Internet Acquiring for Financial Institutions

Internet acquiring enables companies to accept online card payments through a secure payment infrastructure. For fintech companies, payment institutions, and EMIs, a reliable acquiring solution is an essential component of business growth and customer service.

Since 2016, COREDO has been assisting clients in implementing acquiring solutions, providing support at every stage — from selecting the right provider and connection model to addressing regulatory and compliance requirements.

Get a Consultation

Cost of the service
from 1 000 EUR

Global Scope of Internet Acquiring

Internet acquiring is a global service. Payment processors operate across borders, and fintech companies often need to establish acquiring capabilities in multiple jurisdictions. COREDO connects clients with payment processors and acquiring providers not only across the European Union, but also in other key markets:

  • United Kingdom — FCA-regulated payment institutions and acquirers
  • Singapore — MAS-regulated payment service providers
  • Dubai and UAE — growing fintech hubs with established acquiring infrastructure
  • Canada — major market for international payment processing
  • Switzerland — international banking and payment services centre

Beyond EU passportisation, COREDO helps fintech companies, neobanks, cryptocurrency exchanges, and cross-border merchants establish acquiring relationships in multiple jurisdictions, ensuring compliance with local regulations while maintaining consistent operations.

How Internet Acquiring Works

The process of processing an online payment involves several sequential steps:

Payment initiation.

The buyer enters card details on the checkout page or in a mobile application. The payment gateway encrypts the data using TLS/SSL protocols.

01

Request routing.

The encrypted authorisation request is sent to the acquirer — the financial institution servicing the merchant. The acquirer forwards the request to the relevant card scheme (Visa, Mastercard).

02

Issuer authorisation.

The card scheme transmits the request to the issuing bank, which verifies the availability of funds and makes an authorisation decision.

03

SCA authentication.

In accordance with PSD2 requirements on Strong Customer Authentication (SCA), the transaction must be confirmed by at least two of three factors: something the customer knows (PIN, password), something the customer has (a device), or something the customer is (biometrics). The primary mechanism for meeting SCA requirements is the 3D Secure 2.0 (3DS2) protocol.

04

Clearing and settlement.

After authorisation, funds are reserved in the issuer’s account and, at the end of the settlement day, transferred to the acquirer’s account, which credits them to the merchant account.

05

Key process participants:

  • Merchant — the commercial or service company accepting payments
  • Payment gateway — the technology intermediary ensuring secure data transmission
  • Acquirer — the bank or payment institution that opens the merchant account
  • Card scheme — Visa, Mastercard, Maestro, etc.
  • Issuer — the buyer’s bank that issued the payment card

Who Needs Internet Acquiring

Internet acquiring is an essential instrument for a wide range of financial and commercial institutions, including those expanding internationally:

Electronic money institutions (EMI) and payment institutions (PI)

need acquiring to provide card payment acceptance services to their merchant clients. Having an acquiring solution significantly expands the product portfolio of a licensed financial institution. EU-based or international PIs can leverage COREDO’s multi-jurisdictional network.

Fintech startups and payment platforms

use internet acquiring to monetise services, process subscription payments, and work with marketplaces. Companies planning to operate across EU and non-EU jurisdictions benefit from COREDO’s established relationships with global payment processors.

Commercial companies

(e-commerce, SaaS, subscription services, marketplaces) connect internet acquiring to accept payment from customers online. International merchants requiring acquiring in multiple regions — EU, UK, Asia-Pacific, or North America — can consolidate their payment infrastructure through COREDO’s network.

Cryptocurrency exchanges and neobanks

use acquiring solutions to fund client accounts from payment cards. Given the regulatory scrutiny of crypto, having access to compliant acquirers across multiple jurisdictions is essential.

Connecting to a professional acquirer is particularly relevant for companies operating in regulated sectors (financial services, gambling, Forex, cryptocurrency), where standard providers frequently decline to provide services. COREDO specialises in finding solutions for such companies across multiple jurisdictions.

Connection Requirements

To obtain internet acquiring services, a company must meet a number of regulatory and technical requirements.

Regulatory prerequisites. Acquiring as a payment service requires the appropriate licence. If a company independently provides acquiring services to its clients, it needs a PI or EMI licence. Commercial companies connecting to an acquirer as merchants do not obtain a licence, but are required to undergo a KYB/KYC procedure (verification of the business and beneficial owners).

Corporate documentation. For onboarding with an acquirer, the following will be required: certificate of incorporation, articles of association, ownership structure documents, passports of directors and UBOs, proof of address, bank statements, and a business model description.

