Bulletproof Your
Payments
The field guide for high-risk subscription merchants. Every rule here exists because a real merchant skipped it and lost their processing account. Follow them and you keep processing. Skip them and you inherit the same outcome.
What's Covered
- Use structure/function language — describe what a product supports, never what it cures or treats.
- Remove fake “doctors,” FDA-approval claims, and unverifiable badges before the card networks’ scanners find them.
- Publish real COAs and genuine Trustpilot badges to build legitimate trust.
- Make every landing-page promise match your Terms & Refund policy word-for-word.
Compliant Language and Claims
Your checkout site is the first point of evaluation during a merchant review. Underwriting teams continuously audit active stores to identify compliance violations. High-risk verticals like supplements, coaching programs, subscription-based services, and trial-based offers face the most scrutiny. Using the wrong phrasing on a website can result in an immediate application denial or a sudden account suspension.
Shutdown Risk
Disease claims, fake FDA approval badges, and stock-photo "doctors" with no real credentials are immediate underwriting triggers. Visa and Mastercard's monitoring programs scan for these constantly. Getting caught means holds, reserve increases, or MATCH listing.
Frame your copy around supportive benefits. Focus on what the product supports, not what it treats or cures. Maintaining accuracy and caution with every claim protects your merchant standing.
Copy Auditing Matrix
| Kills Your Account | Protects Your Processing |
|---|---|
|
"Cures diabetes"
|
"Supports healthy blood sugar levels already in normal range"
|
|
"FDA Approved"
|
"Made in an FDA-registered facility" / "GMP certified"
|
|
"Detoxes parasites"
|
"Supports the body's natural digestive cleansing process"
|
|
"Burns fat fast"
|
"Supports your body's natural metabolism"
|
|
"Works with GLP-1 drugs"
|
"Supports your body's natural GLP-1 pathway"
|
|
Deceptive stock doctors / unqualified clinical claims
|
Verified, licensed medical practitioners with active credentials on file
|
|
"Third-party certified" (without docs)
|
Same claim - with COA on file to back it up
|
Fake Endorsements
Clinical & Sourcing Verification Audit
Deceptive Stock Doctor Endorsement
Underwriting Verdict: Stock imagery, unsupported medical claims, and unverified seals. Instant account rejection.
Verified Credentials & COAs
Underwriting Verdict: Public batch logs and GMP documentation. Onboarding approved.
COA & Sourcing Transparency
Bulletproof Your Setup: Sourcing Transparency
Build a public Transparency Directory linked in your footer. Host third-party Certificates of Analysis (COAs) for every product batch, GMP manufacturing proof, sourcing details, and active FDA facility registration links. Underwriters reward this with faster approvals and higher processing limits.
Trustpilot Badge Compliance
Ensure all displayed online reviews are genuine. Link directly to your live Trustpilot profile rather than using static, unlinked graphics. Display your actual rating and review counts honestly without inflating the numbers.
Deceptive Static Badge
Underwriting Verdict: Displaying an inflated review count that contradicts your live profile.
Transparent Directory Link
Underwriting Verdict: Authentic review badges linked directly to an active, verified profile.
Policy Templates
Every eCommerce store must maintain clear and accessible legal documents, including a Refund Policy, Privacy Policy, Terms of Service, and Shipping Policy linked in the website footer. If you run a recurring billing model, a standalone Subscription Policy is required. Similarly, service providers, appointment-based models, live events, ticketing, and custom order businesses must publish a distinct Cancellation Policy. Underwriting teams require these core policies to be clearly visible in your website footer. Linking them throughout the checkout flow and including them in transaction emails is a recommended best practice to maximize account stability.
Shutdown Risk
A missing or buried cancellation policy fails underwriting instantly. Card networks also require your physical business address displayed clearly inside every policy document.
Auditing Standard: Address Consistency
Processors verify your corporate address appears in both your policy pages and your global footer. A mismatch or missing address means instant application rejection.
Copy the template below and publish it at `/pages/subscription-policy`. The email, phone, and physical address must match your merchant account filings exactly.
Template 1: Subscription & Cancellation Policy
[INSERT BRAND NAME] - SUBSCRIPTION & CANCELLATION POLICY
Last Updated: June 1, 2026
At [INSERT BRAND NAME], we stand behind every purchase. This policy covers your rights and obligations for returns, refunds, and exchanges.
1. Eligibility for Returns & Refunds: We accept return or refund requests for most physical products within ninety (90) days of delivery, subject to the conditions below:
- Customers are responsible for all return shipping fees.
- The item must be unused, in the same condition in which it was received, and returned in its original packaging.
- Proof of purchase (order number or receipt) must be provided.
- Exclusions: Opened supplements or consumable products (due to safety and quality control standards), gift cards, opened health or personal care items, and marked final sale/clearance items are not eligible for return or refund.
- After 90 days from delivery, no refunds, returns, or exchanges will be accepted under any circumstances.
2. How to Request a Return or Refund: To initiate a return, contact our support team at support@yourbrand.com. Once approved, we will provide instructions and the return address. Please do not send items back without prior authorization.
3. Refunds: Upon receipt and inspection of your return, we will notify you of the status. Approved refunds are issued to the original payment method within 5-10 business days. Refunds cover the product cost only; original shipping charges are non-refundable.
4. Subscription Cancellations: If you are enrolled in a subscription, you may cancel at any time using one of the options below:
- Option 1 (Online Portal): Click the "Manage Your Subscription" link available in your confirmation email or on our website. Enter your email, and follow the prompts to cancel instantly.
- Option 2 (Support Email): Email us at support@yourbrand.com requesting manual cancellation. Include your full name, shipping address, order number, and registered email address.
- Timing: Cancellation requests must be submitted at least twenty-four (24) hours prior to your scheduled billing date to avoid being charged for the next scheduled shipment.
5. Disputes & Chargebacks: Before filing a chargeback or payment dispute, please contact our support team so we can resolve the issue directly. We are committed to resolving all concerns in compliance with Stripe, PayPal, and gateway processing policies.
6. Customer Support:
Support Email: support@yourbrand.com
Support Number: +1 (800) XXX-XXXX
Link this at `/pages/subscription-policy`. Ensure the email, phone, and physical address are exact and match your merchant account filings.
Template 2: Privacy Policy
[INSERT BRAND NAME] - PRIVACY POLICY
Last Updated: June 1, 2026
Thank you for using [INSERT BRAND NAME]'s online resources and for viewing this Privacy Policy. This policy gives notice about the types of personal information we collect, how we use it, and who we share it with and why.
1. Important Vocabulary:
- "Company", "we", "us", or "our": Refers to [INSERT BRAND NAME] / [INSERT CORPORATION NAME].
- "Personal Information": Means any data that can be used to distinguish, trace, or discover your identity.
- "Online Resources": Means all websites, subdomains, and funnels linking to this Statement.
2. How We Collect Personal Information:
- Voluntary Submissions: We collect data you give us when creating accounts, making purchases, signing up for newsletters, sending emails, or contacting support.
- Automatic Collection: When you use our site, information about your device, browser, and internet activity (IP address, pages visited) is automatically collected via tracking tools like cookies.
- External Sources: We obtain data from third-party advertising partners, marketing databases, and social media platforms where you interact with our brand.
3. Types of Personal Information Collected:
- General Identifiers: Real name, IP address, shipping address, email address, phone number.
- Commercial Information: Records of products purchased, billing logs, and consuming histories.
- Internet Activity: Browsing history, checkout interactions, search queries on our online portals.
- Audio/Visual Logs: Recordings of customer support calls for quality and compliance checks.
4. How We Use the Personal Information: We use your data for legitimate business purposes including: transaction processing, performing contracts, delivering promotional offers, improving website experience, security monitoring, debugging, and customer service.
5. Secure Token Vaulting: We process credit card transactions using PCI-compliant payment gateways. All recurring billing credentials are encrypted and stored in secure tokens within gateway vaults (NMI/Authorize.net). We do not store raw card numbers on our storefront servers.
6. Sharing Personal Information: We may share personal information with corporate affiliates, operations support vendors, customer support partners, software/technology hosts, payment processors, and marketing networks. In some jurisdictions, marketing transfers may count as "selling" or "sharing" data under CCPA. You have the right to opt-out.
7. Do Not Track & Global Privacy Control (GPC): While we do not respond to browser "Do Not Track" (DNT) signals, we honor Global Privacy Control (GPC) signals as valid requests to opt-out of sales/sharing where legally required.
8. Your Privacy Rights: Depending on your location, you may have the right to know, delete, correct, opt-out of data selling, withdraw consent, or appeal privacy decisions. To exercise these rights, email us at support@yourbrand.com.
9. EU GDPR Obligations: For individuals in the EU/UK, we process data based on consent, performance of contracts, or legitimate interests. You have the right to erasure, portability, restriction, and lodging complaints with a data protection authority.
10. Promotional Messages (SMS & Email): By subscribing to promotions, you authorize email/SMS communications, including automated dialer text messages. To unsubscribe from emails, use the link provided. To opt-out of SMS, text "STOP" to any of our messages.
