Monitoreo de Merchants

Introducción

El monitoreo de merchants es crítico para adquirentes, sub-adquirentes y procesadores de pago. gu1 te permite detectar fraude de comerciantes, patrones de chargebacks, phishing, y comportamientos sospechosos en tiempo real.

Casos de Uso

Chargeback Prevention

Detecta merchants con altos índices de contracargos antes de que escalen

Merchant Fraud

Identifica esquemas de fraude perpetrados por comerciantes

Phishing Detection

Detecta sitios de phishing que imitan merchants legítimos

Compliance Monitoring

Monitorea cumplimiento de términos y condiciones del adquirente

Patrones Detectables

1. Chargeback Rate Monitoring

Monitoreo continuo de la tasa de chargebacks por merchant. Indicadores:

Tasa de chargeback > 1% (umbral VISA/Mastercard)
Incremento súbito en disputas
Patrones de chargebacks por tipo de producto

Regla de Ejemplo:

{
  "name": "High Chargeback Rate Alert",
  "category": "merchant_risk",
  "priority": 900,
  "enabled": true,
  "evaluationMode": "async",
  "targetEntityTypes": ["transaction"],
  "conditions": {
    "operator": "AND",
    "conditions": [
      {
        "field": "metadata.merchantChargebackRate30d",
        "operator": "GREATER_THAN",
        "value": 0.01
      },
      {
        "field": "metadata.merchantTransactionCount30d",
        "operator": "GREATER_THAN",
        "value": 100
      }
    ]
  },
  "actions": [
    {
      "type": "generate_alert",
      "config": {
        "severity": "high",
        "type": "high_chargeback_rate",
        "message": "Merchant {{destinationEntityId}} has chargeback rate of {{metadata.merchantChargebackRate30d}}%"
      }
    },
    {
      "type": "create_investigation",
      "config": {
        "priority": "high",
        "assignToTeam": "merchant_compliance",
        "requiresReview": true
      }
    }
  ]
}

2. Transaction Velocity - Merchant Side

Detecta picos inusuales de transacciones que pueden indicar fraude.

{
  "name": "Merchant Transaction Spike",
  "category": "merchant_risk",
  "priority": 850,
  "enabled": true,
  "evaluationMode": "async",
  "targetEntityTypes": ["transaction"],
  "conditions": {
    "operator": "AND",
    "conditions": [
      {
        "field": "metadata.merchantTransactionsLast1h",
        "operator": "GREATER_THAN",
        "value": "{{metadata.merchantAvgTransactionsPerHour * 5}}"
      },
      {
        "field": "metadata.merchantAverageTicket",
        "operator": "LESS_THAN",
        "value": "{{amount * 0.3}}"
      }
    ]
  },
  "actions": [
    {
      "type": "generate_alert",
      "config": {
        "severity": "medium",
        "type": "merchant_velocity_spike",
        "message": "Merchant transaction velocity 5x higher than average"
      }
    }
  ]
}

3. Card Testing Through Merchant

Detecta cuando un merchant está siendo usado para testear tarjetas robadas.

{
  "name": "Card Testing via Merchant",
  "category": "fraud",
  "priority": 950,
  "enabled": true,
  "evaluationMode": "sync",
  "targetEntityTypes": ["transaction"],
  "conditions": {
    "operator": "AND",
    "conditions": [
      {
        "field": "metadata.merchantFailedTransactionsLast1h",
        "operator": "GREATER_THAN",
        "value": 20
      },
      {
        "field": "metadata.merchantUniqueCardsLast1h",
        "operator": "GREATER_THAN",
        "value": 15
      },
      {
        "field": "amount",
        "operator": "LESS_THAN",
        "value": 10
      },
      {
        "field": "metadata.merchantFailureRate1h",
        "operator": "GREATER_THAN",
        "value": 0.7
      }
    ]
  },
  "actions": [
    {
      "type": "generate_alert",
      "config": {
        "severity": "critical",
        "type": "card_testing_merchant",
        "message": "Merchant {{destinationEntityId}} under card testing attack"
      }
    },
    {
      "type": "set_decision",
      "config": {
        "decision": "HOLD",
        "reason": "Merchant experiencing card testing attack"
      }
    }
  ]
}

4. Merchant Descriptor Mismatch

Detecta cuando el descriptor de la transacción no coincide con el merchant registrado (posible phishing).

