Electronic PaymentsBlog

January 1, 2000

Merchant Risk Management for Agents: How to Assess, Monitor & Prevent Fraud

James Kay, Director of Risk and Underwriting

• 
• 
• 
• 
• 

ISO & Agent Tips

Subscribe

Merchant risk management is easy to overlook when you’re focused on closing deals. But with billions lost to fraudulent transactions each year, ignoring it can kill your residuals, damage your reputation with merchants, and create headaches that follow you for months.

The good news: when you know what to look for, you can help quality merchants get approved fast and avoid the ones that will cause problems.

This guide breaks down how merchant risk is assessed, what to look for when you’re prospecting and onboarding, and how to keep an eye on your existing portfolio with smart merchant risk monitoring and fraud prevention.

What Is Merchant Risk & Why Does It Matter?

At its core, merchant risk is the estimated financial harm a business could cause to its merchant services provider (you)—whether that’s actual risk of dollars already spent or potential risk for future funds.

Your merchants promise to deliver products or services as advertised, and customers expect fair treatment, timely delivery, and the ability to return or dispute charges. If something goes wrong and the merchant can’t (or won’t) make things right, refunds and chargebacks hit the system.

That’s why risk isn’t just a back-office underwriting problem. For you, strong merchant services risk management means more quality approvals, fewer shutdowns and reserves, longer-lasting accounts, and residuals you can count on.

How Risk Is Assessed: What Underwriting Looks At

You’re the first line of defense in the field (but the right processing partner will back you up). Understanding how merchant risk assessment works will help you send in better files, get faster approvals, and avoid problem accounts.

Here are the big factors our underwriting team looks at to assess risk—and how you can use them to strengthen your own merchant risk management process.

Longevity and Stability

New businesses are inherently higher risk because they don’t have a track record, while bank statements and financials tell a story; frequent negative balances, inconsistent deposits, or big swings in income raise red flags.

When you’re prospecting, ask simple questions, such as, “How long have you been in business?” and “Do you accept deposits or take payment before work is completed?”

Those answers directly impact potential risk on the account.

Industry and Business Model

Some industries are naturally higher risk due to the volume of card-not-present (CNP) interactions, inventory value, or inherent susceptibility to fraud.

Delivery timeframe is often a major area overlooked by agents. Large gaps (10–12+ weeks) between payment and delivery increase opportunities for customers to dispute charges for undelivered goods/services and magnify potential losses.

If you’re working with EPI, you can use our unacceptable merchant list (found in your ISO Interface) to weed out prohibited categories; for example, bank policies and Visa/Mastercard rule bar online nicotine, vape, cigars, and cigarettes—but with Cygma®, you can board higher risk merchants like CBD shops, adult stores, online & MOTO firearms retailers, and many smoke shops (one of the benefits of working with a direct processor).

Processing History

Whenever possible, we use previous processing or bank statements to discover whether stated volumes and average tickets are realistic, how the merchant has handled chargebacks historically, and whether there’s a track record of stable processing.

Credit Score and Principal Verification

Personal credit isn’t the only factor, but it shows financial character: debts paid on time, collections, liens, delinquencies, and inquiries. We use signed Merchant Processing Applications (MPAs), social security numbers, driver’s licenses, and owner information and percentages to support fraud screening (identity theft, TMF/MATCH, OFAC checks) and credit risk review.

Red Flags When Prospecting: When a Deal Might Not Be Legitimate

These are warning signs that a merchant account may be a problem (or outright fraud)—signals that should make you slow down, ask more questions, or walk away.

1. The Way the Lead Came In

Online leads aren’t always bad, but they are heavily overrepresented in fraud cases. If you don’t usually work web leads, don’t start with an account that’s already raising doubts.

Another sign that something is off: someone approaches you claiming they have a referral from a merchant you know. Always double check with the person they’re referencing before going further; if they mention John Doe but John Doe has no idea who they are, it’s a clear-cut case of fraud.

