White Label
Custom payment solutions
Unlock business growth with custom payment solutions tailored to your needs. Discover secure, flexible options for seamless transactions today.
-
Solutions
European Banks
A ready-to-use white-label payment processing solution under your brand
Low-Risk PSPs
The ultimate white-label payment gateway for low-risk PSPs
iGaming and Forex
Built for high-risk. tuned for high approve rates. Fully Branded as Yours.
- Resources
From merchants activation to transaction analysis. How to protect your business using simple rules and features of the payment processing platform?
July 23, 2025, 12:07 p.m.
Monitoring and Controlling Merchant Transactions on a Payment Processing Platform
Monitoring and controlling transactions of online merchants connected to a payment processing platform is an integral part of the daily routine of any payment service provider who cares about the safety of their business. And by this we don’t mean protection of online merchants from fraudulent payments which is also very important in itself.
We mean security measures undertaken by the company, for protection against intentional or unintentional actions of their online merchants that might cause minor or major troubles.
The world is not perfect. And, despite the fact that most Internet merchants are honest entrepreneurs, e-commerce is still full of adventurers, swindlers, and simply irresponsible individuals who willingly receive money from buyers, but don’t always fulfill their obligations.
Providing services of online payment accepting and processing to such Internet merchants can result for a payment service provider in financial losses, severance of relations with acquiring partners and unpleasant conversations with law enforcement authorities.
Naturally, most dubious and suspicious Internet merchants are barred at the stage of their applying for the service owing to the well-known rule in payment industry “know your customer”. But no matter how well your risk manager exercises due diligence, you still need to monitor carefully and check each merchant connected to the system later on.
When one deals with cash flows, one should always be slightly paranoid. The payment service provider should constantly monitor their merchants throughout the service to detect as soon as possible if something goes wrong and to take timely corrective measures.
Signs of problems. Start monitoring your online merchants’ transactions
The payment service should begin exercising control over their Internet merchants with monitoring their transactions. Believe us, the constantly growing array of data constituted by payment transactions, refunds and chargebacks of an Internet merchant, is a great source of information about their current activities, provided you know what to look for.
A payment service provider should constantly monitor the level of refund and chargeback transactions for each integrated online store. If the number of such transactions exceeds some specified amount, it is clear that something is not right. It’s just because buyers and customers who are satisfied with the purchased product or service, do usually not ask for a refund.
Another alarming symptom is when payments do not coincide with the variety of prices on the corresponding web-site. In 99% of cases this behavior means aggregation. Simply put, the Internet merchant uses the processing system to accept money for something different than what they claimed when connecting to the payment service. It usually means something illegal.
Attempts by an Internet merchant to accept a relatively large number of payments over a short period from different customers holding different cards issued by the same bank (determined by the card's BIN). Typically, this means that:
- Either it is a cybercriminal who somehow managed to connect to the processing system and is now trying to “cash out” money from stolen bank payment cards;
- or it is a respectable Internet merchant who fell victim to carders, seeking to do the same.
Of course, there is a chance of a legitimate promotion, but until you know for sure, the situation requires special attention.
A real-life example:
Carders once tried to use a bunch of credit cards issued by a British Bank in one small online store from Estonia.
You can and should track such situational patterns not only by BIN, but also by many other transactional characteristics: the buyer’s email, name, phone number, IP address, and so on.
In reality, there are many more transaction behavioral patterns that might signal a potentially dangerous situation. It is simply impossible to track and locate them manually. That is why modern, advanced processing systems have built-in tools to monitor and analyze transactions automatically in real-time and notify the risk manager immediately in case of detecting anything suspicious.
Important capabilities of the payment processing platform. Detect, block and decline unwelcome transactions based on predefined characteristics
Transactional pattern analysis is only a part of the measures available. Another important component is the ability of the processing system to detect, block or decline unwelcome transactions of their online merchants based on predefined characteristics.
The characteristics are numerous:
- The presence of the bank card or the buyer in so-called “black lists”, which the processing system must support.
- An attempt to pay from a high-risk country with a high probability of subsequent chargebacks.
- A simply suspicious transaction, when the IP address is in one country, the billing address is in another, and the issuing bank is in a third country.
Consequently, the appropriate tools in the processing system of a payment service provider should have quite flexible settings to work effectively.
beProtected: A Powerful Risk Management Tool
beGateway, a white label payment gateway solution, features such a monitoring tool to control online merchants: beProtected, a risk management and anti-fraud system. Being part of beGateway, beProtected can be used as a separately installed software that works with any processing system.
beProtected can work with more than 40 transaction characteristics, including BIN and digital fingerprint of the device used for the transaction. It allows risk managers to create transactional analysis and validation rules in the format of “If …, then …”. This format enables to describe virtually any situation requiring a risk manager’s reaction, and to program the system for immediate notification.
Risk managers should also be able to export transaction data in a file for subsequent work. BeGateway can export all transaction information into MS Excel file format.
Flexible account activation and deactivation of a merchants and their online stores
Finally, there is one more thing we would like to mention: activation and deactivation of a merchant account and their online stores in the processing system. Most systems offer only two statuses:
- “Enabled”, i.e. all operations are allowed.
- “Disabled” which means any transaction type is completely banned.
Based on the experience of our clients, we know that such a binary approach is not very convenient. Sometimes you need more flexibility.
The beGateway platform provides this flexibility. It can restrict admission of new online store payments, but leave the opportunity to conduct refunds. Or ban any transaction types for the Internet merchant, but leave this option for the payment service provider staff. Or allow the online merchant to log in the back office only to get statistical information on the transactions, but ban doing anything else.
Full control exercised by the payment service provider over their Internet merchants and their transactions is the foundation of business security.
Respectfully, eComCharge Team
eComCharge develops and delivers the PCI DSS Level 1 certified White Label Payment Platform beGateway for Payment Service Providers and Acquirers.
Relevant articles
Oct. 17, 2024, 9:37 a.m.
The Case from Our Experience: Teaching Smart Routing to Avoid Unnecessary “Push-ups”
