Why Banks Are Wrong About High-Risk Merchants (An Industry Insider's Take)

Why Banks Are Wrong About High-Risk Merchants (An Industry Insider's Take)
The payments industry has a dirty secret: the "high-risk" label slapped on thousands of legitimate businesses every year is less a product of rigorous financial analysis and more a product of institutional inertia, outdated risk models, and a quiet preference for the path of least resistance. Banks and processors have quietly built a classification system that protects their own interests, and too often, it does so at the direct expense of merchants who are doing nothing wrong.
This is not an argument for abandoning risk management. Chargebacks are real. Fraud costs the global payments industry tens of billions annually. Acquiring banks do carry genuine liability when merchants they underwrite behave badly. But the current high-risk classification framework is blunt, inconsistent, and frequently disconnected from actual risk. And the merchants paying the price deserve a more honest conversation about why.

The High-Risk Label Was Never Designed to Be Fair


When Visa and Mastercard established their merchant category codes (MCCs) and monitoring programmes decades ago, they were responding to a specific era of payment fraud, one dominated by mail-order businesses, telemarketing scams, and early internet commerce where fraud controls barely existed. The categories flagged as high-risk in those early years, travel, adult entertainment, nutraceuticals, subscription billing, reflected the fraud patterns of the 1990s and early 2000s.
Those categories have calcified. A merchant selling premium vitamins through a fully compliant subscription model with a one-click cancellation portal, 3D Secure authentication, and a sub-0.5% chargeback ratio will still be classified as high-risk by most acquiring banks, because nutraceuticals and subscription billing are on a list built a generation ago. The list has not kept pace with how dramatically fraud prevention technology, consumer protection regulation, and merchant operating practices have evolved.
Banks are not re-evaluating individual merchants on the merits. They are pattern-matching against legacy categories, and merchants are paying the consequence.

The Real Definition of "High-Risk" Is "Inconvenient for Us"


Ask ten different payment processors what makes a merchant high-risk and you will get ten different answers. Some will flag firearms dealers but accept payday lenders. Others will process CBD products but refuse travel agencies. A large US acquiring bank might decline a regulated online pharmacy while a European processor accepts it without hesitation. If "high-risk" were a coherent, objective standard, as the industry often implies, these answers would not vary so wildly.
What they actually reflect is each institution's internal risk appetite, compliance team interpretation, reputational concerns, and frankly, how much they want the business. A merchant category is "high-risk" when the processor has decided the profit from that merchant does not justify the administrative overhead of managing it carefully. That is a business decision dressed up in the language of risk science.
This matters because merchants are told their classification is based on objective analysis of their industry. It rarely is. It is largely based on whether the processor wants to do the work.

Chargebacks Are Misunderstood and Misused as a Risk Proxy


The chargeback ratio is the closest thing the payments industry has to a universal risk metric. Visa and Mastercard set their monitoring programme thresholds at 1%, if your chargebacks exceed 1% of transactions in a month, you enter formal monitoring with escalating consequences. Processors use this as a bright line for underwriting decisions.
The problem is that chargeback ratios measure outcomes, not underlying business quality. A compliant, transparent subscription box business will generate higher chargeback rates than a local hardware store, not because it is riskier in any meaningful sense, but because recurring billing creates more structural opportunities for disputes. Customers forget subscriptions exist. Cards expire. Delivery fails. A dispute that would simply be a phone call to a local retailer becomes a chargeback in an e-commerce context because cardholders have been conditioned to use the dispute mechanism.
Banks know this. The ratio persists as the primary risk metric anyway because it is easy to measure and requires no judgment. Replacing it with a more nuanced assessment, one that accounts for dispute root cause, resolution rate, customer satisfaction metrics, and fraud versus friendly fraud ratios, would require banks to actually understand the merchants they are serving. Most prefer not to.

Legitimate Businesses Are Structurally Penalised


Consider what high-risk classification actually costs a merchant in practice. Processing fees for high-risk merchant accounts typically run between 3.0% and 5.5% per transaction, compared to 1.5% to 2.9% for standard accounts. On $1 million in annual revenue, that is a cost difference of $15,000 to $36,000 per year, purely for the privilege of processing payments in an industry category a bank decided it does not like.
Add rolling reserves, the 5–10% of daily volume held back for 90 to 180 days as a financial buffer, and the cash flow impact on a growing business becomes severe. A subscription business generating $200,000 in monthly revenue with a 10% rolling reserve has $20,000 per month locked up, accumulating over time into a significant working capital deficit. That capital could be hiring, inventory, or marketing. Instead it sits in an account the processor uses to protect itself against losses it has decided the merchant is more likely to incur, whether or not that assessment is accurate for this specific merchant.
This is not risk-based pricing in the true sense. True risk-based pricing would calibrate fees to each merchant's individual risk profile, their actual chargeback history, their fraud prevention infrastructure, their cancellation policy quality, their regulatory compliance record. What the industry practices is category-based pricing, which means well-run businesses in flagged categories subsidise poorly-run businesses in the same categories because nobody has bothered to distinguish between them.

