How to Detect Transaction Laundering for a New MID

Index

Laundering rarely starts with chargebacks. It starts with drift.

A new merchant onboards with clean incorporation documents, a professional website, and legitimate business credentials. The Merchant Category Code (MCC) matches the stated business model. Initial transactions align with expectations.

Then, gradually or suddenly, the merchant begins processing payments for undisclosed sellers, prohibited products, or entirely different business lines.

This is transaction laundering.

‍

By the time fraud or compliance teams detect the activity through chargeback spikes or network inquiries, significant volume has already processed.

The early warning signals appear not in fraud metrics, but in drift: subtle inconsistencies between what the merchant disclosed at onboarding and what their transaction patterns reveal.

This guide provides a systematic approach to detecting transaction laundering at the new Merchant ID (MID) stage, when prevention is still possible.

‍

Understanding Transaction Laundering

Transaction laundering occurs when a merchant processes payments on behalf of another business or for products and services not disclosed during underwriting. The laundering merchant (the entity with the approved MID) acts as a payment gateway for hidden sellers or prohibited activity, often in exchange for fees or revenue sharing.

‍

Scale and Impact

Transaction laundering represents a significant and growing exposure for the payments industry.

According to the Merchant Risk Council's 2019 Global Merchant Fraud Survey, payment facilitators and acquirers identified transaction laundering as one of their top three emerging fraud concerns.

While comprehensive industry-wide loss data is not publicly available, individual enforcement actions provide insight into the scale:

‍

In 2018, the U.S. Federal Trade Commission (FTC) obtained a court order freezing the assets of a payment processing operation that allegedly laundered over $150 million in credit card transactions for fake tech support scams. The operation used shell companies with clean business histories to process payments while the actual services were provided by offshore call centers engaging in deceptive practices. (FTC press release, November 2018)

‍

Card networks have increased enforcement. Visa's Global Brand Protection Program, launched to combat transaction laundering, has resulted in hundreds of merchant investigations and terminations annually, though specific figures are not publicly disclosed. Risk teams at major acquirers report that 3-7% of new merchant accounts exhibit transaction laundering indicators within the first 90 days, though not all cases result in confirmed violations.

‍

Common Transaction Laundering Scenarios

Aggregators and marketplaces:

A merchant approved as a single-brand retailer processes payments for multiple third-party sellers
Individual transactions display generic descriptors that obscure the actual seller identity
The approved merchant receives payments but ships from multiple undisclosed fulfillment centers

Example: A merchant approved as "Smith's Sporting Goods" (MCC 5941 - Sporting Goods Stores) processes payments using the descriptor "SMITH'S GOODS". Transaction metadata reveals products including:

Athletic apparel (consistent with approved business)
Exercise equipment (consistent with approved business)
CBD sports recovery products (not disclosed, potentially prohibited)
Tactical gear and body armor (not disclosed, high-risk category)
Nutritional supplements with unapproved health claims (prohibited without FDA compliance)

Investigation reveals the merchant operates a marketplace where third-party sellers list products. The merchant takes a 15% commission on all sales. Some sellers offer prohibited products. The merchant did not disclose the marketplace model during underwriting and represented itself as a direct retailer with its own inventory.

Product line expansion:

A merchant approved for low-risk goods (e.g., apparel) begins processing payments for high-risk or prohibited products (e.g., CBD, supplements, adult content)
Product descriptions in transaction metadata do not match the approved business model
The merchant's website displays prohibited products alongside approved inventory

Example: A merchant approved as "Wellness Apparel Co." (MCC 5651 - Family Clothing Stores) initially processes payments for activewear and athleisure clothing. Three months after approval, website monitoring detects new product categories:

"Wellness supplements" (vitamins, protein powders)
"CBD wellness products" (tinctures, topicals, edibles)
"Herbal wellness" (kratom, nootropics)

The merchant now derives 60% of revenue from supplements and CBD, but its MCC and underwriting documentation still describe an apparel business. The merchant did not notify the acquirer of the business model change. CBD and kratom are prohibited under the acquirer's policies, and supplement sales require additional compliance controls not in place at onboarding.

Front companies for prohibited merchants:

A merchant with clean credentials processes payments on behalf of businesses that cannot obtain their own MIDs (due to industry restrictions, poor credit history, or prohibited activity)
The approved merchant has little to no legitimate business operations beyond payment processing
Corporate structure includes undisclosed relationships with high-risk entities

Example: A merchant approved as "Digital Media Services LLC" (MCC 7372 - Computer Programming Services) represents itself as a software development firm. Initial transactions appear consistent: small-ticket charges with descriptors like "DIG MEDIA SVCS - Software".

Six weeks after approval, transaction volume increases 10x. Customer disputes spike, with complaints referencing gambling sites, adult content sites, and services the customers claim they never authorized. Investigation reveals:

"Digital Media Services" has no software development operations, staff, or projects
The company shares an address, phone number, and principal with three other recently registered LLCs
The principal has prior MIDs terminated for high chargeback rates
Transactions are actually for online gambling sites operating without U.S. licenses
"Digital Media Services" receives 8% of gross volume as a "processing fee"

The merchant intentionally misrepresented its business model to gain MID approval, then sold access to prohibited merchants who could not obtain processing directly.

Geographic arbitrage:

A domestic merchant approved in a low-risk jurisdiction processes payments for businesses operating in high-risk or restricted countries
IP addresses, fulfillment locations, and customer service contacts do not match the merchant's stated jurisdiction
Website content or customer communications occur in languages inconsistent with the approved market

Example: A merchant approved as "Global Tech Distributors Inc." (MCC 5732 - Electronics Stores) provides a U.S. address, U.S. incorporation documents, and a professional English-language website selling consumer electronics.

Transaction monitoring detects anomalies:

80% of transactions originate from IP addresses in Southeast Asia
Fulfillment addresses are exclusively in China and Hong Kong
Customer service email responses come from a domain registered in Malaysia
Product descriptions and customer reviews include Chinese characters and Malay language

Further investigation reveals the U.S. entity is a shell company. The actual operations are based in Malaysia, where the beneficial owners could not obtain U.S.-based payment processing due to geographic restrictions and high-risk merchant history. The shell company was created specifically to circumvent these restrictions.

Why Transaction Laundering Occurs

From the perspective of the hidden seller, transaction laundering provides access to payment processing that would otherwise be unavailable:

The hidden seller operates in a prohibited industry (gambling, adult content, pharmaceuticals without proper licensing)
The hidden seller has poor credit history or prior merchant account terminations
The hidden seller lacks proper business registration or licensing
The hidden seller operates in a jurisdiction with limited payment infrastructure

From the perspective of the laundering merchant, transaction laundering generates revenue:

Transaction fees or revenue sharing from hidden sellers (typically 5-20% of gross volume)
Volume-based processing fee rebates from acquirers
Payments for "platform" or "gateway" services that obscure the actual seller identity
Opportunity to monetize a clean business history and approved MID

We observe that some transaction laundering operations are sophisticated businesses in their own right, recruiting clean-record individuals to apply for MIDs, providing them with turnkey websites and business documentation, and offering ongoing support in exchange for access to payment processing. Effective KYB workflows and risk decisioning platforms help identify these synthetic business structures during underwriting.

Regulatory and Network Consequences

Transaction laundering creates exposure for acquirers and Payment Facilitators (PayFacs):

Card network fines and sanctions:

Visa and Mastercard have explicit rules prohibiting transaction laundering
Visa's Global Brand Protection Program targets merchants processing for prohibited or high-risk undisclosed sellers
Networks may assess fines ranging from $25,000 to $1 million+ per incident, require independent audits, or terminate acquiring relationships
Acquirers may be held liable for chargebacks and fraud losses associated with laundered transactions

Regulatory scrutiny:

The U.S. Office of the Comptroller of the Currency (OCC) and Federal Deposit Insurance Corporation (FDIC) have issued guidance on payment processor due diligence (OCC Bulletin 2013-29, FDIC FIL-44-2008)
Bank Secrecy Act (BSA) regulations require financial institutions to know their customers and monitor for suspicious activity
Transaction laundering may facilitate money laundering, terrorist financing, or sanctions violations
Regulators have issued consent orders requiring banks to improve merchant monitoring when transaction laundering is detected

Fraud and chargeback risk:

Hidden sellers often sell counterfeit, misrepresented, or never-delivered goods
Customers dispute charges when they do not recognize the merchant descriptor or receive substandard products
Chargebacks concentrate on the laundering merchant's MID, threatening account stability and network standing
Chargeback rates for transaction laundering schemes often exceed 2-5%, well above the 0.9-1.0% thresholds that trigger network monitoring programs

Reputational damage:

Acquirers and PayFacs associated with transaction laundering face negative press and regulatory attention
Customers lose trust when legitimate-appearing merchants process fraudulent transactions
Network relationships deteriorate, limiting future business opportunities
Financial institutions may exit payment processing businesses entirely if exposure becomes unmanageable

The New MID Challenge

Detecting transaction laundering at the new MID stage requires identifying exposure before significant volume processes. We observe that transaction laundering indicators often appear within the first 30-90 days of a merchant going live, but many programs do not systematically monitor for drift during this critical window.

Why New MIDs Are High-Risk

Limited transaction history:

No baseline for normal merchant behavior
Insufficient data for statistical anomaly detection (most models require 6-12 months of data)
Risk models calibrated on established merchants may not trigger alerts
Velocity rules (e.g., "alert if volume increases 50% week-over-week") are ineffective when every week is high-growth

Sophisticated application fraud:

Professional websites and business documentation that obscure true business model
Borrowed or synthetic business identities (real businesses with legitimate registration but undisclosed arrangements)
Undisclosed corporate relationships or ownership structures (shell companies, nominee directors, offshore entities)
Use of aged or "shelf" corporations with clean credit histories to appear established

Rapid volume ramps:

Transaction laundering merchants often process high volumes immediately after approval
Legitimate merchants typically ramp gradually as marketing and operations scale (month 1: $10k, month 2: $25k, month 3: $50k)
Rapid ramps may indicate pre-existing customer bases (i.e., hidden sellers already operating and waiting for payment access)
Laundering merchants may hit processing limits within days of approval, requesting immediate increases

Onboarding gaps:

Underwriting teams focus on creditworthiness and basic business legitimacy
Initial reviews may not include deep website analysis, inventory verification, or ecosystem mapping
Time pressures to approve merchants quickly (competitive "speed to yes" metrics) reduce investigation depth
Underwriters may lack expertise in specific industries or business models, missing red flags

The Drift Detection Window

We recommend enhanced monitoring during the first 90 days after MID activation. This aligns with risk patterns observed across merchant portfolios:

Days 1-30 (Initial baseline):

Monitor for immediate red flags: generic descriptors, multiple fulfillment locations, rapid volume ramps
Verify website and brand identity match underwriting documentation
Review initial transaction metadata for product description consistency
Establish baseline metrics: average ticket, transaction frequency, product mix, shipping destinations

Example baseline metrics for a typical e-commerce apparel merchant:

Average ticket: $45-75
Transactions per day: 20-50 (ramping from lower to higher over the month)
Product categories: 90%+ apparel/accessories, <10% miscellaneous
Shipping destinations: 95%+ domestic, 5% international (primarily Canada)
Fulfillment origins: Single warehouse address

Days 31-60 (Pattern establishment):

Compare transaction patterns against stated business model and initial baseline
Identify geographic or product anomalies (e.g., sudden 30% international volume when month 1 was 5%)
Check for website or descriptor changes
Monitor customer dispute rates and reasons (rising disputes or "unrecognized charge" complaints signal descriptor issues)

Days 61-90 (Drift detection):

Assess any changes from initial baseline (volume spikes, product shifts, new fulfillment locations)
Investigate volume, product, or geographic shifts that lack clear business explanations
Conduct enhanced review if drift signals are present (website audit, transaction sampling, merchant outreach)
Make disposition: continue standard monitoring, impose restrictions, or conduct deeper investigation

Example drift pattern:

Month 1: $45,000 volume, 100% apparel, single fulfillment location, 0.3% dispute rate
Month 2: $120,000 volume (+167%), 85% apparel / 15% supplements, two fulfillment locations, 0.8% dispute rate
Month 3: $350,000 volume (+192%), 60% apparel / 40% supplements and CBD, four fulfillment locations, 1.9% dispute rate

This progression exhibits multiple drift signals: rapid volume growth, product mix shift toward higher-risk categories, fulfillment location expansion, and rising disputes. Each signal alone might have a benign explanation, but the combination warrants immediate investigation.

After 90 days, incorporate the merchant into standard ongoing monitoring programs. However, new MID drift signals often predict longer-term risk, so flagged merchants should remain under enhanced scrutiny even if no immediate policy violations are confirmed. Automated ongoing monitoring solutions can maintain this elevated surveillance without manual intervention.

Volume Benchmarks by Industry

Transaction volume ramps vary significantly by industry and business model. Understanding typical patterns helps identify outliers:

Industry/MCC

Typical Month 1 Volume

Typical Month 3 Volume

High-Risk Threshold (Month 1)

Apparel (5651, 5691)

$10k - $50k

$30k - $150k

>$100k

Electronics (5732, 5946)

$25k - $100k

$75k - $300k

>$250k

Digital goods (5815, 5817)

$5k - $25k

$20k - $100k

>$75k

Subscription services (7372)

$15k - $60k

$50k - $200k

>$150k

B2B services (7392, 7399)

$50k - $250k

$150k - $750k

>$500k

These figures are illustrative and represent typical ranges observed across merchant portfolios. Actual benchmarks should be calibrated to your specific merchant mix and risk appetite. Merchants exceeding high-risk thresholds in their first month warrant immediate review, as this pattern correlates with transaction laundering and application fraud.

Drift Signals to Monitor

Transaction laundering manifests through inconsistencies between the merchant's stated business model and observable transaction behavior. We organize these signals into five categories: brand and URL drift, descriptor variance, product catalog breadth, fulfillment chain opacity, and partnership language.

1. URL and Brand Drift

Website changes:

Domain changes or redirects within 90 days of onboarding
Addition of subdomains not disclosed during underwriting (e.g., "partners.merchantdomain.com", "seller.merchantdomain.com", "vendors.merchantdomain.com")
Removal or replacement of brand identity elements (logo, color scheme, mission statement)
Homepage restructuring that changes the apparent business model (single-brand store becomes multi-vendor marketplace)

Example: A merchant approved as "Artisan Home Decor" with the domain "artisanhomedecorlp.com" initially displays a curated collection of handmade home goods with consistent branding and an "About Us" page describing the founder's artisan partnerships.

30 days after approval, website monitoring detects:

New subdomain "sellers.artisanhomedecorlp.com" with a "Become a Seller" application form
Homepage now features "Marketplace" branding and product listings with "Sold by [Seller Name]" tags
"About Us" page removed and replaced with "How It Works" page describing the marketplace platform
Product catalog expanded from 200 curated items to 5,000+ items with inconsistent photo quality

This drift indicates the merchant pivoted from a direct seller to a marketplace model without disclosure or approval. The rapid catalog expansion and seller onboarding functionality strongly suggest transaction laundering.

Brand inconsistency:

Merchant descriptor does not match website brand name (website: "Premium Coffee Co.", descriptor: "PMC GROUP LLC")
Multiple brand names appear on the same website without clear relationship (co-branding or white-label reselling)
Generic or placeholder branding that lacks clear business identity (site uses "Your Business Name Here" templates)
Frequent rebranding without business justification (logo changes, name changes, domain redirects)

Example: A merchant's payment descriptor reads "ZETA PROCESSING" but the website is branded as "Outdoor Adventure Gear". The website footer includes a small-text disclaimer: "Payment processing provided by Zeta Processing Services". Customer disputes reference confusion about the descriptor.

Investigation reveals "Zeta Processing" is a separate legal entity that applied for the MID. "Outdoor Adventure Gear" is an undisclosed related party or client. The arrangement suggests "Zeta Processing" is acting as a payment aggregator without proper licensing or disclosure.

Ecosystem expansion:

New domains registered in close proximity to the primary domain (e.g., "merchantname-sellers.com", "merchantname-marketplace.com", "merchantname-partners.com")
Affiliated domains with different ownership or registration details but shared operational elements (phone numbers, addresses, principals)
Sister sites with overlapping products or fulfillment but separate branding (suggesting a portfolio of shell brands processing through a single MID)
Domain parking or redirection patterns that obscure the true operational website

Example: Ecosystem analysis for "TechGadgets Pro" (approved MID) reveals:

Primary domain: techgadgetspro.com (registered 2025-08-15 to John Smith, 123 Main St, Austin TX)
Related domain: gadget-marketplace.com (registered 2025-10-20 to Smith Ventures LLC, same address)
Related domain: discount-electronics-hub.com (registered 2025-11-05 to TGP Holdings, same phone number)
All three sites share the same checkout process, fulfillment notification emails, and customer service contact
"TechGadgets Pro" MID processes for all three domains without disclosure

This ecosystem pattern indicates an undisclosed aggregator or portfolio operation. The merchant may be processing for multiple brands or selling MID access to related parties.

Effective merchant risk assessments include an "Ecosystem" section mapping all storefronts and domains operated by the same entity or related parties. This practice reveals undisclosed marketplace or aggregator models early.

2. Descriptor Variance

Generic descriptors:

Descriptors that do not identify the specific brand or product (e.g., "Online Purchase", "E-commerce Transaction", "Payment Processing", "Digital Services")
Descriptors that reference a parent company or holding entity rather than the consumer-facing brand ("XYZ Holdings" when the website is "Joe's Outdoor Store")
Descriptors that change frequently without clear business justification (week 1: "ACME RETAIL", week 3: "ACME STORE", week 5: "ACME ONLINE")
Abbreviated or truncated descriptors that lose brand clarity ("Premium Organic Supplements" becomes "PREM ORG SUP")

Mismatch with customer expectation:

Customers dispute charges because they do not recognize the descriptor
Customer service inquiries focus on "Who is this charge from?" rather than product issues
Descriptor does not appear prominently on the merchant's website (not in header, footer, or checkout confirmation)
Merchant's phone number receives frequent "unauthorized charge" inquiries that are actually legitimate purchases

Example: A merchant operating as "GreenLeaf Wellness" (website brand) uses the descriptor "SYNERGY ENT LLC". The website does not mention "Synergy Enterprises" anywhere. Customer disputes within the first 45 days:

"Don't recognize SYNERGY ENT charge $89.95"
"What is SYNERGY ENT? I didn't authorize this"
"Need to cancel SYNERGY ENT subscription - what is this?"