11. Contact Information:
[INSERT BRAND NAME] Compliance Office:
[INSERT BUSINESS PHYSICAL ADDRESS]
Email: support@yourbrand.com
Template 3: Terms of Service
[INSERT BRAND NAME] - TERMS OF SERVICE
Last Updated: June 1, 2026
IMPORTANT NOTICE: PLEASE READ THESE TERMS CAREFULLY BEFORE ACCESSING, USING, OR PLACING AN ORDER. THESE TERMS CONTAIN BINDING ARBITRATION, CLASS ACTION WAIVERS, AUTOMATIC SUBSCRIPTION TERMS, AND LIMITATIONS OF LIABILITY.
1. Acceptance of Terms: These Terms of Use and Conditions of Sale govern your access to the website, purchases, and auto-ship subscriptions offered by [INSERT BRAND NAME] ("Company", "we", "us"). By using the website, you warrant that you are at least 18 years old, have legal capacity, and purchase products for personal use only.
2. Electronic Assent & Clickwrap Consent: Your affirmative actions, such as checking unchecked boxes or clicking accept buttons during checkout, constitute your legally binding electronic signature and assent.
3. Subscriptions, Automatic Renewals, and Billing:
- Enrolling in a subscription establishes a billing contract.
- You authorize recurring charges (e.g., $49.99 billed every 30 days) to the card on file.
- Auto-ship subscriptions renew automatically. To avoid renewal charges, cancellation must be completed at least 24 hours prior to the next billing date.
4. Product Information & FDA Disclaimer: All products are sold for personal use. Products and claims made on this website have not been evaluated by the FDA. Products are not intended to diagnose, treat, cure, or prevent any disease. Information on the website is not medical advice.
5. Limitation of Liability: Under no circumstances shall [INSERT BRAND NAME] or its affiliates be liable for indirect, incidental, special, or consequential damages arising out of your website access, purchase, or product usage. Our total liability is capped at the amount paid by you for the specific product purchased.
6. Claims Limitation: You agree that any claim or cause of action arising out of your transaction or website access must be filed within one (1) year after the claim arose, or be forever barred.
7. Dispute Resolution & Binding Arbitration:
- You agree that any dispute relating to purchases, subscriptions, or site access will be resolved through individual binding arbitration.
- Class Action Waiver: You waive your right to participate in any class-action lawsuit.
- Mass Action Waiver & Batching: If 25 or more similar claims are filed, they will be batched into groups of 10 for arbitration to control fees and ensure speedy resolutions.
- Jury Trial Waiver: You waive your right to a trial by jury.
8. Corporate Office Address:
[INSERT BRAND NAME] is operated by [INSERT CORPORATION NAME]:
[INSERT BUSINESS PHYSICAL ADDRESS]
Email: support@yourbrand.com
Template 4: Shipping & Delivery Policy
[INSERT BRAND NAME] - SHIPPING & DELIVERY POLICY
Last Updated: June 1, 2026
1. Order Processing: All orders are processed, packaged, and prepared for carrier dispatch within one to two (1-2) business days (excluding weekends and major national holidays). You will receive a confirmation email once placed, and a shipping notification once shipped.
2. Shipping Timelines & Rates: We offer fast and reliable shipping on all orders. You can expect standard delivery within five to fourteen (5-14) business days depending on your location, shipped via reliable carriers (such as USPS Ground Advantage).
3. Tracking Your Order: Once shipped, you will receive a carrier tracking number via email. Please allow up to 24 hours for the tracking link to update in carrier systems.
4. Lost or Delayed Orders: If your order has not arrived within seven (7) business days of the expected delivery date, please contact us at support@yourbrand.com, and we will assist.
5. Support Directory:
Support Email: support@yourbrand.com
Support Number: +1 (800) XXX-XXXX
Bulletproof Your Setup
Synchronized Footer Links. Confirm every footer link is live. Business name, phone, LLC, and physical address must be identical across every policy page. Any mismatch fails the audit.
Policy Alignment
Ensure all marketing promises and landing page guarantees align with your published refund policy. Discrepancies between your website copy and legal terms increase dispute rates and chargebacks.
Mismatched Offers (Audit Failure)
Underwriting Verdict: Deceptive advertising flag.
Synchronized Offers (Compliant)
Underwriting Verdict: Aligned. Passes underwriting verification.
Bottom Line
Get your site’s language and policies aligned and you clear the first underwriting gate, which is also the harshest. A large share of denials happen right here, so a clean site removes the most common reason to reject you.
Want a second set of eyes before underwriting does?
Claims, policies, and descriptors are read line by line when your MID is reviewed, and the details that trigger a decline are easy to miss on your own store. Book a call and our team audits your site against current card network standards, learns how your business actually operates, flags the exposures that matter for your industry, and maps the fixes in order of risk.
Book a call with Compaytence- Require active consent: Ensure customers actively choose subscription options at checkout rather than using pre-checked boxes.
- Design transparent funnels: Avoid negative option billing structures and hidden terms to prevent customer confusion.
- Define terms at checkout: Display clear billing frequencies, amounts, and cancellation steps in plain language.
- Standardize transactional communications: Deliver automated welcome, renewal, and shipping emails on time.
- Implement order tracking: Attach valid carrier tracking to every delivery to prevent non-receipt disputes.
Subscription Opt-In
Pre-checking subscription boxes at checkout is a high-risk practice for merchants. Customers who do not consciously enroll often dispute subsequent charges as unauthorized, because to them, they are. When this happens, you ship product, absorb a chargeback fee, and face a spiking dispute rate that draws processor scrutiny.
Compliance Risk
Pre-checked subscription boxes, terms in tiny font, and mismatched trust badges are standard compliance violations.
Pillar 1: Exceptional Public Trust Score
Established brands with tens of thousands of verified customer reviews present a low risk profile. For these merchants, occasional checkout friction or customer disputes do not significantly impact their overall processing metrics.
Pillar 2: Long-Standing Transaction History
High-volume brands with years of consistent transaction history and dispute ratios below 0.2% build long-term credibility. Scaling merchants with under a year of processing history face stricter risk assessments and have less operational flexibility.
Pillar 3: Massive Support Firewall
Large-scale brands maintain dedicated support teams to resolve customer issues immediately. If your support response time is delayed, customers are more likely to contact their bank directly, resulting in avoidable chargebacks.
Pillar 4: Advanced Gateway Redundancy
Established brands route transactions across multiple redundant gateways. If one merchant account experiences elevated dispute levels, backup accounts prevent processing disruptions.
Pre-Checked Opt-Ins
Risk Assessment: Enrolls customers without explicit consent.
Explicit Selection Flow
Risk Assessment: Confirms explicit customer consent, ensuring processing stability and compliance.
Bulletproof Your Setup
Subscription checkboxes: unchecked by default. Terms visible in standard font at checkout. Build real Trustpilot and BBB scores through legitimate post-purchase campaigns. Transparency protects processing.
Negative Option & Funnel Structures
Negative option billing, where customers are charged automatically unless they actively reject the offer, remains a major focus for regulatory enforcement and card network compliance. When a customer does not recognize a recurring charge or cannot easily stop it, they frequently file a payment dispute. At scale, negative option structures often produce high dispute rates that can lead to processing restrictions. To mitigate this risk, merchant underwriters prefer subscription models that require a clear, unchecked active opt-in.
Forced continuity, such as converting a free trial into a paid subscription, represents another area of high dispute exposure. If a customer is charged the full recurring rate after a trial period without clear notice, the subsequent charges are often disputed. Card networks recommend presenting the exact billing dates and amounts prominently before the trial ends. Obtaining clear, active consent before billing begins helps ensure a compliant relationship.
Aggressive post-purchase upsells can also inadvertently commit customers to subscription billing agreements they did not intend to make. Even when terms are included, presenting multiple upsell screens without clear choices can generate customer complaints. A compliant funnel flow should feature distinct opt-ins for each subscription offer, clear notifications of billing dates prior to charges, and automated confirmation receipts detailing the exact agreements.
High-Risk Funnel Pattern
- Pre-checked subscription boxes at checkout
- Buried trial details with billing timelines in fine print
- Multiple one-click subscription upsell screens without separate consent
- No pre-billing reminders
- Restricted cancellation options
Compliant Funnel Flow
- Unchecked subscription checkboxes for explicit opt-in
- Prominently displayed trial billing schedules
- Separate confirmation steps for upsells
- Pre-billing reminder notifications delivered 3 to 7 days before recurring transactions
- 24/7 self-serve cancellation access
Term Bubbles & Checkout Clarity
A common source of subscription chargebacks is customers who forget they enrolled and fail to recognize subsequent billing statements. While these are often simple misunderstandings, they can escalate into serious fraud-related chargebacks that negatively impact your processing portfolio.
Checkout Term Bubbles & Opt-In Clearances
Display subscription terms where customers cannot miss them. Use prominent term bubbles next to checkout options to ensure the customer clearly understands the billing frequency and recurring amount. Here is an example of a compliant setup:
Pre-Billing Email Flows
Surprising customers with an unexpected charge is an easy way to trigger disputes. If you skip pre-billing reminder emails, customers are much more likely to dispute the charge immediately. Sending consistent reminders before they are charged keeps everything transparent and reduces customer confusion. You should also include a direct link to their subscription profile in the email, so they can easily cancel or adjust their plan if they don't want to pay again.
Premium Subscription Email Flows
Hi there,
Your order has been received! Below is your checkout summary.
Hi there,
Your subscription is active! Below are your recurring details.
