Payment Dispute Standards and Compliance Council

Menu
  1. Home
  2. Research and Trends

Blog

Merchant Impersonation Scams: When Fraudsters Pretend to Be You!

Research and Trends

What exactly is a merchant impersonation scam?

Merchant impersonation scams occur when fraudsters pose as a legitimate business in order to deceive customers into handing over money or sensitive information. Instead of hacking systems or stealing card details directly, criminals exploit trust – borrowing a merchant’s brand identity, tone of voice, and credibility to convince customers they are dealing with the real thing.

These scams can take many forms. Fraudsters might send emails claiming to be from a merchant’s billing or fraud team, create fake social media accounts offering ‘support’, or contact customers by phone to warn them of suspicious activity. In more sophisticated cases, criminals clone legitimate websites, emails or invoices so closely that even vigilant customers struggle to spot the difference. Messages often use urgency – warning of account suspension, delayed deliveries or missed refunds – to push customers into acting quickly.

What makes merchant impersonation particularly damaging is that the fraud often happens entirely outside the merchant’s systems. No data breach has occurred and no internal controls have failed, yet the customer experience still suffers. Customers who lose money frequently associate the scam with the brand they believed they were dealing with, meaning the reputational fallout often lands with the merchant rather than the criminal.

Why are merchants being targeted more frequently?

Merchant impersonation scams are rising sharply in the UK, driven by changes in how consumers interact with businesses. Customers are now used to resolving issues digitally – via email, text message, live chat and social media – providing fraudsters with multiple channels to exploit. The more touchpoints a brand has, the more opportunities criminals have to imitate them.

UK banks and fraud prevention bodies have reported consistent growth in impersonation scams, particularly those involving trusted organisations and well-known brands. Research from UK financial institutions and credit reference agencies shows that more than half of UK adults have received scam messages appearing to come from a trusted sender, such as a retailer or delivery company. Brands linked to everyday transactions are especially attractive targets because customers are more likely to respond without hesitation.

Regulatory change has also influenced criminal behaviour. In October 2024, mandatory reimbursement for most victims of Authorised Push Payment (APP) fraud came into force in the UK, requiring banks to refund losses up to £85,000 in many cases. But while this has improved consumer protection, it has also encouraged fraudsters to rely more heavily on social engineering – persuading customers to act voluntarily – rather than technical payment fraud. Merchant impersonation fits neatly into this approach.

Beyond technology and regulation, timing plays an important role. Fraudsters deliberately target periods of high customer activity – sales events and promotional campaigns such as Black Friday, and shopping peaks such as Christmas, when customers are distracted and support teams are under pressure. During these busy periods, suspicious communications are easier to miss and impersonation scams can spread before they are detected.

How do these scams turn into chargebacks and disputes?

Although merchant impersonation scams may appear disconnected from card payments, they often end up feeding directly into the chargeback process. This usually happens once a customer realises they have been scammed and attempts to recover their money through their bank.

A common scenario involves a customer receiving a message that appears to come from a merchant, asking them to pay a small fee, confirm card details or resolve an issue before a refund can be processed. Believing the communication to be genuine, the customer does just that. When they later realise the message was fraudulent, they contact their bank and raise a dispute or chargeback, often under fraud-related reason codes.

In other cases, fraudsters create fake online shops that impersonate genuine retailers. UK banks have reported millions of pounds lost to so-called ‘rogue retailers’ – clone websites that use legitimate branding but never deliver goods. Customers who make card payments on these sites later raise chargebacks when products fail to arrive, often believing the legitimate merchant was responsible.

Even when a merchant has no involvement, disputes may reference emails, phone calls or requests the business never made. From an acquirer’s perspective, these cases are rarely clear-cut. Over time, repeated disputes of this nature can inflate chargeback ratios, increase operational costs, and trigger additional scrutiny – despite the merchant not being at fault.

What warning signs suggest your brand is being impersonated?

Merchant impersonation often begins quietly, but there are early indicators businesses can watch for. One of the most common warning signs is a sudden increase in customer queries about communications you did not send. Customers may ask why they were asked to share one-time passcodes, why a payment was requested, or why someone claiming to be from your fraud team contacted them unexpectedly.

Confusion around refunds or account issues that don’t exist can also signal impersonation. Customers may insist they were promised refunds, discounts or account reinstatement that your teams know nothing about. These conversations are often dismissed as misunderstandings at first, but patterns can emerge quickly if they are tracked.

Social media is another key area to monitor. Fraudsters frequently create fake support accounts on platforms such as Facebook, Instagram or X, offering to help in comments or direct messages. During busy trading periods, these accounts can attract significant engagement before they are reported or removed.

Finally, dispute narratives themselves can be revealing. Chargebacks that reference interactions, instructions or promises that did not originate from your business may indicate a wider impersonation campaign rather than isolated customer confusion.

What practical steps can merchants take to reduce the risk?

While no merchant can completely prevent impersonation attempts, there are practical measures that significantly reduce both the likelihood of these scams succeeding and the impact they have when they do occur.

Clear communication is one of the most effective defences. Customers should know exactly how, and how not, a business will contact them. Stating clearly that you will never ask for full card details, one-time passcodes or upfront fees helps customers identify suspicious messages. Repeating this guidance across websites, email footers, invoices and FAQs reinforces it at the moments when customers are most vulnerable.

Merchants should also monitor their digital presence. Fraudsters often rely on speed, setting up fake social media profiles, clone websites or look-alike domains to exploit busy shopping periods. Regularly searching for brand misuse across search engines, social platforms and marketplaces can help identify impersonation early and in turn, limit its reach.

Internal awareness is equally important. Customer support and finance teams should be trained to recognise common impersonation scenarios and respond consistently when customers report suspicious contact. Treating these reports as potential indicators of a wider issue – rather than isolated complaints – makes it easier to spot trends and take action.

Encouraging customers to verify communications can also make a huge difference. Directing them to contact you via official channels listed on your website, rather than replying directly to unexpected messages, helps break the fraudster’s control of the conversation.

Finally, working with a chargeback solutions provider can offer valuable additional insight. Because these providers work with many merchants across different sectors, they are often able to spot patterns that may not be obvious to a single business. This wider view can help merchants understand whether chargebacks are linked to impersonation activity, rather than genuine customer service issues, and can also support clearer reporting, better decision-making and more targeted prevention efforts.

Why does merchant impersonation matter beyond fraud losses?

The impact of merchant impersonation extends far beyond the immediate financial loss. Trust sits at the heart of every customer relationship, and when customers believe a brand exposed them to a scam – even indirectly – that trust can be extremely difficult to rebuild. Customers who feel misled may avoid future purchases, hesitate to engage with legitimate communications going forward, or share negative experiences on public platforms.

As expectations around consumer protection continue to rise in the UK, merchants are increasingly judged not only on how they respond to fraud within their systems, but on how seriously they take emerging external threats. Demonstrating awareness, transparency and a clear response to impersonation scams helps protect chargeback performance, customer relationships and brand reputation in the long run.

Ultimately, merchant impersonation scams are not just a criminal issue – they are a growing business risk that merchants can no longer afford to ignore.