Dispute rate: 2.3% (well above 0.9% threshold). Investigation reveals:

"Synergy Enterprises LLC" is a holding company that owns "GreenLeaf Wellness" and three other e-commerce brands
The same descriptor processes for all four brands
Customer confusion is causing legitimate purchases to be disputed as fraud

While this may not be transaction laundering (the ownership relationship is disclosed), the descriptor practice violates network guidelines and creates chargeback risk. Descriptor should match the consumer-facing brand.

Multiple descriptors:

A single MID uses different descriptors across transactions (transaction 1: "ACME STORE", transaction 2: "ACME SHOP", transaction 3: "ACME RETAIL")
Descriptors vary by product line, seller, or geography without disclosure (domestic transactions: "Brand USA", international transactions: "Brand Global")
Descriptors rotate to obscure volume concentration or avoid network monitoring (changes every 30 days)

Example: Transaction data for "Wellness Marketplace Inc." shows five distinct descriptors used over 60 days:

"WELLNESS MRKT" (40% of transactions)
"WM SUPPLEMENTS" (25% of transactions)
"WELLNESS PLUS" (15% of transactions)
"WM NUTRITION" (12% of transactions)
"WELLNESS STORE" (8% of transactions)

No single descriptor triggers volume or chargeback thresholds, but aggregated across all descriptors, the merchant would exceed both. This descriptor rotation is a deliberate strategy to avoid monitoring. Investigation should focus on whether multiple descriptors serve legitimate business purposes (different brands, different product lines with disclosed relationships) or are used to obscure risk.

3. Unusually Broad Product Catalog

Product diversity inconsistent with business model:

A merchant described as a "specialty retailer" offers hundreds of unrelated product categories
Products span multiple MCCs (e.g., apparel, electronics, supplements, digital goods) without clear business rationale
Product catalog includes high-risk items not mentioned during underwriting (CBD, kratom, tobacco accessories, adult products, pharmaceuticals, weapons accessories)
Product descriptions or images indicate dropshipping or reselling (manufacturer stock photos, generic descriptions, lack of brand-specific content)

Marketplace indicators:

Product listings include "Sold by [Third-Party Name]" or "Ships from [Third-Party Name]"
Seller ratings or profiles visible on the website (e.g., "JohnDoe123 Seller Rating: 4.8/5")
Products listed with inconsistent branding, photography quality, or descriptions (suggesting multiple suppliers with different standards)
"Add to Store" or "List Your Products" buttons suggesting merchant facilitates third-party sellers
Seller dashboard or portal accessible via login (indicating backend infrastructure for third-party sellers)

Example: A merchant approved as "Modern Home Furnishings" (MCC 5712) initially displays 300 SKUs of furniture and home decor. Website review at day 60 reveals 12,000+ SKUs including:

Furniture and decor (original category)
Kitchen appliances and gadgets
Electronics (tablets, headphones, smart home devices)
Clothing and accessories
Toys and games
Sports equipment
Health and beauty products
Books and media

Product pages include "Sold by [Seller Name]" and "Ships from [Warehouse Location]" with 200+ unique seller names. The merchant's website footer now includes "Seller Center" and "Start Selling" links. This is a clear marketplace operation that was not disclosed during underwriting.

Inventory implausibility:

Thousands of SKUs for a small merchant with limited operational history (startup with 12,000 products)
Product catalog includes items requiring specialized licensing or certifications (e.g., FDA-regulated supplements, FCC-regulated electronics, DEA-controlled substances) without evidence of compliance
Products with long lead times or custom manufacturing appear as in-stock and ready to ship (custom furniture listed as "Ships in 1-2 days")
High-value, low-volume specialty items (jewelry, art, collectibles) mixed with mass-market commodities without clear business focus

Example: A merchant approved 45 days ago as a health supplement retailer lists 5,000+ supplement SKUs. Product titles include FDA compliance claims ("FDA Approved Weight Loss Supplement", "Clinically Proven Muscle Builder") that are not legally permissible without specific authorization.

The merchant's business documentation describes a small operation with 3 employees and no warehouse. Maintaining 5,000 SKUs of perishable supplements would require significant inventory investment, warehouse space, and cold storage. The implausibility suggests:

Dropshipping with no inventory control (high risk for counterfeit or adulterated products)
Marketplace operation with third-party supplement sellers (prohibited without proper licensing and compliance)
Data scraping or catalog cloning from other supplement sites (indicating merchant has no actual inventory)

4. Third-Party Fulfillment

Undisclosed drop-shipping:

Transaction metadata indicates fulfillment from addresses not disclosed during underwriting
Shipping origin varies widely across transactions (domestic and international, different states or countries)
Estimated delivery times inconsistent with stated warehouse locations (merchant claims California warehouse but products ship from China with 3-week delivery)
Tracking numbers indicate shipments from manufacturers or wholesalers rather than merchant's warehouse

Example: A merchant's underwriting application states "warehouse located at 1500 Commerce Dr, Chicago IL". Transaction metadata from first 30 days shows shipping origins:

1500 Commerce Dr, Chicago IL (15% of orders)
Shenzhen, China (40% of orders)
Guangzhou, China (25% of orders)
Los Angeles, CA (freight forwarder address) (20% of orders)

The Chicago address is a virtual office with mail forwarding services (identified via Google Maps and address database lookup). The majority of fulfillment occurs from China, indicating dropshipping that was not disclosed. Customer delivery times average 15-20 days, inconsistent with domestic fulfillment claims.

Multiple fulfillment centers:

A small merchant with limited operational footprint ships from numerous locations (10+ distinct fulfillment addresses)
Fulfillment addresses belong to third-party logistics providers (3PLs) or warehouses with no disclosed relationship
Tracking numbers indicate shipments from countries or regions inconsistent with the merchant's stated operations (merchant claims U.S. operations but all shipments originate in Southeast Asia)
Fulfillment locations include residential addresses, self-storage facilities, or PO boxes (not commercial warehouse space)

Example: Transaction data shows a merchant ships from 15 distinct addresses across 8 states. Address verification reveals:

6 addresses are Amazon FBA (Fulfillment by Amazon) warehouses
4 addresses are residential homes
3 addresses are storage unit facilities
2 addresses are legitimate commercial warehouses

This pattern suggests:

Amazon FBA reselling operation (buying products from Amazon to resell at markup, against Amazon ToS and potentially trademark-infringing)
Dropshipping with multiple suppliers fulfilling from their own locations
Aggregator processing for multiple hidden sellers, each shipping from their own location

No direct inventory control:

Merchant has no warehouse, physical inventory, or fulfillment staff (per business documentation or site inspection)
Website FAQ or shipping policies reference third-party fulfillment but do not identify specific partners ("Your order will be fulfilled by our trusted partners" without naming partners)
Product images or descriptions sourced directly from manufacturer websites or third-party marketplaces (reverse image search reveals product photos used by dozens of other sellers)
Merchant cannot provide inventory count, SKU-level stock, or purchase order history when requested

Example: A merchant outreach requests current inventory documentation. Merchant responses:

"Our inventory is managed by our supplier partners. We don't maintain stock ourselves."
"We work with multiple fulfillment centers but they're confidential partnerships."
"Inventory levels are updated automatically from our partners' systems."

These responses indicate the merchant has no direct inventory control or ownership. This is a transaction laundering red flag: the merchant is processing payments but not actually selling its own inventory. Likely scenarios include:

Payment processing for undisclosed suppliers who lack their own MIDs
Marketplace or aggregator operation without proper disclosure
Dropshipping operation that exists solely to facilitate payment access for hidden sellers

Merchants with legitimate dropshipping models can typically provide:

Supplier agreements naming specific suppliers
Purchase order history showing wholesale purchases
Supplier contact information for verification
Product cost structures proving merchant markup (merchant buys for $X, sells for $Y)

5. "Partner" Language

Ambiguous business model disclosures:

Website references "partners", "sellers", "vendors", "affiliates", or "network members" without clear definitions
Terms of service or privacy policies describe the merchant as a "platform", "marketplace", or "payment facilitator" when underwriting documents describe a direct seller
Business model descriptions use passive language ("products are listed", "items are sold", "services are provided") that obscures who controls inventory and fulfillment
Vague references to "trusted partners" or "fulfillment partners" without identifying who they are or what role they play

Example: A merchant's website footer includes this language:

"We partner with trusted vendors to bring you the best products. [Merchant Name] acts as a platform connecting buyers and sellers. Payment processing is facilitated by [Merchant Name] for your convenience."

This language indicates a marketplace or aggregator model where the merchant processes payments on behalf of third-party sellers. If this model was not disclosed during underwriting, it constitutes transaction laundering. The merchant likely represented itself as a direct seller to gain approval, then revealed its true platform model post-approval.

Onboarding or registration forms for sellers:

Website includes application forms for "becoming a seller", "listing products", or "joining the network"
Sign-up forms request business documentation from third parties (EIN, reseller certificates, business licenses)
Merchant collects payment account information from third parties (for revenue splits or payouts)
Seller dashboard or portal functionality visible on the website (login buttons, "Seller Center" navigation)

Example: Website crawl detects a page at "merchantdomain.com/sell-with-us" with the following form fields:

Business Name
Business Type (LLC, Corporation, Sole Proprietor)
EIN (Employer Identification Number)
Product Categories You'll Sell
Estimated Monthly Volume
Bank Account Information for Payouts
"By submitting this form, you agree to the Seller Terms of Service"

This is explicit evidence of a marketplace model where third-party sellers onboard and list products. If this was not disclosed during underwriting, the merchant is laundering transactions for these sellers.

Revenue sharing or commission structures:

Website or marketing materials reference commission rates, transaction fees, or revenue splits for "partners" (e.g., "15% commission on all sales")
Merchant agreement templates available for third-party sellers (downloadable PDFs outlining terms of sale, payment schedules, dispute handling)
Pricing tiers or membership levels that suggest a marketplace or aggregator model ("Basic Seller: $99/month + 10% per transaction", "Premium Seller: $299/month + 5% per transaction")
FAQ sections explaining payout schedules, minimum balance requirements, or payment holds (indicating merchant is collecting payments and then distributing to sellers)

Example: A merchant's "Seller FAQ" page includes:

"Q: When do I get paid? A: Payouts are processed every Thursday for the previous week's sales, minus our 12% platform fee and any chargebacks or returns.

Q: What happens if a customer disputes a charge? A: The chargeback amount plus $15 fee will be deducted from your next payout. You're responsible for all disputes on your products.

Q: Is there a minimum payout? A: Yes, payouts are only processed once your balance reaches $100. Balances below $100 roll over to the following week."

This FAQ clearly describes a marketplace model where the merchant collects payments, takes a percentage, and pays out to sellers. This is transaction laundering if the merchant represented itself as a direct retailer during underwriting.

Drift Signal Detection Checklist

Use this checklist to evaluate new MIDs for transaction laundering indicators:

[ ] Website reviewed within 7 days of MID activation: Confirm brand identity, product catalog, and fulfillment disclosures match underwriting documentation
[ ] Descriptor verified against website branding: Ensure customers will recognize the charge descriptor (descriptor appears prominently on website, checkout confirmation, customer communications)
[ ] Ecosystem mapping completed: Identify all domains owned or operated by the merchant or related entities (WHOIS lookup, shared contact information, linked domains)
[ ] Product catalog assessed for breadth and risk: Flag merchants with unusually diverse catalogs, prohibited products, or marketplace indicators ("Sold by" language, seller profiles)
[ ] Fulfillment chain documented: Verify warehouse locations, drop-shipping relationships, and inventory control (request supplier agreements, inventory reports, warehouse documentation)
[ ] Partnership language reviewed: Identify any references to third-party sellers, marketplaces, platforms, or revenue sharing (Terms of Service, About Us, FAQ, footer text)
[ ] Transaction metadata sampled: Review 50-100 initial transactions for product descriptions, shipping addresses, and customer data consistency
[ ] Rapid volume ramp flagged: Investigate merchants processing >$50k in the first 30 days (threshold varies by industry and business model; adjust based on benchmarks)
[ ] Customer disputes monitored: Review dispute reasons and customer inquiries for descriptor confusion, product misrepresentation, or "didn't authorize" claims
[ ] Website change detection active: Monitor for post-approval changes to domain, branding, product catalog, terms of service, or seller onboarding functionality

Investigation Process

When drift signals are identified, we recommend a structured investigation to determine whether transaction laundering is occurring or whether inconsistencies have benign explanations. Effective case management infrastructure tracks investigation timelines, evidence collected, merchant communications, and final dispositions with comprehensive audit trails.

Step 1: Data Gathering

Transaction analysis:

Pull 100-500 recent transactions (or all transactions if volume is low)
Extract product descriptions, SKUs, shipping addresses, customer locations, IP addresses (if available), customer email domains
Identify patterns: Are all transactions for similar products? Do shipping addresses cluster geographically? Are there multiple distinct product categories? Do customer email domains suggest B2B vs. B2C activity?
Calculate distribution metrics: How many unique shipping origin addresses? How many unique product categories? What is average ticket by category?

Example transaction analysis findings:

Merchant: "Fitness Pro Shop"

Transactions analyzed: 250 (first 45 days)

Product categories:

Fitness equipment: 45% of transactions
Nutritional supplements: 35% of transactions
Apparel: 15% of transactions
CBD products: 5% of transactions (12 transactions, all in last 2 weeks)

Shipping origin addresses:

123 Warehouse Rd, Denver CO (disclosed location): 60% of orders
Various China addresses: 30% of orders
Residential address in Denver: 10% of orders

Red flags: CBD not disclosed during underwriting (prohibited under acquirer policy). 30% of fulfillment from China not disclosed (merchant claimed domestic inventory). Residential address suggests possible home-based dropshipping or undisclosed party.

Website audit:

Capture screenshots of the merchant's website (homepage, product pages, checkout flow, terms of service, shipping/returns policies, FAQ, About Us, Contact Us)
Review website source code for third-party integrations (marketplace plugins like Magento Multi-Vendor, WooCommerce Product Vendors, Sharetribe; affiliate tracking scripts; seller portal login forms)
Check WHOIS data for domain registration date, registrant information, and related domains (use services like WHOIS lookup tools, DomainTools, or registrar databases)
Use the Wayback Machine (archive.org) to review historical website versions and identify recent changes (compare current site to versions from 30, 60, 90 days ago)
Check robots.txt and sitemap.xml for hidden pages (seller portals, partner areas, admin panels)

Example website audit findings:

Current homepage (day 60): Marketplace-style layout with "Sold by [Seller Name]" on product tiles. Footer includes "Become a Seller" link.

Wayback Machine (onboarding date - day 0): Single-brand e-commerce store. No seller mentions. Footer includes standard "About Us", "Contact", "Shipping Policy" links.

WHOIS data:

Domain: fitnesproshop.com, registered 2025-07-12 to "John Doe", registrant email: johndoe@email.com
Related domain: fitnesproshop-sellers.com, registered 2025-09-20 to "FPS Holdings LLC", registrant email: johndoe@email.com (same person)

Source code analysis reveals:

Multi-vendor marketplace plugin installed (detected in HTML comments and JavaScript includes)
Seller dashboard login endpoint at /seller/login
API endpoints for seller registration (/api/v1/seller/register)

Conclusion: Merchant operated as single-brand store at onboarding, then converted to marketplace model within 60 days without disclosure. Related seller domain and marketplace infrastructure confirm undisclosed aggregator operation.

Descriptor and branding review:

Confirm the exact descriptor that appears on customer statements (request sample transactions, review processor reports, or conduct test purchases)
Search for customer complaints or inquiries online using search engines and social media (e.g., "What is [descriptor] charge?", "[descriptor] unauthorized charge", "[descriptor] Reddit", "[descriptor] Twitter")
Verify whether the descriptor appears prominently on the merchant's website (homepage header, footer, checkout page, order confirmation email)
Review customer service inquiry logs for descriptor-related questions (if available from merchant)

Example descriptor findings:

Descriptor: "SUMMIT VENTURES"

Website brand: "Peak Performance Supplements"

Website mentions of "Summit Ventures": None

Google search results:

"What is SUMMIT VENTURES charge?" - 12 results on consumer complaint forums
"SUMMIT VENTURES unauthorized charge" - 8 results on Reddit, Twitter
Complaints reference confusion about charge source and difficulty reaching customer service

Acquirer customer service logs (if tracked):

23 calls in 45 days asking "What is SUMMIT VENTURES?"
15 "unauthorized charge" disputes filed (later resolved as authorized but unrecognized)

Conclusion: Descriptor does not match consumer-facing brand. Customer confusion causing disputes. Violates network guidelines for clear descriptor usage. Suggests potential holding company or shell entity processing for the actual brand.

Fulfillment verification:

Identify all shipping origin addresses in transaction data (extract from transaction metadata or tracking number databases)
Cross-reference addresses against the merchant's disclosed warehouse locations (compare to underwriting application, business documentation, lease agreements)
Search fulfillment addresses using Google Maps, business directories, and address databases to identify:

Third-party logistics providers (3PLs) like ShipBob, ShipMonk, Flexport
Amazon FBA warehouses (identifiable by specific address patterns)
Residential addresses (single-family homes, apartments)
Virtual offices or mailbox services (UPS Store, Regus, Mailboxes Etc.)
Freight forwarders or import/export facilities
Foreign addresses (China, Hong Kong, other international locations)

Example fulfillment findings:

Disclosed warehouse: 500 Industrial Pkwy, Suite 200, Austin TX

Actual fulfillment addresses (from 200 transactions):

500 Industrial Pkwy, Suite 200, Austin TX: 25 transactions (12.5%)
1234 Shenzhen Rd, Shenzhen, China: 80 transactions (40%)
5678 Guangzhou Ave, Guangzhou, China: 60 transactions (30%)
901 Port of LA, Los Angeles CA: 35 transactions (17.5%) [identified as freight forwarder facility]

Address investigation:

Austin address: Virtual office (receptionist, mail forwarding, no warehouse space)
China addresses: Manufacturer facilities (not disclosed fulfillment partners)
LA address: Freight forwarder receiving China shipments for U.S. customers

Conclusion: Merchant has no actual warehouse. Majority of fulfillment is dropshipping from China manufacturers. Virtual office suggests no real operations in stated location. Undisclosed business model constitutes transaction laundering.

