​

RSD — Risk Science Documentation ​

RSD is a specialized educational resource dedicated to understanding Payment Cloaking—the deceptive techniques used by high-risk merchants to bypass underwriting and fraud monitoring systems.

This documentation focuses on the technical mechanics of Merchant Category Obfuscation, Website Spoofing, and Transaction Masking.

🎭 What is Payment Cloaking? ​

Payment Cloaking refers to the set of technologies and operational behaviors employed by merchants to disguise the true nature of their business from Payment Service Providers (PSPs), Acquirers, and Card Schemes.

Unlike traditional fraud (stolen cards), the merchant here is often the "bad actor," attempting to process payments for prohibited or high-risk goods (e.g., pharmaceuticals, adult content, unlicensed gambling) by presenting themselves as a low-risk business (e.g., clothing retail, digital marketing, or tech support).

Core Evasion Techniques:

• Content Swapping: Dynamically serving a compliant "Safe Page" to auditors while showing the "Money Page" to real customers.
• MCC Misclassification: Intentionally registering under a low-risk Merchant Category Code (e.g., 5968 - Direct Marketing) to avoid scrutiny.
• Proxy Merchants: Using a network of shell companies to disperse volume and hide chargeback spikes.

🛡 Why It Matters for PSPs & Banks ​

For acquiring banks and payment processors, undetected Payment Cloaking creates significant systemic risk:

1. Scheme Violations: Processing prohibited transactions can lead to massive fines from Visa/Mastercard (BRAM/GBPP programs).
2. Regulatory Action: Facilitating unregulated industries can trigger audits and license revocation.
3. Credit Risk: High-risk merchants often suffer from sudden collapse or excessive chargebacks, leaving the acquirer liable.

📚 Common Cloaking Models ​

We break down the architecture of evasion:

1. Multi-Site Funnels ​

The "Hub and Spoke" model where multiple high-risk landing pages feed traffic into a single, seemingly clean payment gateway URL via background redirects.

2. Bridge Websites ​

Intermediate "clean" sites that exist solely to justify the existence of a merchant account. These sites often have generic inventory, broken links, or "dummy" checkout flows.

3. Suggested & Subtle Scenarios ​

Advanced semantic evasion techniques such as Soft Brand Mismatch, Platform-Inside-Platform, and Reseller Aggregation.

🎯 Who This Documentation Is For ​

• Payment Risk Analysts: To recognize the subtle signs of a cloaked merchant during manual review.
• Underwriting Teams: To validate if a new merchant application matches their actual web footprint.
• Fraud Engineers: To build automated crawlers and scoring models that detect content mismatches.
• Compliance Reviewers: To understand how "clean" websites can hide "dirty" transactions.

⚠️ Disclaimer ​

Educational Purpose Only

This project is designed to educate security professionals, risk architects, and compliance teams on defense strategies against payment abuse. The techniques described herein are for detection, analysis, and prevention purposes only. We do not condone, support, or encourage any form of payment fraud, laundering, or illegal commerce.