The Basics of Website Content Monitoring

"Vigilance in monitoring can mean the difference between a thriving business and one that falls victim to the unforeseen." — Marc Andreessen, Co-founder of Netscape and Andreessen Horowitz

While Andreessen’s words resonate in the world of tech and business strategy, they are equally relevant to the merchant due diligence process at acquiring banks and payment service providers (PSP). Vigilance doesn’t end once a merchant is onboarded; it must continue throughout the merchant’s lifecycle. As businesses grow, they may alter their content, which can introduce unforeseen risks. That, however, is not the only reason a business will change its online content – in fact, many businesses change their content for much more nefarious reasons.

“What is content in the context of merchant due diligence?

In customer due diligence, a merchant’s “content” includes everything they present on their website – products, images, descriptions, policies, and even contact details – which can give you an idea about their business activities, compliance with best practices, or connection to other ventures.

Content monitoring is crucial for businesses, as merchants frequently update their websites for reasons like growth, strategic shifts, or changes in market demands. While these updates often stem from legitimate business motivations, such as expanding service offerings or targeting new customer segments, they can – by design or by accident – lead to non-compliance with regulatory standards and industry guidelines.

As businesses evolve, the risk of deviating from established compliance protocols like Visa’s VIRP and Mastercard’s BRAM increases. This makes continuous monitoring imperative; it ensures that merchants maintain their obligations and uphold brand integrity throughout their operational journey. By staying vigilant, payment businesses can identify potential compliance issues before they escalate, safeguarding their reputation and operational effectiveness.

Types of content to monitor

Content monitoring should cover several areas to mitigate risks effectively. Key aspects include:

• Product/Service Listings: Regularly reviewing product and service descriptions, images, and prices is essential for compliance with card scheme requirements, helping to catch counterfeit or prohibited items before they pose a risk.
• User-Generated Content: Monitoring content created by users – such as videos or profiles on streaming and dating sites, user reviews on eCommerce platforms, and third-party marketplace listings – is crucial to ensure compliance with card scheme requirements. These checks help identify prohibited items, counterfeit goods, or potential reputational risks that could arise from content that can change quickly and is often outside the merchant’s general control, depending on moderation policies.
• Merchant Information: Ensuring that merchant information, such as office addresses and phone numbers, is up to date is critical to ensure clients know how to contact the merchant in case of complaints and acquirers are working with businesses in their licensing area.
• Advertising Practices: Scrutinising promotional content is necessary to avoid misleading claims and ensure compliance with advertising regulations. For example, nutraceuticals must not include medicinal claims, as these can mislead consumers and violate regulatory standards.
• Terms and Conditions: Monitoring changes to terms and conditions is essential, especially as merchants transition between different payment models, such as moving from one-time charges to subscription-based pricing. Such shifts can significantly impact customer expectations and might even change the merchant’s card merchant category code (MCC), making it vital to track any modifications that could affect both the acquirer’s obligations and the consumer's rights.

Apart from these areas, there are monitoring fields that – while not strictly dealing with website content – are related to it:

• Reputation Monitoring: Keeping an eye on how the merchant is perceived by consumers is crucial. This includes tracking online reviews, social media mentions, and industry-related discussions outside of the website itself. Negative sentiment or unresolved complaints can indicate fraud or a questionable business model with a high risk of chargebacks.
• Audience Geography and Traffic: Monitoring shifts in traffic sources and audience demographics, especially if there’s increased traffic from regions where certain products or services may be illegal, is crucial for compliance and risk assessment. Furthermore, some merchants show different content to different country IP addresses, making it necessary to adapt your web crawling accordingly.

Why specific merchant category codes (MCCs) require monitoring

All merchants in the card payment ecosystem have a merchant category code (sometimes also called card acceptor business code) that indicates their industry. All MCCs require monitoring to ensure compliance and mitigate risks. However, certain business types present unique compliance challenges that necessitate more vigilant oversight based on their risk profiles. Key examples include:

• MCC 7273 (Dating services): These platforms often adapt their content over time, which can raise concerns regarding user safety and privacy. It is not uncommon for a seemingly legitimate dating website to evolve into an adult site. Therefore, monitoring user interactions and content is critical to prevent harassment and protect users from fraudulent accounts.
• MCC 5262 (Marketplaces): Comprising numerous individual vendors who operate independently, marketplaces can become hotspots for counterfeit or trademark-infringing products. Some sellers may attempt to push such items through a legitimate platform, creating significant compliance challenges. Constant monitoring is essential to maintain marketplace integrity and adhere to regulations.
• MCC 5499 (Miscellaneous food stores): This category, which includes specialty food and nutraceutical stores, requires careful monitoring to ensure that products are safe, free from unapproved ingredients, and marketed without misleading health claims. Subscription models, particularly those involving auto-renewed trials, also warrant close scrutiny.