Ecosystem mapping:

Identify all domains registered to the same entity, individual, or email address (WHOIS database searches, reverse WHOIS lookups)
Search for related businesses with shared phone numbers, addresses, or key personnel (business directory searches, corporate registration databases, LinkedIn profiles)
Review corporate registration documents for undisclosed subsidiaries or affiliates (Secretary of State business entity searches, beneficial ownership registries)
Check for common elements across websites (shared IP addresses via hosting services, common analytics tracking codes, shared customer service emails, identical terms of service or privacy policy language)

Example ecosystem mapping:

Primary merchant: "TechMart Pro" (approved MID)

Ecosystem discovered:

techmart-pro.com (primary website, on underwriting application)

Registered to: TechMart Pro LLC, johndoe@email.com

techmart-sellers.com (seller portal)

Registered to: TMP Holdings LLC, johndoe@email.com (same registrant email)

discount-tech-hub.com (separate brand)

Registered to: Discount Hub Inc., janedoe@email.com (different email but same phone number in WHOIS)

gadget-marketplace.net (marketplace brand)

Registered to: GM Services LLC, johndoe@email.com (same registrant email)

Corporate structure investigation:

TechMart Pro LLC: John Doe (sole member)
TMP Holdings LLC: John Doe (sole member)
Discount Hub Inc.: Jane Doe (president), John Doe (secretary)
GM Services LLC: John Doe (sole member)

All entities share the same registered address (123 Business Ct, Austin TX). Google Maps reveals this is a virtual office.

Conclusion: Merchant operates a portfolio of 4 brands/domains through related entities, all controlled by the same individual(s). Only one brand was disclosed during underwriting. The MID likely processes for all four brands (or the operator sells MID access to other parties). This is undisclosed aggregator activity constituting transaction laundering.

This ecosystem mapping aligns with best practices: merchant risk assessments should include an "Ecosystem" section capturing all storefronts and domains operated by the same entity or related parties.

Step 2: Risk Scoring

Assign risk scores based on the number and severity of drift signals identified. Automated risk decisioning platforms can calculate composite scores from individual indicators.

Low risk (monitoring) - 0-2 signals with low severity:

Minor descriptor inconsistencies with clear business justification (parent company name with brand name in parentheses)
Limited product line expansion within the same general category (apparel merchant adds accessories)
Disclosed drop-shipping with consistent fulfillment partner (single 3PL address disclosed and verified)
Website updates that don't change core business model (redesign, product photos updated, seasonal promotions)

Action: Continue standard ongoing monitoring. Flag for next quarterly review. No immediate intervention required.

Medium risk (enhanced review) - 3-5 signals or 1-2 high-severity signals:

Descriptor does not clearly identify the brand (holding company name, generic descriptor)
Product catalog includes 2-3 distinct categories not disclosed at onboarding (electronics merchant adds supplements)
Fulfillment from undisclosed locations, but addresses belong to known logistics providers (3PLs, Amazon FBA)
Website references "partners" but no evidence of third-party seller onboarding (vague language without functionality)
Volume ramp faster than industry norms but not extreme (50-100% month-over-month vs. 200%+)

Action: Conduct enhanced review within 15 days. Request documentation from merchant (updated business model description, fulfillment agreements, explanation for catalog expansion). Impose temporary restrictions if needed (hold reserves, limit transaction velocity). Escalate to compliance officer for review.

High risk (urgent investigation) - 6+ signals or 3+ high-severity signals:

Generic or rotating descriptors (changes every 30 days)
Product catalog includes prohibited or high-risk items (CBD, kratom, adult content, gambling, pharmaceuticals without licenses)
Fulfillment from numerous unrelated addresses or foreign locations (10+ addresses, China fulfillment not disclosed)
Website includes seller registration forms or marketplace functionality (explicit aggregator model)
Rapid volume ramp with transaction patterns inconsistent with stated business model (300%+ month-over-month, immediate high volume)
Customer disputes reference unrecognized charges or misrepresented products (2%+ dispute rate, "didn't order" claims)
Ecosystem mapping reveals undisclosed related entities processing through same MID

Action: Immediate investigation required. Freeze MID or impose severe restrictions (daily processing limits, 100% reserve) pending investigation completion. Escalate to senior compliance, risk management, and legal teams. Prepare for potential termination.

Risk Scoring Example:

Merchant: "Wellness Marketplace Inc."

Signals detected:

Generic descriptor ("WM PROCESSING") - Medium severity
Product catalog includes prohibited CBD (not disclosed) - High severity
8 distinct fulfillment addresses (only 1 disclosed) - High severity
Website footer references "seller partners" - Medium severity
Volume ramp: $12k → $45k → $180k first 3 months - High severity
Dispute rate 1.8% (above 0.9% threshold) - Medium severity
Ecosystem mapping found related domain "wm-sellers.com" - High severity

Signal count: 7

High-severity signals: 4

Risk category: High risk (urgent investigation)

Recommendation: Freeze MID immediately. Request comprehensive documentation (supplier agreements, inventory verification, UBO disclosure for related entities). Prepare termination notice if merchant cannot provide satisfactory evidence of direct inventory control and disclosed business model.

Step 3: Merchant Outreach

For medium and high-risk cases, contact the merchant to request clarification. Document all communications as part of the investigation audit trail.

Request documentation:

Updated business model description (written narrative explaining current operations)
Inventory ownership confirmation (supplier invoices, purchase orders, warehouse receipts, inventory management reports)
Fulfillment partner agreements (if drop-shipping: contracts with suppliers including contact information, pricing terms, liability provisions)
Licensing or compliance documentation for high-risk product categories (CBD: state licenses, CoAs; supplements: FDA registration, GMP compliance; electronics: FCC/CE certifications)
Explanation for descriptor, website, or product catalog changes (business justification for any material changes detected)
Ecosystem disclosures (list all related websites, businesses, domains owned or operated by the same principals)
UBO certifications (if corporate structure suggests undisclosed beneficial owners)

Sample documentation request email:

"Dear [Merchant],

As part of our ongoing merchant monitoring program, we have identified some questions regarding your account activity that require clarification. We are requesting the following documentation to ensure compliance with our merchant agreement and applicable card network rules:

Updated business model description: Please provide a written explanation of your current business operations, including how you source inventory, fulfill orders, and handle customer service.
Inventory verification: Please provide recent supplier invoices or purchase orders (last 90 days) showing your acquisition of products listed on your website. Include supplier names and contact information.
Fulfillment documentation: We note that orders are shipping from [list addresses]. Please explain this fulfillment model and provide any agreements with third-party logistics providers or drop-ship suppliers.
Product compliance: Your website now includes [list products or categories]. Please provide any required licenses, certifications, or compliance documentation for these product categories.
Related entities: Please list any other websites, domains, or businesses you own or operate, or that are owned/operated by related parties.

Please provide the requested documentation within 10 business days. Failure to respond may result in processing restrictions or account termination.

[Contact information for questions]"

Assess responsiveness:

Legitimate merchants typically respond within 1-3 business days with substantive answers or reasonable requests for clarification
Evasive or delayed responses may indicate awareness of policy violations (responses that avoid direct questions, provide vague explanations, or request excessive time extensions)
Inability to provide documentation (e.g., "inventory is handled by a third party we can't name", "our suppliers require confidentiality", "fulfillment agreements are proprietary") raises transaction laundering concerns

Red flag responses:

"We work with various partners but can't disclose their identities due to NDAs"
"Our business model is proprietary and we can't share operational details"
"The products were temporarily listed but are no longer available" (when products are still visible on website)
"We're transitioning our business model and will have documentation soon" (indefinite delays)
No response after multiple attempts to contact (phone, email, registered address)

Evaluate explanations:

Do explanations align with observed transaction patterns? (claimed "single product line" vs. observed "10 product categories")
Are provided documents verifiable? (supplier invoices with contact information, warehouse lease agreements with landlord details, licenses with issuing authority confirmation)
Does the merchant demonstrate clear control over inventory, fulfillment, and customer service? (can provide inventory counts, handles customer disputes directly, employs fulfillment staff or contracts with disclosed 3PLs)
Are explanations internally consistent? (don't contradict previous statements or underwriting documentation)

Example evaluation:

Merchant explanation: "We recently partnered with additional suppliers to expand our product line. The new fulfillment addresses are our suppliers' warehouses, and they handle drop-shipping on our behalf."

Verification requests:

Supplier names and contact information → Merchant provides
Supplier agreements → Merchant provides PDFs of agreements
Purchase orders showing wholesale purchases → Merchant provides

Verification results:

Contacted suppliers: Confirmed they sell wholesale to merchant
Reviewed agreements: Standard wholesale terms, merchant buys inventory at wholesale price and marks up for retail
Reviewed purchase orders: Show merchant purchased $50k of inventory in last 60 days

Conclusion: Explanation is credible and verifiable. Merchant has legitimate drop-shipping arrangement where they own inventory (purchased it from suppliers) but suppliers handle fulfillment. This is an acceptable business model if disclosed. Update merchant file to reflect new fulfillment model. Continue monitoring but no policy violation confirmed.

Contrasting example:

Merchant explanation: "We work with fulfillment partners to deliver the best products to customers."

Verification requests:

Partner names → Merchant: "Can't disclose due to competitive reasons"
Agreements → Merchant: "Don't have formal agreements, it's relationship-based"
Purchase orders → Merchant: "Partners manage inventory, we don't purchase products"

Conclusion: Merchant cannot demonstrate inventory ownership or control. "Partners manage inventory" suggests merchant is processing payments but not actually selling its own products. This indicates transaction laundering: merchant acts as payment gateway for undisclosed sellers. Proceed to termination.

Step 4: Disposition

Based on investigation findings, determine the appropriate action:

Clear (continue monitoring):

Inconsistencies have reasonable explanations and supporting documentation
Merchant demonstrates control over business operations (owns or purchases inventory, controls fulfillment, handles customer service)
No policy violations or prohibited activity identified
Continue standard ongoing monitoring (monthly reviews, automated transaction monitoring, annual re-underwriting)

Documentation: Update merchant file with investigation summary, documents received, and verification steps completed. Remove any processing restrictions imposed during investigation. Notify merchant of clearance.

Restrict (limit exposure):

Some transaction laundering indicators present, but severity is unclear or documentation is partial
Merchant provides partial documentation or explanations with minor gaps (e.g., can verify some suppliers but not all, provides some purchase orders but not comprehensive proof)
Minor policy violations identified but no prohibited activity (e.g., descriptor issue, undisclosed product line expansion to permitted categories)
Impose transaction limits (daily/weekly/monthly volume caps), reserve increases (hold higher percentage of funds), or prohibited product restrictions (explicitly ban certain categories)
Require periodic re-reviews (e.g., every 30 or 60 days) with updated documentation

Documentation: Send restriction notice to merchant outlining specific limitations and requirements for removal. Document reason for restrictions in merchant file. Set calendar reminder for next review.

Suspend (pending further review):

Strong transaction laundering indicators with insufficient documentation to make final determination
Merchant fails to respond or provides evasive explanations, but there is not yet definitive proof of violations
Policy violations identified (prohibited products, undisclosed marketplace activity) but merchant claims they can remediate
Suspend processing while investigation continues or until merchant can provide satisfactory evidence (typically 15-30 days)
Hold all pending settlements or increase reserves to 100%

Documentation: Send suspension notice outlining specific concerns and documentation required to lift suspension. Provide deadline (typically 15 days). Document suspension reason and timeline. Escalate to legal team to review exposure.

Terminate (exit merchant):

Confirmed transaction laundering activity (merchant processes for undisclosed sellers, operates marketplace without disclosure, acts as payment gateway)
Merchant processes for prohibited sellers or prohibited products (gambling without license, adult content, counterfeit goods, unlicensed pharmaceuticals)
Merchant misrepresented business model during onboarding (claimed direct seller but operates aggregator, fabricated business operations, synthetic identity)
Merchant fails to provide documentation or cooperate with investigation (no response after multiple attempts, refuses to provide basic business records)
Risk exposure is unacceptable regardless of explanations (high dispute rates, network inquiries, regulatory concerns)
Terminate merchant relationship immediately and report to card networks if required (Visa's MATCH/TMF, Mastercard's MBR)

Documentation: Send termination notice outlining specific policy violations. Return any held funds per agreement terms (minus chargebacks and fees). Document termination reason in detail for audit and potential litigation. Report to MATCH/MBR if network guidelines require. Notify internal teams (chargeback management, fraud ops, legal) of termination.

Disposition Statistics Benchmarking:

We observe typical disposition rates for transaction laundering investigations across merchant portfolios:

Disposition

% of Investigations

Notes

Clear

60-70%

Majority are false positives or have benign explanations

Restrict

15-20%

Merchants with minor issues requiring ongoing monitoring

Suspend

5-10%

Merchants needing more time to provide documentation

Terminate

10-15%

Confirmed transaction laundering or policy violations

High clear rates (>80%) may indicate overly sensitive detection rules (too many false positives). Low clear rates (<50%) may indicate under-detection (only catching the most obvious cases). Tune detection thresholds to achieve balance between coverage and operational efficiency.

What Good Looks Like

Merchants with low transaction laundering risk demonstrate the following characteristics:

Traceable Inventory

Direct inventory ownership:

Merchant purchases inventory from manufacturers or distributors (supported by purchase orders, invoices, payment records showing merchant paid for goods)
Merchant maintains physical inventory in owned or leased warehouse space (supported by lease agreements, warehouse photos, inventory counts, insurance policies for inventory)
Merchant has inventory management systems with SKU-level tracking (can provide real-time stock levels, turnover rates, reorder points)
Merchant can demonstrate cost of goods sold (COGS) and margin structure (buys at wholesale price $X, sells at retail price $Y, margin is Z%)

Verifiable suppliers:

Supplier names and contact information disclosed during onboarding (manufacturer or distributor names, addresses, phone numbers, websites)
Suppliers are legitimate businesses with public records, websites, and trade history (can be verified via business registries, trade databases, internet presence)
Supplier relationships are documented (contracts, terms of sale, payment terms, volume commitments, return policies)
Suppliers confirm wholesale relationship when contacted (verification calls or emails to suppliers confirm they sell to merchant)

No undisclosed intermediaries:

Products ship directly from merchant's warehouse or disclosed fulfillment partner (transaction data shows consistent shipping origins)
No evidence of third-party sellers inserting themselves into the fulfillment chain (no "Sold by" language, no seller ratings, no undisclosed shipping addresses)
Product sources are consistent across all transactions (same warehouse or same disclosed 3PL for 90%+ of orders)

Example of good inventory documentation:

Merchant: "Outdoor Gear Outfitters"

Inventory documentation provided:

Supplier list: 5 named suppliers (REI Wholesale, Patagonia B2B, Columbia Sportswear Dealer Program, etc.)
Purchase orders: Last 90 days show $120k in inventory purchases
Warehouse lease: 10,000 sq ft warehouse at 500 Industrial Dr, Boulder CO (5-year lease, verified with landlord)
Inventory management system: Screenshots showing 1,500 SKUs with current stock levels, last restock dates, turnover rates
Photos: Warehouse interior showing shelved inventory with SKUs matching website products

Verification:

Called suppliers: Confirmed merchant is authorized dealer/wholesale customer
Visited warehouse address on Google Maps: Street View shows commercial warehouse facility (not virtual office or residential)
Reviewed margin structure: Purchase price avg $40 per item, retail price avg $75 per item (47% margin, reasonable for retail)

Conclusion: Merchant demonstrates direct inventory ownership and control. Low transaction laundering risk.

Consistent Brand Identity

Unified branding:

Single, clearly defined brand name across website, packaging, customer communications, and payment descriptors (customers see the same brand everywhere)
Professional branding materials (logo, color scheme, typography) consistently applied (recognizable visual identity)
Website domain matches brand name and descriptor (brand: "Blue Mountain Coffee", domain: bluemountaincoffee.com, descriptor: "BLUE MTN COFFEE")
Social media presence matches brand (Facebook, Instagram, Twitter accounts use same branding and messaging)

No marketplace indicators:

Website does not include "Sold by [Third Party]" language
No seller registration or application forms
No references to "partners", "vendors", or "network members" that suggest third-party seller involvement
All products presented as sold by the merchant directly (product pages say "Sold by [Merchant Brand Name]" or no seller attribution)

Stable web presence:

Domain registered at least 6-12 months before applying for payment processing (shows established business, not created specifically for MID application)
Website content and structure remain consistent over time (no sudden rebrands, no major functionality changes, no pivot from retail to marketplace)
No sudden rebranding, domain changes, or redirect chains (consistent brand identity maintained)
Domain age and history can be verified via WHOIS and Wayback Machine (shows legitimate evolution, not suspicious changes)

Example of good brand consistency:

Merchant: "Artisan Coffee Roasters"

Brand elements:

Website: artisancoffeeroasters.com
Descriptor: "ARTISAN COFFEE"
Logo: Consistent coffee bean design across website, packaging, social media
Social media: @artisancoffee on Instagram (8,000 followers, 2 years of posts), Artisan Coffee Roasters on Facebook (5,000 likes, established 2023)
Domain age: Registered 2023-03-15 (2.5 years before applying for MID)

Website consistency:

Wayback Machine shows consistent design and branding since launch
No major changes in business model or product offerings
About Us page describes founder's coffee roasting background (verifiable via LinkedIn)

Conclusion: Strong, consistent brand identity with no marketplace indicators. Low transaction laundering risk.

Clear Fulfillment Chain

Disclosed fulfillment model:

Merchant clearly states whether fulfillment is in-house, outsourced to a logistics provider, or drop-shipped (shipping policy page explains model)
If drop-shipping, merchant identifies supplier(s) and demonstrates purchase order volume (provides supplier names and proof of wholesale purchases)
If using a 3PL (third-party logistics provider), merchant provides 3PL contract and contact information (verifiable agreement with named 3PL)
Fulfillment model matches transaction data (stated model aligns with observed shipping origins)

Consistent shipping origins:

Products ship from locations disclosed during underwriting (transaction data shipping addresses match declared warehouse locations)
Shipping address(es) match warehouse addresses provided in business documentation (lease agreements, utility bills, insurance policies show same addresses)
No unexplained international shipments or multiple fulfillment locations for a small merchant (patterns make sense for business size and model)
Shipping times align with stated locations (domestic warehouse means 2-5 day delivery, not 15-20 day delivery from China)

Customer service control:

Merchant operates customer service function (phone, email, chat staffed by merchant employees or disclosed outsourcing partner)
Customer service contact information prominently displayed on website (phone number, email address, hours of operation, chat widget)
Merchant can handle returns, refunds, and disputes directly (customers contact merchant, not third-party sellers or "partners")
Customer service number reaches actual merchant operations (not answering service, not disconnected, not overseas call center for unrelated business)

Example of good fulfillment documentation:

Merchant: "Modern Home Decor"

Fulfillment model: "We fulfill all orders from our warehouse in Raleigh, NC. Most orders ship within 1-2 business days via USPS or UPS."

