Many risk mitigation approaches focus on high-risk merchants, but what about medium-risk merchants? Being aware of the various levels of risk and which category your merchant falls into is a critical step in quantifying risk. Let’s delve into what low-, medium-, and high-risk merchants are and the various types of risk. Then watch The Rise and Fault of Merchant Risk on-demand for insights directly from industry leaders.
Levels of Risk: Low-, Medium-, and High-risk or High-integrity Risk Merchants
The three levels of risk refer to the three different buckets that define various types of risk: low-, medium-, and high-integrity risk. Mitigating risks in your merchant portfolio or downstream requires a nuanced understanding of these three levels.
Taking a risk-based approach means ensuring persistent monitoring appropriate to the level of risk the merchant poses. For example, it’s best practice to review low-risk merchants annually and medium-risk or high-risk merchants more consistently.
Low-risk Merchants
While low-risk merchants such as retail stores, restaurants, grocery stores, and card-present stores may not typically indicate a cause for concern, it’s important to ensure they’re periodically reviewed. A merchant whose services are generally considered low-risk could still present higher-risk behavior in other ways.
Medium-risk Merchants
Risk levels aren't dictated solely by the type of merchant and the products or services they offer. When discerning a medium-risk merchant from a low and/or high-risk merchant, it’s important to understand how various factors — like the volume of transactions or the timeframe for a delayed delivery — could potentially impact a merchant's level of risk.
Listed below are examples of merchants who may be considered medium-risk.
- A low-risk merchant with delayed delivery
- A low-risk merchant who has ownership but has financial difficulties
- A low-risk merchant with a very high average transaction size
- A high-risk merchant with a strong reserve
- A merchant whose processing volume comes from influencer-motivated sales
- A merchant who borders on restricted industries
- A low-risk merchant that you haven’t reviewed recently or ever
High-integrity Risk Merchants
Visa’s Payment Facilitator and Marketplace Risk Guide calls high-risk or high-integrity risk merchants “high-brand risk merchants,” and defines them “as [businesses that] present an elevated risk to the payment system — specifically due to higher levels of disputes or
brand/reputation risk.”
Merchants categorized with the highest level of risk may operate within high-risk industries such as online gambling, online pharmacies, or adult content. It is also likely that a merchant could be deemed high-risk for operational reasons.
Operational reasons a merchant may be considered high-risk include but are not limited to:
- Large processing volume
- Cross-border transactions
- Merchants who are new
- Merchants with low credit scores
- Charges for products or services offered in the future
Quantifying the Various Types of Risk
When categorizing a merchant as low, medium, or high risk, it’s important to quantify the various types of risk that merchant may present. One type of risk could indicate there are legal concerns while other types of risk are strictly associated with financials. Mitigating these risks requires payment service providers to be cognizant of where to look for potential risk indicators.
Let’s explore what indicators to look out for when identifying legal, financial, transactional, and/or reputational risk.
Legal
Indicators of legal risk could include improper sanction screenings, inadequate KYC/KYB checks, ownership changes, bank account management, terminated merchant file management, and improper MCC management.
Financial
Financial risk indicators may be buried in reserves, settlement holds, enhanced due diligence processes, pricing, periodic reviews, trending reports, and background checks.
Transactional
Transactional risk can be identified during the pre-authorization, post-authorization, and post-settlement phases.
Reputational
Reputational risk occurs during a breach or audit, when card networks doll out fees, or when the FTC fines your business. In Visa’s guide for payment facilitators, they elucidate that brand and reputational risks “introduced into the ecosystem can erode trust and extend beyond payments [impacting your companies] brand and reputation.”
Learn Directly From Industry Leaders By Watching Our Latest Webinar On Demand
The Rise and Fault of Merchant Risk poll results revealed attendee's merchant portfolios comprised, on average, 35% low risk merchants, 45% medium-risk merchants, and 20% high-risk merchants. Earn one hour of ETA continuing education credit by watching Cihat Fitzgerald, a global payments risk and compliance leader with 25 years in the industry, and Caroline Hometh, the Managing Partner at RPY Innovations, discuss the phenomena of the rise in medium-risk merchants.
LegitScript’s Sophisticated Intelligence Ecosystem Helps You Mitigate Your Risk
Are you a payfac, payment processor, ISO, sponsor bank, or acquiring bank looking for a monitoring solution that detects every level of risk? LegitScript Merchant Monitoring and Onboarding is a comprehensive, sophisticated intelligence ecosystem spanning the commercial internet.
Contact us to mitigate the risks associated with onboarding low, medium, and high-risk merchants.
