As we enter 2025, the payments risk landscape continues to evolve at a remarkable pace. In 2024, the industry saw a series of disruptive changes—from the rise of new fraud tactics to increasing regulatory scrutiny in high-risk sectors. These challenges are far from over, and the new year promises to bring even more complexity. Understanding the key risks that dominated 2024 and will continue into 2025 is crucial for payment providers striving to protect themselves and consumers. This blog highlights the top ten merchant risk insights from the past year, which we think should be on your radar ahead of 2025 emerging threats and regulatory shifts.
Top 10 merchant risk insights for 2025
- GLP-1 drugs’ meteoric rise
- Heightened global focus on scams
- Counterfeit consumer goods
- Tainted nutraceuticals remain lucrative and high-risk
- Fraud using generative artificial intelligence (Gen AI)
- Oral nicotine products
- Fake reviews, testimonials, and indicators
- Med spas’ compliance issues
- Laundering as a service on the rise
- Violative subscription models
1. GLP-1 drugs’ meteoric rise
Increased demand for GLP-1 drugs, often promoted for weight loss, has spurred both legitimate and illegitimate operations, including direct-to-consumer telemedicine, peptide merchants, and illegal online pharmacies.
For compliance teams, it’s critical to understand business model risk, drug sourcing, regulatory compliance, and card brand requirements. For example, where a transaction includes a doctor’s visit and the shipment of a prescription-only drug, the merchant may qualify as a card-not-present pharmacy under card scheme rules.
G2RS is happy to provide training resources to support your compliance teams. Please reach out to your customer success representative for details.
2. Heightened global focus on scams
In 2024, regulators increasingly focused on scams—and we predict that this trend will continue in the new year. Some examples:
- The Australian government recently introduced into parliament the Scam Prevention Framework, an anti-scam legislation that is expected to become law. Under the framework, banks, social media companies, and telecommunication providers could face penalties of up to AU$50 million if they fail to take “reasonable steps” to prevent, detect, and address scams.
- In March 2024, representatives from 11 countries attended the Global Fraud Summit and published a joint communiqué.
- Interpol also coordinated Operation First Light, a global police operation targeting online scam networks.
As regulators crack down on scams, the card schemes have increased assessments in this area. To mitigate scam-related risks, it is critical to implement robust KYC/KYB reviews and ongoing merchant monitoring.
3. Counterfeit consumer goods
The counterfeit goods market continues to thrive, fueled by e-commerce platforms, online marketplaces, and social media trends. In 2023, the US Customs and Border Control seized nearly $3 billion of fake goods entering the country.
G2RS continues to monitor the consumer market for counterfeits. In 2024, we identified hundreds of merchants selling replicas of the custom jacket worn by Taylor Swift during 2023’s wild-card playoff game. Many of these items included an NFL or Kansas City Chiefs logo—and were marketed with Taylor Swift’s name, image, and likeness.
When onboarding merchants selling popular consumer goods, G2RS recommends payment providers be wary of (1) product descriptions that describe the goods as “replica,” “AAA,” “1:1” “mirror image,” or “UA”; (2) abbreviated or misspelled brand names; and (3) unusually low prices.
4. Tainted nutraceuticals remain lucrative and high-risk
Tainted products, often containing undeclared pharmaceuticals or banned substances, pose significant risks to consumers—and payment providers. Sexual enhancement, weight loss, and bodybuilding continue to be the top three supplement risk categories; however, regulators have recently flagged supplements tainted with toxic yellow oleander, liquid kratom supplements associated with consumer harm, and supplements marketed for joint pain that contain undeclared corticosteroids.
The US FDA is not the only regulatory agency that publishes updates about these types of products. For example, Australia’s Therapeutic Goods Administration, Health Canada, Singapore’s Health Sciences Authority, and Hong Kong’s Department of Health regularly issue safety alerts about products that contain undeclared ingredients.
In 2024, we saw an increased number of assessments for tainted nutraceuticals. To make sure these products are quickly flagged to clients, G2RS actively monitors regulatory alerts worldwide.
5. Fraud using generative artificial intelligence (Gen AI)
Gen AI—a type of artificial intelligence that uses generative models to create new content—is a double-edged sword. While it can aid in fraud detection, bad actors also leverage it to facilitate widespread fraud. We see it being used to create sophisticated websites that are harder to identify as fraudulent. In addition, criminals are using it to mass-produce “synthetic identities” and apply for merchant accounts—at scale.
Although G2RS relies on advanced technology, we have expert analysts who track down violative uses of gen AI and quickly report these issues to our clients.
6. Oral nicotine products
2024 saw the proliferation of oral nicotine products, including pouches and lozenges. Merchants selling these products face intense regulatory scrutiny. In April 2024, the US FDA issued 119 warning letters to brick-and-mortar retailers engaging in the underage sale of various nicotine pouch flavors. In Europe, these products are not yet regulated at the EU level; however, at least one member state plans to ban them because they appeal to youth.
From a regulatory perspective, this area is evolving at a breakneck speed. For example, just this month, the FDA authorized 20 nicotine pouches. Because of these rapid changes, it is critical to ensure merchants in your portfolio comply with laws in all jurisdictions where they offer shipping. To assist with this, G2RS regularly updates our regional reporting categories in response to regulatory changes.
7. Fake reviews, testimonials, and indicators
As of October 21, 2024, the Federal Trade Commission (FTC) banned the sale of fake reviews, testimonials, and indicators (e.g., likes and follows). This allows the agency to seek civil penalties against known violators.
The US isn’t alone in prohibiting these fraudulent actors. In May 2024, the UK government passed the Digital Markets, Competition, and Consumers (DMCC) Act, which bans practices relating to submitting, commissioning, or incentivizing someone to write fake reviews.
Unsurprisingly, card brands have also started assessing merchants who sell fake reviews, testimonials, and/or indicators.G2RS is actively reporting these violative merchants to clients.
8. Med spas’ compliance issues
The med spa industry is booming but fraught with compliance risks—particularly concerning licensure, drug sourcing, and proper prescriber oversight. As this sector grows, state and federal regulators—and journalists—are paying closer attention to violative practices.
To receive a copy of G2RS’ med spa compliance guide, contact your G2RS customer success representative.
9. Laundering as a service on the rise
In the past few years, we have seen “laundering as a service” increase where criminals outsource the transaction laundering to third parties. These operations leverage large numbers of shell companies, straw signers, and thousands of “front” websites. In June 2024, the US FTC filed a complaint against a group of defendants that used a third party to facilitate their transaction laundering.
Strengthening merchant onboarding processes is essential to identify front merchants before they enter your portfolio. To this end, in August 2024, G2RS launched Global Onboarding, an AI-powered merchant onboarding solution that helps users safely onboard new merchants quickly with highly accurate predictive risk assessments. To learn more about this solution, please contact us.
10. Violative subscription models
In 2024, the US FTC received nearly 70 consumer complaints per day, on average, about negative option billing. In response, the agency published the “Click-to-Cancel” rule, which makes it easier for consumers to end recurring subscriptions and memberships. The rule, which will go into effect in May 2025, requires merchants to: (1) disclose the subscription terms, (2) provide easy access to cancellation options, and (3) obtain informed consent before charging for a subscription.
G2RS predicts that this rule will lead to a greater focus on merchants who use negative option billing practices.
Looking forward to 2025
The merchant risk landscape is increasingly complex, with new threats emerging alongside evolving regulatory expectations. By proactively addressing our top ten insights, payment providers can build resilient risk management strategies for 2025. Staying ahead means protecting consumers and fostering trust and innovation in the payments ecosystem.