Documentation provided:

Warehouse address: 1200 Distribution Dr, Raleigh NC 27610
Warehouse lease: 15,000 sq ft warehouse, 3-year lease, verified with property management
Staff: 8 employees including 3 warehouse workers (provided org chart)
Photos: Warehouse showing inventory, packing stations, shipping supplies

Transaction data verification:

95% of shipments originate from 1200 Distribution Dr, Raleigh NC
5% of shipments originate from "Special Order Fulfillment" (large furniture items shipped directly from manufacturers, disclosed in shipping policy)
Average delivery time: 3-4 days to East Coast, 5-7 days to West Coast (consistent with domestic fulfillment)

Customer service verification:

Phone number (919-555-0100) listed on website, Google Business, BBB
Test call reached merchant staff who could answer product questions and check order status
Email (support@modernhomedecor.com) received response within 4 hours during business hours

Conclusion: Clear, verifiable fulfillment chain. Merchant controls inventory and operations. Low transaction laundering risk.

Explicit Prohibited Activity Controls

Clear prohibited product policies:

Website terms of service explicitly list prohibited products or activities (specific list: "no tobacco, alcohol, weapons, adult content, gambling, controlled substances, counterfeit goods")
Prohibited product list aligns with card network rules and acquirer policies (mirrors acquirer's prohibited list)
Merchant demonstrates awareness of compliance requirements (e.g., age verification for restricted products, licensing for regulated goods)
Prohibited list is enforced (merchant has rejected product submissions from partners, removed prohibited items when identified)

Proactive compliance monitoring:

Merchant conducts internal reviews to ensure product catalog compliance (regular audits, quarterly reviews, automated screening)
Merchant removes prohibited products promptly when notified (responds within 24-48 hours to compliance concerns)
Merchant provides compliance documentation for high-risk product categories (e.g., FDA registration for supplements, state licenses for CBD, FCC certification for electronics)
Merchant has compliance personnel or processes (compliance officer, written compliance procedures, training for staff)

No high-risk partnerships:

Merchant does not reference partnerships with undisclosed entities (all business relationships disclosed)
Merchant does not offer "white-label" or "gateway" services to third parties (does not process for other businesses)
Merchant's business model is straightforward: buy inventory, sell to consumers, fulfill orders (direct retail model, not complex intermediary structure)

Example of good compliance controls:

Merchant: "Nutrition Supplements Pro"

Prohibited products policy (from Terms of Service): "The following products are prohibited on our platform: anabolic steroids, ephedra, DMAA, prescription medications, products making unapproved health claims, products without FDA facility registration, products without third-party testing."

Compliance documentation provided:

FDA facility registration: Facility #123456, registered as supplement distributor
GMP compliance certificate: Verified Good Manufacturing Practices
Third-party testing reports: CoAs (Certificates of Analysis) for all supplement products
State licenses: California CDPH food facility registration, other state requirements
Product review process: Written procedures for evaluating new products before listing

Compliance monitoring:

Quarterly product audits: Reviews all products for compliance with FDA regulations and prohibited list
Removed 12 products in last year due to compliance concerns (documented in compliance log)
Staff training: Annual FDA compliance training for all product managers

Conclusion: Strong compliance controls with documentation and enforcement. Low transaction laundering risk.

Documentation Checklist for Low-Risk Merchants

Merchants demonstrating low transaction laundering risk can provide:

[ ] Supplier invoices: Recent purchase orders or invoices showing inventory acquisition (last 90 days, naming suppliers and showing product purchases)
[ ] Warehouse documentation: Lease agreement, utility bills, or photos confirming physical inventory location (proves merchant has actual warehouse space)
[ ] Inventory management reports: SKU-level reports showing stock levels and turnover (demonstrates inventory control and ownership)
[ ] Fulfillment partner contracts (if applicable): Agreements with 3PLs or drop-ship suppliers, including contact information (verifiable third-party relationships)
[ ] Brand registration: Trademark registration or domain ownership records (proves legitimate brand identity)
[ ] Compliance documentation: Licenses, certifications, or permits for regulated products (FDA registration, state licenses, industry certifications)
[ ] Customer service records: Evidence of direct customer communication and dispute resolution (email logs, call records, CRM screenshots)
[ ] Financial records: Bank statements showing inventory purchases, payroll for staff, warehouse rent payments (demonstrates actual business operations)
[ ] Organizational chart: Staff list with roles (shows merchant has actual employees and operations, not just principals)
[ ] Business licenses: Local/state business licenses and permits (proves legitimate registered business)

Effective ongoing monitoring solutions and workflow automation platforms can automate periodic re-collection of these documents and flag changes that warrant investigation.

Common Misses

Treating MCC as the Control

The most common mistake in transaction laundering detection is assuming the Merchant Category Code (MCC) provides sufficient control over what the merchant can sell.

Why MCC is insufficient:

MCCs are broad categories designed for interchange pricing and merchant categorization, not for prohibited activity control. For example:

MCC 5999 (Miscellaneous and Specialty Retail Stores) encompasses thousands of product types from apparel to electronics to supplements to CBD
MCC 5311 (Department Stores) allows almost any consumer good a department store might sell
MCC 5712 (Furniture, Home Furnishings, and Equipment Stores) includes home goods, decor, and appliances but provides no control over specific product risk
MCC 5734 (Computer Software Stores) could include legitimate software or subscriptions to prohibited gambling or adult content sites

A merchant approved under MCC 5999 can legally process payments for apparel, electronics, home goods, toys, books, and numerous other categories. This same MCC also permits processing for CBD, kratom, tobacco accessories, and other high-risk products that many acquirers prohibit.

According to the Visa Merchant Category Classification Codes guide, MCCs describe the "predominant business activity" but do not restrict individual transaction types within that category.

MCC alone does not prevent:

Product line expansion into prohibited categories within the same MCC
Processing for undisclosed third-party sellers offering different products
Processing for products that require licensing or age verification
Processing for counterfeit or misrepresented goods

Real-world example:

Merchant approved as MCC 5999 (Miscellaneous Retail) selling "general merchandise". Within 60 days, merchant's website includes:

Apparel (permitted under MCC 5999)
Electronics (permitted under MCC 5999)
CBD products (permitted under MCC 5999 but prohibited by acquirer policy)
Kratom (permitted under MCC 5999 but prohibited by acquirer policy)
Vape devices (permitted under MCC 5999 but prohibited by acquirer policy)

The merchant is not violating MCC restrictions, but is violating acquirer prohibited product policies. MCC-only monitoring would not detect this violation.

The fix:

MCC should be one data point among many. Risk teams must:

Define prohibited product lists explicitly in merchant agreements (specific products and categories, not just MCCs)
Monitor transaction metadata for product descriptions (extract SKUs, product names, categories from transaction data)
Conduct periodic website reviews to verify product catalog compliance (monthly or quarterly website audits)
Require merchant notification before adding new product categories (contractual obligation to notify before material changes)
Implement automated product keyword screening (flag transactions containing "CBD", "kratom", "vape", "gambling", etc.)

Relying solely on MCC creates exposure because merchants can launder transactions for prohibited products or hidden sellers without technically violating MCC restrictions. Product-level monitoring is essential.

Ignoring Website Changes

Many underwriting processes include a website review during initial onboarding, but few programs systematically monitor for post-approval website changes. Transaction laundering merchants often alter websites after approval to add marketplace functionality, prohibited products, or third-party seller language.

Common website changes that indicate transaction laundering:

Addition of seller registration or application forms (e.g., "Become a Seller", "List Your Products", "Join Our Network")
Changes in product catalog breadth or risk profile (100 SKUs → 10,000 SKUs, apparel → apparel + supplements + CBD)
Introduction of "marketplace", "platform", or "partner network" language (Terms of Service change from "we sell products" to "we connect buyers and sellers")
Removal of brand identity elements (logo, about us, company information replaced with generic platform language)
Domain redirects to different websites or subdomains (merchant domain redirects to separate marketplace domain, suggesting infrastructure change)
Addition of seller-specific features (seller dashboards, payout schedules, commission structures, vendor login portals)

The fix:

Implement automated website monitoring:

Capture screenshots or HTML crawls at 30-day intervals during the first 90 days, then quarterly thereafter
Use change detection tools to flag significant alterations (percentage of page content changed, new pages added, specific keywords added)
Manually review flagged changes to assess transaction laundering risk (determine if changes indicate business model shift)
Require merchant notification before making material website changes (contractual obligation to notify of business model changes)
Use Wayback Machine to review historical versions when investigation is needed (compare current site to onboarding date version)

Automated website monitoring solutions can integrate with ongoing monitoring platforms to trigger alerts when significant changes are detected.

Failing to Verify Inventory Ownership

Some underwriting processes accept business plans and projected sales without verifying that the merchant owns or controls inventory. Transaction laundering merchants often have no inventory because they are processing for third parties.

Red flags:

Merchant cannot provide supplier invoices or purchase orders (claims "suppliers are confidential" or "we don't have formal agreements")
Merchant references "suppliers" or "partners" but cannot name them (vague language without specifics)
Merchant's balance sheet shows no inventory assets (financial statements show zero inventory, suggesting merchant doesn't own products)
Merchant has no warehouse or fulfillment infrastructure (virtual office address, no lease agreement, no photos of warehouse)
Merchant cannot explain cost structure or margins (doesn't know wholesale cost, cannot explain pricing, suggests they don't actually purchase inventory)

The fix:

Require documentation of inventory ownership:

Request recent supplier invoices showing product purchases (last 90 days, proving merchant actually buys inventory)
Verify warehouse addresses with lease agreements or utility bills (prove physical inventory location exists)
Review inventory management systems or stock reports (prove merchant tracks and controls inventory)
For drop-shipping models, require supplier contracts and confirm supplier legitimacy (verify drop-ship suppliers are real businesses, confirm they sell to merchant)
Request financial statements showing inventory as an asset (balance sheet should show inventory if merchant owns products)

Merchants with legitimate dropshipping models can typically provide:

Supplier agreements naming specific suppliers
Purchase order history showing wholesale purchases
Supplier contact information for verification
Product cost structures proving merchant markup (merchant buys for $X, sells for $Y, documents the difference)

Merchants claiming "we can't disclose suppliers" or "we don't purchase inventory" are high-risk for transaction laundering.

Overlooking Ecosystem Connections

Transaction laundering merchants often operate multiple related businesses or websites. A merchant approved under one brand may process payments for sister sites, affiliated entities, or "partners" that were not disclosed during underwriting.

Common ecosystem patterns:

Multiple domains registered to the same individual or entity (same registrant name, same registrant email address in WHOIS)
Shared phone numbers or email addresses across websites (same customer service contact across multiple brands)
Common owners, directors, or key personnel (same individuals listed as principals across multiple businesses in corporate registrations)
Cross-promotion or linking between sites (sites reference each other, share promotional codes, link to each other's product pages)
Shared infrastructure (same hosting provider, same IP address, same payment gateway, same analytics tracking codes)
Related legal entities with common ownership (parent company owns multiple subsidiaries, all operating separate websites)

The fix:

Conduct ecosystem mapping during underwriting and periodically thereafter:

Search domain registration records (WHOIS) for related domains (search by registrant name, registrant email, registrant phone)
Identify all businesses registered to the same owners or principals (state Secretary of State business entity searches for all entities with same owners)
Review corporate structure for subsidiaries and affiliates (request org chart, corporate structure documentation)
Monitor for new domain registrations after MID approval (set alerts for new domains registered to same party)
Check for shared contact information (reverse phone lookup, reverse email lookup to find related websites)
Analyze website code for shared elements (same Google Analytics IDs, same Facebook Pixel IDs, same advertising tracking codes)

This practice aligns with best practice guidance: merchant risk assessments must include an "Ecosystem" section mapping all storefronts and domains operated by the same entity or people.

Example ecosystem investigation:

Merchant: "Fashion Outlet Pro" (approved MID)

Ecosystem discovered through WHOIS and corporate searches:

fashionoutletpro.com (primary approved site)
fashion-marketplace.com (registered to same email address 30 days after MID approval)
discount-apparel-hub.com (registered to same phone number)
bargain-clothing-sellers.com (registered to same principal via corporate search)

All four domains share the same Google Analytics code (UA-123456-7), confirming common ownership and management.

Investigation reveals all four sites process through the same "Fashion Outlet Pro" MID without disclosure. This is undisclosed aggregator activity. Merchant should have disclosed all domains processing under the MID or obtained separate MIDs for each brand.

Neglecting Transaction Metadata

Acquirers and PayFacs often focus on high-level metrics (volume, ticket size, refund rates) while ignoring granular transaction metadata that reveals transaction laundering.

Valuable metadata fields:

Product descriptions or SKUs (reveals what is actually being sold)
Shipping addresses (origin and destination, reveals fulfillment model)
Customer IP addresses or device locations (reveals customer geography and potential VPN usage)
Order IDs or invoice numbers (patterns may reveal multiple businesses using same MID)
Item-level pricing and quantities (reveals product mix and average order composition)
Transaction timestamps (reveals processing patterns, such as 24/7 processing for claimed "small business")

Red flags in metadata:

Generic or missing product descriptions (product field says "Item" or "Product" instead of actual product names)
Inconsistent product categories across transactions (SKU prefix suggests apparel but description says "supplement")
Shipping from numerous unrelated addresses (10+ unique shipping origins for small merchant)
Customer locations inconsistent with merchant's target market (U.S. merchant but 80% of customers have foreign IPs)
Order IDs suggest multiple order systems (different numbering schemes suggest different sellers using same MID)
Extreme product price variance (same SKU sold at vastly different prices, suggesting multiple sellers)

The fix:

Analyze transaction metadata systematically:

Extract and store metadata fields in a queryable format (data warehouse, analytics database)
Run periodic queries to identify anomalies (e.g., "show all unique shipping origin addresses in the last 30 days", "show all unique product SKU prefixes", "show customer IP country distribution")
Build rules to flag suspicious patterns (e.g., "alert if shipping origins exceed 5 distinct addresses for a merchant with one disclosed warehouse", "alert if product descriptions contain prohibited keywords")
Review flagged transactions manually to assess transaction laundering risk (investigate merchants with high metadata anomaly scores)
Require metadata quality standards in merchant agreements (descriptive product names, accurate shipping data, complete order information)

Effective transaction monitoring platforms extract and analyze metadata to identify drift patterns that high-level metrics miss.

Assuming Clean Onboarding Equals Ongoing Compliance

Many transaction laundering schemes involve merchants who pass initial underwriting checks but alter their business model post-approval. Clean onboarding is not a guarantee of ongoing compliance.

Why this happens:

Merchant's original business model fails or generates insufficient volume (legitimate business struggles, merchant pivots to higher-volume model)
Merchant is approached by third parties offering to send volume in exchange for processing services (hidden sellers recruit merchant as payment gateway)
Merchant intentionally misrepresents business model to gain approval, then reveals true operations after MID activation (classic fraud scheme: gain trust, then exploit)
Merchant experiences financial pressure and accepts volume from questionable sources to maintain revenue (desperation leads to poor risk decisions)

The fix:

Enhanced monitoring during the first 90 days:

Review website, transaction patterns, and fulfillment data at 30, 60, and 90 days post-activation (systematic drift detection)
Flag rapid volume ramps or behavioral changes for investigation (define "normal" ramp vs. "suspicious" ramp by industry)
Require re-verification of business model and inventory ownership at 90 days for higher-risk segments (high-volume merchants, broad-MCC merchants, merchants in historically risky categories)
Implement "new MID probation" period with enhanced reserves and stricter limits (reduce risk exposure during high-risk window)

The first 90 days are the highest-risk period for transaction laundering detection. Programs that treat day 91 the same as day 1 miss critical drift signals.

Implementation Roadmap

For risk teams building or improving transaction laundering detection programs, we recommend the following phased approach. This is particularly relevant for merchant acquirers and embedded finance platforms managing diverse merchant portfolios.