Hi there,
This is a quick heads up that your upcoming recurring charge is scheduled to hit soon.
Bulletproof Your Payments
Order confirmation emails should list subscription terms and billing details clearly at the bottom, even for one-time purchases that include a subscription cross-sell. Deliver pre-billing emails exactly 3 to 7 days before recurring charges, providing a direct link to manage or cancel the plan. The cancellation process should be simple and seamless for the customer.
Shipping, Tracking & Delivery Alignment
Deceptive delivery claims and delayed shipments drive chargebacks. When customers have no visibility into their package's status, they may think their order has not arrived and file a dispute.
Shipping Delays
Vague shipping promises or delays past your stated delivery window cause disputes. If you advertise 5 to 7 business day delivery but fulfillment takes four weeks, it frequently results in "order not received" chargebacks, which is one of the major causes of merchant account issues.
Sourcing & Shipping Guidelines
Clear Timelines
State your processing time (e.g., 2 business days) and a clear delivery window (e.g., 5 to 7 business days). Match exactly what your policy pages say.
Automated Tracking
Use Zendrop or a shipping platform to send automated updates at fulfillment, in-transit, and delivery.
Mandatory Proactive Delay Alerts
Automated Alert Email Flow: If fulfillment slips more than 48 hours past your stated window, trigger an alert email immediately. Tell the customer why, and give them one-click options to pause billing, request a new date, or cancel. Proactive communication kills shipment disputes.
Visual Package Delivery & Tracking Interface
Order Tracking: #CMP-8392
Order Placed & Confirmed
Subscription terms accepted & payment authorized
Fulfillment & Batch Packing
Lot #GMP-829 COA verified and loaded in shipment box
In Transit (USPS Facility)
Tracking ID: 9400111899562918839210
Package Delivered
Out for local courier drop-off
Bulletproof Your Shipping
Automate your shipping tracking notifications and provide customers with honest, specific delivery timelines. Proactive communication is a highly effective way to prevent disputes before they occur.
Fulfillment & Tracking Partner
Checkout Solutions
The checkout and subscription platforms we put merchants on to run everything above compliantly. These systems manage your offers, route your billing across MIDs, and keep your funnels clean.
Third-Party Checkout & Subscription Platforms
Sticky.io Subscription CRM
Run subscriptions, offers, and multi-MID billing on one CRM built for high-risk merchants.
Learn more
Phoenix Commerce OS
A unified commerce OS handling landing pages, checkout, payments, and billing for direct-response brands.
Learn moreBuild high-converting funnels and checkouts with upsells, subscriptions, and multi-gateway billing.
Learn more
Apptics Subscription App
Third-party Shopify app that adds subscription billing and retention tooling to your store.
Learn moreNative Shopify Apps
Bottom Line
A transparent checkout and honest, specific delivery timelines are your best dispute-prevention tools. When you automate shipping tracking notifications and communicate proactively, customers know exactly what to expect. Ensuring they understand what they agreed to helps disputes, including friendly fraud, drop on their own.
Building your checkout and subscription stack?
Sticky.io, Phoenix, Loop, Checkout Champ, and Apptics each fit a different platform and billing model, and the right one depends on how you run offers and route MIDs. Book a call and we will learn how your funnel works, match your checkout and subscription stack to your business, and board you with partner pricing and a dedicated account manager.
Book a call with Compaytence- Monitor network ratios: Visa and Mastercard enforce strict dispute thresholds that can lead to fines.
- Set up chargeback alerts: Intercept disputes from card networks before they register.
- Set up automatic refunds: Resolve disputes inside the payment network to protect your chargeback ratio.
- Protect your processing: Keep your dispute rate low, as the chargeback ratio is the primary metric processors monitor.
Visa VAMP: The Unified Monitoring Program
It is a structural overhaul. Visa collapsed dispute monitoring (VDMP) and fraud monitoring (VFMP) into a single unified ratio. As a result, your dispute performance is evaluated as a single combined number, making the math harder to game.
The VAMP formula is: (All Disputes + TC40 Fraud Alerts) ÷ Total Settled CNP Transactions. The challenge is double-counting. A transaction flagged by both a TC40 alert and a formal dispute counts twice in the numerator. For subscription brands running high-frequency billing, this compounds quickly.
The merchant-level enrollment threshold is 1.5%. That drops to 0.9% for fraud-related activity. Your acquirer faces a 0.5% "Excessive" flag and a 0.3% "Above Standard" flag, meaning your bank has a strong incentive to offload your account before Visa forces the issue.
Compliance Risk
VAMP enrollment triggers a $10 fee per chargeback on top of standard processing costs. Enrollment can also result in reserve increases, delayed settlement, and account holds. Sustained enrollment can lead to account termination and being placed on the MATCH list.
Two exclusions are worth knowing: RDR-resolved disputes and Compelling Evidence 3.0 (CE 3.0) disputes can be excluded from the VAMP ratio. However, TC40 fraud alerts still count even when RDR is enacted. A transaction resolved through RDR drops from your dispute count, but if an issuing bank simultaneously files a TC40 fraud report on it, that TC40 stays in your numerator. You cannot auto-refund your way out of fraud alerts, which is why alert-only strategies are not sufficient. You need active interception and root-cause suppression.
Visa also runs Visa Account Attack Intelligence (VAAI), which tracks card-testing enumeration fraud through your checkout. VAAI operates independently of the VAMP ratio. If fraudsters run card tests on your site, it represents a separate exposure.
Bulletproof Your Payments
Run a tri-layered alert system: Ethoca for Mastercard, Verifi RDR for Visa, and CDRN for international coverage. Track your VAMP ratio monthly. Break chargeback data down by reason code to separate dispute-driven exposure from fraud-driven exposure, because the fix is different for each. Fix your upstream policies (opt-in clarity, pre-billing emails, cancellation flows) to stop TC40 alerts from accumulating.
Mastercard SMMP: The Scam Merchant Crackdown
Mastercard SMMP (Scam Merchant Monitoring Program) represents a significant shift from traditional chargeback monitoring. Legacy fraud programs track stolen cards. SMMP tracks something harder to defend against: transactions that were technically authorized, but tied to deceptive business practices. The hard number: a combined refund and chargeback ratio above 5% puts you on Mastercard's radar.
In plain terms: SMMP is Mastercard's answer to the complaint they keep hearing: "I bought something, I got charged, but I feel deceived." No stolen card, no fraud dispute, just a feeling of being misled. Mastercard built a monitoring system to detect and act on those patterns at scale.
What gets merchants flagged: misleading subscription offers, deceptive ads, fake investment or coaching claims, confusing checkout flows, poor post-sale communication, and complaint spikes from new traffic sources. Mastercard also extends accountability to your entire acquisition chain. If your media buyers run misleading ads that generate complaints, that risk flows directly to your merchant account.
SMMP Trigger Checklist
If any of these apply to your business, you're an SMMP candidate:
- Subscription enrollment buried in checkout fine print or pre-checked
- Billing descriptors that don't match the brand customers recognize
- Cancellation policy is hard to find or requires phone calls only
- Sudden spike in complaints tied to a new ad campaign or affiliate push
- GRIP letters or fulfillment documentation requests from your processor
- Post-sale communication that doesn't reference the subscription or billing terms clearly
- Affiliate marketers or lead generators running unvetted ad claims on your behalf
- New merchant account with no processing history but high CNP volume
Acquirer Scrutiny: GRIP Letters
GRIP letters from your acquiring bank are often the first visible signal that SMMP-related review is underway. Once a processor requests fulfillment records, customer communication logs, or proof of marketing disclosures, the account is under elevated scrutiny. A merchant can have strong sales and a clean technical chargeback rate and still trigger SMMP flags if the business model appears designed to confuse customers.
Excessive Chargeback (ECM) and Excessive Fraud (EFM) Programs
In addition to SMMP, Mastercard runs two other primary compliance programs: the Excessive Chargeback Merchant (ECM) program and the Excessive Fraud Merchant (EFM) program. ECM tracks dispute volume using the Chargeback-to-Transaction Ratio (CTR), which is calculated as your current month's chargebacks divided by your previous month's settled transactions. A merchant enters ECM if they exceed 100 monthly chargebacks and a chargeback ratio between 1.5% and 2.99%, which escalates to High ECM (HECM) at 300 or more monthly chargebacks and a ratio of 3.0% or higher. EFM focuses specifically on fraud in eCommerce environments, triggering when a merchant has 1,000 or more eCommerce transactions, over $50,000 in monthly fraud claims, and a fraud ratio of 0.50% or higher. Mastercard generally prioritizes fraud monitoring over dispute ratios, meaning that managing chargebacks alone is not enough, as fraud performance receives just as much attention.
Why Refund Rates Matter
Refund rates aren't as dangerous as chargebacks, but they're an independent risk signal that processors and card networks both track. A high refund rate tells the processor your business has a structural problem. Either your product isn't meeting expectations, your shipping timelines are broken, or your sales process is too aggressive and customers are bailing after purchase.
Think of it this way: a refund is a customer telling you directly that something is wrong. A chargeback is the same customer telling their bank instead. Both point to the same root cause. Mastercard's SMMP is designed specifically to catch merchants who light up a business, run aggressive acquisition, and then see refund rates spike because the experience doesn't match the promise.
