Reseller Aggregation

Reseller Aggregation involves a single master merchant account acting as a payment front for multiple unauthorized "shadow merchants" or affiliates, effectively functioning as an unlicensed Payment Facilitator (PayFac).

📝 Short Summary

Scenario: A "Digital Marketplace" selling generic e-books or plugins. In reality, it allows 50 different unauthorized sellers to process payments for their own (potentially high-risk) goods through one account.
Business Motivation: To provide payment processing to merchants who cannot get their own accounts (due to risk or location). The Aggregator takes a % fee.
Key Deception: Hiding multiple distinct businesses behind a single Merchant ID (MID).

🏗 Technical Architecture

Frontend Behavior (Customer View)

Site A, B, C: Users may visit different landing pages (affiliate sites) that look different.
Checkout: All sites redirect to the Aggregator's checkout page pay.aggregator-site.com.
Descriptor: Bank statement shows AGGREGATOR*DIGITAL.

Backend Behavior (PSP View)

Velocity: Extremely high and erratic (aggregate of 50 businesses).
Chargebacks: Diverse reason codes (some for fraud, some for quality, some for delivery).
IP Diversity: Refunds/Logins come from many different locations (the shadow merchants managing their sub-orders).

🕵️‍♂️ Detection Challenges

Master Merchant Veneer: The account holder claims to be a "Platform" or "Marketplace" (which is allowed if registered). They hide the fact that they are unvetted.
Dilution: High-quality traffic from legitimate resellers dilutes the bad traffic from high-risk resellers, keeping the overall fraud rate under 1%.

🏦 PSP Detection Probability

Provider	Probability	Detection Analysis
Mastercard/Visa	95%	Very Strong. GBPP (Global Brand Protection Program) monitors for unlicensed aggregation. Fines are massive ($25k+).
Stripe	90%	Very Strong. "Connect" platform rules are strict. Detecting "nested aggregation" on a standard account triggers immediate closure.
PayPal	85%	Strong. Flags accounts receiving funds that are immediately mass-paid out to hundreds of other PayPal accounts.
Adyen	88%	Strong. Uses "Shopper DNA" to see if unrelated customer clusters are buying from the same MID.
Worldpay	80%	Strong. Corporate risk teams look for "Factoring" (processing for others), a cardinal sin in merchant agreements.

🛡️ Recommended Detection Strategies

1. Chargeback Heterogeneity

Analyze the variance in chargeback comments/reasons.

Signal: One MID receiving "Item not received" (Physical goods signal) AND "Login failed" (Digital goods signal) AND "Subscription not cancelled" (SaaS signal).
Reasoning: A single business rarely has such conflicting dispute patterns.

2. Descriptor Mismatch Reports

Signal: Customers complaining "I didn't buy from AGGREGATOR, I bought from SUPER-SEO-TOOLS".
Action: Parse dispute comments for names of websites other than the registered URL.

3. Defensive Pseudocode (Anomaly Detection)

sql

-- Example: Detect distinct business clusters within one MID via soft descriptor analysis
-- (Assuming the merchant tries to use dynamic descriptors to help customers)

SELECT 
    merchant_id,
    COUNT(DISTINCT dynamic_descriptor) as unique_descriptors,
    COUNT(*) as total_txns
FROM transactions
WHERE date > NOW() - INTERVAL '30 days'
GROUP BY merchant_id
HAVING unique_descriptors > 10
AND total_txns / unique_descriptors > 50; -- Significant volume per sub-descriptor

-- If a single merchant has >10 distinct "Doing Business As" names in descriptors,
-- they are likely an unlicensed aggregator.

Reseller Aggregation ​

📝 Short Summary ​

🏗 Technical Architecture ​

Frontend Behavior (Customer View) ​

Backend Behavior (PSP View) ​

🕵️‍♂️ Detection Challenges ​

🏦 PSP Detection Probability ​

🛡️ Recommended Detection Strategies ​

1. Chargeback Heterogeneity ​

2. Descriptor Mismatch Reports ​

3. Defensive Pseudocode (Anomaly Detection) ​