{
  "name": "Descriptor Mismatch - Phishing",
  "category": "fraud",
  "priority": 900,
  "enabled": true,
  "evaluationMode": "sync",
  "targetEntityTypes": ["transaction"],
  "conditions": {
    "operator": "AND",
    "conditions": [
      {
        "field": "metadata.descriptorSimilarity",
        "operator": "LESS_THAN",
        "value": 0.5
      },
      {
        "field": "metadata.merchantVerified",
        "operator": "EQUALS",
        "value": true
      },
      {
        "field": "metadata.descriptorReported",
        "operator": "EQUALS",
        "value": true
      }
    ]
  },
  "actions": [
    {
      "type": "generate_alert",
      "config": {
        "severity": "critical",
        "type": "descriptor_mismatch",
        "message": "Transaction descriptor '{{metadata.transactionDescriptor}}' does not match merchant name '{{destinationEntityName}}'"
      }
    },
    {
      "type": "set_decision",
      "config": {
        "decision": "REJECT",
        "reason": "Possible phishing - descriptor mismatch"
      }
    }
  ]
}

5. Sudden Business Model Change

Detecta cambios abruptos en el patrón de transacciones del merchant.

{
  "name": "Merchant Business Model Change",
  "category": "merchant_risk",
  "priority": 800,
  "enabled": true,
  "evaluationMode": "async",
  "targetEntityTypes": ["transaction"],
  "conditions": {
    "operator": "AND",
    "conditions": [
      {
        "field": "mccCode",
        "operator": "NOT_IN",
        "value": "{{metadata.merchantHistoricalMccCodes}}"
      },
      {
        "field": "metadata.merchantAgeInDays",
        "operator": "GREATER_THAN",
        "value": 90
      },
      {
        "field": "amount",
        "operator": "GREATER_THAN",
        "value": "{{metadata.merchantAvgTicket * 3}}"
      }
    ]
  },
  "actions": [
    {
      "type": "generate_alert",
      "config": {
        "severity": "medium",
        "type": "business_model_change",
        "message": "Merchant using new MCC code {{mccCode}}, typical codes: {{metadata.merchantHistoricalMccCodes}}"
      }
    }
  ]
}

6. Cross-Border Merchant Fraud

Detecta merchants que procesan muchas transacciones internacionales sospechosas.

{
  "name": "Cross-Border Merchant Risk",
  "category": "merchant_risk",
  "priority": 850,
  "enabled": true,
  "evaluationMode": "async",
  "targetEntityTypes": ["transaction"],
  "conditions": {
    "operator": "AND",
    "conditions": [
      {
        "field": "metadata.merchantCountry",
        "operator": "NOT_EQUALS",
        "value": "{{metadata.cardIssuingCountry}}"
      },
      {
        "field": "metadata.merchantCrossBorderRate30d",
        "operator": "GREATER_THAN",
        "value": 0.8
      },
      {
        "field": "metadata.merchantChargebackRate30d",
        "operator": "GREATER_THAN",
        "value": 0.005
      },
      {
        "field": "metadata.merchantIsHighRisk",
        "operator": "EQUALS",
        "value": true
      }
    ]
  },
  "actions": [
    {
      "type": "generate_alert",
      "config": {
        "severity": "high",
        "type": "cross_border_merchant_risk",
        "message": "High-risk merchant with 80%+ cross-border transactions and elevated chargebacks"
      }
    }
  ]
}

7. Refund Abuse Pattern

Detecta merchants con patrones anormales de reembolsos que pueden indicar fraude.

{
  "name": "Merchant Refund Abuse",
  "category": "merchant_risk",
  "priority": 800,
  "enabled": true,
  "evaluationMode": "async",
  "targetEntityTypes": ["transaction"],
  "conditions": {
    "operator": "AND",
    "conditions": [
      {
        "field": "type",
        "operator": "EQUALS",
        "value": "REFUND"
      },
      {
        "field": "metadata.merchantRefundRate30d",
        "operator": "GREATER_THAN",
        "value": 0.15
      },
      {
        "field": "metadata.merchantRefundAmount30d",
        "operator": "GREATER_THAN",
        "value": "{{metadata.merchantSalesAmount30d * 0.1}}"
      }
    ]
  },
  "actions": [
    {
      "type": "generate_alert",
      "config": {
        "severity": "medium",
        "type": "refund_abuse",
        "message": "Merchant refund rate {{metadata.merchantRefundRate30d}}% exceeds 15% threshold"
      }
    }
  ]
}

Workflow de Monitoreo

Métricas Clave por Merchant

Métricas de Transacciones

{
  "merchantMetrics": {
    "transactionVolume": {
      "last24h": 1250,
      "last7d": 8500,
      "last30d": 35000
    },
    "transactionAmount": {
      "last24h": 125000.00,
      "last7d": 850000.00,
      "last30d": 3500000.00
    },
    "averageTicket": {
      "current": 100.00,
      "last30d": 95.50,
      "change": "+4.7%"
    },
    "transactionVelocity": {
      "perHour": 52,
      "perDay": 1250,
      "trend": "increasing"
    }
  }
}

