Whitepaper · Merchant Scams
Merchant Scams: Fraud Hidden in Plain Sight
A merchant scam is fraud in which a bad actor poses as a legitimate seller or business partner to steal money, goods, or data. It exploits the basic assumptions behind every transaction: that the seller is real, that the goods or services exist, and that payment reaches the right account. Global e-commerce fraud reached $48B in 2023, and 72% of marketplace fraud involves unverified sellers. The most effective defense is not more suspicion but better verification of the businesses and individuals behind every transaction.
The main types of merchant scams
Merchant scams take many forms but share one foundation: a fraudster presenting as a legitimate seller or partner. Fake online storefronts use professional design, fake reviews, and copied product images to take upfront payment for goods that never arrive, then disappear within days. Invoice and payment fraud, also known as Business Email Compromise, intercepts or spoofs supplier communications to redirect payments to fraudster-controlled accounts. Marketplace seller fraud, ghost businesses, shell companies, and subscription or advance-fee schemes round out the picture, often built on stolen or synthetic identities and forged business documents.
How fraudulent merchants slip through the cracks
Most organizations assume their procurement or onboarding processes provide adequate protection, but common gaps let fraud operate undetected. Basic company-registration checks prove nothing, because ghost companies are themselves registered entities. Without beneficial-ownership verification, shell-company chains hide the real actor behind multiple layers. Manual document review misses forged documents that AI-detected fakes would catch, and trusting email for payment instructions lets BEC attacks succeed when bank details are never independently verified. The absence of a verified identity on seller accounts lets synthetic and stolen IDs register freely.
The real cost of merchant fraud
The financial cost is obvious, but the full impact extends well beyond direct monetary loss. It includes supply-chain disruption when legitimate suppliers go unpaid, reputational damage, regulatory penalties where compliance failures allowed fraudulent KYB to pass, internal investigation costs, and customer-trust damage on consumer-facing platforms. For small and medium businesses, a single successful merchant scam can be existential. For large enterprises, repeated exposure without systemic controls signals a process failure that regulators take seriously.
The WeVerify defense framework
WeVerify closes the verification gaps merchant fraudsters rely on by combining KYC, KYB, document authentication, and audit trails in one unified solution. KYB checks validate entities against official registries, verify incorporation and financial documents, and check beneficial-ownership structures that ghost and shell entities cannot produce authentically. Document authentication detects forged invoices, manipulated PDFs, and cloned registration documents in real time using AI-powered forensic analysis. KYC on key business contacts, powered by NFC identity reading and selfie matching, verifies the real person behind a supplier and sharply reduces ghost-merchant risk.
Ongoing monitoring and marketplace integration
Because verification is not a one-time event, WeVerify supports continuous monitoring of verified business relationships, with instant alerts on changes to registration status, ownership, or compliance standing, and all records stored in audit-ready logs. To stop the primary BEC attack vector, organizations can require verified digital signatures and tamper-evident seals on any invoice or payment instruction, so unsigned or unverified changes are automatically flagged. For platforms hosting third-party sellers, WeVerify integrates into seller onboarding via API, ensuring every seller account is linked to a verified individual and business entity before they list or transact.
Full whitepaper
Read the complete analysis, free.
Merchant Scams: questions answered
What is a merchant scam?
A merchant scam is fraud in which a bad actor poses as a legitimate seller or business partner to steal money, goods, or data. It attacks the core assumptions of any transaction: that the seller is real, the goods or services exist, and payment reaches the right account. Common forms include fake online storefronts, invoice and payment fraud, marketplace seller fraud, ghost businesses, and advance-fee schemes.
Why do basic company-registration checks fail to stop merchant fraud?
Registration alone proves nothing, because ghost businesses and shell companies are registered legal entities that exist only on paper. They pass shallow checks, receive payment, and dissolve. Effective defense requires verifying beneficial ownership, authenticating submitted documents, and confirming the real identity of the person behind the business through KYB and KYC.
How does WeVerify prevent invoice and payment (BEC) fraud?
Changes to payment details are the primary BEC attack vector. WeVerify lets organizations require verified digital signatures and tamper-evident seals on any invoice or payment instruction, so unsigned or unverified changes are automatically flagged before payment is made and bank details are independently verified rather than trusted from email.
More from WeVerify
Keep reading.
Stop the fraud
Verify identities and businesses before fraud reaches you.
Create an account and go live today. Every new account gets €100 in free credit, pay-as-you-go after that. No tool-juggling, no setup fees.