Single-Site High-Risk (Identity Swapping)
Identity Swapping (also known as "The Front") is the most basic form of Payment Cloaking. The merchant operates a single domain but misrepresents the business nature to the payment processor during onboarding.
📝 Summary
- Technique: MCC Misclassification & Static Content Masking.
- Goal: Obtain a Merchant ID (MID) for a prohibited business by claiming to be a low-risk vertical.
- Risk Score: Critical (Instant Detection).
🏗 Technical Architecture
The architecture is flat. There is no separation between the high-risk content and the payment gateway integration.
mermaid
flowchart TD
User([User]) -->|Visit| Domain[Single Domain: my-shop.com]
subgraph Content[Content Delivery]
Domain -->|Real Content| Risk[Unlicensed Supplements]
Domain -->|Onboarding Content| Fake[Organic Vitamins]
end
Domain -->|Transaction| PG[Payment Gateway Integration]
style Risk fill:#b91c1c,stroke:#7f1d1d,color:#fff
style Fake fill:#15803d,stroke:#14532d,color:#fffBusiness Logic
- Application: Merchant applies as "Bob's Vitamin Shop" (MCC 5947).
- Website: The site actually sells unapproved weight loss pills.
- Processing: Transactions are processed directly on the site.
🕵️♂️ Detection & Risk Signals
Because the risk and the payment exist on the same URL, detection is trivial for automated crawlers.
1. Content Mismatch
- Signal: Crawler finds keywords like "iptv", "streaming", "crypto" on the domain registered as "Gifts".
- Probability: 100% (detected within 24 hours).
2. Visual Analysis
- Signal: Computer Vision (OCR) detects prohibited imagery (e.g., brand logos for unlicensed digital streams).
🏦 PSP Detection Probability
| Provider | Probability | Detection Analysis |
|---|---|---|
| Stripe | 99% | Very Strong. Automated continuous crawling detects keyword mismatches almost instantly. Uses OCR on product images. |
| PayPal | 95% | Very Strong. Extensive historical data and user dispute analysis. Quickly flags "Item Not as Described". |
| Adyen | 98% | Very Strong. Enterprise-grade crawling (Proteus) and manual pre-approval checks for high-risk sectors. |
| Shopify Payments | 99% | Very Strong. Deep visibility into the hosted storefront. Scans product catalog directly. |
| Square | 90% | Strong. Automated onboarding checks, though sometimes relies on post-transaction audits. |
| Checkout.com | 95% | Very Strong. Strict underwriting and periodic website scanning. |
| Worldpay | 85% | Strong. Corporate monitoring, though legacy systems can be slower to react than fintech-native crawlers. |
| Authorize.net | 60% | Medium. Legacy gateway model. Often relies on the ISO/Acquirer for risk monitoring rather than internal crawling. |
| Nuvei | 88% | Strong. High sensitivity to high-risk verticals; robust underwriting team. |
| Revolut Business | 92% | Very Strong. Aggressive compliance checks; often freezes accounts immediately upon keyword detection. |
| Klarna | 95% | Very Strong. BNPL providers heavily scrutinize item-level data (SKUs) to prevent financing prohibited goods. |
| Fiserv / First Data | 75% | Medium/Strong. Heavy reliance on chargeback ratios and manual audits rather than real-time crawlers. |
⚠️ Analyst Notes
This method is rarely used by sophisticated laundering rings because it burns the domain immediately. It is mostly seen with amateur fraudsters or naive merchants who don't understand prohibited categories.