Merchant risk management is a dynamic and ever-evolving field with challenges ranging from fraud prevention to regulatory compliance. LegitScript hosted a webinar featuring industry experts Chiat Fitzgerald, former Head of Global Ecosystem Security & Integrity at Visa, and Caroline Hometh, Managing Partner at RPY Innovations.
The session explored the complexities of assessing merchant risk and offered actionable insights into building robust risk management frameworks.
Here's a summary of the key points from the webinar.
The Evolving Landscape of Merchant Risk
Merchant risk isn’t static—it’s a dynamic field influenced by changing business practices, evolving fraud tactics, and stricter regulatory requirements.
Hometh emphasized that merchants can no longer be neatly categorized as “low-risk” or “high-risk.” Instead, modern risk management demands a nuanced approach taking into account factors like transaction types, business models, and regulatory compliance. Fitzgerald added that even traditionally low-risk merchants, such as grocery stores, can become high-risk due to issues such as skimming or compliance violations.
Rethinking Risk Categories: Beyond Low, Medium, and High
The session speakers proposed a more holistic framework for assessing merchant risk by dividing it into four main categories.
Legal risk: Are the merchant’s operations compliant with local, national, and international laws? For example, a pharmacy operating legally in one jurisdiction might breach laws in another.
- Financial risk: What is the merchant’s financial health, and what is the potential liability if they fail? Fitzgerald stressed the importance of understanding contingent liabilities, especially for merchants with delayed delivery models.
- Transactional risk: How do a merchant’s transaction patterns, such as high chargeback rates or unusual processing behaviors, indicate risk?
- Reputational risk: Could the merchant’s actions damage the acquiring institution’s reputation? Hometh highlighted the ripple effect of consumer complaints leading to regulatory scrutiny.
This broader framework allows financial institutions to evaluate merchants comprehensively— ensuring all potential risks are considered.
Medium-Risk Merchants: A Growing Challenge
The webinar highlighted the increasing prevalence of medium-risk merchants and the challenges they pose. These merchants often fall into gray areas, where risks may not be immediately apparent.
For example:
- Delayed delivery models: Merchants with long delivery timelines can pose financial risks if they fail to fulfill orders. Examples include merchants facilitating the sale of concert tickets or travel purchases.
- Evolving business models: A merchant initially operating as a low-risk entity might shift to higher-risk practices—such as introducing subscription-based services.
Both experts agreed that regular monitoring and a proactive approach to reassessing merchant categories are crucial. Periodic reviews can help identify changes in risk profiles and prevent issues from escalating.
Addressing Regulatory Risks
Regulatory compliance emerged as a critical focus of the discussion. Hometh emphasized that organizations must take legal obligations seriously, particularly in areas such as Know Your Customer (KYC) and transaction legality. Fitzgerald added that compliance with Visa and Mastercard rules is non-negotiable as violations can lead to fines and reputational damage.
For example, merchants must ensure transactions are legal in both the buyer’s and seller’s jurisdictions. Failure to comply with this principle can result in significant penalties. Proper KYC protocols and regular audits are essential to mitigate such risks.
Leveraging Technology and Human Oversight
While technology has transformed risk assessment through tools like automated onboarding, both experts cautioned against over-reliance on automation. Fitzgerald noted that fraudsters often adapt to technology-driven controls, finding ways to exploit automated systems.
The solution lies in combining technology with human expertise. Automated systems can handle initial assessments, but complex cases should be escalated to experienced underwriters. This hybrid approach helps catch nuanced issues that technology alone might miss.
The Importance of Merchant Monitoring
Continuous monitoring is essential to stay ahead of emerging risks. LegitScript’s Merchant Monitoring solution, for instance, provides ongoing surveillance of merchants’ activities, ensuring that any deviations from expected behaviors are flagged early.
Hometh stressed the value of persistent monitoring, particularly for online merchants and marketplaces. She noted that even low-risk merchants could inadvertently or intentionally engage in practices that violate regulations—creating reputational and legal risks for payment providers.
Consumer Complaints and Reputational Damage
One of the most pressing concerns discussed was the impact of consumer complaints. Hometh shared a case in which consumer dissatisfaction led to Federal Trade Commission (FTC) scrutiny—causing significant operational and financial repercussions for the merchant and its payment service provider.
To address this, the experts recommended a collaborative approach within organizations. Payments companies need to adapt to evolving threats and regulatory landscapes. Chargeback management, fraud monitoring, and risk assessment teams must work together to identify patterns of consumer dissatisfaction and address them proactively.
By implementing robust frameworks and fostering cross-team collaboration, financial institutions can effectively mitigate risks and build trust in their payment ecosystems.
Watch the full webinar recording for more insights.
The Rise and Fault of Merchant Risk
Medium-risk merchants are on the rise across merchant portfolios. Is this due to trends in risk criteria across merchants or a change in risk rating methodology for the merchant sponsors? Cihat Fitzgerald and Caroline Hometh explore this trend in a one-hour virtual fireside chat (bring your own fire).