Technical requirements. For payment gateway integration, support for TLS 1.2/1.3 protocols is required, along with implementation of 3DS2 to fulfil SCA requirements, and compliance with the PCI DSS (Payment Card Industry Data Security Standard). Merchants must ensure that their website and checkout page meet security requirements.

Business model and risk profile. Acquirers carefully analyse the industry and business model of the company. For high-risk merchants (financial services, gambling, CBD, nutraceuticals, cryptocurrency), enhanced due diligence requirements apply and rolling reserve requirements may be set.

COREDO Solutions in Internet Acquiring

COREDO is a legal and compliance company that has worked with financial institutions since 2016. As part of internet acquiring services, COREDO specialists provide the following support:

Acquirer selection.

COREDO helps identify the optimal acquirer based on the client’s industry, geographic scope, transaction volume, and business risk profile. The team has established relationships with FCA-regulated providers in the UK, MAS-regulated processors in Singapore, acquirers in UAE and Canada, and other major jurisdictions, enabling seamless multi-jurisdictional expansion. The team works with providers willing to serve both regulated and high-risk sectors across multiple markets.

Onboarding support.

COREDO specialists prepare the full package of documents required for the KYB verification process with the acquirer, coordinate the interaction between the client and provider, and help resolve potential obstacles on the path to approval.

Regulatory analysis.

COREDO verifies the client’s business model compliance with PSD2/SCA requirements, assesses the need to obtain a PI/EMI licence when planning an in-house acquiring solution, and prepares legal opinions on disputed matters.

Compliance support.

COREDO specialists help build AML/KYC procedures in line with AMLD6 requirements and FATF recommendations, which is necessary for both acquirers and large merchants.

Scaling.

When geographic expansion of payment acceptance is needed, COREDO provides advice on licence passportisation within the EU (see the “Licence Passportisation” section).

Service Pricing

Service Price
Internet acquiring connection (commercial companies) from EUR 1,000 + VAT

The price covers onboarding support with the acquirer. The acquirer’s own fees (MDR, interchange, processing charges) are determined individually depending on the industry, transaction volume, and risk profile.

Our Experts

Pavel Kos
Pavel Kos
Pavel has led the legal team at COREDO since 2020. He specialises in financial licensing, regulatory advisory for payment institutions, and compliance matters in the field of payment services.
Daniil Saprykin
Daniil Saprykin
Daniil leads the customer success team at COREDO. He ensures high-quality client support at every stage — from initial consultation to project completion.

Frequently Asked Questions

Is a licence required to connect internet acquiring?

Commercial companies that only accept payments for their own goods and services do not require a PI or EMI licence. However, if a company plans to independently provide acquiring services to third parties, a payment institution licence is mandatory under PSD2 requirements.

Which industries are considered high-risk when connecting to an acquirer?

Traditionally high-risk sectors include: financial services (Forex, CFD), gambling, cryptocurrency, CBD products, nutraceuticals and dietary supplements, adult content, and over-the-counter pharmaceuticals. For these categories, COREDO selects specialist acquirers.

What is a rolling reserve and can it be avoided?

A rolling reserve is a percentage of turnover that the acquirer retains for several months as security. The size of the reserve depends on the merchant’s risk profile. As a positive transaction history accumulates, the reserve is typically reduced or removed.

What is the typical timeframe for connecting to an acquirer?

Timelines range from 1–2 weeks (for standard merchants with a low risk profile) to 4–8 weeks (for high-risk categories or companies requiring extended verification). Preparing a complete set of documents in advance significantly accelerates the process.

Is PCI DSS compliance mandatory for a merchant?

PCI DSS compliance is mandatory for any company that processes, stores, or transmits payment card data. The level of requirements depends on transaction volume: large merchants undergo mandatory audits, while small businesses complete a self-assessment questionnaire (SAQ).

Can COREDO help if we have already been disconnected by one acquirer?

Yes. COREDO works with clients who have faced rejection or termination of services by a previous acquirer. Specialists analyse the reasons for rejection and identify alternative providers taking into account the specifics of the business.

Submit an Application

Ready to set up internet acquiring or get advice on choosing the optimal solution? Contact the COREDO team — we have been working with financial institutions and commercial companies since 2016.

    By contacting us you agree to your details being used for the purposes of processing your application in accordance with our Privacy policy.

    COREDO – EU Legal & Compliance Services Expert legal consulting, financial licensing (EMI, PSP, CASP under MiCA), and AML/CFT compliance across the European Union. Headquartered in Prague, we provide seamless regulatory solutions in Germany, Poland, Lithuania, and all 27 EU member states.