The Fraud Prevention Technology Gap Is No Longer an Excuse


Banks and processors frequently justify high-risk classifications by citing the genuine difficulty of managing fraud and chargebacks in certain business categories. In 1998, this was a defensible position. Fraud prevention tools were primitive. There was no 3D Secure, no real-time transaction scoring, no device fingerprinting, no chargeback alert networks like Ethoca and Verifi that can intercept disputes before they are formally filed.
Today, the technology to underwrite high-risk merchants with genuine precision exists and is widely available. A sophisticated processor can assess, in real time, whether a given transaction comes from a verified device, matches the customer's billing address, passed 3DS2 authentication, and is consistent with that customer's historical purchasing behaviour. They can monitor chargeback ratios at the individual merchant level on a daily basis and intervene before thresholds are breached. They can separate genuine fraud chargebacks from friendly fraud,  cardholders who received goods and are using the dispute system to get a free product, and weight them differently in risk scoring.
The tools exist. The classification system has simply not been updated to use them. The reasons are institutional: updating underwriting frameworks requires investment, retraining, and a willingness to take on merchants that feel uncomfortable based on category alone. It is easier to maintain a legacy list.

The Double Standard: Who Actually Gets a Pass?


The selective application of the high-risk label becomes most obvious when you look at who gets a pass. Large enterprise merchants, airlines, hotel chains, software subscription companies, process enormous volumes with chargeback rates that, in absolute dollar terms, dwarf those of most "high-risk" SMB merchants. They routinely operate under flexible terms negotiated directly with card networks, with chargeback monitoring programmes applied differently at their scale.
A software-as-a-service company charging $500 per month on a subscription model with a limited free trial offer, operating in a grey zone between consumer and business services, is far less likely to be classified as high-risk than an independent supplement brand running an equivalent model. The legal structures are nearly identical. The chargeback mechanics are nearly identical. The classification outcomes diverge because enterprise companies have legal teams who negotiate category classifications directly with Visa and Mastercard, and small merchants do not.
The high-risk label disproportionately burdens small and mid-size businesses, the merchants least equipped to absorb the cost premium, navigate alternative processor relationships, and manage rolling reserves from a working capital perspective. It is a framework that protects incumbent scale players and prices challenger merchants out of competitive parity.

What the Industry Gets Right, and Where Reform Should Focus


None of this is an argument that risk management in payments is unnecessary. Fraud and chargebacks impose real costs, and acquiring banks carry genuine financial liability for the merchants they underwrite. The argument is that the current framework is imprecise, inconsistent, and often self-serving in ways that harm merchants without commensurate benefit to the payment system's integrity.
What a better system looks like:
Individual risk assessment over category classification: A merchant with three years of clean processing history, a sub-0.5% chargeback ratio, full 3DS2 implementation, and a one-click cancellation portal should not pay the same rates as a day-one supplement startup with no processing history and no fraud controls. The data to make this distinction exists. The industry should be required to use it.
Transparent underwriting criteria: Merchants routinely receive high-risk classifications with no explanation of which specific factors drove the decision and what would need to change for the classification to be revised. Transparent, specific underwriting criteria, published and applied consistently, would create accountability and allow merchants to improve their profiles in concrete ways.
Proportionate reserve requirements: Rolling reserves calibrated to a merchant's actual risk profile, not their industry category, would reduce the capital cost borne by well-run businesses in flagged sectors. A merchant who has demonstrated clean processing for 24 months should not be carrying the same reserve as a new entrant with no history.
Regulatory engagement on category staleness: The card networks and major acquiring banks should periodically review which merchant categories remain legitimately high-risk given advances in fraud prevention technology and the regulatory frameworks now governing industries that were previously unregulated. Categories like subscription billing and nutraceuticals deserve re-examination against current market realities.

What Merchants Can Do Right Now


Systemic reform takes time. In the meantime, high-risk merchants can take concrete steps to improve their processing position:
Build a documented risk management record, every chargeback responded to, every fraud screen result logged, every compliance review completed. This documentation is your evidence when negotiating with processors or challenging a classification decision.
Work with processors who specialise in your vertical and understand its risk dynamics, rather than aggregators who apply blanket policies. The difference in account stability alone is worth the incremental fee in most cases.
Invest in chargeback alert services. Ethoca and Verifi allow you to resolve disputes before they register against your chargeback ratio, directly improving the metric that processors use to evaluate you.
Know your actual numbers. Many merchants classified as high-risk do not track their chargeback ratio, their dispute root causes, or their fraud versus friendly fraud split. Knowing your data is the foundation of any classification challenge or processor negotiation.
Engage legal counsel familiar with payment industry regulation before signing high-risk merchant agreements. Contract terms around rolling reserves, volume caps, and termination clauses vary enormously and are often negotiable, but only if you know what to push back on.