Refund Diagnostics
If your refund rate is climbing, do not ignore it. Analyze refund reasons by category (such as shipping delays or subscription confusion). Working backwards from these reasons helps you fix the root cause and maintain a healthy merchant standing.
Bulletproof Your Payments
Remaining compliant should involve demonstrating good faith at every step: requiring explicit opt-ins, using clear billing descriptors, publishing a direct cancellation portal, delivering pre-billing emails 3 to 7 days before recurring charges, and maintaining customer logs.
Chargeback Alerts: Your Last Line of Defense
Even when you run a clean operation, some disputes are inevitable. The goal is to catch them before they become formal chargebacks that impact your dispute ratio and processing history. A chargeback alert service intercepts the dispute from the card network before it registers, giving you a window to refund or resolve the issue directly. If you are interested in setting up chargeback alerts, reach out to our team at Compaytence, and we can assist you with the setup process.
Recommended Vendors
We prescribe four primary vendors for chargeback alert and fraud prevention services. Each handles both alert interception (catching disputes before they register) and front-end fraud screening (validating purchases as they happen). You don't need all four, but you need at least one active and configured.
Disputifier Chargeback Alerts
White-label platform with quick setup. Handles chargeback alerts and front-end fraud prevention in one dashboard, validating device fingerprints, purchase regions, and buyer behavior at the point of sale.
Learn more
Chargeblast Chargeback Alerts
Real-time chargeback alert platform. Intercepts disputes before they hit your processor's formal count and integrates with major gateways for automated resolution.
Learn more
Chargeback.io Dispute Management
Full-service chargeback management. Provides dispute intelligence, alert routing, and prevention analytics for subscription-heavy merchant portfolios.
Learn more
Chargemont Chargeback Alerts
Chargeback alerts and dispute prevention that intercept disputes before they register with your processor.
Learn moreFront-End Fraud Prevention
Front-end fraud tools prevent unauthorized transactions at checkout, whereas back-end alerts manage disputes after they occur. An effective fraud tool verifies more than card details. It should evaluate the customer's device, geographic location, and purchasing patterns. For instance, a transaction initiated from a new device in a country mismatching the billing address carries a different risk level than an order placed by a returning customer on their primary phone.
- Device Fingerprinting: Identifies the specific hardware used to place an order, allowing returning customers to build positive trust scores.
- Region Verification: Validates that the purchaser's IP address matches their billing profile and issuing bank location.
- Buyer Behavior Analysis: Examines cart activity, page navigation, and transaction velocity to flag anomalies such as automated card testing.
Descriptor Enrollment
To ensure alerts route correctly, billing descriptors should be registered and mapped to your alert provider. Unregistered descriptors will result in disputes bypassing interception and hitting your merchant account.
Bulletproof Your Payments
Integrating alert notifications directly with your payment gateway allows your system to issue refunds automatically. Setting up automated refunds for alerted transactions helps keep dispute ratios within safe limits.
Match your business to the right alert coverage
Disputifier, Chargeblast, Chargeback.io, and Chargemont each catch disputes at a different point in the flow, and the right mix depends on your processor, your average ticket, and where your chargebacks originate. Set them up through Compaytence and a dedicated account manager configures the alert routing, auto-refund rules, and fraud screening against your gateway — with partner pricing you would not get signing up on your own. Book a call and we will match you to the coverage that fits your volume.
Book a call with CompaytenceRDR & 90-Day PoC
A Note on RDR (Rapid Dispute Resolution)
Visa's Rapid Dispute Resolution (RDR) allows you to auto-resolve certain disputes by issuing automatic refunds before they hit your formal chargeback count. While this tool is useful, processors still track your raw underlying dispute data. RDR treats the symptom, so you should also identify and resolve the root causes of disputes.
New Merchant Tip: 90-Day Proof of Concept
Avoid scaling processing volume on day one. Spend the first 90 days running controlled, low transaction volumes to build a clean history of refunds, cancellations, and sub-1% dispute ratios. This history helps unlock higher processing limits, redundant gateway slots, and lower reserve requirements from underwriters.
Bottom Line
Staying under card network thresholds helps your business maintain a low risk profile. Alerts and RDR provide the necessary tooling to protect your processing.
Chargebacks get harder to manage as you scale
VAMP and SMMP thresholds, alert routing, RDR, and refund timing all interact, and one misconfigured piece can push your ratio into a monitoring program. Book a call and we will review your dispute data, learn where your chargebacks come from, and build a prevention system around how your customers actually buy so you stay clear of the card network programs.
Book a call with Compaytence- Adhere to compliant copy standards: The marketing claims governing your website govern your ads too. Avoid exaggerated claims and fake urgency.
- Maintain visual integrity: Never present synthetic, AI-generated imagery as authentic customer photos or real results.
- Prioritize authentic feedback: Build genuine reviews because fabricated ratings represent a substantial legal and processor risk.
Deceptive Ad Claims: What Gets Your Account Flagged
Marketing campaigns face strict oversight from multiple entities, including ad networks like Google and Meta, card networks, and federal regulators. When a customer files an order dispute, underwriting teams do not merely review your product page; they actively analyze the ad creative that drove the customer to your store. Because of this multi-layered scrutiny, the ad itself is often the starting point of a compliance review.
Under regulatory frameworks enforced by the FTC, marketing claims should focus on supportive structure and function benefits rather than promising cures or disease treatment. Using aggressive or misleading copy that overpromises results is a major driver of disputes. When customers feel misled by the initial ad, they are far more likely to contact their issuing bank directly instead of reaching out to your customer support team.
Card networks track the origin of these complaints. If chargeback trends show a spike linked to specific ad creatives or traffic sources, it triggers manual underwriting reviews and card network monitoring flags. Ensuring your promotional campaigns remain fully aligned with compliance standards protects your merchant standing and prevents payment account holds.
Ad Copy Audit Matrix
| Kills Your Account | Protects Your Processing |
|---|---|
|
"Store closing sale, everything must go! Buy now before it is too late!"
|
"End of season sale, shop our remaining stock while supplies last."
|
|
"Every item is carefully handmade by local artisans in Hungary." (when the product is actually drop-shipped from China)
|
"Sourced globally and manufactured in partnership with verified international suppliers."
|
|
"100% satisfaction guarantee: if you are not completely satisfied, we will issue a full refund instantly, no questions asked."
|
"See what thousands of satisfied customers have to say about our product quality and returns."
|
Shutdown Risk
When ad claims trigger card network scrutiny, the fallout is worse than a single account flag. Visa and Mastercard correlate complaint spikes with specific merchant descriptors. If your campaigns generate a wave of disputes, pattern analysis can place you in a monitoring program before your rate technically crosses the line. Rewriting ad copy costs nothing. Losing a merchant account costs everything.
AI-Generated Imagery: The New Red Flag
AI-generated before and after photos are increasingly detectable by advertising platforms, payment processors, and regulators. The FTC has issued guidance stating that synthetic imagery used to imply real customer results is deceptive advertising. If your ad shows an AI-generated transformation, regulatory agencies treat it as a misrepresentation of customer results, regardless of the product's actual efficacy.
Card networks utilize marketing documentation verification during chargeback reviews. When a customer disputes a transaction citing misleading visuals, the processor will request the original customer assets and consent documents. If those assets are synthetic, the dispute is extremely difficult to defend because you cannot produce a signed consent agreement for a synthetic persona.
As detection technologies improve, brands using synthetic customer imagery face elevated chargeback rates, regulatory scrutiny, and platform bans. Utilizing real user-generated content (UGC), authentic photos with written consent, and ingredient education should be prioritized to build sustainable long-term consumer trust.
High Risk: AI Before and After
Compliant: Authentic UGC with Disclaimers
Building Real Reviews
Maintaining strong, positive public review scores on directories like Trustpilot and the BBB is an important factor during card network reviews. Processing banks actively evaluate these platforms to gauge customer satisfaction. It is critical to avoid purchasing fake reviews, as auditors can check reviewer profiles against actual customer order history to verify authenticity.
Klaviyo Email Campaigns
Automating post-delivery review requests via Klaviyo helps generate a steady stream of authentic feedback to build your public score.
Incentive Programs
You should consider offering a 20% discount on subsequent shipments or a small gift in exchange for honest customer feedback.
Review Response Program
Responding professionally to both positive and negative reviews shows active complaint resolution, which helps prevent manual audit flags.
Bottom Line
Honest marketing isn’t just safer — it converts better over time and keeps your ad accounts and merchant accounts alive at once.
Your ads and your merchant account are reviewed together
The claims, imagery, and funnel structure that scale your revenue are the same ones card networks and ad platforms audit. Book a call and we will pressure-test your marketing against compliance standards, learn what drives your sales, and structure it to grow while your processing stays stable.
Book a call with Compaytence- Know who actually owns your payment tokens; on many platforms, it isn’t you.
- Plan migration so you can change processors without losing recurring customers.
- Recover reserves methodically when winding down a processor relationship.
The Token Problem: Why Shopify Will Destroy Your Recurring Revenue
When you run subscriptions on Shopify, you don't own your subscriber payment tokens. Shopify does. Every encrypted card credential that powers your recurring charges lives inside their proprietary ecosystem, not yours.
The moment Shopify flags, restricts, or terminates your account, those tokens vanish with it. In the nutraceutical space, that flagging happens. When it does, you lose your entire billing database instantly.
