NEW: Mastercard approves TrueBiz as an official Merchant Monitoring Service Provider
Menu
Back to Blog

Is AI going to replace the merchant risk analyst?

Published by Danny Hakimian - CEO & Founder on
Is AI going to replace the merchant risk analyst?

AI is transforming how merchant risk is assessed. What once required static documents, manual Google searches and human judgment now happens in seconds. AI models are enabling continuous analysis of vast amounts of unstructured business risk signals and data that are often too nuanced or time-consuming for analysts to review manually. 

If AI can do so much, what’s left for the analyst? The short answer: a lot. But the role is evolving.

This post breaks down where AI is moving the frontier in risk assessment, where it still falls short, and how TrueBiz is building systems that combine automation with transparency, configurability, and human context. 

How AI is changing merchant risk assessment

Real merchant risk often lies in dynamic, contextual behavior: how a business is actually operating, how that behavior is evolving, and whether it aligns with card network rules and regulatory standards. This is where AI shines. It enables us to ingest much wider varieties of business risk data and weave together a coherent narrative on whether the business actually exists and operates in an area that we deem acceptable. Examples of these nuanced data points include:

  • Subtle changes in how a merchant describes its business across different platforms

  • The quiet removal of disclosures or certifications from a website footer

  • Shifts in the location of the business

  • Variations in refund or shipping language that may introduce policy risk

  • Inconsistent branding or contact info that hints at network laundering or affiliate abuse

These signals are hard to codify into rules, but AI can detect and interpret them in real time to surface risks that would otherwise go unnoticed.

How TrueBiz leverages AI today

At TrueBiz, we’ve built our infrastructure around this capability – designing a system that combines signal coverage, modular logical reasoning, and continuous monitoring:

1. Unified merchant context
We gather everything available about a business – its website, product listings, reviews, traffic patterns, legal entities, and 200+ other data points – and structure it into a rich, real-time profile. This creates the foundation for accurate, context-aware risk assessment.

2. Specialized micro-agents
Instead of a single model, we use over 200 micro-agents, each focused on a specific task: one analyzes review sentiment, another decodes MCC codes, others handle refund policies, pricing pages, domain history, and so on. Each contributes to a precise and explainable risk picture.

3. Agentic decision layer
The outputs from all agents feed into a decision layer that weighs the findings, applies customer-specific rules, and returns a clear Pass or Fail – along with the reasoning behind it.

4. Persistent monitoring
Once onboarded, merchants are monitored continuously. AI “listeners” track key signals – like product changes or traffic drops – and trigger alerts when shifts exceed norms that we see across millions of merchants across our network or specific customer rules. 

5. Feedback-aware configurations
Each customer can fine-tune the agentic decision model to match their risk appetite. These preferences, combined with our work to ingest global standards and regulatory requirements, are stored and used to make each future decision sharper and more aligned. 

Where AI still falls short

Models today lack context, memory, and the ability to apply logical reasoning over long periods of time. These gaps matter in high-stakes environments like merchant underwriting, where nuance and change are constant. 

These limitations don’t make AI unusable – they just mean it has to be paired with systems that mitigate these current challenges. At TrueBiz, we’ve built around these shortcomings to ensure AI outputs stay aligned with real-world risk.

1. Lack of company-specific context

Out of the box, language models don’t understand your risk policy. They don’t know how your team interprets gray areas, which MCCs you allow, or what red flags matter most in your vertical or region. Without that context, they apply generic heuristics that often flagging the wrong things or missing what actually matters.

TrueBiz solves this with a configurable decision engine that encodes your business rules, Visa/Mastercard standards, and jurisdictional compliance requirements. This lets customers define what risk means in their environment so that every decision reflects their actual posture, not a one-size-fits-all baseline.

2. No built-in memory

Most models don’t learn from past decisions. They forget prior edge cases, overrides, and feedback – unlike human analysts, who refine their judgment over time.

TrueBiz mitigates this with persistent configuration and real-time feedback loops. Customers can flag issues, adjust thresholds, and influence future calls, creating a system that improves without full retraining. Over time, the underlying models get incredibly accurate at remembering your company’s preference and applying logic to meet it.

3. Challenges with multi-faceted questions

Today’s models excel at structured one-shot evaluations like identifying illegal products or interpreting a refund policy at a single point in time. But many real-world merchant monitoring  problems don’t come packaged as a clean snapshot. They unfold slowly, require keeping track of multiple changing signals, and demand context-specific judgment.

This isn’t just about “task complexity” it’s about messiness. LLMs often struggle not because a task is intellectually hard, but because it’s unstructured with unclear goals, evolving data, or long timelines. That’s exactly what makes merchant monitoring challenging: you’re not just answering a fixed question, you’re watching for meaningful shifts in a noisy, open-ended environment.

TrueBiz handles this by separating the messy from the mechanical. We deploy persistent “listeners” that capture changes to a merchant’s digital footprint such as new products, traffic drops, and indications of closure every day. This data then feeds into the evaluation layer that triggers alerts when these changes if above the normal range for what we see across our network, or due to passing thresholds set by the customer.

This enables us to use a memory-aware approach rather than asking the model to assess changing risk across weeks or months in a single pass.

What’s next for AI in risk assessment

AI is improving much faster than previous technology cycles. For decades, Moore’s Law meant that computing power doubled roughly every 18 to 24 months. But in AI, the length of tasks models can handle is now doubling every 7 months. That means AI isn’t just getting “smarter”, it’s learning to tackle deeper, longer, and more complex problems with far more context.

At the same time, the cost to run these models is falling rapidly. Thanks to architectural and hardware breakthroughs, the cost per token per watt (a technical way of saying “how efficiently the model processes information”) is dropping fast. This unlocks practical use cases that weren’t affordable or possible even a year ago. 

What does this mean in practice? Imagine not just scanning a merchant’s homepage content monthly, but daily analysis of its entire product catalog, monitoring legal disclosures for quiet removals, detecting changes in owner, or flagging shifts in the volume of product updates. These subtle signals that were once only visible through manual review (or not at all) can now be captured and assessed in real time.

So…is AI going to replace the merchant risk analyst?

Not yet. But it is changing the shape of the job.

AI now handles the repetitive, structured work such as surfacing risk signals, analyzing web presence, and enforcing configured policies at scale. That frees up analysts to focus where they’re truly needed: on the hard edge cases. The ones that require real-world judgment, regulatory nuance, and an understanding of what “acceptable risk” means for their business.

The result? Smaller teams can cover more ground, with better consistency and faster response times.

At TrueBiz, we don’t see AI as a replacement for judgment, but as a force multiplier. One that brings your risk posture, card network rules, and regulatory expectations into a live system that gets better with use. We’re investing in agentic reasoning, feedback-aware decision systems, and persistent monitoring while staying grounded about what today’s AI can’t yet do on its own.

Risk teams are entering a new era where context isn’t a bottleneck, and speed doesn’t mean sacrificing accuracy. If you’re rethinking how to underwrite and monitor businesses in the age of AI, we’d love to talk.