Usually, when we think about scams, we think about fraudulent transactions made by fake customers, but merchant account scams can affect legitimate merchants, too. To protect yourself against a merchant account scam, it’s important to understand the most common kinds of scams and how to prevent them from happening to you.
Merchant Services Provider Scams
Merchant accounts and payment gateways are necessary for processing credit card payments. However, not all merchant account providers advertising online are legitimate businesses or operate in a transparent way.
Fake Merchant Account Providers
There are dozens or even hundreds of excellent merchant services provider companies in Europe and around the world. However, there are also copycat and fake providers who set up websites to steal money (in the form of a high “initial deposit fee”) or sensitive data (credit card and bank account information) from merchants. If your personal information is stolen, the fraudster can then commit identity theft and make fraudulent transactions using your stolen information.
There are several ways you can identify fake merchant account providers:
- They often advertise free accounts, extremely low merchant rates or instant merchant approvals—especially for high-risk merchants.
- They don’t have trust badges prominently displayed on their website.
- Their URL is not secured with an SSL certificate.
- Their website may be a subdomain of a site like WordPress or Wix.
- They are not registered with their country’s chamber of commerce.
- They don’t have third-party validation for PCI compliance.
- They don’t have a large company footprint on the internet.
- Their website doesn’t say how long they’ve been in business.
- There are no independent ratings or reviews for the business.
A legitimate merchant services provider will have hundreds or even thousands of positive ratings and reviews from customers on third-party websites like Google My Business and Yelp. They will also conduct a thorough underwriting process to weed out applicants who are trying to commit merchant fraud. This typically takes a few days to two weeks after you present the required documentation to open a merchant account. Beware of providers offering “instant approval!”
The most common merchant services scam is the addition of hidden fees—either in the contract or fees that are charged without your knowledge. This tactic can make merchant service providers a lot of money without you even realising what’s happening.
Lack of Transparency about Pricing
One kind of hidden fee scam involves the merchant account provider being less than transparent about their pricing model and offering you a very unfavourable tiered pricing model from the start. When you initially talk with a merchant provider, request a complete list of all of their fees, charges and rates and try to negotiate a more favourable deal.
Changing the Terms of the Contract
Another kind of scam involves adding fees or changing the rates you’ve talked about when it comes time to write and sign the contract. Once you’ve signed the contract, you’re locked in for the length of the contract or faced with hefty cancellation fees. Before signing anything, it’s essential to review all of the terms of the contract carefully and have a lawyer look over the contract, too.
Adding or Raising Fees without Your Knowledge
Finally, merchant providers can add fees or raise your fixed or percentage rates without your knowledge. This can go on for months before you even suspect that anything is going on, by which time you’ve potentially lost thousands of dollars. The only way you’ll discover the change is if you review your monthly merchant statement carefully, which is why we recommend reviewing your statement every month!
Perhaps the most dangerous, a backdoor scam can occur with either a legitimate or fraudulent merchant services provider. In this scheme, a company insider or third party with an inside contact changes the source code in your payment gateway to enable third-party access. The fraudster then has access to all of your and your customers’ sensitive information and can use these card details and addresses to make fraudulent purchases.
The best ways to prevent a backdoor scam are to:
- Make sure your provider is PCI compliant and offers 24-hour chargeback protection as part of their merchant services package.
- Check third-party reviews of the provider.
- Maintain PCI compliance on your end.
In addition, it’s important to run a separate antivirus program on your site to detect bugs, viruses and changes in the source code on your website or payment gateway.
Most merchant account scams come from providers, but fake merchants and shady business partners can cheat you out of money, too.
Scams that Bypass Anti-Money Laundering Laws
Fraudulent merchant scams can involve a third party using your payment gateway to process transactions for illegal, high-risk or forbidden activities. You could then be held liable for the fraud and your merchant account shut down. Before giving anyone access to your merchant account or website, be sure to do your due diligence and review your transaction statements often.
Industry-Specific Scams that Hurt Legitimate Merchants
Even if you aren’t involved in a fraudulent merchant scam yourself, a high number of merchant scams in a given country or industry could result in legitimate merchants being barred access to a merchant account or subjected to higher fees. The best way to prevent this from happening is to abide by the terms of your contract yourself and refrain from putting forbidden transactions through your gateway. Otherwise, you might need to consider an offshore merchant account.
Due Diligence and Reviewing Your Transactions Can Help with Preventing Fraud
Fraud can come from all sides, which is why it’s so important to research carefully before entering into a partnership with a merchant services provider or business partner.
Check third-party websites, look for markers of trust and legitimacy, read the terms of every contract carefully, and review your monthly merchant statements.
If you see something that looks fishy or is otherwise unexplained, look into it, ask questions and report instances of fraud to your industry association and the local authorities.