Phase 1: Enhanced Onboarding (Weeks 1-4)

Objectives: Capture data points that enable drift detection

[ ] Expand underwriting data collection: Add fields for fulfillment model (in-house/3PL/drop-ship), supplier names, warehouse addresses, product catalog documentation (written product list or catalog export)
[ ] Conduct ecosystem mapping: Identify all domains and businesses operated by the merchant or related entities (WHOIS search, corporate registration search, shared contact information search)
[ ] Screenshot website: Capture homepage, product pages, terms of service, shipping/returns policies as baseline (save dated screenshots for comparison)
[ ] Verify inventory ownership: Request supplier invoices or purchase orders for key products (prove merchant actually purchases inventory)
[ ] Define prohibited products explicitly: Provide merchant with clear list of prohibited products or activities (written policy, require merchant acknowledgment)
[ ] Set descriptor: Confirm descriptor matches brand name and will be recognizable to customers (test descriptor, verify it appears on website)
[ ] Extract transaction metadata schema: Ensure your processing platform captures product descriptions, shipping addresses, and other metadata fields for analysis

Phase 2: New MID Monitoring (Weeks 5-8)

Objectives: Detect drift during the critical first 90 days

[ ] Day 7 review: Verify website matches underwriting documentation; check for immediate red flags (marketplace language, prohibited products, inconsistent branding)
[ ] Day 30 review: Analyze first month transaction metadata; flag volume ramps, product anomalies, fulfillment inconsistencies (compare actual patterns to stated business model)
[ ] Day 60 review: Compare current website and transaction patterns against baseline; investigate any drift (website comparison, volume trend analysis, product mix changes)
[ ] Day 90 review: Comprehensive review of all drift signals; determine whether to continue standard monitoring or conduct enhanced investigation (final risk determination for new MID probation period)
[ ] Implement "new MID" flags: Tag accounts <90 days old for enhanced monitoring in reporting dashboards and alert rules

Phase 3: Investigation Workflow (Weeks 9-12)

Objectives: Build repeatable investigation process

[ ] Create investigation checklist: Standardize data gathering, risk scoring, merchant outreach, and disposition steps (documented procedures for consistency)
[ ] Define risk score thresholds: Establish criteria for low, medium, and high-risk classifications (scoring rubric with signal weights)
[ ] Build case management system: Track investigations, evidence, communications, and outcomes (centralized investigation database)
[ ] Train investigators: Provide team with transaction laundering indicators, investigation techniques, and disposition authority (playbooks, training sessions, shadowing)
[ ] Establish escalation paths: Define when to involve legal, networks, or senior management (escalation matrix based on risk score and merchant response)
[ ] Document disposition procedures: Create templates for clear, restrict, suspend, and terminate actions (standardized merchant communications)

Phase 4: Automated Detection (Months 4-6)

Objectives: Scale drift detection through automation

[ ] Build transaction metadata extraction: Parse product descriptions, shipping addresses, and other metadata into queryable fields (ETL pipeline, data normalization)
[ ] Create drift detection rules: Automate flagging of descriptor variance, broad product catalogs, multiple fulfillment locations, rapid ramps (rule engine with configurable thresholds)
[ ] Implement website change monitoring: Use crawling or screenshot tools to detect website alterations (scheduled monitoring, change percentage alerts)
[ ] Develop risk scoring models: Combine drift signals into composite risk scores (weighted scoring algorithm, machine learning for pattern detection)
[ ] Set alert thresholds: Tune rules to balance detection and false positive rates (A/B testing, feedback loop from investigation outcomes)
[ ] Integrate with case management: Auto-create investigation cases when high-risk scores are detected (workflow automation)

Phase 5: Continuous Improvement (Ongoing)

Objectives: Refine detection based on observed patterns

[ ] Review confirmed cases: Analyze transaction laundering schemes detected to identify common indicators (monthly case review meetings, pattern documentation)
[ ] Update detection rules: Add new drift signals observed in the field (rules database, version control)
[ ] Track false positives: Measure and reduce investigation burden from benign inconsistencies (false positive log, threshold tuning)
[ ] Share learnings: Provide feedback to underwriting teams to improve initial screening (cross-functional meetings, shared documentation)
[ ] Monitor regulatory guidance: Update policies to reflect card network and regulator expectations (subscribe to network bulletins, industry news)
[ ] Benchmark program performance: Compare metrics to industry standards and peer institutions (MRC reports, industry surveys, consultant benchmarking)
[ ] Invest in technology: Evaluate vendor solutions for automated monitoring, machine learning detection, ecosystem mapping (RFPs, proof-of-concept testing)

Key Metrics to Track

Effective transaction laundering detection programs track metrics to demonstrate coverage and identify program gaps:

Detection Metrics

% of new MIDs reviewed within 7 days of activation: Target 100% (measures coverage of critical early window)
% of new MIDs reviewed at 30, 60, 90 days: Target 100% for higher-risk segments (MCC 5999, e-commerce, international), 50%+ for lower-risk segments (measures ongoing surveillance)
Drift signals detected per 100 new MIDs: Benchmark to identify high-volume signal types (typical range: 15-30 signals per 100 MIDs, with 80% being low/medium severity)
% of merchants flagged for investigation: Target 5-15% (too low suggests under-detection, too high suggests over-sensitive rules)

Investigation Metrics

Average time from signal detection to investigation initiation: Target <5 business days (measures responsiveness)
Average investigation duration: Target <15 business days from initiation to disposition (measures efficiency)
% of investigations resulting in each disposition: Track clear (60-70%), restrict (15-20%), suspend (5-10%), terminate (10-15%) rates (benchmarks program effectiveness)
Merchant documentation response rate: Track % of merchants providing requested documentation within 10 days (measures cooperation)
Investigation backlog: Track open investigations >30 days old (identifies resource constraints)

Program Effectiveness Metrics

Transaction laundering schemes detected per quarter: Measures program success (typical range: 2-10 per quarter depending on portfolio size)
Volume processed before detection: Lower is better; indicates earlier detection (target: <$100k processed before termination for average e-commerce merchant)
False positive rate: (Investigations cleared / Total investigations). Typical range 60-70% (balance between coverage and efficiency)
Network inquiries or fines related to transaction laundering: Target zero (ultimate success metric)
Merchant complaints about investigation process: Track merchant feedback on investigation fairness, timeliness, communication (quality metric)

Business Impact Metrics

Prevented fraud/chargeback losses: Estimate losses avoided through early detection (calculate based on industry chargeback rates for laundering merchants)
MID terminations due to transaction laundering: Track portfolio cleanup (typical range: 1-3% of new MIDs terminated within first year)
Time saved through automation: Measure efficiency gains from automated drift detection (hours saved per month, cost savings)
Reserve funds held on high-risk merchants: Track exposure mitigation (funds held pending investigation)
Portfolio quality improvement: Measure trend in average merchant risk score over time (demonstrates program impact on overall risk)

Metrics Dashboard Example:

Monthly Transaction Laundering Detection Report

New MIDs activated this month: 250
New MIDs flagged for investigation: 32 (12.8%)
Investigations completed this month: 28

Cleared: 18 (64%)
Restricted: 6 (21%)
Suspended: 2 (7%)
Terminated: 2 (7%)

Average investigation duration: 12 days
Total volume prevented (terminated + suspended): $480,000
Network inquiries received: 0
Open investigation backlog: 15 cases

Closing Question

Transaction laundering detection improves through pattern recognition. As risk teams investigate more cases, common indicators become clear.

Which drift signal do you see first in practice?

In our experience, descriptor variance and website changes are the earliest detectable signals, often appearing within the first 30 days. Product catalog expansion and fulfillment inconsistencies tend to emerge later (days 30-60), as merchants grow bolder or as hidden sellers add inventory. "Partner" language often exists from day one but only becomes suspicious when combined with other signals (e.g., partner language + seller registration forms + rapid volume ramp = high-risk investigation).

The answer varies by merchant segment and industry. For digital goods merchants (software, subscriptions, digital services), descriptor and website drift dominate because there is no physical fulfillment to analyze. For physical goods merchants (retail, apparel, electronics), fulfillment and product catalog signals are more common because shipping data provides rich indicators. For B2B merchants (wholesale, enterprise software, professional services), partnership language and ecosystem connections are key because business models naturally involve multiple parties.

Calibrating detection to your portfolio's specific risk patterns is essential. What works for one acquirer or PayFac may not work for another. Continuous learning from confirmed cases is how transaction laundering detection programs mature. Each investigation provides new insights into how schemes operate, which signals appear first, and which combinations of indicators correlate with confirmed violations.

Build a feedback loop: after each investigation, document which signals were present, which appeared first, and which ultimately proved most indicative of transaction laundering. Over time, this builds institutional knowledge that improves detection rules, risk scoring weights, and investigator intuition.

About Ballerine

Ballerine's role: We provide the infrastructure to make this complex transaction laundering detection process manageable. Automated website monitoring, transaction metadata extraction, drift detection rules, ecosystem mapping, and investigation workflow orchestration.

But the foundational knowledge in this guide gives you the expertise to ask the right questions, identify the drift signals, and protect your acquiring business while supporting legitimate merchant growth.

‍

Schedule Demo

Understanding Transaction Laundering

‍

Scale and Impact

Transaction laundering represents a significant and growing exposure for the payments industry.

According to the Merchant Risk Council's 2019 Global Merchant Fraud Survey, payment facilitators and acquirers identified transaction laundering as one of their top three emerging fraud concerns.

While comprehensive industry-wide loss data is not publicly available, individual enforcement actions provide insight into the scale:

‍

Common Transaction Laundering Scenarios

Aggregators and marketplaces:

A merchant approved as a single-brand retailer processes payments for multiple third-party sellers
Individual transactions display generic descriptors that obscure the actual seller identity
The approved merchant receives payments but ships from multiple undisclosed fulfillment centers

Example: A merchant approved as "Smith's Sporting Goods" (MCC 5941 - Sporting Goods Stores) processes payments using the descriptor "SMITH'S GOODS". Transaction metadata reveals products including:

Athletic apparel (consistent with approved business)
Exercise equipment (consistent with approved business)
CBD sports recovery products (not disclosed, potentially prohibited)
Tactical gear and body armor (not disclosed, high-risk category)
Nutritional supplements with unapproved health claims (prohibited without FDA compliance)

Product line expansion:

A merchant approved for low-risk goods (e.g., apparel) begins processing payments for high-risk or prohibited products (e.g., CBD, supplements, adult content)
Product descriptions in transaction metadata do not match the approved business model
The merchant's website displays prohibited products alongside approved inventory

"Wellness supplements" (vitamins, protein powders)
"CBD wellness products" (tinctures, topicals, edibles)
"Herbal wellness" (kratom, nootropics)

Front companies for prohibited merchants:

A merchant with clean credentials processes payments on behalf of businesses that cannot obtain their own MIDs (due to industry restrictions, poor credit history, or prohibited activity)
The approved merchant has little to no legitimate business operations beyond payment processing
Corporate structure includes undisclosed relationships with high-risk entities

"Digital Media Services" has no software development operations, staff, or projects
The company shares an address, phone number, and principal with three other recently registered LLCs
The principal has prior MIDs terminated for high chargeback rates
Transactions are actually for online gambling sites operating without U.S. licenses
"Digital Media Services" receives 8% of gross volume as a "processing fee"

The merchant intentionally misrepresented its business model to gain MID approval, then sold access to prohibited merchants who could not obtain processing directly.

Geographic arbitrage:

A domestic merchant approved in a low-risk jurisdiction processes payments for businesses operating in high-risk or restricted countries
IP addresses, fulfillment locations, and customer service contacts do not match the merchant's stated jurisdiction
Website content or customer communications occur in languages inconsistent with the approved market

Transaction monitoring detects anomalies:

80% of transactions originate from IP addresses in Southeast Asia
Fulfillment addresses are exclusively in China and Hong Kong
Customer service email responses come from a domain registered in Malaysia
Product descriptions and customer reviews include Chinese characters and Malay language

Why Transaction Laundering Occurs

From the perspective of the hidden seller, transaction laundering provides access to payment processing that would otherwise be unavailable:

The hidden seller operates in a prohibited industry (gambling, adult content, pharmaceuticals without proper licensing)
The hidden seller has poor credit history or prior merchant account terminations
The hidden seller lacks proper business registration or licensing
The hidden seller operates in a jurisdiction with limited payment infrastructure

From the perspective of the laundering merchant, transaction laundering generates revenue:

Transaction fees or revenue sharing from hidden sellers (typically 5-20% of gross volume)
Volume-based processing fee rebates from acquirers
Payments for "platform" or "gateway" services that obscure the actual seller identity
Opportunity to monetize a clean business history and approved MID

Regulatory and Network Consequences

Transaction laundering creates exposure for acquirers and Payment Facilitators (PayFacs):

Card network fines and sanctions:

Visa and Mastercard have explicit rules prohibiting transaction laundering
Visa's Global Brand Protection Program targets merchants processing for prohibited or high-risk undisclosed sellers
Networks may assess fines ranging from $25,000 to $1 million+ per incident, require independent audits, or terminate acquiring relationships
Acquirers may be held liable for chargebacks and fraud losses associated with laundered transactions

Regulatory scrutiny:

The U.S. Office of the Comptroller of the Currency (OCC) and Federal Deposit Insurance Corporation (FDIC) have issued guidance on payment processor due diligence (OCC Bulletin 2013-29, FDIC FIL-44-2008)
Bank Secrecy Act (BSA) regulations require financial institutions to know their customers and monitor for suspicious activity
Transaction laundering may facilitate money laundering, terrorist financing, or sanctions violations
Regulators have issued consent orders requiring banks to improve merchant monitoring when transaction laundering is detected

Fraud and chargeback risk:

Hidden sellers often sell counterfeit, misrepresented, or never-delivered goods
Customers dispute charges when they do not recognize the merchant descriptor or receive substandard products
Chargebacks concentrate on the laundering merchant's MID, threatening account stability and network standing
Chargeback rates for transaction laundering schemes often exceed 2-5%, well above the 0.9-1.0% thresholds that trigger network monitoring programs

Reputational damage:

Acquirers and PayFacs associated with transaction laundering face negative press and regulatory attention
Customers lose trust when legitimate-appearing merchants process fraudulent transactions
Network relationships deteriorate, limiting future business opportunities
Financial institutions may exit payment processing businesses entirely if exposure becomes unmanageable

The New MID Challenge

Why New MIDs Are High-Risk

Limited transaction history:

No baseline for normal merchant behavior
Insufficient data for statistical anomaly detection (most models require 6-12 months of data)
Risk models calibrated on established merchants may not trigger alerts
Velocity rules (e.g., "alert if volume increases 50% week-over-week") are ineffective when every week is high-growth

Sophisticated application fraud:

Professional websites and business documentation that obscure true business model
Borrowed or synthetic business identities (real businesses with legitimate registration but undisclosed arrangements)
Undisclosed corporate relationships or ownership structures (shell companies, nominee directors, offshore entities)
Use of aged or "shelf" corporations with clean credit histories to appear established

Rapid volume ramps:

Transaction laundering merchants often process high volumes immediately after approval
Legitimate merchants typically ramp gradually as marketing and operations scale (month 1: $10k, month 2: $25k, month 3: $50k)
Rapid ramps may indicate pre-existing customer bases (i.e., hidden sellers already operating and waiting for payment access)
Laundering merchants may hit processing limits within days of approval, requesting immediate increases

Onboarding gaps:

Underwriting teams focus on creditworthiness and basic business legitimacy
Initial reviews may not include deep website analysis, inventory verification, or ecosystem mapping
Time pressures to approve merchants quickly (competitive "speed to yes" metrics) reduce investigation depth
Underwriters may lack expertise in specific industries or business models, missing red flags

The Drift Detection Window

We recommend enhanced monitoring during the first 90 days after MID activation. This aligns with risk patterns observed across merchant portfolios:

Days 1-30 (Initial baseline):

Monitor for immediate red flags: generic descriptors, multiple fulfillment locations, rapid volume ramps
Verify website and brand identity match underwriting documentation
Review initial transaction metadata for product description consistency
Establish baseline metrics: average ticket, transaction frequency, product mix, shipping destinations

Example baseline metrics for a typical e-commerce apparel merchant:

Average ticket: $45-75
Transactions per day: 20-50 (ramping from lower to higher over the month)
Product categories: 90%+ apparel/accessories, <10% miscellaneous
Shipping destinations: 95%+ domestic, 5% international (primarily Canada)
Fulfillment origins: Single warehouse address

Days 31-60 (Pattern establishment):

Compare transaction patterns against stated business model and initial baseline
Identify geographic or product anomalies (e.g., sudden 30% international volume when month 1 was 5%)
Check for website or descriptor changes
Monitor customer dispute rates and reasons (rising disputes or "unrecognized charge" complaints signal descriptor issues)

Days 61-90 (Drift detection):

Assess any changes from initial baseline (volume spikes, product shifts, new fulfillment locations)
Investigate volume, product, or geographic shifts that lack clear business explanations
Conduct enhanced review if drift signals are present (website audit, transaction sampling, merchant outreach)
Make disposition: continue standard monitoring, impose restrictions, or conduct deeper investigation

Example drift pattern:

Month 1: $45,000 volume, 100% apparel, single fulfillment location, 0.3% dispute rate
Month 2: $120,000 volume (+167%), 85% apparel / 15% supplements, two fulfillment locations, 0.8% dispute rate
Month 3: $350,000 volume (+192%), 60% apparel / 40% supplements and CBD, four fulfillment locations, 1.9% dispute rate

Volume Benchmarks by Industry

Transaction volume ramps vary significantly by industry and business model. Understanding typical patterns helps identify outliers:

Industry/MCC

Typical Month 1 Volume

Typical Month 3 Volume

High-Risk Threshold (Month 1)

Apparel (5651, 5691)

$10k - $50k

$30k - $150k

>$100k

Electronics (5732, 5946)

$25k - $100k

$75k - $300k

>$250k

Digital goods (5815, 5817)

$5k - $25k

$20k - $100k

>$75k

Subscription services (7372)

$15k - $60k

$50k - $200k

>$150k

B2B services (7392, 7399)

$50k - $250k

$150k - $750k

>$500k

Drift Signals to Monitor

1. URL and Brand Drift

Website changes:

Domain changes or redirects within 90 days of onboarding
Addition of subdomains not disclosed during underwriting (e.g., "partners.merchantdomain.com", "seller.merchantdomain.com", "vendors.merchantdomain.com")
Removal or replacement of brand identity elements (logo, color scheme, mission statement)
Homepage restructuring that changes the apparent business model (single-brand store becomes multi-vendor marketplace)

30 days after approval, website monitoring detects:

New subdomain "sellers.artisanhomedecorlp.com" with a "Become a Seller" application form
Homepage now features "Marketplace" branding and product listings with "Sold by [Seller Name]" tags
"About Us" page removed and replaced with "How It Works" page describing the marketplace platform
Product catalog expanded from 200 curated items to 5,000+ items with inconsistent photo quality

Brand inconsistency:

Merchant descriptor does not match website brand name (website: "Premium Coffee Co.", descriptor: "PMC GROUP LLC")
Multiple brand names appear on the same website without clear relationship (co-branding or white-label reselling)
Generic or placeholder branding that lacks clear business identity (site uses "Your Business Name Here" templates)
Frequent rebranding without business justification (logo changes, name changes, domain redirects)

Ecosystem expansion:

New domains registered in close proximity to the primary domain (e.g., "merchantname-sellers.com", "merchantname-marketplace.com", "merchantname-partners.com")
Affiliated domains with different ownership or registration details but shared operational elements (phone numbers, addresses, principals)
Sister sites with overlapping products or fulfillment but separate branding (suggesting a portfolio of shell brands processing through a single MID)
Domain parking or redirection patterns that obscure the true operational website

Example: Ecosystem analysis for "TechGadgets Pro" (approved MID) reveals:

Primary domain: techgadgetspro.com (registered 2025-08-15 to John Smith, 123 Main St, Austin TX)
Related domain: gadget-marketplace.com (registered 2025-10-20 to Smith Ventures LLC, same address)
Related domain: discount-electronics-hub.com (registered 2025-11-05 to TGP Holdings, same phone number)
All three sites share the same checkout process, fulfillment notification emails, and customer service contact
"TechGadgets Pro" MID processes for all three domains without disclosure

This ecosystem pattern indicates an undisclosed aggregator or portfolio operation. The merchant may be processing for multiple brands or selling MID access to related parties.

2. Descriptor Variance

Generic descriptors:

Descriptors that do not identify the specific brand or product (e.g., "Online Purchase", "E-commerce Transaction", "Payment Processing", "Digital Services")
Descriptors that reference a parent company or holding entity rather than the consumer-facing brand ("XYZ Holdings" when the website is "Joe's Outdoor Store")
Descriptors that change frequently without clear business justification (week 1: "ACME RETAIL", week 3: "ACME STORE", week 5: "ACME ONLINE")
Abbreviated or truncated descriptors that lose brand clarity ("Premium Organic Supplements" becomes "PREM ORG SUP")

Mismatch with customer expectation:

Customers dispute charges because they do not recognize the descriptor
Customer service inquiries focus on "Who is this charge from?" rather than product issues
Descriptor does not appear prominently on the merchant's website (not in header, footer, or checkout confirmation)
Merchant's phone number receives frequent "unauthorized charge" inquiries that are actually legitimate purchases

"Don't recognize SYNERGY ENT charge $89.95"
"What is SYNERGY ENT? I didn't authorize this"
"Need to cancel SYNERGY ENT subscription - what is this?"

