Before payment service providers (PSPs) give your business access to their rails, they must assess how risky you are. That’s not just a box-ticking exercise—it’s a full-scale risk audit that determines whether you’ll be approved, restricted, or rejected entirely.
In 2025, as fraud and regulatory scrutiny rise, PSPs are under more pressure than ever to know their merchants inside out. But what exactly do they look at—and what can you do to come out clean?
The Purpose of Risk Profiling
Risk profiling is how PSPs protect themselves and the wider financial network. Each new merchant represents both opportunity and liability: if your business triggers excessive chargebacks or violates card scheme rules, your PSP could face fines, lose licenses, or even be banned from processing.
That’s why onboarding today is more forensic than ever. PSPs don’t just ask what you sell —they analyse how you operate, where your funds come from, and how you handle customer disputes. In essence, they’re calculating your likelihood of becoming a problem.
Step 1: Understanding Your Business Model
The first stage of any risk review is knowing what you actually do. PSPs ask questions like:
- What products or services do you sell?
- Who are your customers, and where are they located?
- How do they pay, and how often?
High-risk industries—such as crypto, travel, adult, gambling, supplements, or coaching—instantly trigger deeper due diligence. But even a low-risk business can appear suspicious if its model isn’t well-documented.
Tip: Be transparent. PSPs can handle complexity, but not surprises. A clearly described business model backed by consistent marketing and contracts builds immediate trust.
Step 2: Reviewing Financial and Operational Data
PSPs analyse your past and projected transaction patterns. Typical checks include:
- Monthly volume and average ticket size – Do they make sense for your industry?
- Chargeback and refund ratios – Anything above 0.9% may raise alarms.
- Settlement timelines – Can you sustain delayed payouts if placed under reserve?
- Banking behaviour – Are funds flowing in predictable, legitimate ways?
If your numbers look unrealistic or volatile—say, huge spikes in turnover or large-ticket sales from a new domain—expect a manual review.
Step 3: Verifying Corporate and Legal Structure
Regulators require PSPs to verify who really owns and controls the merchant. This involves KYC (Know Your Customer) and KYB (Know Your Business) procedures, including:
- Company registration documents
- Director and shareholder identification
- Proof of address and business existence
- UBO (Ultimate Beneficial Owner) declarations
Complex or multi-jurisdictional structures are not disqualifying—but unexplained ones are. If your business is registered offshore, PSPs will look for signs of “economic substance,” meaning real staff, activity, and management presence.
Step 4: Assessing Compliance and Reputation
PSPs cross-reference your business with public and private databases:
- Sanctions lists (OFAC, EU, UN, HMT)
- MATCH/TMF lists (for merchants terminated by acquirers)
- AML and PEP databases
- Online reputation checks – website content, reviews, forums
They also review your website for compliance basics: refund and privacy policies, clear terms, and secure payment pages. A missing policy page can do more harm than a minor technical error.
Step 5: Evaluating Industry-Specific Risks
Each sector has its own triggers. For example:
- Travel & events: future delivery risk (service may never happen)
- Crypto & FX: AML exposure and volatile settlement patterns
- Subscription services: recurring billing disputes
- Coaching or wellness: subjective results leading to chargebacks
PSPs use internal scoring models to assign a “risk grade” to your industry type, adjusted for your controls. Two coaching platforms may look identical on paper, but the one with documented refund policies and a low dispute score is higher.
Step 6: Checking Fraud Controls and Customer Experience
A good PSP will test your defences. Expect questions about:
- Use of 3D Secure (3DS)
- Fraud detection tools (like Kount, Riskified, or in-house AI)
- Transaction velocity and geolocation checks
- Customer verification (email/SMS/ID)
They might even perform a test transaction to see how your checkout behaves. Long delays, unclear receipts, or confusing billing descriptors can all count against you.
Step 7: Analysing Settlement and Reserve Risk
One of the biggest risks for a PSP is settlement exposure—the danger that they’ll release funds to you and later be unable to recover them after disputes. To mitigate this, they may impose:
- Rolling reserves – holding a percentage of sales as security
- Delayed settlements – releasing funds only after dispute windows close
- Volume caps – limiting daily or monthly processing until trust is built
If your business handles advance payments or subscriptions, you’ll likely face stricter terms until you prove stability.
Step 8: Reviewing Geographic and Regulatory Factors
Where your business operates—and who it sells to—matters. PSPs assess:
- Jurisdictional risk (is your country grey- or blacklisted by FATF?)
- Cross-border flows (are you receiving funds from sanctioned regions?)
- Licensing (do you need a local permit to sell regulated goods?)
UK and EU PSPs, in particular, are required by the FCA and EBA to maintain detailed country risk frameworks. Even if your clients are legitimate, payments from risky geographies can still trigger compliance delays.
How PSPs Score You: The Internal Risk Matrix
Behind the scenes, every PSP uses a scoring model that assigns points across several categories:
| Category | Example Factor | Importance |
| Business Type | Industry classification | High |
| Transaction Behaviour | Chargeback/fraud ratios | High |
| Financial Stability | Credit history, reserves | Medium |
| Compliance | KYC, AML, licensing | High |
| Reputation | Online presence, reviews | Medium |
| Geography | Jurisdiction risk | Medium |
The total score places you in one of three brackets: Low Risk (standard onboarding), Medium Risk (enhanced due diligence), or High Risk (restricted or declined).
What You Can Do to Improve Your Profile
- Be transparent from day one. Never hide or downplay your business type.
- Maintain clean documentation. Keep licences, IDs, and contracts updated.
- Control your chargebacks. Aim below 0.5% to stand out as reliable.
- Build your reputation. Professional website, clear refund terms, and verified reviews go a long way.
- Diversify accounts. Use backup PSPs or NBFIs in case of rejection or account freezes.
The goal isn’t just approval—it’s predictability. PSPs trust merchants who look stable and act consistently.
The Future of Merchant Risk Assessment
With AI-driven monitoring and instant data sharing between acquirers, risk profiling is becoming more dynamic. In 2025, PSPs can spot suspicious behaviour within hours, not weeks. The line between onboarding and ongoing monitoring has blurred: your risk profile evolves with every transaction.
For merchants, this means one thing—risk management never stops. Even after approval, staying compliant, transparent, and communicative keeps you in good standing.
Bottom Line
When PSPs assess your risk, they’re not trying to block you—they’re trying to protect the network. Understanding what they look for helps you prepare, align expectations, and avoid red flags before they appear.
A well-prepared merchant with a clear structure, transparent operations, and responsible practices will not only get onboarded faster but will also build stronger, longer-term partnerships in the payments ecosystem.
If you would like tailored guidance on navigating PSP risk assessments and selecting the optimal payment setup, please feel free to book a complimentary consultation with our team.
For more industry insights, check out our latest article: “Managing Rolling Reserves”
Disclaimer
Widelia and its affiliates do not provide tax, investment, legal, or accounting advice. Material on this page has been prepared for informational purposes only and should not be relied on for such advice. You should consult your own tax, legal, and accounting advisers before engaging in any transaction. Please consult https://widelia.com/disclaimer/ for more information.
