How to monitor eCommerce merchants

Web Shield Marketing
March 15, 2022
 min read
A person shopping online on their computer holding a credit card

Implemented effectively, ongoing monitoring makes it easier to prevent, detect, respond, and recover from adverse incidents for any payment processing company.

What are merchants hiding? Well, quite a lot, as it happens.

Perhaps most shocking of all, for every high-risk website submitted to us, we discover on average two previously unknown URLs. That means financial institutions with acquiring licenses only know about one-third of the websites they process.

Why payment processors should monitor their portfolio

Merchant underwriting isn’t just a point-of-entry activity; monitoring is a crucial component. After all, it’s not until merchants start depositing transactions that you know if your initial risk assessment was correct.

Ongoing monitoring helps identify unusual activity. It allows acquirers and payment service providers (PSPs) to ensure their risk-based approach is still appropriate and to act accordingly.

It’s also a way to review whether customer due diligence is adequate. As your business, the customer’s business or the broader ecosystem change, ongoing monitoring is a way to manage risks. Look on it as a second, third and ongoing chance to check that the risk was assessed correctly the first time.

The thematic approach to merchant monitoring

In the fourth book of our Fundamentals of Card-Not-Present Merchant Acceptance series on merchant monitoring, we outlined a seven-pillar framework for ongoing monitoring.

Transaction monitoring

However thoroughly you investigate a prospective merchant, the first few months after signing them should be a time of heightened vigilance.

Be on the lookout for red flags. This includes suspicious activity associated with bust-outs, other forms of merchant dishonesty, or inconsistencies with the merchant application form.

Scrutinise transactions from new merchants daily. Flag and investigate any anomalies or deviations from what you’d expect from a merchant of that size and type.

Financial monitoring

If a merchant’s business fails, it can have financial consequences for acquirers. For example, chargebacks and the associated costs, loss of collateral, and reputational damage. In a worst-case scenario, acquirers could incur card scheme or regulatory sanctions. This may include fines, restrictions on business or loss of licence.

That’s why financial monitoring is mostly concerned with credit risk exposure. This concept is sometimes also known as ‘future risk’, ‘future risk exposure’, ‘chargeback risk’ or ‘settlement and chargeback risk’. It is usually calculated using a standard mathematical formula.

Anti-money laundering monitoring

Once know-your-customer (KYC) checks have been performed on a merchant, acquirers must review these regularly. This is a part of their ongoing AML monitoring requirements.

Areas to check include, whether there have been any hits on sanctions or PEP lists. Are there any new company directors, executives, or ultimate beneficial owners? Are there any changes to the corporate structure, the merchant’s registered or trading address? What about the merchant’s offerings and their area of geographic operation, have they changed?

Anti-Money Laundering Monitoring of Customers & Businesses

Red flags of higher AML risk for individuals involved in the business:

  • Source of funds that cannot be easily verified
  • Residency or citizenship applications in progress
  • Conducting business with excessive secrecy or entirely remotely
  • Introductions from gatekeepers or third parties
  • Adverse media reports
  • Associations with bankrupts, criminals or terrorists
  • Suspicious activity reports filed in the past

Red flags of higher AML risk for merchant businesses:

  • Cash-intensive businesses
  • Those associated with higher corruption risks or links to organised crime
  • Charities or NGOs in conflict zones
  • Categorised as high-risk by the card schemes
  • Those with higher terrorist financing risks
  • Unnecessarily complex or opaque ownership and control structures
  • Incorporated in jurisdictions without reliable beneficial ownership registers
  • Trusts or foundations
  • Those appointing nominee directors
  • Those not using the products and services as anticipated

Reputation monitoring

“It takes 20 years to build a reputation and five minutes to ruin it. If you think about that you’ll do things differently,” said US investor Warren Buffet.

Reputations, like brands, are one of the great intangible assets of 21st century corporate life. They’re difficult and time-consuming to build, but all too easy and quick to lose.

Acquirers must protect their reputation in the eyes of the public, card schemes and regulators to trade and continue trading successfully.

Reputation monitoring consists of background research, social media, and licence monitoring.

Website content monitoring

The merchant’s website is their online storefront to the world. In the case of exclusive eCommerce merchants, it may be their only storefront. This means it provides essential clues for assessing and monitoring risk exposure.

It’s not feasible or effective to monitor every aspect of a merchant’s website after signing them. We suggest five main areas to monitor: website disclosure, merchant category code changes, ticket size, content violations and deceptive marketing practices.

Transaction laundering monitoring

Also known as ‘transaction cleansing’, transaction laundering is when one merchant processes card sales through the merchant account of another.

Transaction laundering is difficult to spot for acquirers and PSPs, especially in the eCommerce space. The reason: The card transactions come from seemingly legitimate websites.

However, monitoring the merchant universe gives the fullest possible picture of their business. This includes their entire online presence, along with all corporate, processing and support websites.

Screen for particular risk indicators and cross-check whether websites are linked to other merchants in your portfolio.

Also scan IP and IP ranges, mail servers, outgoing links, back links, affiliate network outgoing links, SSL certificates, Google Analytics and so on.

Regulation monitoring

Changes in the legal and regulatory landscape make it challenging for risk professionals to stay up to date. In sectors where regulation is evolving quickly, such as cryptocurrencies or recreational drugs, it’s even harder.

If you acquire high-risk merchants, you’ll have to do more regulatory monitoring. The same goes for merchants in sectors where regulation is more dynamic.

We recommend you monitor news from regulatory authorities, consumer protection agencies, and card schemes in the countries where you and your merchants are active.

How Web Shield Can Help

The internet is capricious. Product portfolios are replaced, and website content can change unexpectedly, especially when it’s user generated. Persistent monitoring of merchant websites isn’t a luxury, it’s essential for long-term profits.

Monitor from Web Shield is built to address this problem. It delivers ongoing monitoring with a modular design, tailored to your needs.

Whether your business already has a team of experienced underwriters, or you’re a newcomer needing some pointers. Whether you want to manage every last parameter or rely on monitoring templates designed by experts. Monitor is a powerful tool to identify the vulnerabilities in any merchant portfolio.

At Web Shield, we have been helping payment processors to manage their merchant portfolios since 2010. Acquiring banks, PSPs and other financial institutions trust our on-boarding and monitoring solutions. We have also recently released a new Online Academy educational training course entitled Merchant Monitoring.

Share this post

Let us guide you through the world of compliance

Card scheme compliance can be a daunting task. Our team of experts is here to help. Get expert advice and cutting-edge tools to improve your business.