COREDO – EU Legal & Compliance Services Expert legal consulting, financial licensing (EMI, PSP, CASP under MiCA), and AML/CFT compliance across the European Union. Headquartered in Prague, we provide seamless regulatory solutions in Germany, Poland, Lithuania, and all 27 EU member states.
Nikita Veremeev
09.03.2026 | 6 min read
Updated: 09.03.2026
Since 2016 I have been heading COREDO and every quarter I see the same thing: international acquiring for e-commerce has become not only about card acceptance, but also about scaling strategy, managing regulatory risks and the quality of operational discipline. Payment infrastructure today determines the limits of an online store’s growth, payment conversion rates, access to EU and Asian markets and, most importantly, resilience to the closure of an acquiring account (termination). In this article I have collected the practices and methods the COREDO team uses to help clients in the markets of Europe, Asia and the CIS build payment processes, obtain required licenses, comply with AML requirements and avoid dependence on a single provider.
Our experience at COREDO has shown that most problems with international payments for online businesses do not start with a ‘bad acquirer’, but with poorly organized merchant onboarding, weak anti-fraud, vague contracts and the absence of transparent metrics. These are solvable tasks: the right choice of acquiring model, clear KYC and AML, a proper integration of 3DS 2.x, configuring the fraud rules engine and managed reserves. Below is a practical plan that reduces acquiring risks in international sales, improves e-commerce payment security and eliminates the likelihood of unexpected termination.
International acquiring: choosing a partner
The correct architecture of the payment chain starts with choosing a model. Acquiring for e-commerce can be built through direct work with an acquirer, through a PSP or in an aggregator format, and each solution carries a different profile of risks, fees and control. When an online store expands into several countries, I recommend considering a multi-acquirer setup and smart routing to manage approval rate, reduce cross-border FX fees and minimize the impact of local outages.
In the EC and the UK there is a mature ecosystem of PSPs and acquiring providers, while in Singapore and Dubai a model with a local acquirer and a separate gateway routing is often in demand to increase authorization rate. For high-risk verticals it’s worth discussing chargeback rate thresholds and rolling reserve conditions in advance, otherwise standard acquirer chargeback thresholds and the penalty scale from card schemes (Visa, Mastercard) will quickly eat into the margin.
PSP vs acquirer: selection and multi-acquirer
Direct integration with an acquirer provides more control over rates, MCC and monitoring rules, but requires a mature compliance function and in-house fraud analytics. A PSP launches faster, takes on part of the compliance and 3DS, yet adds a layer of fees and limits configuration flexibility. COREDO has repeatedly confirmed in practice that a multi-acquirer strategy with gateway routing and fallback transactions provides resilience to peak loads and reduces soft-decline during seasonal spikes.
In large e-commerce businesses we apply smart routing: traffic is distributed across acquirers depending on BIN routing, geography, currency and historical approval rate. Such yield management of payment operations increases the final payment conversion by 1–3 percentage points, and with fine tuning of 3DS 2.x frictionless flow it preserves UX and reduces the risk of hard-decline.
PayFac, ISO/MSP, BIN sponsorship: who they’re for
Payment facilitator (PayFac) with a sub-merchant model gives platforms and marketplaces speed of scaling and centralized merchant onboarding. Such a scheme requires BIN sponsorship and close acquirer underwriting, as well as responsibility for the compliance of sub-merchants. The ISO/MSP model is closer to an agency format: less operational responsibility, but also less control over risk rules and rates.
In COREDO projects we use BIN sponsorship when it’s critical for the client to keep their brand in the checkout and independence in contractual relations. Where their own license is still on the way, payment aggregators help to start, but responsibility for termination and rolling reserve still remains with the merchant, so the contract (merchant agreement) should be read separately from the marketing presentation.
High-risk verticals: MCC codes and risk
MCC code: it’s not bureaucracy, but a key to the risk profile and rates. An incorrect or «dynamic» MCC (dynamic MCC mapping) without a transparent basis leads to reattribution of transactions and conflicts with acquirers, up to termination. For categories such as travel, ticketing, digital goods and subscriptions, separate rules for refund policy, dispute management and reserve release triggers are important.
The COREDO team implemented for an international subscription service a merchant classification review and updated the MCC code policy for EU and Asian markets. As a result, they managed to align fees, reduce the frequency of friendly fraud through a correct subscription cancellation UX and remove systemic risk of sanctions from the card schemes.
Seller onboarding and due diligence
A strong merchant onboarding and well-thought-out Due Diligence form the foundation for long-term relationships with the acquirer. If you are a marketplace or a PayFac, your acquirer underwriting depends on how you select sellers and how quickly you detect anomalies. I stand by a simple principle: the stricter the entry and the more transparent the monitoring, the lower the likelihood of unexpected blocks and closure of the acquiring account.
At COREDO we tailor the process to the specific jurisdiction and transaction flow: from minimal CDD in the EU to advanced EDD for sellers from the CIS, Asia, and Africa. Automation of PEP and adverse media screening, regular sanctions screening against SDN/OFAC/EU, and merchant segmentation by a merchant risk scorecard are mandatory.