2. Documentation That Looks Off

You see a lot of paperwork in this business. After a while, you can tell when something feels wrong. Watch for driver’s licenses, checks, and statements that look:

• Washed out
• Strangely cropped
• Oddly designed
• Clearly edited
• Copied badly
• Inconsistent

Signatures that don’t match between documents are a good tell, too. If you’re not sure something is forged but have misgivings, say so when you submit the file to your underwriter.

3. The Merchant Is in a Rush

This is one of the biggest, easiest-to-spot fraud indicators.

Just like with email scams, urgency is often a tip-off that something isn’t right. Legitimate merchants generally care about terms, timing, and onboarding. Fraudsters just care about getting live as fast as possible before anyone asks too many questions.

4. Email, Address, and Name Details

The following aren’t proof of fraud, but when combined with other flags, they should push you toward caution:

• A new business with an email address from an old, free domain (@aol.com, @hotmail.com, @live.com, etc.)
• Local address that doesn’t make sense based on your knowledge of the area
• Home-based businesses with no online footprint
• “Doing-business-as” (DBA) and signer names that just don’t line up (e.g., Steve’s Plumbing with Joe Smith as the only principal, with no explanation)

5. Card-Not-Present, High Tickets, and Home-Based Contractors

Fraud and elevated merchant risk tend to cluster around a few specific areas:

• Only-only
• Mail/telephone order
• Home-based contractors
• Custom fabricators
• Remodelers
• Specialty manufacturing
• Travel

As a rule of thumb, CNP-heavy, extended delivery businesses warrant tighter fraud prevention and better documentation up front.

Merchant Risk Monitoring: Keeping an Eye on Your Existing Portfolio

Good merchant risk management doesn’t end once the account is approved. Ongoing monitoring is how you protect your book, your merchants, and your residuals.

What to Watch For

Keep in touch with your merchants and read your merchant statements. Pay attention when you see:

• Sudden spikes in volume or average ticket
• A low-risk merchant suddenly moving into CNP-heavy processing
• New extended delivery offers
• A big increase in refunds or credits (especially without matching sales)
• Requests for a significant high ticket raise
• Unusually large “make or break” sales
• Customers asking to pay over the phone or with multiple cards
• Strange shipping arrangements
• A pattern of multiple declines followed by key-entered approvals

These can all be early clues that the merchant’s business model has changed, they’ve been targeted by fraudsters, or there’s stress in the business that could lead to credit risk or chargebacks.

If you see these signs, reach out to your underwriting or risk team. They’ll likely request recent bank statements, invoices, and documentation on the business model and/or delivery timelines.

Helping Merchants Prevent Fraud: Red Flags You Should Share

Strong fraud prevention for high-risk merchants is a team effort. One of the most valuable things you can do is educate your merchants on what to watch for.

Cautions

Tell merchants to be cautious when:

• They normally only take in-person payments, but someone wants to pay over the phone for a large order
• The sale is “too good to be true,” like a huge order that will “make their month” from a brand-new customer
• The chip “doesn’t work” and the customer insists they key the card instead
• The customer presents multiple cards to split the transaction
• Billing and shipping addresses don’t match, and the merchant doesn’t know the buyer
• The customer insists on setting up their own shipping company and asks the merchant to wire funds to that shipper

Practical Tips

Suggest these practices for safer business:

• Ship to billing addresses only whenever possible
• Require wire transfers or checks for large first-time orders
• Refuse to process cards when the chip fails and the story feels wrong
• Never allow refunds to be issued to a different card than the original sale
• For ecommerce, use tools like velocity filters, AVS (Address Verification Service), and CVV (card security code) checks
• Watch out for phishing emails and social media impersonators

This kind of proactive education is a core part of modern merchant risk management, and it helps you demonstrate your position as a trusted payments expert.

