Related Questions
High-risk merchants have learned to exploit merchant category codes by disguising their business models as fundamentally different operations. Adult entertainment platforms present as marketing agencies. Gambling facilitators describe themselves as sports analytics services. Crypto exchanges label themselves as software companies.
This is not primarily a fraud problem. It's a business model verification problem. Unlike traditional merchant underwriting where you verify identity and basic fraud controls, detecting misclassification requires you to map operational reality: who controls the product, who receives payments, and who owns customer relationships.
Payment processors face regulatory action, brand risk exposure, and financial loss when high-risk operations enter their portfolio under false categories. Your risk models are calibrated for the wrong business, your reserves don't match actual exposure, and your compliance obligations may differ entirely from what you underwrote.
The complete resource includes:
Card networks now enforce stricter merchant category accuracy requirements, and banking partners demand enhanced due diligence for businesses that control end-user funds or operate regulated services.
When a merchant claims to provide marketing services but functionally operates the underlying platform, your institution carries exposure for adult content compliance, gambling regulations, or financial services requirements you never agreed to underwrite.
A marketing agency and an adult entertainment platform carry fundamentally different risk profiles. Chargeback patterns differ by 3-5x, compliance requirements span different regulatory frameworks, and reputational risk varies dramatically.
Traditional underwriting that accepts stated business categories without operational verification misses these distinctions, leading to inadequate reserves and monitoring for actual exposure.
High-risk merchants have professionalized their approach to payment access. They understand MCC structures, craft contracts describing service relationships rather than platform operations, and present documentation packages that appear compliant at surface level.
Business-to-business payment models add complexity where stated "clients" are the actual end users, payment flows route through intermediary accounts, and the real business model only becomes visible through multi-layer analysis.
Download the complete framework →
Essential assessment breaks down into five core areas:
Who decides what the end customer receives? Marketing consultants provide recommendations while business owners implement them. Platform operators control the product directly.
Learn which documentation proves decision rights, how to verify platform access permissions between both parties, and how to spot red flags like agency ownership of brand identity, publishing credentials held exclusively by the "service provider," and clients who cannot operate independently.
Service providers charge fees for services rendered. Platform operators control product pricing and collect revenue shares resembling platform commissions.
This includes identifying who sets end-customer prices, whether revenue splits correlate to specific services provided, and verifying real-time financial transparency. Revenue splits exceeding 40-50% that apply uniformly suggest platform operation rather than service fees.
Follow the money to reveal operational control. In legitimate service arrangements, payments flow to the business owner who then pays the service provider. When payments flow to the "agency" first, that structure resembles platform operation.
Critical verification includes who holds the merchant account for end-customer transactions, payout schedules and minimum thresholds, independent payment processor access for "clients," and who handles refunds and chargebacks.
Who manages subscriber interactions, holds customer lists, and retains customers if the relationship terminates? Service providers support business owners who maintain customer relationships. Platform operators own the customers.
Essential checks include who handles customer support, who holds subscriber data and marketing permissions, whether "clients" can export customer data independently, and testing if "clients" can take customers with them when they leave.
Contracts reveal relationship substance through termination terms, intellectual property ownership, non-compete clauses, and risk allocation.
Critical provisions include who owns IP created during the relationship, exclusivity terms that prevent independent operation, exit difficulty including notice periods and penalties, and whether compliance obligations align with operational control.
Organizations that implement this framework gain:
Clear evidence that your underwriting validates federal compliance with 2257 record-keeping, CSAM prevention obligations, FOSTA-SESTA requirements, and state-level consumer protection standards, reducing regulatory examination risk.
Verification of age controls, consent documentation, content moderation systems, and chargeback prevention infrastructure before processing begins, preventing exposure to merchants with inadequate governance.
A systematic assessment protocol that your underwriting team can apply consistently, eliminating subjective decisions and providing clear approval criteria based on tested controls rather than content category alone.
Calculation methodology that accounts for historical chargeback patterns, dispute response capability, and content category risk to set reserves that protect your institution without over-restricting legitimate operators.
Defensible decisions
Documentation standards that demonstrate due diligence to regulators, auditors, card networks, and internal stakeholders when underwriting decisions are questioned or incidents occur.
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.png)