Dispute rate: 2.3% (well above 0.9% threshold). Investigation reveals:

"Synergy Enterprises LLC" is a holding company that owns "GreenLeaf Wellness" and three other e-commerce brands
The same descriptor processes for all four brands
Customer confusion is causing legitimate purchases to be disputed as fraud

Multiple descriptors:

A single MID uses different descriptors across transactions (transaction 1: "ACME STORE", transaction 2: "ACME SHOP", transaction 3: "ACME RETAIL")
Descriptors vary by product line, seller, or geography without disclosure (domestic transactions: "Brand USA", international transactions: "Brand Global")
Descriptors rotate to obscure volume concentration or avoid network monitoring (changes every 30 days)

Example: Transaction data for "Wellness Marketplace Inc." shows five distinct descriptors used over 60 days:

"WELLNESS MRKT" (40% of transactions)
"WM SUPPLEMENTS" (25% of transactions)
"WELLNESS PLUS" (15% of transactions)
"WM NUTRITION" (12% of transactions)
"WELLNESS STORE" (8% of transactions)

3. Unusually Broad Product Catalog

Product diversity inconsistent with business model:

A merchant described as a "specialty retailer" offers hundreds of unrelated product categories
Products span multiple MCCs (e.g., apparel, electronics, supplements, digital goods) without clear business rationale
Product catalog includes high-risk items not mentioned during underwriting (CBD, kratom, tobacco accessories, adult products, pharmaceuticals, weapons accessories)
Product descriptions or images indicate dropshipping or reselling (manufacturer stock photos, generic descriptions, lack of brand-specific content)

Marketplace indicators:

Product listings include "Sold by [Third-Party Name]" or "Ships from [Third-Party Name]"
Seller ratings or profiles visible on the website (e.g., "JohnDoe123 Seller Rating: 4.8/5")
Products listed with inconsistent branding, photography quality, or descriptions (suggesting multiple suppliers with different standards)
"Add to Store" or "List Your Products" buttons suggesting merchant facilitates third-party sellers
Seller dashboard or portal accessible via login (indicating backend infrastructure for third-party sellers)

Example: A merchant approved as "Modern Home Furnishings" (MCC 5712) initially displays 300 SKUs of furniture and home decor. Website review at day 60 reveals 12,000+ SKUs including:

Furniture and decor (original category)
Kitchen appliances and gadgets
Electronics (tablets, headphones, smart home devices)
Clothing and accessories
Toys and games
Sports equipment
Health and beauty products
Books and media

Inventory implausibility:

Thousands of SKUs for a small merchant with limited operational history (startup with 12,000 products)
Product catalog includes items requiring specialized licensing or certifications (e.g., FDA-regulated supplements, FCC-regulated electronics, DEA-controlled substances) without evidence of compliance
Products with long lead times or custom manufacturing appear as in-stock and ready to ship (custom furniture listed as "Ships in 1-2 days")
High-value, low-volume specialty items (jewelry, art, collectibles) mixed with mass-market commodities without clear business focus

Dropshipping with no inventory control (high risk for counterfeit or adulterated products)
Marketplace operation with third-party supplement sellers (prohibited without proper licensing and compliance)
Data scraping or catalog cloning from other supplement sites (indicating merchant has no actual inventory)

4. Third-Party Fulfillment

Undisclosed drop-shipping:

Transaction metadata indicates fulfillment from addresses not disclosed during underwriting
Shipping origin varies widely across transactions (domestic and international, different states or countries)
Estimated delivery times inconsistent with stated warehouse locations (merchant claims California warehouse but products ship from China with 3-week delivery)
Tracking numbers indicate shipments from manufacturers or wholesalers rather than merchant's warehouse

Example: A merchant's underwriting application states "warehouse located at 1500 Commerce Dr, Chicago IL". Transaction metadata from first 30 days shows shipping origins:

1500 Commerce Dr, Chicago IL (15% of orders)
Shenzhen, China (40% of orders)
Guangzhou, China (25% of orders)
Los Angeles, CA (freight forwarder address) (20% of orders)

Multiple fulfillment centers:

A small merchant with limited operational footprint ships from numerous locations (10+ distinct fulfillment addresses)
Fulfillment addresses belong to third-party logistics providers (3PLs) or warehouses with no disclosed relationship
Tracking numbers indicate shipments from countries or regions inconsistent with the merchant's stated operations (merchant claims U.S. operations but all shipments originate in Southeast Asia)
Fulfillment locations include residential addresses, self-storage facilities, or PO boxes (not commercial warehouse space)

Example: Transaction data shows a merchant ships from 15 distinct addresses across 8 states. Address verification reveals:

6 addresses are Amazon FBA (Fulfillment by Amazon) warehouses
4 addresses are residential homes
3 addresses are storage unit facilities
2 addresses are legitimate commercial warehouses

This pattern suggests:

Amazon FBA reselling operation (buying products from Amazon to resell at markup, against Amazon ToS and potentially trademark-infringing)
Dropshipping with multiple suppliers fulfilling from their own locations
Aggregator processing for multiple hidden sellers, each shipping from their own location

No direct inventory control:

Merchant has no warehouse, physical inventory, or fulfillment staff (per business documentation or site inspection)
Website FAQ or shipping policies reference third-party fulfillment but do not identify specific partners ("Your order will be fulfilled by our trusted partners" without naming partners)
Product images or descriptions sourced directly from manufacturer websites or third-party marketplaces (reverse image search reveals product photos used by dozens of other sellers)
Merchant cannot provide inventory count, SKU-level stock, or purchase order history when requested

Example: A merchant outreach requests current inventory documentation. Merchant responses:

"Our inventory is managed by our supplier partners. We don't maintain stock ourselves."
"We work with multiple fulfillment centers but they're confidential partnerships."
"Inventory levels are updated automatically from our partners' systems."

Payment processing for undisclosed suppliers who lack their own MIDs
Marketplace or aggregator operation without proper disclosure
Dropshipping operation that exists solely to facilitate payment access for hidden sellers

Merchants with legitimate dropshipping models can typically provide:

Supplier agreements naming specific suppliers
Purchase order history showing wholesale purchases
Supplier contact information for verification
Product cost structures proving merchant markup (merchant buys for $X, sells for $Y)

5. "Partner" Language

Ambiguous business model disclosures:

Website references "partners", "sellers", "vendors", "affiliates", or "network members" without clear definitions
Terms of service or privacy policies describe the merchant as a "platform", "marketplace", or "payment facilitator" when underwriting documents describe a direct seller
Business model descriptions use passive language ("products are listed", "items are sold", "services are provided") that obscures who controls inventory and fulfillment
Vague references to "trusted partners" or "fulfillment partners" without identifying who they are or what role they play

Example: A merchant's website footer includes this language:

Onboarding or registration forms for sellers:

Website includes application forms for "becoming a seller", "listing products", or "joining the network"
Sign-up forms request business documentation from third parties (EIN, reseller certificates, business licenses)
Merchant collects payment account information from third parties (for revenue splits or payouts)
Seller dashboard or portal functionality visible on the website (login buttons, "Seller Center" navigation)

Example: Website crawl detects a page at "merchantdomain.com/sell-with-us" with the following form fields:

Business Name
Business Type (LLC, Corporation, Sole Proprietor)
EIN (Employer Identification Number)
Product Categories You'll Sell
Estimated Monthly Volume
Bank Account Information for Payouts
"By submitting this form, you agree to the Seller Terms of Service"

Revenue sharing or commission structures:

Website or marketing materials reference commission rates, transaction fees, or revenue splits for "partners" (e.g., "15% commission on all sales")
Merchant agreement templates available for third-party sellers (downloadable PDFs outlining terms of sale, payment schedules, dispute handling)
Pricing tiers or membership levels that suggest a marketplace or aggregator model ("Basic Seller: $99/month + 10% per transaction", "Premium Seller: $299/month + 5% per transaction")
FAQ sections explaining payout schedules, minimum balance requirements, or payment holds (indicating merchant is collecting payments and then distributing to sellers)

Example: A merchant's "Seller FAQ" page includes:

"Q: When do I get paid? A: Payouts are processed every Thursday for the previous week's sales, minus our 12% platform fee and any chargebacks or returns.

Q: What happens if a customer disputes a charge? A: The chargeback amount plus $15 fee will be deducted from your next payout. You're responsible for all disputes on your products.

Q: Is there a minimum payout? A: Yes, payouts are only processed once your balance reaches $100. Balances below $100 roll over to the following week."

Drift Signal Detection Checklist

Use this checklist to evaluate new MIDs for transaction laundering indicators:

[ ] Website reviewed within 7 days of MID activation: Confirm brand identity, product catalog, and fulfillment disclosures match underwriting documentation
[ ] Descriptor verified against website branding: Ensure customers will recognize the charge descriptor (descriptor appears prominently on website, checkout confirmation, customer communications)
[ ] Ecosystem mapping completed: Identify all domains owned or operated by the merchant or related entities (WHOIS lookup, shared contact information, linked domains)
[ ] Product catalog assessed for breadth and risk: Flag merchants with unusually diverse catalogs, prohibited products, or marketplace indicators ("Sold by" language, seller profiles)
[ ] Fulfillment chain documented: Verify warehouse locations, drop-shipping relationships, and inventory control (request supplier agreements, inventory reports, warehouse documentation)
[ ] Partnership language reviewed: Identify any references to third-party sellers, marketplaces, platforms, or revenue sharing (Terms of Service, About Us, FAQ, footer text)
[ ] Transaction metadata sampled: Review 50-100 initial transactions for product descriptions, shipping addresses, and customer data consistency
[ ] Rapid volume ramp flagged: Investigate merchants processing >$50k in the first 30 days (threshold varies by industry and business model; adjust based on benchmarks)
[ ] Customer disputes monitored: Review dispute reasons and customer inquiries for descriptor confusion, product misrepresentation, or "didn't authorize" claims
[ ] Website change detection active: Monitor for post-approval changes to domain, branding, product catalog, terms of service, or seller onboarding functionality

Investigation Process

Step 1: Data Gathering

Transaction analysis:

Pull 100-500 recent transactions (or all transactions if volume is low)
Extract product descriptions, SKUs, shipping addresses, customer locations, IP addresses (if available), customer email domains
Identify patterns: Are all transactions for similar products? Do shipping addresses cluster geographically? Are there multiple distinct product categories? Do customer email domains suggest B2B vs. B2C activity?
Calculate distribution metrics: How many unique shipping origin addresses? How many unique product categories? What is average ticket by category?

Example transaction analysis findings:

Merchant: "Fitness Pro Shop"

Transactions analyzed: 250 (first 45 days)

Product categories:

Fitness equipment: 45% of transactions
Nutritional supplements: 35% of transactions
Apparel: 15% of transactions
CBD products: 5% of transactions (12 transactions, all in last 2 weeks)

Shipping origin addresses:

123 Warehouse Rd, Denver CO (disclosed location): 60% of orders
Various China addresses: 30% of orders
Residential address in Denver: 10% of orders

Website audit:

Capture screenshots of the merchant's website (homepage, product pages, checkout flow, terms of service, shipping/returns policies, FAQ, About Us, Contact Us)
Review website source code for third-party integrations (marketplace plugins like Magento Multi-Vendor, WooCommerce Product Vendors, Sharetribe; affiliate tracking scripts; seller portal login forms)
Check WHOIS data for domain registration date, registrant information, and related domains (use services like WHOIS lookup tools, DomainTools, or registrar databases)
Use the Wayback Machine (archive.org) to review historical website versions and identify recent changes (compare current site to versions from 30, 60, 90 days ago)
Check robots.txt and sitemap.xml for hidden pages (seller portals, partner areas, admin panels)

Example website audit findings:

Current homepage (day 60): Marketplace-style layout with "Sold by [Seller Name]" on product tiles. Footer includes "Become a Seller" link.

Wayback Machine (onboarding date - day 0): Single-brand e-commerce store. No seller mentions. Footer includes standard "About Us", "Contact", "Shipping Policy" links.

WHOIS data:

Domain: fitnesproshop.com, registered 2025-07-12 to "John Doe", registrant email: johndoe@email.com
Related domain: fitnesproshop-sellers.com, registered 2025-09-20 to "FPS Holdings LLC", registrant email: johndoe@email.com (same person)

Source code analysis reveals:

Multi-vendor marketplace plugin installed (detected in HTML comments and JavaScript includes)
Seller dashboard login endpoint at /seller/login
API endpoints for seller registration (/api/v1/seller/register)

Descriptor and branding review:

Confirm the exact descriptor that appears on customer statements (request sample transactions, review processor reports, or conduct test purchases)
Search for customer complaints or inquiries online using search engines and social media (e.g., "What is [descriptor] charge?", "[descriptor] unauthorized charge", "[descriptor] Reddit", "[descriptor] Twitter")
Verify whether the descriptor appears prominently on the merchant's website (homepage header, footer, checkout page, order confirmation email)
Review customer service inquiry logs for descriptor-related questions (if available from merchant)

Example descriptor findings:

Descriptor: "SUMMIT VENTURES"

Website brand: "Peak Performance Supplements"

Website mentions of "Summit Ventures": None

Google search results:

"What is SUMMIT VENTURES charge?" - 12 results on consumer complaint forums
"SUMMIT VENTURES unauthorized charge" - 8 results on Reddit, Twitter
Complaints reference confusion about charge source and difficulty reaching customer service

Acquirer customer service logs (if tracked):

23 calls in 45 days asking "What is SUMMIT VENTURES?"
15 "unauthorized charge" disputes filed (later resolved as authorized but unrecognized)

Fulfillment verification:

Identify all shipping origin addresses in transaction data (extract from transaction metadata or tracking number databases)
Cross-reference addresses against the merchant's disclosed warehouse locations (compare to underwriting application, business documentation, lease agreements)
Search fulfillment addresses using Google Maps, business directories, and address databases to identify:

Third-party logistics providers (3PLs) like ShipBob, ShipMonk, Flexport
Amazon FBA warehouses (identifiable by specific address patterns)
Residential addresses (single-family homes, apartments)
Virtual offices or mailbox services (UPS Store, Regus, Mailboxes Etc.)
Freight forwarders or import/export facilities
Foreign addresses (China, Hong Kong, other international locations)

Example fulfillment findings:

Disclosed warehouse: 500 Industrial Pkwy, Suite 200, Austin TX

Actual fulfillment addresses (from 200 transactions):

500 Industrial Pkwy, Suite 200, Austin TX: 25 transactions (12.5%)
1234 Shenzhen Rd, Shenzhen, China: 80 transactions (40%)
5678 Guangzhou Ave, Guangzhou, China: 60 transactions (30%)
901 Port of LA, Los Angeles CA: 35 transactions (17.5%) [identified as freight forwarder facility]

Address investigation:

Austin address: Virtual office (receptionist, mail forwarding, no warehouse space)
China addresses: Manufacturer facilities (not disclosed fulfillment partners)
LA address: Freight forwarder receiving China shipments for U.S. customers

Ecosystem mapping:

Identify all domains registered to the same entity, individual, or email address (WHOIS database searches, reverse WHOIS lookups)
Search for related businesses with shared phone numbers, addresses, or key personnel (business directory searches, corporate registration databases, LinkedIn profiles)
Review corporate registration documents for undisclosed subsidiaries or affiliates (Secretary of State business entity searches, beneficial ownership registries)
Check for common elements across websites (shared IP addresses via hosting services, common analytics tracking codes, shared customer service emails, identical terms of service or privacy policy language)

Example ecosystem mapping:

Primary merchant: "TechMart Pro" (approved MID)

Ecosystem discovered:

techmart-pro.com (primary website, on underwriting application)

Registered to: TechMart Pro LLC, johndoe@email.com

techmart-sellers.com (seller portal)

Registered to: TMP Holdings LLC, johndoe@email.com (same registrant email)

discount-tech-hub.com (separate brand)

Registered to: Discount Hub Inc., janedoe@email.com (different email but same phone number in WHOIS)

gadget-marketplace.net (marketplace brand)

Registered to: GM Services LLC, johndoe@email.com (same registrant email)

Corporate structure investigation:

TechMart Pro LLC: John Doe (sole member)
TMP Holdings LLC: John Doe (sole member)
Discount Hub Inc.: Jane Doe (president), John Doe (secretary)
GM Services LLC: John Doe (sole member)

All entities share the same registered address (123 Business Ct, Austin TX). Google Maps reveals this is a virtual office.

Step 2: Risk Scoring

Assign risk scores based on the number and severity of drift signals identified. Automated risk decisioning platforms can calculate composite scores from individual indicators.

Low risk (monitoring) - 0-2 signals with low severity:

Minor descriptor inconsistencies with clear business justification (parent company name with brand name in parentheses)
Limited product line expansion within the same general category (apparel merchant adds accessories)
Disclosed drop-shipping with consistent fulfillment partner (single 3PL address disclosed and verified)
Website updates that don't change core business model (redesign, product photos updated, seasonal promotions)

Action: Continue standard ongoing monitoring. Flag for next quarterly review. No immediate intervention required.

Medium risk (enhanced review) - 3-5 signals or 1-2 high-severity signals:

Descriptor does not clearly identify the brand (holding company name, generic descriptor)
Product catalog includes 2-3 distinct categories not disclosed at onboarding (electronics merchant adds supplements)
Fulfillment from undisclosed locations, but addresses belong to known logistics providers (3PLs, Amazon FBA)
Website references "partners" but no evidence of third-party seller onboarding (vague language without functionality)
Volume ramp faster than industry norms but not extreme (50-100% month-over-month vs. 200%+)

High risk (urgent investigation) - 6+ signals or 3+ high-severity signals:

Generic or rotating descriptors (changes every 30 days)
Product catalog includes prohibited or high-risk items (CBD, kratom, adult content, gambling, pharmaceuticals without licenses)
Fulfillment from numerous unrelated addresses or foreign locations (10+ addresses, China fulfillment not disclosed)
Website includes seller registration forms or marketplace functionality (explicit aggregator model)
Rapid volume ramp with transaction patterns inconsistent with stated business model (300%+ month-over-month, immediate high volume)
Customer disputes reference unrecognized charges or misrepresented products (2%+ dispute rate, "didn't order" claims)
Ecosystem mapping reveals undisclosed related entities processing through same MID

Risk Scoring Example:

Merchant: "Wellness Marketplace Inc."

