Skip to content

Why Merchant Clusters Are a Threat to Your Merchant Portfolio

three hooded figures

LegitScript increasingly encounters groups of related merchants whose websites are nearly exact duplicates of each other. We refer to these merchant groups as clusters, and they pose a variety of threats to merchant portfolios. Keep reading to understand what they are, why they appear, and how you can spot them.

What are merchant clusters?

Cluster merchants will typically share similar merchant application details or characteristics that, under scrutiny, appear to be falsified or randomly generated. These shared details or characteristics may indicate that these accounts are controlled by a single entity. Oftentimes, merchants in a cluster appear innocuous at first glance; however, LegitScript analysts who investigate merchant clusters by identifying patterns or similarities across merchant application data, website templates, metadata, registrar information, and product offerings, often find them engaged in fraud, transaction laundering, or other problematic behavior.

Why watch out for merchant clusters?

Identifying clusters is increasingly important as merchants engaged in problematic activity often create accounts en masse as a way of load balancing. Clusters of merchant accounts can be highly profitable for fraudsters, who can use them for transaction laundering, card testing, card cashing, and other forms of fraud.

Merchant Clusters and Synthetic Identity Fraud

Merchant clusters often engage in synthetic identity fraud — a combination of genuine and fabricated details to make account applications appear genuine. Synthetic identity fraud differs from traditional identity fraud in a few key ways. With traditional identity fraud, a criminal pretends to be another person — using all of the victim’s stolen information — to gain access to his or her credit. With synthetic identity fraud, a criminal uses a blend of real and falsified information to establish a credit record under a new synthetic identity. Read more about this tactic in our Synthetic Identity Fraud Guide.


two laptops showing a car website

An example of two websites that were part of the same merchant cluster

Merchant Cluster Case Study

The two websites featured above appear nearly identical, save for a slight variation in their names (Car Kalama and Car Kalema, respectively). Because of their striking similarities, LegitScript analysts researched these websites and discovered that they had similar authoritative domains, merchant names, website titles, and merchant email addresses. Analysts also identified additional websites that appeared to be part of the same cluster. Further analysis suggested that the accounts were being used for transaction laundering.

Want to learn about other high-risk trends?

The payments risk and compliance space is dynamic — it must constantly adapt to advancing technologies, changing regulations, criminal innovation, and new products. Navigating this ever-shifting landscape can be both difficult and time- consuming. In our fully updated guide, LegitScript shares new high-risk trends in card-not-present transactions that all payment service providers should avoid. Click the image below to get yours.

cover of high-risk trends guide

Recent Blog Articles

Synthetic identity fraud

What You Need to Know About Synthetic Identity Fraud

LegitScript noticed an increase in the sale of fraudulent document services, including fake IDs, synthetic identities, and artificial intelligence (AI) passport photo generators. Read further to understand how this trend appears to align with an emergence of more effective methods of stealing and fa...
proposed changes to DSHEA

Proposed Changes to DSHEA Could Impact You — Here’s How

According to the Pew Research Center, many US consumers believe that the current regulatory authority of the Food and Drug Administration (FDA) doesn't adequately protect them. Read further to discover the potential impact of the FDA's proposed changes to the Dietary Supplement Health and Education...

Problematic Product Spotlight: Tainted Royal Honey

Products Claiming to Enhance Sexual Performance Have Experienced a Surge in Popularity No longer relegated to the shelves of gas stations and corner stores, dietary supplements or other products claiming to enhance sexual performance have experienced a surge in popularity within e-commerce marketpla...
LegitScript updates advisory committee policies and seeks to invite new members.

LegitScript Relaunches Its Addiction Treatment Certification Advisory Committee — and Seeks New Members

In an effort to strengthen avenues of communication and identify opportunities for optimizing the client journey, LegitScript is relaunching its Addiction Treatment Certification Advisory Committee. Keep reading to learn how this may impact you. LegitScript Bolsters Collaboration Efforts With Organi...