Skip to main content
Version: 1.1

Merchant Initiated Fraud (MIF)


Fraudio’s Merchant Initiated Fraud (MIF) product uses advanced machine learning techniques to detect sequences of transactions that may indicate fraudulent merchant behaviour. When a merchant is suspected to be fraudulent, the system generates a fraud report..

Fraud Types

Fraudio's Merchant Initiated Fraud product is primarily designed to detect merchant bust-out fraud, a type of fraud that involves fraudsters using one or more merchant accounts to process transactions with stolen credit cards. Fraudsters may either use existing merchant accounts and interleave fraudulent transactions with legitimate ones, or set up new accounts solely for processing stolen cards, disappearing with the money once fraud notifications and chargebacks start to come through.

In this type of fraud, the fraudulent merchant uses a seemingly legitimate business to establish a good credit history with the acquiring bank or payment processor. Once the merchant has gained the trust of the bank or processor, the fraudster begins processing large volumes of fraudulent transactions using stolen or counterfeit payment card data, such as fake or unauthorised transactions.


For more information about Merchant Initiated Fraud, please have a look at the Merchant Initiated Fraud talk on our website.

Although our main goal is to detect merchant bust-out fraud, other types of fraud are also detected due to the similarity in behaviour. Some examples of other types of fraud that are caught are:

  • Identity Swap: Someone else's identity is used to process business through a legitimate merchant account because the fraudster cannot use his own identity.
  • Business Remodelling: Merchants use fake information to establish a low-risk KYC category, then start selling illegal goods/services.
  • Transaction Laundering: Merchants use another business's legitimate payment processing credentials to process payments for their own illegal activities.
  • Money Laundering: Criminal money is laundered through a seemingly legitimate business.


Merchant bust-out fraud cases can be identified by their transactional patterns. Fraudio detects these patterns using machine learning techniques that analyse sequences of transactions and assign fraud scores to them. A fraud report is generated when a sequence shows combinations of patterns that we deem suspicious.

Outlying Behaviour

Fraudio detects merchant bust-out fraud cases that are characterised by outlying transactional behaviour compared to what is normal. Fraudulent behaviour falls within the scope of Fraudio’s Merchant Initiated Fraud product when there is a significant change compared to what is defined as normal behaviour for that merchant.

What is Normal behaviour?

To establish what is normal, Fraudio takes into account the transactions and metadata of all merchants in its global dataset.

The normal behaviour of a merchant is based on its own history and/or its peers. The reason codes distinguish between these two by using the phrases "when compared to the merchant's historical transactions" and "when compared to the merchant's peer group".

When comparing to the merchant's own history, Fraudio compares the merchant's recent transaction sequence with older ones to detect changes in behaviour. The sequence lengths vary from days to months.

When comparing to the merchant's peers, Fraudio compares the merchant's most recent transaction sequence to recent transaction sequences of its peers. For example, the last day of a merchant will be compared with the last day of its peers. The peers can come from any of Fraudio's clients. Peers are defined by combinations of the following properties:

  • Merchant Category Code
  • Merchant country
  • Combination of MCC and merchant country
  • Clustering based on merchant characteristics such as volume, ATV, KYC level, MCC, merchant country, etc.

What is Outlying behaviour?

Fraudio defines an outlier as any value that deviates from the mean by several standard deviations. The number of standard deviations required to define an outlier depends on the pattern of the data and is determined by our machine learning algorithms. As a result, a sequence is considered an outlier if one or more of its properties (such as average amount, failure rate, etc.) are outliers.

For example, the reason code "Detected an outlying sequence of transactions with a high maximum amount, out of all captures, when compared to the merchant's peer group" indicates that the transaction's maximum amount is significantly higher (by several standard deviations) than the mean of the peer group. In this case, both the mean and standard deviation are calculated based on the maximum amounts of the peer group.

Not every outlier should be considered fraudulent. By using domain knowledge and feedback from our clients, we train machine learning models to raise alerts for fraudulent (combinations of) outliers. What is considered fraudulent or suspicious can differ per client, so a continuous feedback loop between Fraudio and the end users of the product is essential.