Inside the Merchant Onboarding Framework

While often viewed as a compliance requirement, the onboarding decisions shape the entire structure a merchant builds. When a merchant is onboarded with an acquirer, several layers of setup come together to form the merchant’s profile. Each layer involves different stakeholders and carries implications for how the merchant performs in the ecosystem. These elements define the merchant’s setup inside the payment system. They influence pricing, risk controls, and operational flexibility. 

However, not every business detail fits neatly into the framework acquirers use to assess risk. Product categories, billing methods, refund policies, customer geography, and operating jurisdictions can all introduce added complexity based on regulation, regional nuances or customer profiling. These factors don’t necessarily reflect clearly in onboarding forms, yet they have a real influence on how a merchant is profiled.

This is especially true when the business operates in complex verticals or segments that span across multiple markets. Acquirers, who are typically banks or licensed acquiring institutions, are responsible for underwriting the merchant account, applying scheme rules, and performing ongoing monitoring once the account is live. Based on the perceived risk, they’ll determine pricing terms, reserve requirements, and payout schedules.

As shown in the visual below, the merchant onboarding sits at the centre of a complex ecosystem. Acquirers evaluate multiple dimensions, including scheme rules, risk models, technical readiness, legal frameworks, and commercial context, to determine how a merchant is profiled and supported.

But they don’t make these decisions in isolation. The onboarding is also shaped by a network of teams, frameworks and interdependent processes.

This is where clear positioning is key. Presenting the business in a way that aligns with acquirer risk expectations, without concealing potential concerns, leads to faster approvals and long-term account stability.

Breaking Down the Onboarding Identifiers

Merchant Identification & Structuring (MID)

The process of applying for a merchant account leads to the assignment of certain attributes from the acquirer. The MID sits at the core of every payment setup. It’s a unique identifier that ties each transaction to the merchant account. But it’s more than just a reference number. How the MID is structured shapes how payments are routed, how risk is managed, and how resilient the setup is when things go wrong.

Businesses operating across jurisdictions, brands, or product categories, or those in higher-risk segments, typically require a more structured MID setup. Using multiple MIDs or sub-accounts to segment by region, product type, or risk profile can reduce exposure, isolate chargebacks and allow for more tailored reserve arrangements.

While consolidating everything under a single MID may seem simpler, it also means putting all volume under one risk umbrella. If that MID crosses fraud or chargeback thresholds, the entire processing setup can be paused with no fallback route. 

Experienced ISOs often support merchants in designing MID structures that balance scalability, performance visibility, and operational safeguards.

Descriptor Setup

The billing descriptor is the line of text that appears on a customer’s bank statement. It typically reflects the merchant’s brand or trading name, often referred to as the DBA (Doing Business As) name. For online merchants, using the website URL as the billing descriptor is a best practice. The website URL they purchased from is often more recognizable to a customer than the legal company name.  This may seem minor, but unclear or inconsistent descriptors are a well-known driver of disputes. Mastercard has highlighted descriptor confusion as a major source of chargebacks. Choosing which name appears, whether the legal entity or the website URL, and keeping it consistent across the customer journey helps reduce avoidable disputes and improves issuer confidence.

MCC Assignment
Each merchant is categorised with a four-digit Merchant Category Code (MCC) that defines their business type in the payment ecosystem.

This code influences multiple areas including:

• Interchange Fees
  The Merchant Category Code (MCC) is a core input in determining the interchange fee paid to the card-issuing bank. It reflects the nature of the merchant’s business and directly impacts the cost of every transaction. Card networks assign different interchange rates depending on the MCC. Higher-risk categories such as online gaming or travel typically face elevated fees, while low-risk sectors like utilities or retail benefit from lower rates. Commercial and reward cards also introduce variations based on the MCC assigned.

• SCA Exemptions and Regulatory Compliance
  In Europe, MCC also influences how PSD2 Strong Customer Authentication (SCA) is applied. Certain MCCs are eligible for exemptions when supported by both acquirer and issuer. Examples include unattended terminals for transport or parking. These exemptions are tightly defined and not broadly applicable.

• Fraud Profiling and Authorization Rates
  MCCs are also used to assess transaction risk. Certain categories, including gambling, luxury retail, and electronics, carry a higher baseline risk of fraud or chargebacks. Issuers often apply more stringent checks to these transactions, which can reduce approval rates.
  If the MCC is inaccurate, the risk signal becomes unreliable. A family entertainment centre coded as adult entertainment may see unexpected declines. A high-risk merchant operating under a generic MCC may initially bypass scrutiny but is likely to trigger downstream flags. MCCs also feed into merchant-side fraud rules, such as velocity checks. An incorrect MCC can disrupt both issuer trust and internal fraud controls.

• Scheme Registration and Operational Readiness
  While MCCs are assigned by the acquirer, they are typically based on merchant-provided information and PSP or ISO guidance. In some verticals, MCC assignment carries additional obligations. Merchants under MCC 7995 (gambling) or 7994 (online gaming) must be formally registered with the card schemes by the acquirers before going live. This includes annual compliance fees and ongoing monitoring requirements. These obligations apply even before the first transaction is processed.

Common Pitfalls in Merchant Onboarding

Even with the best intentions, merchants and their payment teams can stumble during onboarding in ways that have long-term repercussions. Let’s explore some oversights or missteps that occur in real-world onboarding :

1. Lack of Routing and Scalability Planning
   Many merchants assume a single acquirer is enough. It rarely is. If all traffic is routed through one acquiring channel , any disruption—reserve holds, outages, or risk reclassifications—can halt operations. A crypto merchant that scaled rapidly but used only one EU acquirer suffered severe liquidity issues when that acquirer tightened settlement terms.

2. Inconsistent or Incorrect Data
   Inaccurate information undermines trust. If an application form states “30-day refunds” but the website says “no refunds,” underwriters will flag the inconsistency. Likewise, claiming only EU operating countries while targeting multiple regions across the globe online can delay approvals or trigger follow-up requests.

3. Target Market Misalignment
   Acquirers assess both the business model and the markets a merchant intends to serve. Accurate disclosure of customer geography is a core part of onboarding, especially in high-risk or regulated sectors. It shapes acquirer selection, pricing models, and compliance checks. Market alignment impacts several key areas:
   
   Fee Model
   Cross-border transactions attract higher interchange and scheme fees. Misrepresenting customer distribution can result in incorrect pricing assumptions. A merchant onboarded with a European focus but generating significant volume from Latin America may face unexpected cross-border charges or contract revisions.
   
   Licensing and Regulatory Requirements
   In regulated industries, target markets determine licensing obligations. A gambling merchant licensed in one country cannot legally serve customers in others without additional approvals. Acquirers will typically verify licensing coverage by region. Some markets impose further rules, such as the UK’s restriction on using credit cards for gambling deposits, which requires dedicated controls.

Transparency at onboarding is key. Onboarding sets the rails but what keeps a merchant running is alignment over time. Scheme logic evolves. Risk thresholds tighten. And what looked “acceptable” at sign-up may become non-compliant 6 months in. The merchants who treat onboarding as context-mapping, not just paperwork, are the ones who stay live when others get flagged. As acquirers and schemes raise the bar, onboarding must shift from form-filling to future-proofing.