Shutdown Risk
If Shopify terminates your account, migrating your subscription list is nearly impossible. On a live but restricted account, a vault migration is slow and extremely difficult. On a banned account, Shopify will refuse to transfer token data. Your entire subscriber list, built over months, is gone.
Your subscription billing needs to live at the gateway level, not the platform level. Route through a third-party checkout provider that vaults token data directly inside gateways like NMI or Authorize.net. Platforms like Checkout Champ handle the operational layer, pulling subscription data, vaulting tokens at the gateway, and routing recurring transactions. You own the vault. Shopify owns nothing.
Bulletproof Your Setup
Own your token data or you don't own your subscription business. Gateway-level storage at NMI or Auth.net gives you complete redundancy. If a processor terminates you, swap in another processor. Your subscribers keep billing.
Gateways & Platforms That Vault Your Tokens
NMI Gateway
Gateway vaulting and network tokens that power recurring billing and portable card tokens.
Authorize.net Gateway
CIM token vault stores cards securely for recurring billing and reduced PCI scope.
Build high-converting funnels and checkouts with upsells, subscriptions, and multi-gateway billing.
Learn moreNot sure which gateway should hold your tokens?
Holding your card tokens on NMI or Authorize.net keeps your subscribers portable across MIDs, while Checkout Champ runs the funnel-side billing. Which one anchors your vault depends on your platform and how you route volume. Set it up through Compaytence and we migrate your existing tokens, configure the vault, and give you a dedicated account manager and partner pricing on the way in. Book a call and we will map it to your billing model.
Book a call with CompaytenceMigration Strategy
Making the Transition Without Killing Your Subscriptions
If you're already running subscriptions on Shopify, don't just turn it off. You have two ways to migrate safely:
Run in Parallel
Keep legacy subscriptions on Shopify while capturing all new subscribers in your gateway.
- Keep Shopify active for existing subscribers, letting them naturally wind down
- Route all new transactions to your new checkout provider
- New tokens are captured at the gateway level going forward
- Old subscriptions fizzle out on their own timeline
Duplicate the Storefront
Clone your brand frontend completely onto a parallel platform with native gateway checkout integrations.
- Keep the Shopify store live strictly for legacy subscribers
- Run a parallel version of the brand with the new checkout integrated
- Same domain, same premium branding, new independent backend
- Direct all new incoming traffic to the new version
Reserve Recovery & 90-Day Proof of Concept
Reserve Recovery Plan
If a platform shutdown has already occurred and your recurring tokens are locked, put together a Reserve Recovery Plan. Our team can build a compliance-first proposal for your processor, outlining your gateway vault structure to negotiate the release of held capital and the reactivation of your subscriber list.
Bottom Line
Being able to move your tokens means no processor can hold your recurring revenue hostage. That’s leverage every serious subscription business should hold.
Own your tokens before you need them
Migrating a subscriber vault, negotiating token ownership, and recovering reserves get far harder once a processor has already frozen you. Book a call and we will learn how your recurring billing runs and map your token and MID structure around it, so your subscribers stay portable as you grow.
Book a call with Compaytence- Qualify for a Tier 1 processor: Match your processor tier to your risk profile to set a high baseline approval rate and secure a stable processing environment.
- Manage declines with smart retry logic: Route failed transactions through cascading gateways to recover soft declines while avoiding hard decline retries.
- Use secure transactions: Leverage network tokenization, request full transaction data, and run front-end fraud screenings to maximize issuer approval rates.
- Optimize approval rates: Every point of authorization rate is revenue you already earned, meaning small gains compound.
Processor Tiers
Not all processors are built the same. One that handles tire shops and restaurants runs a completely different risk engine than one built for card-not-present subscription brands. We sort processors into three tiers, and the tier you land on decides your authorization rates, your fees, and the stability of your processing environment.
Tier 1: Top-Level Banks
Adyen, Checkout.com, Worldpay, Paysafe, and Nuvei. These are gated processors. To get in, you generally need $1.5M+ in monthly volume, 12+ months in business, sub-1% chargeback rates, and proof of product-market fit. Not everyone qualifies, and that's the point. Because they reject risky merchants at the door, issuing banks trust transactions routed through their BINs. On Tier 1, authorization rates consistently hit 85% to 95% for compliant subscription brands.
Some Tier 1 processors are the bank themselves. Adyen holds banking licenses in both Europe and the US, and Checkout.com is a principal member of Visa and Mastercard. When your transaction routes through their infrastructure, there's no middleman sponsor bank sitting in the chain.
Tier 2: Mid-Level Processors
PayPal, Shopify, Stripe, and Airwallex. These platforms are known to quickly onboard merchants and offer simple initial setups. However, they also rely on fully automated risk decisioning that can later place sudden shutdowns or rolling reserves on your account. A spike in disputes or fraud flags can trigger automated algorithms to freeze your funds or close your account without warning. For scaling brands, relying on a single Tier 2 setup represents a significant single point of failure.
While these platforms typically maintain card-not-present authorization rates of 80% to 90%, they are not a substitute for Tier 1 gateway setups. To protect your operations, you should use these processors as part of a multi-merchant account stack rather than your entire foundation.
Tier 3: High-Risk Processors
These processors specialize in gaming, crypto, adult, telehealth, and anything the Tier 1 and Tier 2 platforms reject. They waive volume requirements. They accept startups. They onboard merchants with elevated chargeback histories. The tradeoff is brutal.
Every processor has a sponsor bank behind it that actually acquires the transactions. Tier 3 sponsor banks carry huge aggregate risk from all the high-risk merchants they board. So when a cardholder checks out on your site through a Tier 3 processor, the issuing bank sees a BIN tied to fraud-heavy verticals. Even if your customer has funds and your business is clean, the bank declines as a precaution. On Tier 3, authorization rates routinely drop to 65% to 75%.
The Guilt-By-Association Problem
Tier 3 processors share BIN ranges with gambling sites, adult content platforms, and crypto exchanges. Issuing banks see this and flag the entire BIN. Your legitimate supplement subscription gets declined because it shares a payment rail with a casino. There's no appeal process. The only fix is getting onto a cleaner processor.
| Tier | Examples | Auth Rate Range | Access Requirements |
|---|---|---|---|
| Tier 1 | Adyen, Checkout.com, Worldpay, Nuvei, Paysafe | 85% to 95% | $1.5M+/mo, 12+ months, sub-1% CB rate |
| Tier 2 | PayPal, Shopify, Stripe, Airwallex | 80% to 90% | Quick onboarding, automated risk monitoring |
| Tier 3 | High-risk specialists (gaming, crypto, adult) | 65% to 75% | Minimal requirements, elevated fees |
Processors We Onboard Merchants To
Adyen Processor
In-house acquiring and smart routing across many countries, built to lift card approval rates.
Checkout.com Processor
End-to-end acquiring with machine-learning acceptance to raise approvals across 150+ currencies.
Airwallex Global Payments
Local-currency acquiring and accounts across 60+ countries to lift approvals and cut cross-border declines.
Nuvei Processor
Global acquiring and hundreds of local payment methods engineered to raise cross-border approval rates.
Not sure which processor tier fits you?
Your approval rate and your reserve terms come down to matching your business to the right acquirer and processor tier. Compaytence boards you across 30+ processor and acquiring relationships, preps your underwriting file, sets up each MID, and configures smart routing so volume keeps flowing if one processor pauses. Book a call and we will place you on the stack that fits your model and get you approved the first time.
Declines & Retry Logic
Every failed transaction returns a reason code from the issuing bank, and your entire dunning strategy depends on reading those codes correctly. Retry a hard decline and you waste money and damage your processor relationship. Ignore a soft decline and you lose revenue you could have recovered.
Hard Declines
Permanent failures. The bank won't approve this card under any circumstances.
| Reason Code | What It Means | Action |
|---|---|---|
| Lost/Stolen Card | Cardholder reported the card missing. Bank closed it. | Stop. Request new card from customer. |
| Invalid Card Number | Customer fat-fingered the card number at checkout. | Show inline error: "Card number is incorrect." |
| Expired Card | Card passed its expiration date. | Prompt for updated card details. |
| Incorrect CVV | The 3-digit security code doesn't match. | Show inline error: "CVV is incorrect." |
| Restricted Card | Card type is restricted for this transaction type. | Request alternate payment method. |
Soft Declines
Temporary failures. The bank isn't saying no permanently. It's saying "not right now" or "give me more information." These are recoverable.
| Reason Code | What It Means | Action |
|---|---|---|
| Insufficient Funds | Customer doesn't have the balance to cover the charge. | For subscriptions, retry in 3 to 7 days via the dunning flow. |
| Do Not Honor | Issuer declined with no specific reason. Most common soft decline. | Retry in 24 to 48 hours. If using Tier 3 processor, this may be BIN-level distrust. |
| Suspected Fraud | Transaction flagged by issuer's fraud model. | Trigger 3DS/SCA challenge. If customer passes, resubmit. |
| Authentication Required | Bank requires Secure Customer Authentication (3DS2). | Send SMS or biometric challenge, then resubmit with auth data. |
| Transaction Limit Exceeded | Customer hit their daily or per-transaction spending cap. | Retry next business day. Common on corporate and prepaid cards. |
| Issuer Unavailable | The issuing bank's system is temporarily down. | Retry in 1 to 2 hours. Not a customer issue. |
High-Risk Processor Warning
If you're on a Tier 3 high-risk processor, you'll see far more "Do Not Honor" and "Suspected Fraud" soft declines than normal. Even after you add 3DS challenges and extra cardholder data, the issuing bank may still refuse the transaction because of the processor's BIN reputation. Retry logic won't fix that. The only solution is moving to a cleaner payments stack.
