Notifications
Clear all
Topic starter
10/06/2026 10:33 pm
TL;DR: Merchant fraud is increasingly blending identity verification, account takeover, synthetic identity, and payment abuse into one control problem, according to SumSub. That convergence makes lifecycle governance, fraud signals, and customer trust management inseparable for practitioners.
NHIMG editorial — based on content published by SumSub: Merchant Risk Council membership and the convergence of identity and fraud risk
Questions worth separating out
Q: How should security teams govern customer identity trust across the full lifecycle?
A: Security teams should treat customer trust as a lifecycle control, not a single onboarding checkpoint.
Q: Why do account takeovers create fraud risk even after strong onboarding checks?
A: Account takeover matters because the attacker inherits an already trusted identity.
Q: What do teams get wrong about synthetic identities in marketplace environments?
A: Teams often focus on whether a single identity record looks valid, rather than whether the broader pattern is fraudulent.
Practitioner guidance
- Link identity proofing to transaction policy Use verification outcomes to influence payment, payout, and seller onboarding decisions.
- Monitor post-login behavioural drift Track changes in device, session, transaction, and recovery behaviour after authentication.
- Create shared controls for fraud and IAM teams Define one trust model that connects onboarding, authentication, account recovery, and transaction risk.
What's in the full analysis
SumSub's full article covers the operational detail this post intentionally leaves for the source:
- The membership context behind SumSub's Merchant Risk Council involvement and how it maps to fraud and payments collaboration.
- Specific fraud scenarios named in the source, including fake accounts, stolen identities, seller fraud, promo abuse, chargebacks, and mule accounts.
- The article's own language on how merchants and marketplaces are combining identity, trust, and risk management into one operating problem.
👉 Read SumSub's post on Merchant Risk Council membership and fraud risk →
Merchant risk council membership: what it means for identity teams?
Explore further
11/06/2026 2:37 am
Identity verification is becoming a fraud governance control, not a compliance step. In marketplace and e-commerce environments, verification now helps determine whether an account should be trusted for transaction activity, seller onboarding, or payout access. That moves it into the same governance conversation as access review and privilege management. Practitioners should treat verification outcomes as a policy input, not a formality.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
- 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage.
A question worth separating out:
Q: How can fraud, payments, and IAM teams work from the same control model?
A: They should share a common view of identity risk across enrolment, authentication, recovery, and monetisation. That means fraud signals must influence identity decisions, and identity assurance must shape payment trust. The goal is one operating model that sees the same user or seller across all high-risk steps.
👉 Read our full editorial: Merchant risk and identity verification are converging in fraud control
