Merchant onboarding

Merchant onboarding is the process by which a payment service provider (PSP), acquirer, or payment facilitator evaluates and enables a business to accept electronic payments. This includes verifying the merchant's identity, assessing regulatory compliance, evaluating business risk, and setting account parameters before the merchant can process transactions.

‍

‍

‍

Why Merchant Onboarding Is a Critical Challenge

‍

Effective onboarding is the first line of defense against financial crime, chargeback liability, and regulatory exposure. Poor onboarding decisions allow high-risk merchants into the payments ecosystem, leading to financial losses, brand reputational damage, and potential regulatory action. However, overly restrictive onboarding creates friction, rejects legitimate businesses, and undermines revenue growth.

‍

Key challenges include:

• Balancing speed and diligence: Merchants expect fast approvals (often within hours), but thorough risk assessments require time and investigation.
• Identifying hidden risk signals: Bad actors conceal their true business models through misleading documentation, shell companies, or obscured ownership structures.
• Incomplete or falsified documentation: Merchants may submit forged business licenses, fake URLs, or temporary websites designed to pass initial screening.
• Multi-entity ecosystems: A merchant may operate multiple storefronts across different domains, jurisdictions, or legal entities, making it difficult to assess true risk exposure.
• Regulatory variation across jurisdictions: Know Your Customer (KYC) and Anti-Money Laundering (AML) requirements differ by country and payment network, complicating standardization.

‍

‍

‍

How to Build an Effective Merchant Onboarding Process

‍

We recommend a structured approach that integrates automated screening, manual review triggers, and continuous data validation.

‍

‍

1. Establish Clear Risk Tiers and Decisioning Criteria

Segment merchants by risk category (low, medium, high) based on factors such as industry vertical, transaction volume, chargeback history, and geographic location. Define approval thresholds, required documentation, and escalation paths for each tier. For example, a low-risk Software-as-a-Service (SaaS) provider with recurring billing may require only basic identity verification, while a high-risk gambling operator requires enhanced due diligence, bank reference letters, and processing history.

‍

‍

2. Verify Identity and Business Legitimacy

Confirm that the business entity exists, is registered with the appropriate government authorities, and is owned by the individuals or entities claimed. This includes cross-referencing business registration numbers, tax identification numbers, and Ultimate Beneficial Owner (UBO) declarations against official registries. Verify that the provided website matches the registered business name, contains functional contact information, and displays transparent terms of service and refund policies.

‍

‍

3. Map the Merchant's Ecosystem

Identify all related storefronts, domains, and legal entities operated by the same ownership group. This includes checking WHOIS records, shared payment gateway integrations, common IP addresses, and overlapping contact details. We see many cases where a merchant operating a declined or high-chargeback site attempts to onboard a separate domain under a different legal entity but with the same underlying ownership.

‍

‍

4. Conduct Automated Risk Screening

Use automated tools to check the merchant against sanctions lists, Politically Exposed Person (PEP) databases, adverse media sources, and card scheme monitoring programs such as the Mastercard Merchant Monitoring Program (MMP) or Visa's Global Brand Protection Program. Flag merchants with prior terminations, excessive chargebacks, or links to fraudulent activity. Automated screening reduces manual workload and ensures consistent application of risk criteria.

‍

‍

5. Set Monitoring Triggers for Post-Onboarding Surveillance

Onboarding is not a one-time event. Configure alerts for changes in transaction patterns, chargeback ratios, website content, or ownership structure. Trigger re-reviews when a merchant exceeds pre-set thresholds or when external data sources flag new risk signals. Effective merchant monitoring catches risk that was not visible at onboarding.

‍

‍

‍

Strategic Context: The Business Impact of Onboarding Decisions

‍

Poor onboarding leads to direct financial losses through fraud, chargebacks, and regulatory fines. Payment facilitators and acquirers are liable for the transactions they enable, and card schemes hold them accountable for merchant misconduct. In cases of repeated violations, schemes may impose penalties, increase reserve requirements, or terminate the provider's sponsorship.

‍

Beyond financial risk, onboarding failures damage brand reputation and erode trust with downstream partners. A marketplace that onboards fraudulent sellers creates a poor buyer experience and faces reputational consequences. Similarly, a bank that approves high-risk merchants without adequate diligence may face regulatory scrutiny and increased compliance costs.

‍

Conversely, overly restrictive onboarding alienates legitimate businesses, slows revenue growth, and pushes merchants to competitors. Striking the right balance requires risk-based decisioning, clear policies, and continuous refinement based on performance data.

‍

‍

‍

Real-World Example: Detecting a Hidden Multi-Domain Merchant Network

‍

A payment facilitator received an application from a business claiming to sell fitness supplements through a newly registered website. The submitted documentation included a valid business license and a functional e-commerce site with professional branding.

‍

However, during the merchant underwriting process, the compliance team identified several risk signals:

• The domain was registered two weeks prior to the application, suggesting a recently created storefront.
• WHOIS records revealed shared nameserver configurations with three other domains, two of which had been flagged for excessive chargebacks in prior months.
• The business owner's email address matched the contact information for a merchant previously terminated by another acquirer for policy violations.

‍

Based on these findings, the facilitator declined the application and flagged the associated domains and ownership details in their internal risk database. Three months later, another application was submitted under a different business name but with overlapping ownership and similar website infrastructure. The prior flagging allowed the team to reject the application immediately.

‍

This example illustrates the importance of ecosystem mapping and cross-referencing historical data during onboarding.

‍

‍

‍

How Ballerine Supports Merchant Onboarding

‍

Ballerine provides an end-to-end platform for merchant onboarding, combining automated risk screening, ecosystem mapping, and configurable decisioning workflows. The platform verifies business legitimacy, identifies related entities, and flags high-risk signals in real time. Risk teams can customize approval criteria, automate low-risk approvals, and escalate complex cases for manual review. By consolidating data from multiple sources, including business registries, sanctions lists, and proprietary risk databases, Ballerine accelerates onboarding while maintaining compliance and reducing exposure to fraud.

‍