Métricas de Riesgo

{
  "riskMetrics": {
    "chargebackRate": {
      "last30d": 0.008,
      "last90d": 0.006,
      "threshold": 0.01
    },
    "refundRate": {
      "last30d": 0.05,
      "industry_average": 0.08
    },
    "failureRate": {
      "last24h": 0.03,
      "last7d": 0.02,
      "normal_range": "0.01-0.05"
    },
    "crossBorderRate": {
      "last30d": 0.45,
      "countries": 15
    }
  }
}

Métricas de Fraude

{
  "fraudMetrics": {
    "cardTestingAttempts": {
      "last24h": 0,
      "last7d": 2,
      "blocked": 2
    },
    "suspiciousPatterns": {
      "velocitySpikes": 1,
      "descriptorMismatches": 0,
      "unusualGeoPatterns": 3
    },
    "riskScore": {
      "current": 45,
      "trend": "stable",
      "lastUpdated": "2024-10-28T14:00:00Z"
    }
  }
}

Configuración por Tipo de Adquirente

Para Adquirentes Grandes

{
  "merchantMonitoring": {
    "tier": "enterprise_acquirer",
    "rules": {
      "chargebackThreshold": 0.009,
      "reviewInterval": "daily",
      "alertSeverity": "medium",
      "autoBlockEnabled": false
    },
    "monitoring": {
      "cardTestingProtection": true,
      "velocityMonitoring": true,
      "crossBorderAnalysis": true,
      "mccCodeEnforcement": true
    },
    "teams": {
      "merchantCompliance": ["team_compliance_001"],
      "fraudPrevention": ["team_fraud_002"]
    }
  }
}

Para Sub-Adquirentes / ISOs

{
  "merchantMonitoring": {
    "tier": "sub_acquirer",
    "rules": {
      "chargebackThreshold": 0.01,
      "reviewInterval": "weekly",
      "alertSeverity": "high",
      "autoBlockEnabled": true,
      "autoBlockThreshold": 0.02
    },
    "monitoring": {
      "cardTestingProtection": true,
      "velocityMonitoring": true,
      "crossBorderAnalysis": false,
      "mccCodeEnforcement": false
    },
    "limits": {
      "maxTransactionVolume30d": 500000,
      "maxAverageTicket": 1000,
      "maxCrossBorderRate": 0.3
    }
  }
}

Para Payment Facilitators

{
  "merchantMonitoring": {
    "tier": "payment_facilitator",
    "rules": {
      "chargebackThreshold": 0.008,
      "reviewInterval": "real_time",
      "alertSeverity": "critical",
      "autoBlockEnabled": true,
      "requiresManualReview": true
    },
    "monitoring": {
      "cardTestingProtection": true,
      "velocityMonitoring": true,
      "crossBorderAnalysis": true,
      "mccCodeEnforcement": true,
      "descriptorMonitoring": true,
      "phishingDetection": true
    },
    "onboarding": {
      "enhancedDueDiligence": true,
      "initialMonitoringPeriod": 90,
      "restrictedMccCodes": ["5967", "7995", "6211"]
    }
  }
}

Detección de Phishing

Indicadores de Phishing

Descriptor Mismatch: Nombre en el estado de cuenta no coincide con merchant registrado
URL Similarity: Dominio muy similar a merchant legítimo (ej: amaz0n.com)
Sudden Spikes: Merchant nuevo con volumen anormalmente alto
High Dispute Rate: Chargebacks inmediatos tras la transacción
Geo Anomalies: Merchant registrado en país diferente al sitio web

Regla Anti-Phishing Completa

{
  "name": "Comprehensive Phishing Detection",
  "category": "fraud",
  "priority": 950,
  "enabled": true,
  "evaluationMode": "sync",
  "targetEntityTypes": ["transaction"],
  "conditions": {
    "operator": "OR",
    "conditions": [
      {
        "operator": "AND",
        "conditions": [
          {
            "field": "metadata.merchantDomainSimilarity",
            "operator": "GREATER_THAN",
            "value": 0.8
          },
          {
            "field": "metadata.merchantDomainAge",
            "operator": "LESS_THAN",
            "value": 30
          }
        ]
      },
      {
        "operator": "AND",
        "conditions": [
          {
            "field": "metadata.descriptorReportCount",
            "operator": "GREATER_THAN",
            "value": 5
          },
          {
            "field": "metadata.merchantAgeInDays",
            "operator": "LESS_THAN",
            "value": 60
          }
        ]
      },
      {
        "operator": "AND",
        "conditions": [
          {
            "field": "metadata.merchantChargebackRate7d",
            "operator": "GREATER_THAN",
            "value": 0.5
          },
          {
            "field": "metadata.merchantTransactionCount7d",
            "operator": "GREATER_THAN",
            "value": 20
          }
        ]
      }
    ]
  },
  "actions": [
    {
      "type": "generate_alert",
      "config": {
        "severity": "critical",
        "type": "suspected_phishing",
        "message": "Merchant {{destinationEntityId}} shows multiple phishing indicators"
      }
    },
    {
      "type": "set_decision",
      "config": {
        "decision": "HOLD",
        "reason": "Suspected phishing site - requires manual review"
      }
    },
    {
      "type": "create_investigation",
      "config": {
        "priority": "critical",
        "assignToTeam": "fraud_prevention",
        "requiresImmediateAction": true
      }
    }
  ]
}

