Payment Cloaking Scenarios
High-risk merchants employ a spectrum of evasion techniques, ranging from crude redirect methods to sophisticated, API-driven obfuscation networks.
This section dissects these methodologies, analyzing their technical architecture, detection signals, and risk scores.
🧬 Topology Classification
We categorize scenarios by complexity and obfuscation level.
Level 1: Direct Evasion (Low Complexity)
- Single-Site High-Risk: Misclassifying MCC on a single domain.
- Manual Payment Links: Bypassing the website entirely via WhatsApp/Email invoices.
Level 2: Redirect & Masking (Medium Complexity)
- Two-Site Redirect: Separating the storefront from the payment gateway via frontend redirects.
- API-Driven Cloaking: Server-to-server checkout generation to hide the referrer.
Level 3: Network Obfuscation (High Complexity)
- Bridge Networks: Hub-and-spoke models with intermediate "Bridge" sites.
- Device & Geo Cloaking: Targeted content swapping based on User-Agent and IP reputation.
📊 Comparative Risk Analysis
| Scenario | Technical Cost | Detection Difficulty | Primary Risk |
|---|---|---|---|
| Single-Site | Low | Low | Instant Ban |
| Two-Site Redirect | Low | Medium | Referrer Leaks |
| API Cloaking | Medium | High | Behavioral Analysis |
| Bridge Network | High | High | Network Clustering |
| Device Cloaking | High | Very High | Sandbox Evasion |
🧠 Risk Engine Capabilities
Modern PSPs (Stripe, Adyen, PayPal) utilize different layers of detection for these scenarios:
- Stripe: Heavily relies on Shadow Crawling and JS Telemetry (Stripe.js) to fingerprint the origin page.
- Adyen: Focuses on MCC Consistency and Shopper DNA (Graph Analysis).
- PayPal: Uses massive historical data to detect Account Linking and Velocity Anomalies.