In the spring of 2020, COVID-19 transformed fear into a marketplace. Search results and social posts pointed people to offers of at-home tests, vaccines or even cures — none of which existed. The online shop fronts looked credible, including the checkout button ready to make payment.
Unlike the tests, vaccines and “cures,” that button actually worked - because it was a scam.
The pandemic-era surge in digital commerce and the growth of digital payments helped millions of legitimate businesses move online fast and gave people a convenient, safe way to shop from home. But the same tools that help a real Retailer launch quickly — out-of-the-box templates, targeted ads, easy payment acceptance — also made it simpler for criminals to set up fake shop fronts. And in the years since, technology like generative AI has made it even harder for consumers to detect them, thanks to deepfake videos from non-existent satisfied customers, rafts of glowing testimonials generated from a single prompt and professional-grade websites and ads.
These scam merchants lure shoppers with hard-to-find items or unbelievably low prices, then take the money — sometimes delivering a low-grade counterfeit, often nothing at all — and disappear. This is a fake business problem, but it can turn into a stolen card problem. Some of these shop fronts also serve as phishing expeditions, with scammers harvesting card information to make fraudulent purchases of their own or reselling the card details on the dark web. Consumers lost $442 billion worldwide to online scams, according to the Global Anti-Scam Alliance's "Global State of Scams 2025" report.
“Digital commerce only works when people trust what’s on the other side of the screen,” says Ann Johnson, executive vice president of Security Solutions at Mastercard. “If we let scammers keep posing as legitimate businesses, we don’t just lose money — we lose confidence. We need to secure this trust for the good of the entire digital ecosystem: from consumers to banks and the honest retailers who are trying to grow.”
The challenge of AI-driven cyberattacks isn’t only the scale, but the speed at which scam retailers set up shop, with traditional warning signals arriving too late and the sheer volume of newly created businesses overwhelming early checks.
That’s the thinking behind Mastercard Retailer Trust Services, a new strategy for harnessing the company’s network-wide intelligence, advanced cyber and identity capabilities and real-time analytics to provide intelligence to distinguish legitimate retailers from risky ones, both online and in store.
Retailer Trust Services, announced ahead of Mastercard's cybersecurity conference RiskX in Singapore, Mastercard’s cybersecurity, risk and innovation leadership forum, helps acquirers — the banks that service retailers — and payment service providers root out scam retailers during the time-consuming and expensive process of onboarding retailers, stopping them from opening their digital doors or in the early stages of their “business.”
The fallout from scam retailers also affects issuers, the cardholders’ banks, which carry the burden of consumer complaints, the dispute resolution process and the cost of replacing compromised cards. Mastercard is also launching Retailer Scam & Risk Indicator (MSRI), which provides issuers with Retailer risk signals during authorisation, proactively enabling fraud mitigation.
In a pilot with a leading issuer, MSRI detected approximately 80% of the issuer-identified risky retailers, with many flagged as early as 90 days prior to the issuer’s initial escalation. MSRI will be available first in Europe and the United States, with plans to expand globally within the year.
“Every bad experience online makes shoppers second-guess legitimate businesses — and that makes it harder for real retailers to win and keep customers,” says Simon Collins, Mastercard’s chief franchise officer. “When confidence cracks, businesses pay for it in more declines, more disputes and more abandoned baskets.”