Signals detected:

Generic descriptor ("WM PROCESSING") - Medium severity
Product catalog includes prohibited CBD (not disclosed) - High severity
8 distinct fulfillment addresses (only 1 disclosed) - High severity
Website footer references "seller partners" - Medium severity
Volume ramp: $12k → $45k → $180k first 3 months - High severity
Dispute rate 1.8% (above 0.9% threshold) - Medium severity
Ecosystem mapping found related domain "wm-sellers.com" - High severity

Signal count: 7

High-severity signals: 4

Risk category: High risk (urgent investigation)

Step 3: Merchant Outreach

For medium and high-risk cases, contact the merchant to request clarification. Document all communications as part of the investigation audit trail.

Request documentation:

Updated business model description (written narrative explaining current operations)
Inventory ownership confirmation (supplier invoices, purchase orders, warehouse receipts, inventory management reports)
Fulfillment partner agreements (if drop-shipping: contracts with suppliers including contact information, pricing terms, liability provisions)
Licensing or compliance documentation for high-risk product categories (CBD: state licenses, CoAs; supplements: FDA registration, GMP compliance; electronics: FCC/CE certifications)
Explanation for descriptor, website, or product catalog changes (business justification for any material changes detected)
Ecosystem disclosures (list all related websites, businesses, domains owned or operated by the same principals)
UBO certifications (if corporate structure suggests undisclosed beneficial owners)

Sample documentation request email:

"Dear [Merchant],

Updated business model description: Please provide a written explanation of your current business operations, including how you source inventory, fulfill orders, and handle customer service.
Inventory verification: Please provide recent supplier invoices or purchase orders (last 90 days) showing your acquisition of products listed on your website. Include supplier names and contact information.
Fulfillment documentation: We note that orders are shipping from [list addresses]. Please explain this fulfillment model and provide any agreements with third-party logistics providers or drop-ship suppliers.
Product compliance: Your website now includes [list products or categories]. Please provide any required licenses, certifications, or compliance documentation for these product categories.
Related entities: Please list any other websites, domains, or businesses you own or operate, or that are owned/operated by related parties.

Please provide the requested documentation within 10 business days. Failure to respond may result in processing restrictions or account termination.

[Contact information for questions]"

Assess responsiveness:

Legitimate merchants typically respond within 1-3 business days with substantive answers or reasonable requests for clarification
Evasive or delayed responses may indicate awareness of policy violations (responses that avoid direct questions, provide vague explanations, or request excessive time extensions)
Inability to provide documentation (e.g., "inventory is handled by a third party we can't name", "our suppliers require confidentiality", "fulfillment agreements are proprietary") raises transaction laundering concerns

Red flag responses:

"We work with various partners but can't disclose their identities due to NDAs"
"Our business model is proprietary and we can't share operational details"
"The products were temporarily listed but are no longer available" (when products are still visible on website)
"We're transitioning our business model and will have documentation soon" (indefinite delays)
No response after multiple attempts to contact (phone, email, registered address)

Evaluate explanations:

Do explanations align with observed transaction patterns? (claimed "single product line" vs. observed "10 product categories")
Are provided documents verifiable? (supplier invoices with contact information, warehouse lease agreements with landlord details, licenses with issuing authority confirmation)
Does the merchant demonstrate clear control over inventory, fulfillment, and customer service? (can provide inventory counts, handles customer disputes directly, employs fulfillment staff or contracts with disclosed 3PLs)
Are explanations internally consistent? (don't contradict previous statements or underwriting documentation)

Example evaluation:

Verification requests:

Supplier names and contact information → Merchant provides
Supplier agreements → Merchant provides PDFs of agreements
Purchase orders showing wholesale purchases → Merchant provides

Verification results:

Contacted suppliers: Confirmed they sell wholesale to merchant
Reviewed agreements: Standard wholesale terms, merchant buys inventory at wholesale price and marks up for retail
Reviewed purchase orders: Show merchant purchased $50k of inventory in last 60 days

Contrasting example:

Merchant explanation: "We work with fulfillment partners to deliver the best products to customers."

Verification requests:

Partner names → Merchant: "Can't disclose due to competitive reasons"
Agreements → Merchant: "Don't have formal agreements, it's relationship-based"
Purchase orders → Merchant: "Partners manage inventory, we don't purchase products"

Step 4: Disposition

Based on investigation findings, determine the appropriate action:

Clear (continue monitoring):

Inconsistencies have reasonable explanations and supporting documentation
Merchant demonstrates control over business operations (owns or purchases inventory, controls fulfillment, handles customer service)
No policy violations or prohibited activity identified
Continue standard ongoing monitoring (monthly reviews, automated transaction monitoring, annual re-underwriting)

Restrict (limit exposure):

Some transaction laundering indicators present, but severity is unclear or documentation is partial
Merchant provides partial documentation or explanations with minor gaps (e.g., can verify some suppliers but not all, provides some purchase orders but not comprehensive proof)
Minor policy violations identified but no prohibited activity (e.g., descriptor issue, undisclosed product line expansion to permitted categories)
Impose transaction limits (daily/weekly/monthly volume caps), reserve increases (hold higher percentage of funds), or prohibited product restrictions (explicitly ban certain categories)
Require periodic re-reviews (e.g., every 30 or 60 days) with updated documentation

Suspend (pending further review):

Strong transaction laundering indicators with insufficient documentation to make final determination
Merchant fails to respond or provides evasive explanations, but there is not yet definitive proof of violations
Policy violations identified (prohibited products, undisclosed marketplace activity) but merchant claims they can remediate
Suspend processing while investigation continues or until merchant can provide satisfactory evidence (typically 15-30 days)
Hold all pending settlements or increase reserves to 100%

Terminate (exit merchant):

Confirmed transaction laundering activity (merchant processes for undisclosed sellers, operates marketplace without disclosure, acts as payment gateway)
Merchant processes for prohibited sellers or prohibited products (gambling without license, adult content, counterfeit goods, unlicensed pharmaceuticals)
Merchant misrepresented business model during onboarding (claimed direct seller but operates aggregator, fabricated business operations, synthetic identity)
Merchant fails to provide documentation or cooperate with investigation (no response after multiple attempts, refuses to provide basic business records)
Risk exposure is unacceptable regardless of explanations (high dispute rates, network inquiries, regulatory concerns)
Terminate merchant relationship immediately and report to card networks if required (Visa's MATCH/TMF, Mastercard's MBR)

Disposition Statistics Benchmarking:

We observe typical disposition rates for transaction laundering investigations across merchant portfolios:

Disposition

% of Investigations

Notes

Clear

60-70%

Majority are false positives or have benign explanations

Restrict

15-20%

Merchants with minor issues requiring ongoing monitoring

Suspend

5-10%

Merchants needing more time to provide documentation

Terminate

10-15%

Confirmed transaction laundering or policy violations

What Good Looks Like

Merchants with low transaction laundering risk demonstrate the following characteristics:

Traceable Inventory

Direct inventory ownership:

Merchant purchases inventory from manufacturers or distributors (supported by purchase orders, invoices, payment records showing merchant paid for goods)
Merchant maintains physical inventory in owned or leased warehouse space (supported by lease agreements, warehouse photos, inventory counts, insurance policies for inventory)
Merchant has inventory management systems with SKU-level tracking (can provide real-time stock levels, turnover rates, reorder points)
Merchant can demonstrate cost of goods sold (COGS) and margin structure (buys at wholesale price $X, sells at retail price $Y, margin is Z%)

Verifiable suppliers:

Supplier names and contact information disclosed during onboarding (manufacturer or distributor names, addresses, phone numbers, websites)
Suppliers are legitimate businesses with public records, websites, and trade history (can be verified via business registries, trade databases, internet presence)
Supplier relationships are documented (contracts, terms of sale, payment terms, volume commitments, return policies)
Suppliers confirm wholesale relationship when contacted (verification calls or emails to suppliers confirm they sell to merchant)

No undisclosed intermediaries:

Products ship directly from merchant's warehouse or disclosed fulfillment partner (transaction data shows consistent shipping origins)
No evidence of third-party sellers inserting themselves into the fulfillment chain (no "Sold by" language, no seller ratings, no undisclosed shipping addresses)
Product sources are consistent across all transactions (same warehouse or same disclosed 3PL for 90%+ of orders)

Example of good inventory documentation:

Merchant: "Outdoor Gear Outfitters"

Inventory documentation provided:

Supplier list: 5 named suppliers (REI Wholesale, Patagonia B2B, Columbia Sportswear Dealer Program, etc.)
Purchase orders: Last 90 days show $120k in inventory purchases
Warehouse lease: 10,000 sq ft warehouse at 500 Industrial Dr, Boulder CO (5-year lease, verified with landlord)
Inventory management system: Screenshots showing 1,500 SKUs with current stock levels, last restock dates, turnover rates
Photos: Warehouse interior showing shelved inventory with SKUs matching website products

Verification:

Called suppliers: Confirmed merchant is authorized dealer/wholesale customer
Visited warehouse address on Google Maps: Street View shows commercial warehouse facility (not virtual office or residential)
Reviewed margin structure: Purchase price avg $40 per item, retail price avg $75 per item (47% margin, reasonable for retail)

Conclusion: Merchant demonstrates direct inventory ownership and control. Low transaction laundering risk.

Consistent Brand Identity

Unified branding:

Single, clearly defined brand name across website, packaging, customer communications, and payment descriptors (customers see the same brand everywhere)
Professional branding materials (logo, color scheme, typography) consistently applied (recognizable visual identity)
Website domain matches brand name and descriptor (brand: "Blue Mountain Coffee", domain: bluemountaincoffee.com, descriptor: "BLUE MTN COFFEE")
Social media presence matches brand (Facebook, Instagram, Twitter accounts use same branding and messaging)

No marketplace indicators:

Website does not include "Sold by [Third Party]" language
No seller registration or application forms
No references to "partners", "vendors", or "network members" that suggest third-party seller involvement
All products presented as sold by the merchant directly (product pages say "Sold by [Merchant Brand Name]" or no seller attribution)

Stable web presence:

Domain registered at least 6-12 months before applying for payment processing (shows established business, not created specifically for MID application)
Website content and structure remain consistent over time (no sudden rebrands, no major functionality changes, no pivot from retail to marketplace)
No sudden rebranding, domain changes, or redirect chains (consistent brand identity maintained)
Domain age and history can be verified via WHOIS and Wayback Machine (shows legitimate evolution, not suspicious changes)

Example of good brand consistency:

Merchant: "Artisan Coffee Roasters"

Brand elements:

Website: artisancoffeeroasters.com
Descriptor: "ARTISAN COFFEE"
Logo: Consistent coffee bean design across website, packaging, social media
Social media: @artisancoffee on Instagram (8,000 followers, 2 years of posts), Artisan Coffee Roasters on Facebook (5,000 likes, established 2023)
Domain age: Registered 2023-03-15 (2.5 years before applying for MID)

Website consistency:

Wayback Machine shows consistent design and branding since launch
No major changes in business model or product offerings
About Us page describes founder's coffee roasting background (verifiable via LinkedIn)

Conclusion: Strong, consistent brand identity with no marketplace indicators. Low transaction laundering risk.

Clear Fulfillment Chain

Disclosed fulfillment model:

Merchant clearly states whether fulfillment is in-house, outsourced to a logistics provider, or drop-shipped (shipping policy page explains model)
If drop-shipping, merchant identifies supplier(s) and demonstrates purchase order volume (provides supplier names and proof of wholesale purchases)
If using a 3PL (third-party logistics provider), merchant provides 3PL contract and contact information (verifiable agreement with named 3PL)
Fulfillment model matches transaction data (stated model aligns with observed shipping origins)

Consistent shipping origins:

Products ship from locations disclosed during underwriting (transaction data shipping addresses match declared warehouse locations)
Shipping address(es) match warehouse addresses provided in business documentation (lease agreements, utility bills, insurance policies show same addresses)
No unexplained international shipments or multiple fulfillment locations for a small merchant (patterns make sense for business size and model)
Shipping times align with stated locations (domestic warehouse means 2-5 day delivery, not 15-20 day delivery from China)

Customer service control:

Merchant operates customer service function (phone, email, chat staffed by merchant employees or disclosed outsourcing partner)
Customer service contact information prominently displayed on website (phone number, email address, hours of operation, chat widget)
Merchant can handle returns, refunds, and disputes directly (customers contact merchant, not third-party sellers or "partners")
Customer service number reaches actual merchant operations (not answering service, not disconnected, not overseas call center for unrelated business)

Example of good fulfillment documentation:

Merchant: "Modern Home Decor"

Fulfillment model: "We fulfill all orders from our warehouse in Raleigh, NC. Most orders ship within 1-2 business days via USPS or UPS."

Documentation provided:

Warehouse address: 1200 Distribution Dr, Raleigh NC 27610
Warehouse lease: 15,000 sq ft warehouse, 3-year lease, verified with property management
Staff: 8 employees including 3 warehouse workers (provided org chart)
Photos: Warehouse showing inventory, packing stations, shipping supplies

Transaction data verification:

95% of shipments originate from 1200 Distribution Dr, Raleigh NC
5% of shipments originate from "Special Order Fulfillment" (large furniture items shipped directly from manufacturers, disclosed in shipping policy)
Average delivery time: 3-4 days to East Coast, 5-7 days to West Coast (consistent with domestic fulfillment)

Customer service verification:

Phone number (919-555-0100) listed on website, Google Business, BBB
Test call reached merchant staff who could answer product questions and check order status
Email (support@modernhomedecor.com) received response within 4 hours during business hours

Conclusion: Clear, verifiable fulfillment chain. Merchant controls inventory and operations. Low transaction laundering risk.

Explicit Prohibited Activity Controls

Clear prohibited product policies:

Website terms of service explicitly list prohibited products or activities (specific list: "no tobacco, alcohol, weapons, adult content, gambling, controlled substances, counterfeit goods")
Prohibited product list aligns with card network rules and acquirer policies (mirrors acquirer's prohibited list)
Merchant demonstrates awareness of compliance requirements (e.g., age verification for restricted products, licensing for regulated goods)
Prohibited list is enforced (merchant has rejected product submissions from partners, removed prohibited items when identified)

Proactive compliance monitoring:

Merchant conducts internal reviews to ensure product catalog compliance (regular audits, quarterly reviews, automated screening)
Merchant removes prohibited products promptly when notified (responds within 24-48 hours to compliance concerns)
Merchant provides compliance documentation for high-risk product categories (e.g., FDA registration for supplements, state licenses for CBD, FCC certification for electronics)
Merchant has compliance personnel or processes (compliance officer, written compliance procedures, training for staff)

No high-risk partnerships:

Merchant does not reference partnerships with undisclosed entities (all business relationships disclosed)
Merchant does not offer "white-label" or "gateway" services to third parties (does not process for other businesses)
Merchant's business model is straightforward: buy inventory, sell to consumers, fulfill orders (direct retail model, not complex intermediary structure)

Example of good compliance controls:

Merchant: "Nutrition Supplements Pro"

Compliance documentation provided:

FDA facility registration: Facility #123456, registered as supplement distributor
GMP compliance certificate: Verified Good Manufacturing Practices
Third-party testing reports: CoAs (Certificates of Analysis) for all supplement products
State licenses: California CDPH food facility registration, other state requirements
Product review process: Written procedures for evaluating new products before listing

Compliance monitoring:

Quarterly product audits: Reviews all products for compliance with FDA regulations and prohibited list
Removed 12 products in last year due to compliance concerns (documented in compliance log)
Staff training: Annual FDA compliance training for all product managers

Conclusion: Strong compliance controls with documentation and enforcement. Low transaction laundering risk.

Documentation Checklist for Low-Risk Merchants

Merchants demonstrating low transaction laundering risk can provide:

[ ] Supplier invoices: Recent purchase orders or invoices showing inventory acquisition (last 90 days, naming suppliers and showing product purchases)
[ ] Warehouse documentation: Lease agreement, utility bills, or photos confirming physical inventory location (proves merchant has actual warehouse space)
[ ] Inventory management reports: SKU-level reports showing stock levels and turnover (demonstrates inventory control and ownership)
[ ] Fulfillment partner contracts (if applicable): Agreements with 3PLs or drop-ship suppliers, including contact information (verifiable third-party relationships)
[ ] Brand registration: Trademark registration or domain ownership records (proves legitimate brand identity)
[ ] Compliance documentation: Licenses, certifications, or permits for regulated products (FDA registration, state licenses, industry certifications)
[ ] Customer service records: Evidence of direct customer communication and dispute resolution (email logs, call records, CRM screenshots)
[ ] Financial records: Bank statements showing inventory purchases, payroll for staff, warehouse rent payments (demonstrates actual business operations)
[ ] Organizational chart: Staff list with roles (shows merchant has actual employees and operations, not just principals)
[ ] Business licenses: Local/state business licenses and permits (proves legitimate registered business)

Effective ongoing monitoring solutions and workflow automation platforms can automate periodic re-collection of these documents and flag changes that warrant investigation.

Common Misses

Treating MCC as the Control

The most common mistake in transaction laundering detection is assuming the Merchant Category Code (MCC) provides sufficient control over what the merchant can sell.

Why MCC is insufficient:

MCCs are broad categories designed for interchange pricing and merchant categorization, not for prohibited activity control. For example:

MCC 5999 (Miscellaneous and Specialty Retail Stores) encompasses thousands of product types from apparel to electronics to supplements to CBD
MCC 5311 (Department Stores) allows almost any consumer good a department store might sell
MCC 5712 (Furniture, Home Furnishings, and Equipment Stores) includes home goods, decor, and appliances but provides no control over specific product risk
MCC 5734 (Computer Software Stores) could include legitimate software or subscriptions to prohibited gambling or adult content sites

According to the Visa Merchant Category Classification Codes guide, MCCs describe the "predominant business activity" but do not restrict individual transaction types within that category.

MCC alone does not prevent:

Product line expansion into prohibited categories within the same MCC
Processing for undisclosed third-party sellers offering different products
Processing for products that require licensing or age verification
Processing for counterfeit or misrepresented goods

Real-world example:

Merchant approved as MCC 5999 (Miscellaneous Retail) selling "general merchandise". Within 60 days, merchant's website includes:

Apparel (permitted under MCC 5999)
Electronics (permitted under MCC 5999)
CBD products (permitted under MCC 5999 but prohibited by acquirer policy)
Kratom (permitted under MCC 5999 but prohibited by acquirer policy)
Vape devices (permitted under MCC 5999 but prohibited by acquirer policy)

The merchant is not violating MCC restrictions, but is violating acquirer prohibited product policies. MCC-only monitoring would not detect this violation.