Best Practices

✅ Recomendaciones

Onboarding Riguroso
- Verifica identidad del merchant antes de activar
- Establece límites iniciales conservadores
- Período de monitoreo intensivo (30-90 días)
Monitoreo Continuo
- Revisa métricas diarias de merchants de alto riesgo
- Establece alertas automáticas para cambios abruptos
- Mantén histórico de patrones de comportamiento
Comunicación Clara
- Notifica a merchants sobre límites y reglas
- Provee feedback cuando se detectan patrones sospechosos
- Documenta todas las acciones tomadas
Escalación Apropiada
- Define umbrales claros para cada nivel de severidad
- Establece SLAs por tipo de alerta
- Involucra legal/compliance en casos críticos
Balance Riesgo-Negocio
- No bloquees merchants legítimos sin investigación
- Permite crecimiento gradual de merchants buenos
- Ajusta reglas basado en falsos positivos

❌ Errores Comunes

Bloqueo Automático Agresivo
- No bloquees sin revisión manual en casos dudosos
- Merchants legítimos pueden tener picos estacionales
Ignorar Contexto
- Black Friday, Cyber Monday tienen patrones diferentes
- Merchants B2B tienen tickets más altos naturalmente
Thresholds Estáticos
- Ajusta umbrales según industria y tamaño
- Lo que es normal para un merchant grande es sospechoso para uno pequeño
Falta de Documentación
- Documenta todas las decisiones de bloqueo
- Reguladores pueden pedir evidencia de due diligence

KPIs del Programa de Monitoreo

{
  "programKPIs": {
    "merchantPortfolio": {
      "totalActiveMerchants": 1250,
      "highRiskMerchants": 45,
      "underReview": 12,
      "suspended": 8
    },
    "fraudPrevention": {
      "fraudAttemptsPrevented30d": 127,
      "estimatedLossesPrevented": 245000.00,
      "falsePositiveRate": 0.08,
      "timeToDetection": "4.2 hours"
    },
    "compliance": {
      "chargebackRatePortfolio": 0.007,
      "merchantsAboveThreshold": 3,
      "merchantsTerminated30d": 2,
      "avgInvestigationTime": "18 hours"
    },
    "efficiency": {
      "alertsGenerated30d": 450,
      "alertsReviewed": 445,
      "truePositives": 89,
      "falsePositives": 356,
      "precision": 0.20
    }
  }
}

Integración con Intelligence Dashboard

Todas las alertas de merchants se consolidan automáticamente en el Intelligence Dashboard:

Casos por Merchant: Un caso por merchant bajo investigación
Alertas Agrupadas: Todas las alertas del merchant en un solo lugar
Timeline de Eventos: Historial completo de comportamiento
Decisiones Documentadas: Registro de acciones tomadas
Colaboración: Equipos pueden trabajar juntos en casos complejos

Próximos Pasos

Overview

Visión general del sistema de monitoreo

Detección de Fraude

Protege contra fraude en tiempo real

Monitoreo AML

Cumplimiento regulatorio y detección de lavado

API Reference

Documentación completa del endpoint

Comenzando

Referencia API

Ingesta de Datos

Entidades

Documentos

Conozca Su Negocio (KYB)

Conozca Su Cliente (KYC)

Monitoreo de Transacciones

Tutoriales Interactivos

​Introducción

​Casos de Uso

Chargeback Prevention

Merchant Fraud

Phishing Detection

Compliance Monitoring

​Patrones Detectables

​1. Chargeback Rate Monitoring

​2. Transaction Velocity - Merchant Side

​3. Card Testing Through Merchant

​4. Merchant Descriptor Mismatch

​5. Sudden Business Model Change

​6. Cross-Border Merchant Fraud

​7. Refund Abuse Pattern

​Workflow de Monitoreo

​Métricas Clave por Merchant

​Métricas de Transacciones

​Métricas de Riesgo

​Métricas de Fraude

​Configuración por Tipo de Adquirente

​Para Adquirentes Grandes

​Para Sub-Adquirentes / ISOs

​Para Payment Facilitators

​Detección de Phishing

​Indicadores de Phishing

​Regla Anti-Phishing Completa

​Best Practices

​✅ Recomendaciones

​❌ Errores Comunes

​KPIs del Programa de Monitoreo

​Integración con Intelligence Dashboard

​Próximos Pasos