content around the globe to uncover suspicious and violative activity.”