Merchant
What is a Merchant?
A merchant is any natural or legal person who sells goods or services and is authorized to accept electronic payments via credit card, debit card, or digital wallets. In the payment ecosystem, the merchant is the piece that initiates every transaction: without a merchant, there is no payment collection.
To operate, they need a merchant account linked to an acquiring bank. This account holds the funds from each sale before transferring them to the business's bank account. Each merchant account is associated with a merchant ID (MID), a unique identifier that allows the acquirer to route funds to the correct merchant during settlement.
How a merchant works in the payment flow
Every time a customer pays, a chain involving four actors is activated:
- Merchant: Captures transaction data through a physical POS terminal or an online payment gateway.
- Acquiring Bank: Receives the request and sends it to the card network.
- Card Scheme (Visa, Mastercard): Redirects the request to the customer's bank with its own security controls.
- Issuing Bank: Verifies identity, checks balance, and authorizes or denies the operation.
Settlement to the merchant is completed within 1 to 3 business days. During this period, the money remains in the merchant account.
The MCC (Merchant Category Code) is a 4-digit code assigned by the acquirer. It determines the merchant's commissions, their risk level, and applicable authentication exemptions under PSD2.
Regulatory impact and applicable security for the merchant
Every merchant accepting card payments operates under a regulatory framework that protects the buyer and the financial system. PSD2 requires strong customer authentication (SCA) for electronic payments, although the merchant can request low-risk exemptions to improve conversion. The PCI DSS standard mandates the protection of card data, and tokenization allows the actual card number (PAN) to be replaced by a code with no value outside that environment. Furthermore, the acquirer must verify the merchant's identity through KYC and monitor their operations to comply with AML/CFT regulations.
Risk classification: low, medium, and high-risk merchants
The acquiring bank classifies each merchant according to their financial exposure. Acquiring banks publish lists of low, medium, and high-risk MCCs that guide this segmentation:
| Risk Level | MCC Examples | Characteristics |
|---|---|---|
| Low | Supermarkets (5411), hardware stores | Small tickets, low chargeback rate |
| Medium | Electronics, subscriptions, online jewelry | Variable tickets, mixed channel, frequent returns |
| High | Gambling (7995), cryptocurrencies, Forex | High probability of chargebacks, Rolling Reserves |
A high-risk merchant does not operate illegally, but the acquirer will demand reinforced KYC and AML/CFT controls, higher commissions, and will likely withhold 10% of their sales for 180 days as a guarantee.
If the chargeback rate exceeds 1% of transactions, Visa and Mastercard activate monitoring programs that can lead to fines or the cancellation of the ability to accept card payments.
Operational advantages and disadvantages for merchants
Having a well-configured merchant account offers direct benefits: higher conversion by accepting multiple payment methods, full traceability of every operation linked to the merchant ID, and access to SCA exemptions that speed up checkout.
The main challenges are acquiring costs (the regulated interchange fee stands at 0.20% for debit and 0.30% for credit on European consumer cards), the risk of chargebacks where the merchant bears the burden of proof, and the continuous investment in PCI DSS and AML/CFT compliance.
Was this term useful?
Leave a Comment