If you want a more in-depth look at different MCCs and their risk profiles, consider picking up a copy of Mission Compliance, where we deep dive into several of our most regularly monitored MCCs.

The risk of changing business practices

Companies often start as seemingly legitimate operations, successfully passing all tests during the merchant onboarding process. They build trust and establish a solid customer base. However, even with thorough onboarding, nothing can prevent these businesses from altering their practices in the future – changes that may lead them into illegitimate activities violating card scheme rules or wider regulations. These shifts can manifest in various ways, such as the sale of counterfeit or unauthorised products driven by pressure to meet increasing demand.

Furthermore, businesses might manipulate reviews and ratings, generating fake feedback to create a misleading image for potential customers. This deceit erodes transparency and exposes the company to consumer backlash in the form of chargebacks or even legal scrutiny.

Continuous content monitoring is essential to ensure that business practices align with both legal requirements and ethical expectations, enabling early detection of issues that could compromise compliance and harm the payment ecosystem in the long run.

How to monitor

Monitoring merchants effectively requires a balanced approach of automation and human expertise to ensure compliance across a dynamic and fast-moving regulatory and fraud landscape.

Automated monitoring tools: Web crawling services are crucial for covering large merchant portfolios. These tools automatically scan merchant websites for changes, identifying updates to products, services, and terms of use that may introduce compliance risks. Regular, automated scans help detect the addition of restricted or counterfeit goods, sudden price changes that could indicate fraud, or misleading advertising practices.

Content-specific alerts: Automated systems can be configured to flag particular keywords in context or changes in content. For instance, alerts may be set to trigger if a merchant suddenly alters their refund policy or terms of service in ways that violate card scheme rules. Additionally, alerts for high-risk products or services, such as adult content or gambling, ensure quick responses to potential violations.

Human-led audits: While automation offers efficiency, it can't replace human judgement. Regular audits by trained compliance teams are essential to ensure automated tools don’t overlook complex or subtle violations. It is also crucial to improve these automated system and feed them new, human-verified data. For example, automated systems might flag a product, but human reviewers can interpret whether it violates any laws. Trained human auditors provide context and ensure that the flagged content isn’t simply a false positive.

Frequent reporting and reviews: Beyond the immediate monitoring of content, it's important to conduct frequent, in-depth reviews of merchant activities. This includes detailed reports of merchant behaviour trends over time, which help detect patterns of non-compliance, such as persistent minor violations or attempts to test boundaries before engaging in serious fraud.

By integrating automated tools with manual oversight, businesses can safeguard themselves from the risks posed by changing merchant behaviours. In industries where high-risk products or services are prevalent, such a layered approach is essential for staying compliant and protecting brand reputation. In fact, it is mandated by the card schemes.

How to deal with monitoring results

Automated monitoring systems are set up to provide alert notifications to underwriters as soon as certain changes are found. What kind of changes qualify for that alert to trigger depend on the type of monitoring. For some easier checks like a content violation scan, the existence of a keyword in the certain context on a page usually constitutes an alert.

But what about more nuanced cases? A common example here is web traffic: when do underwriters get notified about changes in a website audience’s country of origin? Or what kind of change in the number of website visitors would trigger an alert? If thresholds are too low, your team will be overwhelmed with false positives while if the thresholds are too high, you might overlook crucial changes.

That is why the answer to these questions depends on the overall risk profile of the merchant portfolio, the risk team’s experience and capacity, and the banks or PSPs own risk appetite. That’s why it’s important for website monitoring tools in addition to having fixed rules, to also offer configuration options for these cases.

Man vs. machine

As mentioned, the balance between automated monitoring tools and human oversight is essential. While machine learning algorithms can quickly scan vast amounts of data, they may lack the nuance needed to interpret context accurately. Automated systems require constant refinement; new keywords must be identified and integrated to enhance their effectiveness.

Human moderators bring valuable insights, and understanding of the subtleties of language and the intent behind changes. Furthermore, while AI can grasp context better than traditional algorithms, it is still prone to hallucinations and misinterpretations that only a human can correct.

By combining both approaches, businesses can achieve a more robust content monitoring strategy that leverages the speed and pattern recognition of machines and the critical thinking skills of humans.

Moving forward

A robust content monitoring strategy is essential for businesses navigating the complexities of merchant due diligence. By focusing on specific types of content, understanding the risks associated with different MCCs, and combining automated tools with human oversight, businesses can protect their brand integrity and ensure compliance in a rapidly changing digital environment.

Get in touch with our specialists to enhance your content monitoring.

‍