If you run a business that accepts credit card payments, you have to choose your merchant services provider carefully. There are a lot of scams out there, and the consequences of falling for such a scam can severe financial losses and even the exposure of your customers’ credit and debit card information.
Common Merchant Account Scams
Though there are nuances in the types of fraud that can be carried out, there are generally three types of merchant account scams you have to watch out for: false or misleading advertising (hidden-fee scams), fake merchant services providers (fraudulent merchant scams and identity theft scams), and gateway hacking (backdoor scams).
Hidden-Fee Scams
The most common merchant services scam is an intentional lack of transparency on the part of the provider. Many providers will entice clients with low discount rates; in many cases, the rate seems too good to be true (which is always a red flag).
In a hidden-fee scam, the provider will quote you a reasonable rate for their services and then quietly impose hidden fees or charges not previously disclosed. Often, these fees are collected by the processing bank. The merchant doesn’t realise what’s going on until the bank statement arrives. By the time they catch on, they’re often locked into a lengthy contract or subject to hefty cancellation fees. Either way, the provider makes a fortune.
How to Avoid Hidden-Fee Scams: Always ask for a full price list when considering a merchant services provider. Request an itemised list—in writing—of all charges for which you’ll be responsible, including any charges from processing banks. When you receive your credit card gateway contract, read through it carefully. Have your attorney look it over if your business has legal representation. Be wary of any expenses or costs noted in the contract and not previously disclosed in person or in writing. And remember, if a rate seems too good to be true, it probably is.
Fraudulent Merchant Scams
In a full-scale merchant fraud scam, an individual or group will establish an entity that looks like a legitimate merchant services provider but is actually intended to steal your money. These types of merchant account scams are less common than hidden fee scams, but they’re becoming increasingly prevalent.
A typical fraudulent merchant scam looks like this: You see an ad online for affordable—and sometimes even free—merchant services. Once again, the price seems almost too good to be true. So you click on the link and complete a short, simple form. The phony provider then imposes a high up-front cost, usually billed as an initial deposit fee. The scammer’s goal is to collect as much money as possible before dropping off the face of the earth.
After the merchant makes the payment, the fraudulent provider stops responding to all correspondence and the merchant is left slightly poorer and hopefully wiser.
How to Avoid Fraudulent Merchant Scams: Carefully research your merchant services provider before signing up or handing over any money. Look at consumer reviews and testimonials, and see if you can find information like the number of years in business. If the provider doesn’t have much of an online footprint, you may be dealing with a scammer. Be especially wary of businesses that advertise via search engines and social media but that don’t have an established reputation. Also, if a merchant provider is hosted on a subdomain (e.g. wordpress.com/merchantprovider), you’re usually looking at a scam.
Identity Theft Scams
An identity theft scam is a second type of fraudulent merchant scam, but the goal typically isn’t to get your money (at least up front); the goal is to acquire your sensitive information. Identity theft is the No. 1 source of fraud complaints, and it can have devastating repercussions.
Once again, the scammer sets up a fake website that looks legitimate. They advertise free or low-cost rates for new merchants. The merchant signs up and is asked to set up their account—providing information like credit card numbers, bank account numbers, and other sensitive data. By the time the merchant realises they’ve been conned, the scammer is long gone.
How to Avoid Identity Theft Scams: Avoid these scams just as you would avoid all fraudulent merchant scams: Research the company ahead of time, look for customer reviews and consumer complaints, and be suspicious of any offer that seems too good to be true. Determine which processing banks the company does business with (or claims to do business with), and contact those banks for confirmation.
Backdoor Merchant Services Scams
Backdoor scams are the least common but also the most nefarious in the world of merchant services scams. If properly executed, a backdoor scam can bring down your business and compromise all of your customers’ information. They’re worth noting here because, although they’re often executed by third-party threats, many backdoor scams are actually inside jobs. These scams are easiest to carry out if the scammer already has some inside access to the payment gateway.
In a backdoor scam, hackers edit the source code of a payment gateway to allow third-party access (via a backdoor). Once the gateway is compromised, the scammer can:
- Access confidential credit/debit card information that passes through the gateway.
- Redirect credit card payments to a different, unauthorised account.
- Access the merchant’s once-encrypted financial information.
Today’s payment gateways are extremely sophisticated, and compromising them requires the work of a very skilled hacker. However, these merchant account scams do still occur, and they can destroy a merchant’s reputation beyond repair.
How to Avoid Backdoor Scams: Make sure that your merchant services provider uses PCI-compliant security and enhanced encryption technologies. A quality merchant provider will also offer 24-hour fraud and chargeback prevention as an added safeguard. Also consider investing in a trust mark security service that performs daily website scans. These services notify you of any malware and vulnerabilities that could potentially compromise your security. Finally, make sure that your merchant provider has some sort of protection or guarantee in place for compromised information.
Who Is Responsible for Merchant Account Scams?
It ultimately depends on the type of scam and the terms of your contract.
If you fall victim to a hidden-fee scam but the added charges were noted in your contract, you may be liable unless you can demonstrate that the fees were intentionally deceptive and you live in a region with strong consumer protection laws. Still, unless the merchant provider is located in the same region, you may be fighting an endless uphill battle.
If you fall victim to a fraudulent merchant that takes your money and disappears, you have an excellent legal case for fraud, but these scammers are usually difficult if not impossible to find. They hide behind proxies and use offshore accounts, and they shut down all communication channels once the scam is complete.
Liability mainly becomes an issue when you’re dealing with merchant account scams that affect customers. As long as your merchant provider has some sort of guarantee in place for customer security, and as long as you aren’t negligent with that data, you shouldn’t be held responsible for a security leak. But you must review the terms of your contract.
What to Do if You Fall Victim to a Merchant Account Scam
If the scam involves compromised customer information, contact your merchant services provider immediately. If you believe that the provider itself is responsible for the scam, first cancel any credit or debit cards associated with that account. Then contact your local consumer affairs organization to determine if you have any rights or options in the matter. If the merchant services provider disappears, you might be able to find and contact their internet hosting provider and alert them of the scam.
Unfortunately, you often won’t be able to recoup lost funds after a well-executed scam. The best thing you can do is prevent merchant account scams from occurring in the first place, and that’s why it’s so important to educate yourself about the red flags and work exclusively with reputable providers.
Be an informed merchant, and you’ll forever be an asset to your customers.
