Merchant Fraud Protection Tools

Payment Security

on Jun12

The purpose of this article is to familiarize payment service providers and other merchant services industry players with various merchant fraud protection tools. While one of the previously published articles covered consumer fraud protection tools (from merchant’s perspective), the current article is mostly targeted at PSPs who have multiple merchants in their portfolios, and, consequently, require efficient merchant fraud protection tools to ensure stability and security of their operations.

Information on the nature of merchant fraud can be found in our articles on fraud protection aspect of payment gateway selection, chargebacks and ACH returns.

Merchant fraud protection systems are often incorporated in payment gateway software products. They are based on various criteria for monitoring of each merchant’s transaction processing activity. The incoming flow of transactions is analyzed and checked against these criteria on some regular (usually, daily, or monthly) basis. If some deviations take place, they are immediately flagged, underlying merchants or transactions can be identified, and any necessary measures can be taken as efficiently as possible.

Let us now look into the fundamental criteria, providing the conceptual basis for merchant fraud protection tools.

Some criteria are analyzed on daily basis as well as on month-to-date basis. For instance, maximum transaction amount is a criterion analyzed on daily basis only, while maximum processing volume can be analyzed both daily and monthly.

For every particular business, depending on its nature, a limit is, generally, established for one or more criteria. If the limit is exceeded, the incident is analyzed, and, if necessary, respective measures are taken.

Maximum allowed processing volumes

General transaction volume as well as transaction count are analyzed. At the basic level, maximum and minimum transaction (ticket) amount, which a merchant indicated in the merchant application, are monitored. Significant deviations from these values might indicate some type of merchant fraud.

Maximum deviation from averages

Generally, most businesses follow similar processing patterns from day to day and from month to month with no deviations from average. If any significant deviations from average are registered, they are considered a signal for checking the specific case behind the deviation. Normally, permitted deviations amount to approximately 5-10 %. If this limit is significantly exceeded, it may raise suspicions. Deviation limits should be observed in an average per-transaction amount, average daily (monthly) transaction count, and average daily (monthly) processing volume (in dollars). Generally, 60-day window is used for daily averages, and 12-month window for monthly ones.

For some types of businesses deviations from average are typical (for instance, seasonal or induced by sale of some highly-demanded product), so the criterion is not always a decisive one, but in some cases it can be helpful.

Fraud suspects

One of the signs, which may cause suspicion, is a large number of so-called micro-transactions (below $1). In some situations a large number of even-amount transactions can also be a sign of fraud. For example, if a merchant is a retail business and transaction amounts usually include taxes, an even-amount transaction is rather an exception, than a rule, while for e-commerce businesses even-amount transactions are more common.


Duplicates can either signify actual fraud or just a human error. Duplicates can be analyzed according to several criteria.
For some businesses too many transactions with the same amount are untypical, so this is the case when they might signify fraud. On the other hand, some businesses offer a limited number of products\subscriptions, and for those businesses many transactions with the same amount are common.
Another duplicate-related criterion is the number of transactions associated with the same card number. If the number is too large, it may be a sign of fraud.
In some cases a large number of transactions with the same amount paid using the same card (a combination of the two criteria) during a short period of time (say, a day) may also signify fraudulent activity.

Transaction types

Unusually high percentage of transactions of a certain kind in the overall transaction volume is another representative indicator. If maximal allowed percentage of credits, refunds, verifications (“zero-dollar” transactions), declines, ACH returns or chargebacks is exceeded, it may be a sign of merchant fraud being committed.

Entry mode

In terms of card entry mode there are three basic card transaction groups: swiped, keyed and CNP. If some type of entry mode is dominant for a business, a sudden increase in the number of transactions with a different entry mode may signify fraud.

Off-hours transactions

Some transactions may be submitted during the time, when the business is normally closed (for example, before 8 am or after 8 pm).
For some businesses after-hours processing is acceptable, but unusually large number of transactions submitted after hours may be a sign of potential fraud.
If transaction volume is, usually, consistently distributed across the merchant’s working schedule (for instance, most transactions happen in the morning), sudden shifts in this distribution may also seem suspicious and, potentially, indicate merchant fraud.

Merchant inactivity period

Some merchants stop processing transactions, but do not close their merchant accounts. Such merchant accounts can, potentially, be used by fraudsters. Consequently, the number of days during which there is no activity on the account, should be monitored, in order to prevent potential fraud due to merchant’s lack of attention.
Absence of activity does not signify fraud, but rather, indicates that the merchant is not using the account any more.


Some merchants normally process transactions only on certain days of a week or a month. If such a pattern is broken (for example, a merchant normally processes on Monday, and now there is activity for entire week, or a merchant, normally processing transaction for 20 working days a month, suddenly starts processing for the whole 31 day, it may indicate fraud).


Monitoring of potential merchant fraud signals is critical for payment service providers, which service large numbers of merchants, and assume financial risk and liability for the merchants in their portfolios. In order to efficiently prevent fraud, such businesses need to utilize merchant fraud protection tools.

Visit the UniPayGateway website if you are interested in the diagram illustrating this topic

UniPay Gateway
UniPay Gateway White Paper

Previous postHosted, Licensed and In-house Payment Gateway Solutions Next post4 Cs of Recurring Billing

Copyright© 2017, United Thinkers LLC