Initial Purchase Cascading
When a new customer gets a soft decline on your primary MID, cascade the transaction to a secondary MID. If it fails there, cascade to a third. You waterfall down until it approves or fails on all available processors. Platforms like Checkout Champ, Phoenix, and custom gateway routing rules support this natively.
Only cascade soft declines. If the decline code is "Lost/Stolen Card" or "Invalid Card Number," don't cascade. The card is dead. Pushing a known-bad card through three more processors just burns your relationships with all of them.
Never Cascade Subscription Rebills
Don't cascade recurring charges to a different processor than the one that approved the original purchase. When a customer subscribes through Processor A, their card token lives in Processor A's vault. Moving that rebill to Processor B forces re-tokenization, which breaks the chain of trust. The issuing bank sees a brand-new merchant trying to charge the card and declines it. Keep every rebill on the original processor.
Subscription Dunning Strategy
For recurring subscription charges that fail (insufficient funds, transaction limits, issuer unavailable), build a dunning schedule inside your subscription platform. Space retries strategically.
- Day 1: First attempt fails. Send the customer an email: "Your payment didn't go through. Update your card to keep your subscription active."
- Day 3: Second attempt. Many insufficient funds issues resolve after a paycheck cycle.
- Day 7: Third attempt. Send a final warning email with a direct link to update payment info.
- Day 14: Final attempt. If this fails, cancel the subscription and send a winback email.
Secure Transaction Data
Submitting enriched and verified cardholder data is one of the most effective ways to build issuer trust and raise approval rates. Gated networks expect modern security signals to validate transactions.
Data Enrichment for Higher Approvals
The more data you send with a transaction, the more likely the issuing bank approves it. Collect and transmit all of the following at checkout:
- Network Tokenization: Swap standard credit card numbers for secure network tokens provided directly by Visa and Mastercard. This keeps card details updated automatically and improves approval rates by 2% to 3%.
- Full AVS Data: Collect and transmit the customer's billing street address and ZIP code. Partial Address Verification Service (AVS) matches are declined more frequently.
- CVV/CVC Verification: Require the security code on the back of the card at initial purchase. While you should never store this data, sending it with the initial transaction is essential.
- Device Fingerprinting: Link each transaction to a unique hardware fingerprint. When returning customers buy from a verified device, their transaction approval rates increase.
- IP Geolocation: Confirm the customer's IP address matches their billing profile and card-issuing location to reduce transaction risk.
- 3DS2 / SCA Challenges: Implement Secure Customer Authentication challenges. While required in Europe, running 3DS2 selectively on high-risk domestic transactions significantly reduces suspected fraud declines.
Bulletproof Your Payments
A secure payment foundation relies on complete data transmission. Combining network tokenization with full billing verification and selective 3DS2 challenges ensures issuing banks recognize and approve your transactions. Enriched data is the most reliable way to increase your baseline approval rates.
The ROI of Authorization Optimization
Every point of authorization rate represents revenue you already paid to acquire. Transitioning to a gated Tier 1 processor and configuring cascading gateways can recover 10% to 15% of declined transactions. For a merchant processing $1,000,000 monthly, this optimization can secure $100,000 to $150,000 in additional revenue without any additional marketing spend.
Bottom Line
Improving authorization rates is the fastest way to increase profitability. By aligning your business with Tier 1 requirements, routing soft declines intelligently, and transmitting enriched customer data, you maximize transaction approvals and protect your bottom line.
Approval rates are won across your whole stack
Decline codes, retry logic, processor tiers, and MID redundancy all move your authorization rate, and small routing changes compound at volume. Book a call and we will go deep on your current setup, pinpoint where transactions are dropping, and build the redundancy that keeps revenue flowing when a processor tightens up.
Book a call with Compaytence- Bill customers in their local currency to cut cross-border declines.
- Know when a Merchant of Record makes sense versus running your own entities.
- Get KYC/KYB right - clean ownership docs prevent payout holds.
- Match your legal entity name to your bank account exactly to avoid suspended payouts.
Local Currencies
Set up your corporate entity where your customers actually live. Processing internationally on a single entity can push currency conversion fees onto your buyers, inflate interchange rates, and trigger high decline volumes. As a standard operating threshold, you should apply the 30% rule: if you process more than 30% of your total payment volume in a single foreign region, you should consider establishing a localized corporate entity to handle that market.
The 5% FX Tax on Your Customers
For example, if you sell to UK buyers while only presenting USD at checkout, the customer's UK-issued card has to convert from USD to GBP, and their bank often charges a 3% to 5% foreign transaction fee. This quietly adds an unexpected surcharge to every international order. When customers notice these additional costs and billing complications on their statements, they are far less likely to complete subsequent purchases or remain subscribed. Present prices in local currency at checkout. Always.
The 1% to 2% Processing Cost Penalty
Cross-border transactions also carry higher processing fees, because card networks charge elevated interchange rates on international sales. For example, a localized domestic transaction in the US might cost 1.5% in interchange. The same transaction run cross-border from a European entity to a US buyer can cost 2.5% to 3.5%. That extra 1% to 2% comes directly out of your margin on every sale.
The Hidden Cost Stack
Operating without a local entity in your primary market (such as selling to US cardholders from an international entity) is highly inefficient. You pay an extra 1% to 2% in interchange fees, face 3% to 5% in FX fees passed on to your customers, and lose 10% to 15% of your volume to cross-border false declines. Combined, this can drain a significant portion of your international margins.
Multi-Currency Partners
Airwallex Global Payments
Local-currency accounts in 60+ countries to cut FX fees and cross-border declines.
Learn more
Slash Banking & Multi-Currency
Vertical business banking with cards, treasury, and global payments built around your industry.
Learn more
Mercury Banking
Fee-free startup business banking with free wires, cards, and 40+ currency payments.
Learn moreCross-Border Declines
Even when you present prices in local currency, processing cross-border still trips automated fraud flags at issuing banks. The issuer doesn't care what currency you display. It cares where the acquiring bank sits.
Here's how it plays out. A customer in New York buys a coffee at a local shop, and their US bank logs a domestic transaction. Ten minutes later they get home, see your ad, and try to buy your supplement online. Your Europe-based processor routes that transaction through a European acquiring bank. Now the customer's US issuing bank sees two charges within minutes: one domestic, one hitting a European entity. Its fraud engine flags "impossible travel" and auto-declines. The customer never sees an error message that makes sense. They just leave.
This isn't theoretical. Cross-border false declines hit 10% to 15% of international card-not-present transactions. For a merchant doing $500,000 monthly in international sales, that is $50,000 to $75,000 in lost revenue every month. These are not chargebacks or refunds; they are sales that never happened because the bank blocked the transaction before it started.
The Cross-Border Penalty
Processing cross-border without a localized entity can cost you 10% to 15% of total international transaction volume to false fraud declines, 1% to 2% in extra interchange fees, and 3% to 5% in FX fees passed to your customers. At this point, you should consider establishing a localized corporate entity to process transactions through local acquiring networks.
Merchant of Record (MoR)
A Merchant of Record is the fastest way into new international markets without the overhead of registering foreign entities. If you're doing $50,000 to $100,000 monthly in a market and you've proven product-market fit, an MoR might be your bridge.
How an MoR Works
An MoR (like Paddle, Lemon Squeezy, or FastSpring) acts as a legal reseller. At checkout, it technically buys the product from you and instantly resells it to the customer. The MoR's name and local entity show up on the cardholder's statement, and the transaction runs through the MoR's local acquiring bank in the customer's country. As far as the issuing bank is concerned, it's a domestic transaction.
Stripe acquired Lemon Squeezy specifically to add MoR capabilities to its platform, reflecting the growing adoption of this model in international payment architectures.
What an MoR Solves
International Tax Compliance
The MoR collects and remits VAT, GST, and local sales tax in every country it operates. You don't register for VAT in the UK, file GST returns in Australia, or hire a local tax advisor in Germany. The MoR is the legal seller, so tax is their problem.
Local Payment Methods
Without a local entity, you can't offer region-specific payment methods. In the Netherlands, 60%+ of online transactions use iDEAL. In Belgium, it's Bancontact. In India, UPI processes billions of transactions a month. Show up in those markets with only Visa and Mastercard and you're invisible to half your potential customers. An MoR's local entity turns all of these methods on automatically.
Cross-Border Decline Elimination
Because the MoR processes through a local acquiring bank, the customer's issuing bank sees a domestic transaction. The 10% to 15% false-decline penalty from cross-border processing disappears, and authorization rates in that market jump to domestic levels.
When an MoR Makes Sense
Use an MoR when you've got product-market fit in a region ($50,000 to $100,000 monthly) but the cost and complexity of a full entity doesn't justify the revenue yet. MoR fees run higher than direct processing (typically 5% to 8% vs. 2% to 3%), but the revenue you win back from killed cross-border declines and newly available local payment methods more than covers the spread.