The Bottom Line


The high-risk merchant classification system is a legacy framework administered by institutions that have limited incentive to modernise it. It imposes real financial costs on thousands of legitimate businesses, through inflated processing fees, rolling reserves, account instability, and the constant threat of termination, based on category stereotypes rather than individual merchant conduct.
Banks are not wrong that risk exists in these business categories. They are wrong about how to measure it, who bears the cost of managing it, and whether the current system is producing outcomes proportionate to its actual risk reduction value. The merchants caught in this system deserve a better framework, and the technology to build one already exists.

Frequently Asked Questions


Is the high-risk merchant classification system regulated? There is no unified regulatory body governing merchant risk classification. Visa and Mastercard establish network-level rules, but acquiring banks and processors apply their own underwriting criteria on top of these, resulting in significant variation in how classifications are applied across the industry.
Can a merchant challenge a high-risk classification? Yes, though the process varies by processor. Merchants can request a review of their classification, present evidence of their risk management practices, processing history, and compliance posture, and negotiate terms directly. Specialist legal counsel familiar with payment industry contracts can significantly improve outcomes in these negotiations.
Are high-risk processing fees negotiable? More than most merchants realise. Processors typically publish standard high-risk rate schedules, but merchants with strong processing histories, clean chargeback records, and robust fraud prevention infrastructure often secure better terms through direct negotiation, particularly when applying to multiple processors simultaneously.
What is the difference between friendly fraud and genuine fraud in chargebacks? Genuine fraud chargebacks arise when a transaction was made without the cardholder's knowledge, typically through stolen card credentials. Friendly fraud chargebacks occur when a legitimate cardholder disputes a transaction they actually authorised, often to obtain a refund without returning goods or contacting the merchant. Friendly fraud is estimated to account for 60–80% of all chargebacks and is a primary driver of elevated chargeback ratios in subscription and e-commerce businesses.
Why do different processors classify the same merchant category differently? Because there is no standardised industry-wide definition of what constitutes high-risk beyond the network-level rules set by Visa and Mastercard. Each acquiring bank and processor applies its own risk appetite, compliance interpretation, and commercial judgement, resulting in the same business category being accepted by one processor and declined by another.
Does high-risk classification affect a business's credit profile? Merchant classification does not directly affect business credit scores, but the financial consequences of high-risk processing, elevated fees, rolling reserves, potential account termination, can impact cash flow and working capital in ways that indirectly affect creditworthiness and growth capacity. https://thefinrate.com/why-banks-are-wrong-about-high-risk-merchants-an-industry-insiders-take/

Comments

Post a Comment

Popular posts from this blog

Top Payment Gateways That Support Global Transactions

Image
In today’s digital economy, businesses need reliable and secure top payment gateways to process transactions from customers worldwide. Whether you’re running an e-commerce store, a SaaS business, or a subscription service, choosing the right top payment gateway is crucial for seamless global payments. What Makes a Payment Gateway Ideal for Global Transactions? When selecting a top payment gateway , look for the following features: Multi-Currency Support – Ability to accept and process payments in various currencies. Global Coverage – Availability in multiple countries. Security & Compliance – Adherence to PCI DSS standards and fraud prevention measures. Payment Methods – Support for credit/debit cards, digital wallets, and local payment options. Integration & Compatibility – Easy integration with e-commerce platforms and APIs. Benefits of Using a Global Payment Gateway A top payment gateway offers several advantages for businesses operating on a global scale: Increased...
Read more

Neo Banking vs. Challenger Banks: Key Differences & Market Trends

Image
  Introduction The financial landscape has evolved rapidly, with traditional banking models being disrupted by fintech innovations. Two significant players in this evolution are neo banks and challenger banks . While both offer digital-first banking solutions, they differ in regulatory frameworks, services, and target markets. In this article, we’ll explore the key differences between neo banks and challenger banks, their respective market trends, and what the future holds for digital banking. What is a Neo Bank? A neo bank is a digital-only banking platform that operates without a physical branch. Unlike traditional banks, neo banks do not hold a banking license; instead, they partner with licensed financial institutions to offer banking services. Features of Neo Banks: Fully Digital Experience: No physical branches, with services accessed through mobile apps and websites. Third-Party Partnerships: Neo banks rely on licensed banking partners for operat...
Read more

Understanding Payment Gateways: What They Are and How They Operate

Image
What is a Payment Gateway? A payment gateway is a technology that allows merchants to process payments securely from customers. It serves as an intermediary between the customer, the merchant, and financial institutions, ensuring transactions are completed safely and efficiently. How Payment Gateway Works? Step 1: Adding a Payment Gateway Once your online store is set up, integrating a payment gateway is the first step to enabling secure transactions. This allows both merchants and customers to process payments safely. Methods of Integration: API Integration: Ideal for custom websites and apps, offering maximum flexibility. Plugin Integration: Best for platforms like WordPress, Shopify, WooCommerce, and Wix. SDK Integration: Allows developers to build a custom payment experience for mobile apps or websites. Step 2: Customer Makes a Purchase Customers select products and proceed to checkout, choosing their preferred payment method (credit/debit card, UPI, etc.). The payment gateway ...
Read more