TL;DR: Merchant fraud is increasingly blending identity verification, account takeover, synthetic identity, and payment abuse into one control problem, according to SumSub. That convergence makes lifecycle governance, fraud signals, and customer trust management inseparable for practitioners.
At a glance
What this is: SumSub’s Merchant Risk Council membership highlights the growing overlap between fraud prevention, identity verification, and payment risk in e-commerce and marketplace environments.
Why it matters: IAM and NHI teams should treat customer lifecycle trust, account abuse, and identity assurance as connected controls, because fraud now moves across identity, payment, and platform boundaries.
👉 Read SumSub's post on Merchant Risk Council membership and fraud risk
Context
Merchant risk is no longer just a payments problem. In e-commerce and marketplace environments, fraud prevention now depends on how well organisations verify users, detect abuse patterns, and sustain trust across the customer lifecycle. That makes identity governance a fraud control issue as much as an access control issue.
SumSub’s membership in the Merchant Risk Council is a signal about category convergence, not a product feature announcement. For security and identity leaders, the practical question is how to align identity verification, account protection, and payment risk monitoring so that fraud controls work across registration, login, transaction, and seller lifecycle stages.
Key questions
Q: How should security teams govern customer identity trust across the full lifecycle?
A: Security teams should treat customer trust as a lifecycle control, not a single onboarding checkpoint. Identity proofing, authentication, recovery, transaction monitoring, and offboarding all need to feed the same risk model. If those controls stay separate, attackers can move from verified enrolment into account takeover, payment abuse, or seller fraud without triggering a consistent response.
Q: Why do account takeovers create fraud risk even after strong onboarding checks?
A: Account takeover matters because the attacker inherits an already trusted identity. A strong initial verification step does not prevent later abuse of login sessions, payment instruments, or seller functions. That is why teams need continuous monitoring for behaviour changes after authentication, not just assurance at account creation.
Q: What do teams get wrong about synthetic identities in marketplace environments?
A: Teams often focus on whether a single identity record looks valid, rather than whether the broader pattern is fraudulent. Synthetic identities can pass isolated checks while still being used to create fake accounts, collect promos, or launder trust across multiple services. Detection needs cross-signal correlation, not point-in-time verification alone.
Q: How can fraud, payments, and IAM teams work from the same control model?
A: They should share a common view of identity risk across enrolment, authentication, recovery, and monetisation. That means fraud signals must influence identity decisions, and identity assurance must shape payment trust. The goal is one operating model that sees the same user or seller across all high-risk steps.
Technical breakdown
Identity verification as a fraud control layer
Identity verification in marketplaces is not only about proving a person exists. It is a control layer that helps decide whether a new account, seller profile, or payment relationship should be trusted enough to proceed. In fraud-heavy environments, verification has to account for synthetic identities, stolen credentials, mule accounts, and repeated enrolment attempts. That shifts the focus from one-time onboarding checks to continuous trust evaluation across the lifecycle. The technical challenge is that the same identity may need to be assessed differently at registration, checkout, payout, and dispute stages.
Practical implication: connect verification outcomes to downstream fraud and entitlement decisions instead of treating them as a standalone onboarding check.
Account takeover and customer lifecycle risk
Account takeover turns identity assurance into an ongoing problem because the attacker is acting through a previously trusted account. In marketplace and e-commerce settings, that creates a direct bridge between customer identity, session integrity, and payment abuse. A strong authentication event at signup does not remove risk later if the account can be hijacked, repurposed, or used for refund and chargeback fraud. This is why lifecycle visibility matters: the identity object may be legitimate while the behaviour becomes abusive. Fraud teams need to inspect behaviour patterns, not just credentials.
Practical implication: monitor for post-login behavioural drift and link account controls to transaction-risk signals.
Why fraud and identity governance are now one operating model
Fraud prevention and identity governance are converging because the control failure often begins before money moves. Weak enrolment checks, duplicated identities, poor recovery controls, and limited offboarding all expand the attack surface for chargebacks, promo abuse, and seller fraud. The operating model has to combine assurance, lifecycle governance, and risk analytics so that teams can see the same subject across registration, authentication, authorization, and payout flows. In practice, that means the control boundary is the lifecycle, not a single application or payment event.
Practical implication: design shared governance between IAM, fraud, and marketplace operations so identity risk is managed as a lifecycle, not a point-in-time event.
Breaches seen in the wild
- Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.
- ASP.NET machine keys RCE attack — 3,000+ exposed ASP.NET machine keys enabled remote code execution.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
Identity verification is becoming a fraud governance control, not a compliance step. In marketplace and e-commerce environments, verification now helps determine whether an account should be trusted for transaction activity, seller onboarding, or payout access. That moves it into the same governance conversation as access review and privilege management. Practitioners should treat verification outcomes as a policy input, not a formality.