Quick Submission Checklist for Agents

Before you send a deal in, you can quickly sanity-check your own merchant services risk assessment (and get legitimate merchant approved faster) with a simple checklist:

🔲 MPA complete (tax ID, legal/DBA names, ownership totals, true volume and key/swipe mix)
🔲 Beneficial owners (25%+) documented, including addendum if needed
🔲 Correct confirmation page for the platform you’re boarding
🔲 Proof of business/location (utility/lease/license/photos, etc.)
🔲 Prior processing and/or bank statement summaries (when available)
🔲 Ecommerce: live site + T&Cs, privacy, refund, and shipping policies; CAPTCHA/velocity filters configured
🔲 Signer docs: DL, SSN, signatures on all required sections
🔲 Page two completed: delivery windows and deposit percentages

If you’re unsure, that’s exactly when your risk and underwriting team wants to hear from you.

Bringing It All Together: When to Say “No” or “Yes”

Not every merchant is worth the risk. One bad account can trigger a wave of chargebacks; lead to reserves, shutdowns, or collections; damage your relationship with your provider; and erase months (or years) of residuals.

When things don’t add up, saying no to a sign-on is the best way to protect your portfolio.

But effective merchant risk management isn’t about saying no to everything. It’s about knowing what risk looks like, spotting warning signs, getting the right paperwork, monitoring your portfolio, and reaching out to your risk and underwriting team when something doesn’t look right.

If you’re working with Electronic Payments and have questions about a deal, we can help. Reach out to underwriting@electronicpayments.com or risk@electronicpayments.com.

FAQs from Agents on Merchant Risk Management

How often should I be reviewing my merchants’ activity for risk?

At minimum, review monthly when statements come out. For higher-risk or CNP-heavy merchants, consider monthly plus ad-hoc reviews anytime you notice a sudden change in volume, tickets, or complaints.

What exactly should I send to risk when I’m concerned about a deal?

Send the MPA, supporting docs (DL, bank/processing statements, website, any invoices), and a short note stating why you’re concerned, how you know the merchant (walk-in, referral, history), and any unusual info (large first transaction, new business model, etc.)

What happens if a merchant I boarded turns out to be fraudulent?

Risk may: shut down the account, hold funds, and/or collect against chargebacks and fees. In serious cases, Risk may flag the merchant (MATCH, etc.). For you, this can mean lost residuals, more scrutiny on similar deals, and potential damage to your relationship if patterns repeat.

Am I personally financially liable if there’s fraud or unpaid chargebacks?

Typically, the merchant and the provider carry the direct financial liability. However, you bear the business risk: lost residuals, closed accounts, and possible changes to your agent relationship or risk appetite for your deals.

How much extra scrutiny should I put on home-based or contractor merchants?

Always get more documentation (marketing materials, proof of projects, references if possible).. Expect more questions from underwriting. Treat these as higher-risk until proven otherwise, especially if volume is high or delivery windows are long.

What can I say to merchants when Risk asks for more documentation and they’re annoyed?

Frame it as protecting them, not just your processor: “We ask for this so we can get you approved on stronger terms and protect you from fraud and chargebacks down the road.” Remind them that incomplete files slow everything down, while thorough documentation helps them get live faster.

How do I decide when a deal is worth walking away from?

Walk away when multiple red flags are present (suspicious docs + urgency + strange business model); the merchant won’t provide basic documentation; Risk explicitly advises against boarding them; you wouldn’t feel comfortable explaining the deal if it went bad later.

Electronic Payments, Inc. (EPI) is a privately-held payment processor, acquirer, and financial technology company that delivers innovative POS systems, merchant services, and integrated payment solutions to businesses nationwide. Backed by over 25 years of industry experience, EPI is known for its transparent partnerships, proprietary technologies—including Exatouch® POS, ProCharge®, and Cygma®—and exceptional 24/7 in-house U.S.-based support. EPI serves a wide range of industries, from retail and restaurants to service-based businesses and professional offices, and acquires new merchants through a national network of POS value-added resellers (VARs), agent banks, independent sales agents, and ISOs.

800-966-5520 | www.electronicpayments.com