Related Questions
.png)
Payment platforms present themselves as technology enablers, but beneath this positioning lies a complex classification challenge. When platforms control merchant relationships, set pricing, or make underwriting decisions, they operate as unregistered Independent Sales Organizations (ISOs) regardless of contractual labels.
This is not primarily a technology integration problem. It is a regulatory compliance and liability allocation problem. Unlike traditional software vendors where you evaluate security and technical capabilities, platform merchants require you to function as a compliance auditor, validating operational boundaries, merchant relationship structures, and control allocations before onboarding.
The exposure:
Card schemes require ISOs to register, maintain compliance programs, and accept liability for merchant activity. When platforms operate as ISOs without registration, they create regulatory exposure for acquirers, violate scheme rules, and misallocate risk across the payment chain. Incorrect platform classification exposes your institution to enforcement actions, scheme fines, and financial loss.
Payment platforms now control critical ISO functions including merchant onboarding, rate setting, and risk management, though most are not registered as ISOs and their contracts position them as technology providers.
Platform self-identification is unreliable. The label does not determine classification. Functional analysis of who controls merchant relationships, pricing decisions, and underwriting determines whether a business operates as an ISO.
Card scheme rules hold acquirers responsible for unregistered ISO activity within their merchant portfolios, meaning even when platforms present as technology vendors, you remain liable for their ISO operations.
Your classification assessment must verify operational reality and functional control to protect your institution from scheme violations and regulatory action.
Platforms evolve from legitimate technology providers into de facto ISOs post-onboarding through gradual expansion into merchant relationship ownership, rate control, or underwriting authority.
Initial compliant structures do not guarantee ongoing compliance. Traditional onboarding approaches do not account for operational drift, relationship changes, or control expansion that shifts classification over time.
Read the complete detection framework →
Essential verification breaks down into five core areas:
The entity that owns the merchant relationship bears ISO responsibilities, regardless of contractual labels.
We look for operational patterns that indicate relationship ownership, verify whether merchants understand they have acquirer relationships versus platform relationships, and identify red flags like platform-only support structures, opaque acquirer identification, and merchant agreements that position platforms as payment providers.
Pricing authority is one of the clearest indicators of ISO status. The entity that sets merchant rates is performing an ISO function.
This includes distinguishing software fees from processing rate markups, verifying who negotiates payment acceptance rates with merchants, and evaluating revenue share structures that mask rate-setting authority. Critical topics include transparent fee breakdowns, rate change authority, and whether platforms charge for technology or payment services.
Control over payment routing, processor selection, and transaction flow indicates operational control over payment acceptance (an ISO function).
Platform routing decisions versus merchant choice, exclusive processor relationships, transaction flow transparency, and aggregation structures all determine whether platforms provide neutral technology or control payment operations. Understanding merchant aggregation models helps you detect unregistered payment facilitator operations.
Underwriting merchants and managing risk are core ISO functions. Platforms making these decisions operate as ISOs.
This covers merchant application approval authority, ongoing risk monitoring control, reserve and fund hold decisions, and chargeback management responsibility. We distinguish acceptable risk tool provision from operational risk decision-making that constitutes ISO activity.
ISOs bear compliance responsibilities including scheme rules, Know Your Customer/Anti-Money Laundering (KYC/AML), and merchant monitoring. Platforms assuming these duties operate as ISOs.
Essential verification includes card scheme registration status, compliance program ownership, regulatory reporting obligations, and indemnification structures that reveal true risk allocation. Appropriate technology provider registration differs from ISO positioning, and compliance representations to merchants are determinative.
Read the complete detection framework →
Organizations that implement these assessment protocols gain:
Regulatory protection
Clear evidence that your platform classification validates card scheme requirements and ISO registration compliance, reducing regulatory examination exposure.
Accurate risk allocation
Proper identification of platforms operating as ISOs, verification of appropriate registration and oversight, and correct liability allocation before onboarding begins.
Operational efficiency
A systematic assessment framework and documentation requirements that your team can apply consistently, eliminating classification errors and repeated compliance failures.
Informed onboarding decisions
Evaluation methodology that accounts for merchant relationship control, pricing authority, and risk management allocation specific to platform merchants.
Defensible classifications
Documentation standards that demonstrate due diligence to regulators, card schemes, and internal stakeholders when classification questions arise.
When evaluating whether a platform is operating as an ISO, ask:
"If the acquirer stopped working with this platform tomorrow, would the merchants know who to contact to continue accepting payments?"
If yes (because merchants have direct acquirer relationships, understand the acquirer provides payment services, and can transition to another platform without losing payment acceptance), the platform is likely operating as a technology provider.
If no (because merchants think the platform is their payment provider, have no relationship with the acquirer, and would lose payment acceptance if they left the platform), the platform is operating as an ISO regardless of how they are labeled.
This question captures the essence of ISO operations: merchant relationship ownership and operational control.
Ballerine provides the infrastructure to make platform classification systematic: automated monitoring of how platforms present themselves to merchants, ecosystem mapping to reveal platform merchant relationships and operational patterns, and continuous compliance verification to detect when platforms evolve from technology providers into de facto ISOs post-onboarding.
Our merchant monitoring capabilities maintain visibility across your platform portfolio, detecting operational changes that shift risk profiles. When platforms add rate control, expand into underwriting, or take over merchant relationships, these changes are identified before regulatory exposure accumulates.
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.png)