Evaluating Entity Setup vs. Merchant of Record
The choice between an MoR and a dedicated local entity represents a tradeoff between setup speed and operational margin. A Merchant of Record charges higher fees, typically 5% to 8% compared to the 2% to 3% standard processing rate, which eats into your margins to pay for their markup. However, as your sales volume in a region grows, establishing a local corporate entity and your own payment processor stack allows you to cut out the middleman, yielding higher net revenue and full control over your customer billing experience.
KYC & KYB Compliance
Setting up an entity is only half the job. To actually process payments, you have to pass Know Your Customer (KYC) and Know Your Business (KYB) audits, mandated by federal anti-money-laundering (AML) law and card network rules. If you can't satisfy them, processors will hold your funds or shut down your MIDs on the spot.
US Entity Requirements Notice
The documentation and checks outlined below are specific to establishing and verifying a US corporate entity. Compliance regulations and audit requirements vary significantly from region to region.
Know Your Customer (KYC) Requirements
KYC verifies the actual humans behind the legal entity. Underwriters require verification for all Ultimate Beneficial Owners (UBOs), who are typically defined as anyone owning 25% or more of the company. For high-risk subscription businesses, processors often lower this threshold to 10% or require complete KYC verification on every corporate director, meaning these checks affect all UBOs and key decision makers.
- Personal Identification Documents: Underwriters frequently ask for supporting personal documentation, such as government-issued photo IDs, personal tax returns, or official tax documents to verify your identity.
- Personal Identifier: US citizens must provide a Social Security Number (SSN). Non-US citizens must provide an Individual Taxpayer Identification Number (ITIN) or a valid passport scan.
- Personal Residence Address: You must list a physical home address. Processors check this address against utility bills (electricity, water, gas) or cell phone bills dated within the last 90 days.
Note on Non-US Founder Verification
If you are a non-US citizen operating a US entity, you still need to provide a valid personal residence address. Some founders use the address of a US associate or relative. If you do this, you must still be able to provide a cell phone or utility bill in your legal name at that address to satisfy verification systems.
Know Your Business (KYB) Requirements
KYB verifies that your business is a legally registered, active operation. Processors audit your business registry to ensure your entity is in good standing and not a shell company.
- Verifiable Business Address: You must supply a Google-verified physical business address. Post office boxes and virtual mail forwarders are routinely flagged and rejected by processor risk engines.
- EIN (Employer Identification Number): The tax ID for your business. Non-US residents who don't have an EIN yet can submit Form SS-4 (the preliminary application document) as a temporary placeholder, but you have to provide the official EIN to keep the account active.
- Official IRS Verification: Processors will not accept state registry screenshots. You must upload the official IRS EIN assignment letter (Form CP 575) or a replacement verification letter (Form 147C).
- Corporate Documents: High-quality uploads of your state-issued Business License and Articles of Organization (for LLCs) or Articles of Incorporation (for Corporations). These must clearly list all members and ownership percentages.
- Bank Name Matching: The bank account connected to your processor must match the legal name on your corporate registration exactly. DBAs have to be registered; you can't route payouts to a personal account or an unregistered brand name.
The Registered Agent Address Trap
Many founders register in Delaware or Wyoming and use their registered agent's address as their business address. That doesn't satisfy KYB. Risk systems cross-reference application addresses against Commercial Mail Receiving Agency (CMRA) databases, and if one flags a registered agent address, the processor locks the account and demands a utility bill or commercial lease in your business name.
The Physical Business Address Solution
To pass KYB, you need a Google-verified physical business address. The cheap way to get one is renting a hot desk or virtual office at a co-working space (WeWork or a local equivalent). These plans usually run $150 to $200 monthly, require no long-term contract, and give you a unique street address where you can receive mail. Your co-working contract plus a mail receipt works as proof of a physical business address.
Tax Implication Myth: many international founders worry that a physical US business address triggers US income tax liability. As long as you don't store physical inventory in the US and don't have employees physically working there, a co-working address doesn't create a US tax nexus. Always confirm with a certified tax advisor, but processing safety requires a physical business address.
KYC & KYB Document Checklist
Before applying to any Tier 1 or Tier 2 processor, gather this exact document stack: (1) Passport/ID scans and personal verification documents (like tax documents) for all UBOs and owners holding 25% or more (or 10% or more for high-risk accounts), (2) Utility or cell phone bills matching personal residential addresses, (3) Official IRS CP 575 or 147C letters, (4) State Articles of Organization or Articles of Incorporation, and (5) A co-working contract or utility bill matching your physical business address.
Keep Your Books Underwriting-Ready
Banking Setup
There's no single required bank for subscription merchants. You can open with any US-based, FDIC-insured bank. That said, most of our clients run a dual-bank setup: one traditional brick-and-mortar bank for stability and one fintech bank for speed and flexibility. Here's what we recommend, and why.
Brick-and-Mortar Banks
Chase, Bank of America, and Wells Fargo are the most common choices. Chase is especially popular because it's friendly to international customers and non-US founders opening US-based accounts. A brick-and-mortar bank gives you a branch to walk into when something goes wrong, a stable institution that isn't going anywhere, and a safe place to park your operating reserves. When you need to resolve a hold, a wire issue, or a compliance question, talking to a human at a branch matters.
Fintech Banks
Mercury and Slash are our two primary fintech recommendations. They're built on top of banking infrastructure (typically Column Financial or a similar banking-as-a-service provider). They aren't banks themselves; they're fintech wrappers that put a modern interface on top of FDIC-insured partner banks.
The upside: instant virtual card issuance, clean reporting dashboards, fast bank-letter generation, and simple online account management. Need to issue a virtual card to a vendor right now? Mercury does it in seconds. Chase doesn't. Need a bank verification letter for a processor application? Fintech banks generate one on demand, where a traditional bank may take days.
Traditional Bank
Chase, BofA, Wells Fargo. Park your operating reserves here. Physical branches for in-person problem resolution. Chase is the most international-friendly for non-US founders.
Fintech Bank
Mercury, Slash. Use for day-to-day operations. Virtual cards, instant bank letters, clean dashboards, and fast onboarding. Slash offers outstanding support and Compaytence referral pricing.
The Dual-Bank Playbook
Run both. Use Chase (or equivalent) as your safety net: the account you park funds in and never worry about. Use Mercury or Slash as your operational account: the one you issue cards from, pull reports from, and connect to your processor for payouts. That split gives you the stability of a major bank and the speed of a fintech platform without leaning entirely on either.
Recommended Banking Partners
Entity, Banking & Processing — Done For You
Everything in this module — your US entity, EIN, business banking, and payment processing — is what Compaytence stands up for international founders. Our US Expansion service runs the full setup: incorporation, business banking with partners like Slash and Mercury, and processor onboarding, so you land a compliant, payments-ready US presence and a team that keeps managing it as you scale.
Explore US ExpansionBottom Line
Your entity and banking structure is the foundation everything else sits on. Set it up correctly once and you get local approval rates, clean payouts, and room to scale across borders.
Cross-border processing is where structure pays off
The entity you register, the banking you hold, and the currencies you settle in decide your approval rates and how cleanly you get paid across markets. Book a call and we will learn where you sell, design your banking and FX setup around it with partners like Airwallex, Slash, and Mercury, and stand it up with you.
Book a call with Compaytence- Prioritize customer support to improve refunds, chargebacks, reviews, and overall conversion rates.
- Make it easy to reach you: visible contact options help resolve questions before they turn into complaints.
- Respond fast: rapid communication satisfies frustrated buyers and prevents disputes.
Customer Support as Your Chargeback Firewall
Your customer support team is your primary line of defense. Excellent service addresses customer issues early, directly improving refund processing, public review scores, and billing retention. When customers receive quick cancellations or prompt replies, they avoid the frustration that leads to negative ratings or billing complaints. Providing a responsive support experience protects your brand reputation and preserves processing longevity.
Support Vulnerabilities
Slow support, hidden cancellation links, and ignored emails put your merchant account at serious risk. While underwriters may not always audit your contact page directly, they easily detect poor customer service through elevated chargeback rates, negative online reviews, and sparse support resources. You should display a real support email address and an active phone line to keep communication channels open.
Contact Us Page Structure & Standards
Your contact page must show a legitimate operational structure. That means real contact channels an auditor can verify.
Direct Support Email
List your active support inbox (e.g. `support@yourbrand.com`) clearly. Customers should be able to reach you directly from their email.
Support Phone Line
List an active phone number that directs to a real person. Direct phone support resolves customer questions immediately and prevents billing issues.
Office Hours & Forms
State your business hours explicitly (e.g., Mon-Fri, 9am-5pm EST) and offer a backup contact form. Transparency reduces processor concern.
Compliant Contact Us Page Structure
To satisfy merchant account guidelines, you should display clear and direct contact options on your website instead of relying on a simple email form. A compliant layout features direct phone numbers, active support emails, operational hours, and your registered corporate address.
Contact Customer Care
123 Wellness Way, Suite 400
Austin, TX 78701, United States
Bulletproof Your Setup
Respond to support emails within 24 hours and resolve tickets within 24 to 48 hours maximum. Process cancellations immediately in the gateway vault before anything else. Fast support prevents disputes, keeps your ratings clean, and satisfies underwriter standards.