The fix:

MCC should be one data point among many. Risk teams must:

Define prohibited product lists explicitly in merchant agreements (specific products and categories, not just MCCs)
Monitor transaction metadata for product descriptions (extract SKUs, product names, categories from transaction data)
Conduct periodic website reviews to verify product catalog compliance (monthly or quarterly website audits)
Require merchant notification before adding new product categories (contractual obligation to notify before material changes)
Implement automated product keyword screening (flag transactions containing "CBD", "kratom", "vape", "gambling", etc.)

Ignoring Website Changes

Common website changes that indicate transaction laundering:

Addition of seller registration or application forms (e.g., "Become a Seller", "List Your Products", "Join Our Network")
Changes in product catalog breadth or risk profile (100 SKUs → 10,000 SKUs, apparel → apparel + supplements + CBD)
Introduction of "marketplace", "platform", or "partner network" language (Terms of Service change from "we sell products" to "we connect buyers and sellers")
Removal of brand identity elements (logo, about us, company information replaced with generic platform language)
Domain redirects to different websites or subdomains (merchant domain redirects to separate marketplace domain, suggesting infrastructure change)
Addition of seller-specific features (seller dashboards, payout schedules, commission structures, vendor login portals)

The fix:

Implement automated website monitoring:

Capture screenshots or HTML crawls at 30-day intervals during the first 90 days, then quarterly thereafter
Use change detection tools to flag significant alterations (percentage of page content changed, new pages added, specific keywords added)
Manually review flagged changes to assess transaction laundering risk (determine if changes indicate business model shift)
Require merchant notification before making material website changes (contractual obligation to notify of business model changes)
Use Wayback Machine to review historical versions when investigation is needed (compare current site to onboarding date version)

Automated website monitoring solutions can integrate with ongoing monitoring platforms to trigger alerts when significant changes are detected.

Failing to Verify Inventory Ownership

Red flags:

Merchant cannot provide supplier invoices or purchase orders (claims "suppliers are confidential" or "we don't have formal agreements")
Merchant references "suppliers" or "partners" but cannot name them (vague language without specifics)
Merchant's balance sheet shows no inventory assets (financial statements show zero inventory, suggesting merchant doesn't own products)
Merchant has no warehouse or fulfillment infrastructure (virtual office address, no lease agreement, no photos of warehouse)
Merchant cannot explain cost structure or margins (doesn't know wholesale cost, cannot explain pricing, suggests they don't actually purchase inventory)

The fix:

Require documentation of inventory ownership:

Request recent supplier invoices showing product purchases (last 90 days, proving merchant actually buys inventory)
Verify warehouse addresses with lease agreements or utility bills (prove physical inventory location exists)
Review inventory management systems or stock reports (prove merchant tracks and controls inventory)
For drop-shipping models, require supplier contracts and confirm supplier legitimacy (verify drop-ship suppliers are real businesses, confirm they sell to merchant)
Request financial statements showing inventory as an asset (balance sheet should show inventory if merchant owns products)

Merchants with legitimate dropshipping models can typically provide:

Supplier agreements naming specific suppliers
Purchase order history showing wholesale purchases
Supplier contact information for verification
Product cost structures proving merchant markup (merchant buys for $X, sells for $Y, documents the difference)

Merchants claiming "we can't disclose suppliers" or "we don't purchase inventory" are high-risk for transaction laundering.

Overlooking Ecosystem Connections

Common ecosystem patterns:

Multiple domains registered to the same individual or entity (same registrant name, same registrant email address in WHOIS)
Shared phone numbers or email addresses across websites (same customer service contact across multiple brands)
Common owners, directors, or key personnel (same individuals listed as principals across multiple businesses in corporate registrations)
Cross-promotion or linking between sites (sites reference each other, share promotional codes, link to each other's product pages)
Shared infrastructure (same hosting provider, same IP address, same payment gateway, same analytics tracking codes)
Related legal entities with common ownership (parent company owns multiple subsidiaries, all operating separate websites)

The fix:

Conduct ecosystem mapping during underwriting and periodically thereafter:

Search domain registration records (WHOIS) for related domains (search by registrant name, registrant email, registrant phone)
Identify all businesses registered to the same owners or principals (state Secretary of State business entity searches for all entities with same owners)
Review corporate structure for subsidiaries and affiliates (request org chart, corporate structure documentation)
Monitor for new domain registrations after MID approval (set alerts for new domains registered to same party)
Check for shared contact information (reverse phone lookup, reverse email lookup to find related websites)
Analyze website code for shared elements (same Google Analytics IDs, same Facebook Pixel IDs, same advertising tracking codes)

This practice aligns with best practice guidance: merchant risk assessments must include an "Ecosystem" section mapping all storefronts and domains operated by the same entity or people.

Example ecosystem investigation:

Merchant: "Fashion Outlet Pro" (approved MID)

Ecosystem discovered through WHOIS and corporate searches:

fashionoutletpro.com (primary approved site)
fashion-marketplace.com (registered to same email address 30 days after MID approval)
discount-apparel-hub.com (registered to same phone number)
bargain-clothing-sellers.com (registered to same principal via corporate search)

All four domains share the same Google Analytics code (UA-123456-7), confirming common ownership and management.

Neglecting Transaction Metadata

Acquirers and PayFacs often focus on high-level metrics (volume, ticket size, refund rates) while ignoring granular transaction metadata that reveals transaction laundering.

Valuable metadata fields:

Product descriptions or SKUs (reveals what is actually being sold)
Shipping addresses (origin and destination, reveals fulfillment model)
Customer IP addresses or device locations (reveals customer geography and potential VPN usage)
Order IDs or invoice numbers (patterns may reveal multiple businesses using same MID)
Item-level pricing and quantities (reveals product mix and average order composition)
Transaction timestamps (reveals processing patterns, such as 24/7 processing for claimed "small business")

Red flags in metadata:

Generic or missing product descriptions (product field says "Item" or "Product" instead of actual product names)
Inconsistent product categories across transactions (SKU prefix suggests apparel but description says "supplement")
Shipping from numerous unrelated addresses (10+ unique shipping origins for small merchant)
Customer locations inconsistent with merchant's target market (U.S. merchant but 80% of customers have foreign IPs)
Order IDs suggest multiple order systems (different numbering schemes suggest different sellers using same MID)
Extreme product price variance (same SKU sold at vastly different prices, suggesting multiple sellers)

The fix:

Analyze transaction metadata systematically:

Extract and store metadata fields in a queryable format (data warehouse, analytics database)
Run periodic queries to identify anomalies (e.g., "show all unique shipping origin addresses in the last 30 days", "show all unique product SKU prefixes", "show customer IP country distribution")
Build rules to flag suspicious patterns (e.g., "alert if shipping origins exceed 5 distinct addresses for a merchant with one disclosed warehouse", "alert if product descriptions contain prohibited keywords")
Review flagged transactions manually to assess transaction laundering risk (investigate merchants with high metadata anomaly scores)
Require metadata quality standards in merchant agreements (descriptive product names, accurate shipping data, complete order information)

Effective transaction monitoring platforms extract and analyze metadata to identify drift patterns that high-level metrics miss.

Assuming Clean Onboarding Equals Ongoing Compliance

Many transaction laundering schemes involve merchants who pass initial underwriting checks but alter their business model post-approval. Clean onboarding is not a guarantee of ongoing compliance.

Why this happens:

Merchant's original business model fails or generates insufficient volume (legitimate business struggles, merchant pivots to higher-volume model)
Merchant is approached by third parties offering to send volume in exchange for processing services (hidden sellers recruit merchant as payment gateway)
Merchant intentionally misrepresents business model to gain approval, then reveals true operations after MID activation (classic fraud scheme: gain trust, then exploit)
Merchant experiences financial pressure and accepts volume from questionable sources to maintain revenue (desperation leads to poor risk decisions)

The fix:

Enhanced monitoring during the first 90 days:

Review website, transaction patterns, and fulfillment data at 30, 60, and 90 days post-activation (systematic drift detection)
Flag rapid volume ramps or behavioral changes for investigation (define "normal" ramp vs. "suspicious" ramp by industry)
Require re-verification of business model and inventory ownership at 90 days for higher-risk segments (high-volume merchants, broad-MCC merchants, merchants in historically risky categories)
Implement "new MID probation" period with enhanced reserves and stricter limits (reduce risk exposure during high-risk window)

The first 90 days are the highest-risk period for transaction laundering detection. Programs that treat day 91 the same as day 1 miss critical drift signals.

Implementation Roadmap

Phase 1: Enhanced Onboarding (Weeks 1-4)

Objectives: Capture data points that enable drift detection

[ ] Expand underwriting data collection: Add fields for fulfillment model (in-house/3PL/drop-ship), supplier names, warehouse addresses, product catalog documentation (written product list or catalog export)
[ ] Conduct ecosystem mapping: Identify all domains and businesses operated by the merchant or related entities (WHOIS search, corporate registration search, shared contact information search)
[ ] Screenshot website: Capture homepage, product pages, terms of service, shipping/returns policies as baseline (save dated screenshots for comparison)
[ ] Verify inventory ownership: Request supplier invoices or purchase orders for key products (prove merchant actually purchases inventory)
[ ] Define prohibited products explicitly: Provide merchant with clear list of prohibited products or activities (written policy, require merchant acknowledgment)
[ ] Set descriptor: Confirm descriptor matches brand name and will be recognizable to customers (test descriptor, verify it appears on website)
[ ] Extract transaction metadata schema: Ensure your processing platform captures product descriptions, shipping addresses, and other metadata fields for analysis

Phase 2: New MID Monitoring (Weeks 5-8)

Objectives: Detect drift during the critical first 90 days

[ ] Day 7 review: Verify website matches underwriting documentation; check for immediate red flags (marketplace language, prohibited products, inconsistent branding)
[ ] Day 30 review: Analyze first month transaction metadata; flag volume ramps, product anomalies, fulfillment inconsistencies (compare actual patterns to stated business model)
[ ] Day 60 review: Compare current website and transaction patterns against baseline; investigate any drift (website comparison, volume trend analysis, product mix changes)
[ ] Day 90 review: Comprehensive review of all drift signals; determine whether to continue standard monitoring or conduct enhanced investigation (final risk determination for new MID probation period)
[ ] Implement "new MID" flags: Tag accounts <90 days old for enhanced monitoring in reporting dashboards and alert rules

Phase 3: Investigation Workflow (Weeks 9-12)

Objectives: Build repeatable investigation process

[ ] Create investigation checklist: Standardize data gathering, risk scoring, merchant outreach, and disposition steps (documented procedures for consistency)
[ ] Define risk score thresholds: Establish criteria for low, medium, and high-risk classifications (scoring rubric with signal weights)
[ ] Build case management system: Track investigations, evidence, communications, and outcomes (centralized investigation database)
[ ] Train investigators: Provide team with transaction laundering indicators, investigation techniques, and disposition authority (playbooks, training sessions, shadowing)
[ ] Establish escalation paths: Define when to involve legal, networks, or senior management (escalation matrix based on risk score and merchant response)
[ ] Document disposition procedures: Create templates for clear, restrict, suspend, and terminate actions (standardized merchant communications)

Phase 4: Automated Detection (Months 4-6)

Objectives: Scale drift detection through automation

[ ] Build transaction metadata extraction: Parse product descriptions, shipping addresses, and other metadata into queryable fields (ETL pipeline, data normalization)
[ ] Create drift detection rules: Automate flagging of descriptor variance, broad product catalogs, multiple fulfillment locations, rapid ramps (rule engine with configurable thresholds)
[ ] Implement website change monitoring: Use crawling or screenshot tools to detect website alterations (scheduled monitoring, change percentage alerts)
[ ] Develop risk scoring models: Combine drift signals into composite risk scores (weighted scoring algorithm, machine learning for pattern detection)
[ ] Set alert thresholds: Tune rules to balance detection and false positive rates (A/B testing, feedback loop from investigation outcomes)
[ ] Integrate with case management: Auto-create investigation cases when high-risk scores are detected (workflow automation)

Phase 5: Continuous Improvement (Ongoing)

Objectives: Refine detection based on observed patterns

[ ] Review confirmed cases: Analyze transaction laundering schemes detected to identify common indicators (monthly case review meetings, pattern documentation)
[ ] Update detection rules: Add new drift signals observed in the field (rules database, version control)
[ ] Track false positives: Measure and reduce investigation burden from benign inconsistencies (false positive log, threshold tuning)
[ ] Share learnings: Provide feedback to underwriting teams to improve initial screening (cross-functional meetings, shared documentation)
[ ] Monitor regulatory guidance: Update policies to reflect card network and regulator expectations (subscribe to network bulletins, industry news)
[ ] Benchmark program performance: Compare metrics to industry standards and peer institutions (MRC reports, industry surveys, consultant benchmarking)
[ ] Invest in technology: Evaluate vendor solutions for automated monitoring, machine learning detection, ecosystem mapping (RFPs, proof-of-concept testing)

Key Metrics to Track

Effective transaction laundering detection programs track metrics to demonstrate coverage and identify program gaps:

Detection Metrics

% of new MIDs reviewed within 7 days of activation: Target 100% (measures coverage of critical early window)
% of new MIDs reviewed at 30, 60, 90 days: Target 100% for higher-risk segments (MCC 5999, e-commerce, international), 50%+ for lower-risk segments (measures ongoing surveillance)
Drift signals detected per 100 new MIDs: Benchmark to identify high-volume signal types (typical range: 15-30 signals per 100 MIDs, with 80% being low/medium severity)
% of merchants flagged for investigation: Target 5-15% (too low suggests under-detection, too high suggests over-sensitive rules)

Investigation Metrics

Average time from signal detection to investigation initiation: Target <5 business days (measures responsiveness)
Average investigation duration: Target <15 business days from initiation to disposition (measures efficiency)
% of investigations resulting in each disposition: Track clear (60-70%), restrict (15-20%), suspend (5-10%), terminate (10-15%) rates (benchmarks program effectiveness)
Merchant documentation response rate: Track % of merchants providing requested documentation within 10 days (measures cooperation)
Investigation backlog: Track open investigations >30 days old (identifies resource constraints)

Program Effectiveness Metrics

Transaction laundering schemes detected per quarter: Measures program success (typical range: 2-10 per quarter depending on portfolio size)
Volume processed before detection: Lower is better; indicates earlier detection (target: <$100k processed before termination for average e-commerce merchant)
False positive rate: (Investigations cleared / Total investigations). Typical range 60-70% (balance between coverage and efficiency)
Network inquiries or fines related to transaction laundering: Target zero (ultimate success metric)
Merchant complaints about investigation process: Track merchant feedback on investigation fairness, timeliness, communication (quality metric)

Business Impact Metrics

Prevented fraud/chargeback losses: Estimate losses avoided through early detection (calculate based on industry chargeback rates for laundering merchants)
MID terminations due to transaction laundering: Track portfolio cleanup (typical range: 1-3% of new MIDs terminated within first year)
Time saved through automation: Measure efficiency gains from automated drift detection (hours saved per month, cost savings)
Reserve funds held on high-risk merchants: Track exposure mitigation (funds held pending investigation)
Portfolio quality improvement: Measure trend in average merchant risk score over time (demonstrates program impact on overall risk)

Metrics Dashboard Example:

Monthly Transaction Laundering Detection Report

New MIDs activated this month: 250
New MIDs flagged for investigation: 32 (12.8%)
Investigations completed this month: 28

Cleared: 18 (64%)
Restricted: 6 (21%)
Suspended: 2 (7%)
Terminated: 2 (7%)

Average investigation duration: 12 days
Total volume prevented (terminated + suspended): $480,000
Network inquiries received: 0
Open investigation backlog: 15 cases

Closing Question

Transaction laundering detection improves through pattern recognition. As risk teams investigate more cases, common indicators become clear.

Which drift signal do you see first in practice?

About Ballerine

‍

How to Detect Transaction Laundering for a New MID

Index

Understanding Transaction Laundering

Scale and Impact

Common Transaction Laundering Scenarios

Why Transaction Laundering Occurs

Regulatory and Network Consequences

The New MID Challenge

Why New MIDs Are High-Risk

The Drift Detection Window

Volume Benchmarks by Industry

Drift Signals to Monitor

1. URL and Brand Drift

2. Descriptor Variance

3. Unusually Broad Product Catalog

4. Third-Party Fulfillment

5. "Partner" Language

Drift Signal Detection Checklist

Investigation Process

Step 1: Data Gathering

Step 2: Risk Scoring

Step 3: Merchant Outreach

Step 4: Disposition

What Good Looks Like

Traceable Inventory

Consistent Brand Identity

Clear Fulfillment Chain

Explicit Prohibited Activity Controls

Documentation Checklist for Low-Risk Merchants

Common Misses

Treating MCC as the Control

Ignoring Website Changes

Failing to Verify Inventory Ownership

Overlooking Ecosystem Connections

Neglecting Transaction Metadata

Assuming Clean Onboarding Equals Ongoing Compliance

Implementation Roadmap

Phase 1: Enhanced Onboarding (Weeks 1-4)

Phase 2: New MID Monitoring (Weeks 5-8)

Phase 3: Investigation Workflow (Weeks 9-12)

Phase 4: Automated Detection (Months 4-6)

Phase 5: Continuous Improvement (Ongoing)

Key Metrics to Track

Detection Metrics

Investigation Metrics

Program Effectiveness Metrics

Business Impact Metrics

Closing Question

About Ballerine

Related Questions

Understanding Transaction Laundering

Scale and Impact

Common Transaction Laundering Scenarios

Why Transaction Laundering Occurs

Regulatory and Network Consequences

The New MID Challenge

Why New MIDs Are High-Risk

The Drift Detection Window

Volume Benchmarks by Industry

Drift Signals to Monitor

1. URL and Brand Drift

2. Descriptor Variance

3. Unusually Broad Product Catalog

4. Third-Party Fulfillment

5. "Partner" Language

Drift Signal Detection Checklist

Investigation Process

Step 1: Data Gathering

Step 2: Risk Scoring

Step 3: Merchant Outreach

Step 4: Disposition

What Good Looks Like

Traceable Inventory

Consistent Brand Identity

Clear Fulfillment Chain

Explicit Prohibited Activity Controls

Documentation Checklist for Low-Risk Merchants

Common Misses

Treating MCC as the Control

Ignoring Website Changes