The Green Sheet Online Edition
September 8, 2025 • 25:09:01
Online healthcare and the challenges ahead for FIs
Online healthcare has surged in popularity, first catapulted by the COVID-19 pandemic's acceleration of healthcare digitalization, then boosted by niche telehealth startups offering customized care.
While this streamlined approach to obtaining medications and medical advice may be convenient and appealing, the CDC reported that as many as 95 percent of online pharmacies operate outside of the regulatory framework, breaking jurisdictional laws, advertising unapproved treatments, and even selling counterfeit products.
With consumer safety at risk, enforcement agencies like the U.S. Department of Justice have endeavored to combat fraud in the telemedicine sector. Recently, the DOJ uncovered a $1.7 billion international telemedicine scheme involving fraudulent prescription billings from more than 50 pharmacies in the United States, in which fraudsters posed as beneficiaries to trick doctors and installed software that replicated real prescriptions.
However, while enforcement action has disrupted some operations, these cases highlight cybercriminals' growing sophistication and their ability to exploit consumers, businesses, ecommerce platforms and financial institutions (FIs) using advanced strategies and technologies. Tactics like misleading advertisements, AI-generated customer interactions, and counterfeit credentials enable them to evade detection and deceive consumers.
FIs that process payments from these merchants are uniquely positioned to safeguard the marketplace and proactively combat these threats to public health.
The risk of online pharmacies
In early 2024, 52 percent of Americans reported having purchased medication from an online pharmacy—a number that continues to rise (see bit.ly/4m0Eicm). This demand has spurred fierce competition in the sector, as traditional pharmacies battle tech-forward startups for patient dollars. Advertisements, emails, social media posts and sponsored videos flood online platforms, and many consumers bargain-hunt for providers offering the cheapest treatments.
However, some of the most visible, accessible offerings are also among the most problematic. Scammers and bad actors are exploiting the high demand and low inventory of products like GLP-1 weight loss drugs.
For example, soaring demand for GLP-1 drugs in the past year has driven unsuspecting consumers toward online providers offering unregulated and fraudulent products. When access to compounded GLP-1s increased, so did pathways for harmful products to slip by undetected. By mid-November 2024, one branded GLP-1 seller reported serious health outcomes linked to compounded versions of its product, some fatal.
Consumers have reported problems with their online medicine as well, including one woman whose GLP-1 medication was actually fast-acting insulin and nearly killed her, according to Healthcare Packaging.
The problem extends to all types of prescription drugs, but especially controlled substances. In another tragic case, a woman unknowingly purchased counterfeit oxycodone laced with fentanyl and methamphetamine from an online pharmacy that falsely claimed to be FDA-approved (see bit.ly/45YiOGY). Counterfeit pharmaceuticals can have deadly consequences, making the need for stronger safeguards and enforcement even more urgent.
What lies ahead for payment facilitators
Risk experts expect fraudulent activity to evolve further this year as bad actors leverage rapid technological advancements to circumvent evolving regulations and compliance measures. For FIs facilitating card-not-present transactions for healthcare-related businesses, the stakes are especially high.
Card networks often categorize such transactions as high-integrity risk, meaning there is an elevated risk of illegal activity that can cause consumer harm. These healthcare merchants, which typically fall into merchant category codes 5122 or 5912, require institutions like acquiring banks, payfacs and ISOs to have extra controls in place to ensure compliance.
The balance is critical between managing merchant risk and maintaining a seamless consumer experience. Failure to implement proactive risk management strategies may lead to regulatory or card brand fines, reputational damage and operational disruptions, underscoring the importance of robust merchant monitoring and compliance practices.
To address these growing risks, payment platforms and FIs should adopt a proactive strategy focused on the following points:
- Healthcare merchant certification: Healthcare certification is central to onboarding healthcare-related merchants, as payment companies must ensure merchants comply with jurisdictional laws and card network rules. By carefully vetting business practices through expert, third-party certifying bodies, FIs can prevent the onboarding of noncompliant merchants, protecting consumer safety and operational integrity.
- Continuous monitoring: Robust underwriting is insufficient to maintain a healthy merchant portfolio, and transaction monitoring has its limitations for identifying threats. FIs should leverage a third-party merchant monitoring solution, which continuously monitors a merchant's storefront and wider internet presence. The best of these solutions combine AI, big data analytics and human expertise to identify risks in real-time, mitigating potential violations or reputational crises.
- Stakeholder education: Educating stakeholders—from internal teams to advertisers and consumers—is essential to creating a resilient payments ecosystem. Consumers need to understand the dangers of counterfeit drugs, while internal teams must stay informed about fraud tactics and regulatory updates. Clear guidelines and awareness initiatives empower all parties to recognize and address risks effectively.
The fight against fraudulent online pharmacies and telehealth providers requires a unified effort. By prioritizing certification, leveraging advanced monitoring tools and fostering education, FIs become integral to safeguarding consumer health, preserving trust and securing the payments ecosystem.
Tom Cook is chief Product & technology officer at LegitScript, where he leads product and engineering teams to build innovative solutions to help clients comply with regulations and combat fraud. Connect with Tom on LinkedIn: https://www.linkedin.com/in/tomcookoregon/.
Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.