Account takeover turns a trusted identity into a fraud platform. Once an account is compromised, the attacker inherits prior trust and can use it for payment abuse, mule activity, or chargeback manipulation. The control failure is not just authentication weakness. It is the absence of continuous lifecycle monitoring after trust has been granted. Practitioners should connect identity assurance to behavioural risk monitoring.
Customer trust throughout the lifecycle is the named governance concept this topic exposes. Trust is often established at enrolment and then assumed to persist, but fraud patterns show that risk shifts after signup, login, and payment authorization. That assumption breaks when synthetic identities, fake accounts, and seller fraud evolve inside legitimate workflows. Practitioners should govern trust as a lifecycle property, not a one-time decision.
Merchant risk councils matter because fraud signals are operational, not siloed. Payments teams, fraud teams, and identity teams all see different fragments of the same abuse pattern. The governance gap is the lack of shared decisioning across those fragments. Practitioners should build a common trust model that links identity proofing, transaction monitoring, and account governance.
Integrated trust controls are now the baseline for digital platforms. The article points to a broader shift where identity, fraud prevention, and payment risk can no longer be managed in separate programmes. That consolidation reflects how attackers move across registration, login, and monetisation paths. Practitioners should align control ownership across these domains before abuse patterns scale.
From our research:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
- 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage.
- The broader governance lesson is that identity trust must be lifecycle-managed, as shown in 52 NHI Breaches Analysis.
What this signals
Customer trust is shifting from onboarding to lifecycle governance. Marketplace and e-commerce teams will increasingly need shared decisioning between IAM, fraud, and payments because the abuse pattern often emerges after the first trusted interaction. With 97% of NHIs carrying excessive privileges according to our Ultimate Guide to NHIs, the same structural lesson applies to platform identities that outlive the trust decision that created them.
Trust amplification is the concept practitioners should watch. An identity that is verified once, then reused across login, checkout, payout, and recovery flows, can become a multiplier for abuse when signals are not correlated. The operational answer is not a single stronger check, but a control plane that treats trust as dynamic and revocable.
As identity verification, fraud prevention, and payment risk converge, programme owners will need clearer ownership lines and tighter feedback loops. The teams that align behavioural analytics with lifecycle governance will detect abuse earlier and reduce the gap between a trusted account and a monetised compromise.
For practitioners
- Link identity proofing to transaction policy Use verification outcomes to influence payment, payout, and seller onboarding decisions. Do not let a successful initial check automatically grant broad operational trust across the customer lifecycle.
- Monitor post-login behavioural drift Track changes in device, session, transaction, and recovery behaviour after authentication. A legitimate identity can still be abused if takeover or synthetic behaviour emerges later in the lifecycle.
- Create shared controls for fraud and IAM teams Define one trust model that connects onboarding, authentication, account recovery, and transaction risk. Shared governance prevents fraud controls from being isolated from identity assurance.
Key takeaways
- Marketplace fraud is increasingly an identity governance problem, because trusted accounts can be turned into abuse channels after enrolment.
- The scale of the control issue is already visible in NHI research, where excessive privilege and secrets leakage continue to widen the attack surface.
- Practitioners should align identity proofing, fraud signals, and payment controls into one lifecycle model so trust can be revoked as behaviour changes.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Fraud abuse grows when identities outlive their intended trust window. |
| NIST CSF 2.0 | PR.AC-4 | Access decisions should reflect changing trust and risk signals. |
| NIST Zero Trust (SP 800-207) | Continuous verification fits platform trust that changes after login. |
Tie account trust to lifecycle revocation and review identities that no longer match behaviour.
Key terms
- Customer Trust Lifecycle: The customer trust lifecycle is the sequence of decisions that determine whether an identity should be trusted across enrolment, login, payment, recovery, and offboarding. In fraud-heavy environments, trust is not permanent. It must be reassessed as behaviour, device context, and transaction patterns change.
- Account Takeover: Account takeover is the use of a legitimate account by someone other than the intended owner. The identity may still look valid at the system level, which is why behavioural monitoring and recovery controls matter. In marketplace settings, takeover often becomes a route to payment abuse or fraud escalation.
- Synthetic Identity: A synthetic identity is a fabricated or blended identity record built from real and false attributes. It can pass isolated checks while still supporting abuse such as fake accounts, promo exploitation, or mule activity. The control challenge is detecting patterns across systems, not just validating one record.
- Lifecycle Governance: Lifecycle governance is the discipline of managing identity from creation through trust, use, review, and revocation. It applies to customers, workers, service accounts, and agents. For fraud and marketplace environments, the key issue is whether trust can be withdrawn when behaviour changes.
Deepen your knowledge
Identity trust across customer and platform lifecycles is covered in the NHI Foundation Level course, the industry's only accredited NHI security programme. If your programme has to connect fraud, identity proofing, and lifecycle governance, it is worth exploring.
This post draws on content published by SumSub: Merchant Risk Council membership and the convergence of identity and fraud risk. Read the original.
Published by the NHIMG editorial team on 2026-06-08.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