Bottom Line
Great support is the cheapest, highest-ROI chargeback tool you have. Every dispute you resolve in the inbox is one that never touches your ratio.
Support is an operations problem once you're scaling
Response times, cancellation handling, and refund workflows shape your dispute ratio directly, and they get harder to hold as volume climbs. Book a call and we will review how your support runs today and build the workflows that keep disputes in the inbox and off your processing history.
Book a call with Compaytence- Bring it together: your brand should signal legitimacy at every touchpoint.
- Use the 40-point checklist to score your real compliance and surface priority gaps.
- Re-run the audit whenever you launch new offers or switch processors.
Build a Brand, Not a Blip
A durable brand is built on product quality, exceptional customer experience, and transparent business practices. Deceptive shortcuts and compliance workarounds might offer a brief initial conversion lift, but they ultimately result in customer dissatisfaction, high refund rates, and processor scrutiny. Real success in eCommerce comes from establishing trust and delivering genuine value.
By prioritizing customer satisfaction and aligning your operational standards with industry compliance guidelines, you create a legitimate, stable brand. Ensuring that your product matches your marketing promises and that customer interactions are handled with transparency helps protect your merchant accounts and builds long-term customer loyalty.
The CX Standard: Full Subscriber Control & Retention
Give subscribers real control. Deliver checkout transparency, pre-billing reminders, one-click self-serve cancellation, and sub-24-hour support response times. That combination produces low dispute rates, high retention, and the long-term brand stability no checkout shortcut can buy.
Bulletproof Checklist
Run through this before you launch or before your next operational audit. Every unchecked item is an active exposure. Use the audit below to calculate your compliance rating.
Evaluating Infrastructure
Check items below to calculate your active Subscription Compliance Rating.
Review all website and ad copy to ensure claims are moderate and avoid exaggerated outcomes or fake urgency.
Certificates of Analysis (COAs) and sourcing information organized in an easily accessible public archive.
Landing page marketing guarantee claims align 100% with written refund policy documents.
Dedicated policy visible in the footer, on all pages, and directly linked in checkout flows.
Refund, subscription, shipping, and terms pages are consistent with each other and match every offer and guarantee shown on the site.
Subscription box is unchecked by default, and billing frequency, pricing, and auto-renew terms are clearly displayed in standard-size font before purchase.
Enrollment email lists subscription terms, a pre-billing reminder fires 3 to 7 days before each charge, every email carries a prominent cancel/manage link, and product-education emails run between cycles.
Clear processing and delivery windows stated consistently across policies, automated tracking updates at each fulfillment milestone, and delay-alert emails triggered if fulfillment slips 48+ hours.
Ethoca and Verifi alert systems integrated to intercept chargeback disputes before they register.
Visa's Rapid Dispute Resolution parameters set up to auto-resolve card alerts through gateway refunds.
Active metric dashboard targeting under 0.5% dispute rate, with a hard operational ceiling at 1.0%.
Controlled, low-volume scaling plan for the first 90 days to establish a clean historical processing record for underwriters.
Real Trustpilot reviews sourced dynamically via subscriber email programs; no purchased or fabricated ratings.
Ad copy avoids cure claims, fake urgency, and overpromised results that drive disputes and trigger underwriting reviews.
No synthetic before/after or AI customer photos; visuals use real UGC with written consent and results-may-vary disclaimers.
Ensure credit card vault tokens are stored in the gateway, completely separated from Shopify.
Clear roadmap established for moving legacy subscriber vaults without billing interruptions.
More than one live MID across separate processors, so a single shutdown, hold, or reserve never stops your billing.
Dunning flows correctly differentiate between permanent failures (stop retrying) and temporary failures (schedule retry).
Soft-declined first-time purchases waterfall to backup MIDs. Subscription rebills stay locked to the original processor.
Transmit network tokens, full AVS and CVV data, device fingerprints, and selective 3DS2 challenges to maximize transaction approvals.
Checkout displays prices in the customer's local currency to eliminate FX surprise charges and reduce chargebacks.
Corporate entity established in each region doing $100K+/month to eliminate cross-border decline penalties and reduce interchange fees.
Region-specific payment methods (iDEAL, Bancontact, UPI, etc.) enabled via local entity or MoR to capture non-card transaction volume.
For every owner at 25% or more (10%+ for high-risk): government-issued photo ID, SSN/ITIN or passport, and a personal residence address backed by a utility or cell phone bill dated within 90 days.
Google-verified physical business address, EIN with the official IRS CP 575 or 147C letter, Articles of Organization or Incorporation listing ownership percentages, and a bank account whose name matches the legal entity exactly.
Direct email inbox, active support phone line, and explicit working hours displayed for underwriters.
Guaranteed email response times within 24h, and active resolutions within 24 to 48 hours maximum.
Zero processing delays on cancellation tickets. Immediate vault updates to prevent future billings.
Exact physical office location listed in both the global website footer and terms/policies pages to satisfy processor audit checks.
Threshold & Date Cheat Sheet
The numbers and deadlines that decide whether you keep processing. Everything here is summarized from the modules in this playbook — keep it close.
| Metric | Threshold / Date | Why it matters |
|---|---|---|
| VAMP merchant enrollment | 1.5% · Apr 1, 2026 | Combined dispute + TC-40 ratio that enrolls you in monitoring. |
| VAMP fraud threshold | 0.9% | Fraud-related ratio ceiling for elevated monitoring. |
| VAMP acquirer “Excessive” | 0.5% | Flags your processor to Visa — your bank may drop you first. |
| VAMP acquirer “Above Standard” | 0.3% | Early-warning flag; your processor is already watching. |
| SMMP trigger ratio | 5% · Jul 24, 2026 | Combined refund + chargeback ceiling for Mastercard’s scam-merchant program. |
| Tier 1 auth rate | 85–95% | Gated top-level processors (Adyen, Checkout.com). |
| Tier 2 auth rate | 80–90% | Open-signup processors (Stripe, Airwallex) — automated risk cutoffs. |
| Tier 3 auth rate | 65–75% | High-risk specialists; guilt-by-BIN declines. |
| MATCH listing | 5 years | How long a termination follows your business. |
| UBO disclosure | ≥ 25% ownership | Anyone owning a quarter or more must be disclosed in KYB. |
Bottom Line
If you memorize only a few numbers, make it these. Staying under every threshold keeps you off the monitoring programs entirely — which is the whole game.
Glossary
Plain-English definitions for the acronyms and jargon used across this playbook.
The Compaytence Partner Stack
Every tool we recommend across this guide, in one place. These are the providers we board merchants on through Compaytence. We recommend setting up each one through us: you get a dedicated account manager, a direct line to the partner's own team, partner pricing we have already negotiated, and a compliance review on every account before it goes live. Book a call and we will match you to the right stack for your business and handle the onboarding.
Adyen Processor
In-house acquiring and smart routing across many countries, built to lift card approval rates.
Checkout.com Processor
End-to-end acquiring with machine-learning acceptance to raise approvals across 150+ currencies.
Airwallex Global Payments
Local-currency accounts in 60+ countries to cut FX fees and cross-border declines.
A sponsor and acquiring bank that backs merchant accounts and card processing for growing programs.
West America Bank Acquiring Bank
Sponsor-bank acquiring relationships that support stable card processing for established merchants.
Nuvei Processor
Global acquiring and hundreds of local payment methods engineered to raise cross-border approval rates.
Finix Processor
Full-stack payment processing and acquiring for businesses that want to own their payments infrastructure.
NMI Gateway
Gateway vaulting and network tokens that power recurring billing and portable card tokens.
Authorize.net Gateway
CIM token vault stores cards securely for recurring billing and reduced PCI scope.
Disputifier Chargeback Alerts
Chargeback alerts and front-end fraud prevention in one quick-setup dashboard.
Learn more
Chargeblast Chargeback Alerts
Real-time chargeback alerts that intercept disputes before they hit your processor.
Learn more
Chargeback.io Dispute Management
Full-service dispute management with alert routing and prevention analytics.
Learn more
Chargemont Chargeback Alerts
Chargeback alerts and dispute prevention that intercept disputes before they register with your processor.
Learn more
Sticky.io Subscription CRM
Run subscriptions, offers, and multi-MID billing on one CRM built for high-risk merchants.
Learn more
Phoenix Commerce OS
A unified commerce OS handling landing pages, checkout, payments, and billing for direct-response brands.
Learn moreBuild high-converting funnels and checkouts with upsells, subscriptions, and multi-gateway billing.
Learn more
Apptics Subscription App
Third-party Shopify app that adds subscription billing and retention tooling to your store.
Learn more
Slash Banking & Multi-Currency
Vertical business banking with cards, treasury, and global payments built around your industry.
Learn more
Airwallex Banking & FX
Local-currency accounts and business banking in 60+ countries to cut FX fees and cross-border declines.
Learn more
Mercury Banking
Fee-free startup business banking with free wires, cards, and 40+ currency payments.
Learn moreOur recommendation: build this with us
Every partner in this guide is one we board merchants on directly. Set your stack up through Compaytence and you get a dedicated account manager, partner pricing we have negotiated, our relationships across 30+ processors and platforms, and a compliance review before each account goes live. Book a call and we will match you to the right partners for your business and manage the onboarding for you.
Book a call with Compaytence