Onboarding, underwriting and risk assessment
Proper onboarding relies on a checklist of documents, verification of beneficiaries, and assessment of the business model. The merchant risk scorecard should account for geography, product type, average ticket, sales velocity, chargeback and refund history, as well as customer behavior. For sub-merchants in a PayFac model it is important to contractually secure the right to merchant offboarding in case of violations.
The solution developed by COREDO includes phased underwriting: accelerated for low-risk and in-depth for high-risk verticals with manual verification of the supply chain. This approach allows the acquirer to trust the platform and offer softer terms on reserve on hold and rolling reserve tied to managed KPIs.
KYC and AML requirements for a merchant account
KYC and AML are not a ‘checkbox exercise’ but insurance against termination. CDD (Customer Due Diligence) captures basic checks and the beneficiary structure, EDD (Enhanced Due Diligence) adds analysis of sources of funds and geographic risk. We have embedded regular PEP screening, adverse media monitoring and automatic sanctions screening into clients’ processes, which has reduced the manual work of compliance officers by 30–40%.
COREDO’s practice confirms: a transparent AML policy increases the acquirer’s trust and speeds up approval for new countries. In the EU, large acquirers value the presence of a clear procedure for periodic client review, while in Asia particular attention is paid to connections with external wallets and crypto operations, which requires predictive KYT analytics.
KYT and transaction anomalies: AML scenarios
KYT (Know Your Transaction) is a methodology for analyzing transactions at the scenario level: from velocity limits to chains of payments and refunds. We use transaction anomaly detection, which takes into account AML typologies: sudden spikes in sales in a new country, cancellations after shipment, currency switching and geo-IP patterns. Such signals generate alerts and trigger EDD for the specific seller.
In one case COREDO helped a platform in Southeast Asia identify a segment of synthetic identity fraud where new accounts used identical device fingerprinting and proxy IPs. Adjusting KYT rules and geo-blocking high-risk prefixes reduced the chargeback rate and brought the merchant back into acceptable acquirer thresholds.
Security technologies and standards
payment security in e-commerce directly affects risk thresholds and the cost of acquiring. Clear compliance with PCI DSS and a well-thought tokenization architecture reduce the audit scope and simplify the SAQ. Integration of 3DS 2.x and SCA supports PSD2 requirements, and device intelligence reduces the share of fraudulent attempts without burdensome checks for legitimate customers.
I always recommend viewing security as an investment with measurable ROI: less fraud, fewer chargebacks, higher approval rates and a noticeably lower probability of termination. When security is built into the architecture, the acquirer sees predictable processes and is ready to discuss better terms.
PCI DSS, SAQ, PAN truncation, tokenization
PCI DSS sets the framework for storing and processing PAN data. Where architecture allows, apply PAN truncation and move card storage to a token vault with a certified provider. This reduces PCI obligations and moves you to simplified SAQ forms, which speeds up onboarding with the acquirer and eases annual compliance.
The COREDO team implemented a payment data tokenization scheme for a retailer in the EU using network tokens and gateway tokens. As a result, the audit scope was reduced, metrics for repeat payments with saved cards increased, and fraud indicators declined thanks to stable customer–device–token linkages.
Frictionless flow and UX in DS 2.x and SCA
PSD2 in the EU requires strong customer authentication (SCA), and 3DS 2.x has become the market standard. It’s important to be able to achieve a frictionless flow through high-quality data in the authentication request: email age, addresses, purchase history, device intelligence. Proper integration reduces declines, and SCA exemptions (for example, low transaction risk) provide conversion growth without compromising security.
In COREDO projects we pay attention to 3DS routing: if the issuing bank doesn’t support the optimal scenario, some traffic is routed to another path with a better approval history. This is especially critical for cross-border flows, where issuers’ country requirements differ.
Behavioral biometrics and velocity limits
Device fingerprinting and behavioral biometrics help detect card testing attacks and anomalous behavior. Velocity limits restrict the frequency of attempts per card, IP, device, or email. For subscriptions, it’s useful to track anomalies in merchant sales velocity and verify payments by behavioral patterns to reduce friendly fraud.
I’ve seen how a combination of device intelligence and properly configured velocity rules reduced fraud in digital goods by 60% while increasing conversion. The main point: don’t reconfigure rules daily; you need a fraud rules engine with A/B testing and clear impact metrics.
Chargeback and Fraud Risk Management
Chargeback management and prevention is a discipline that requires process, data and teamwork. From accurate product descriptions and a refund policy to fast representment and documentary evidence: everything affects the chargeback representment success rate. Focused work with reason codes and the Visa/Mastercard dispute lifecycle helps close weak cases before escalation.
I often see that merchants do not measure basic metrics: share by reason codes, time-to-respond and win-rate for representment. As a result, disputed transactions are lost by default, and the acquirer sees a consistent “red” trend and gets flagged by monitoring programs.
Chargeback management and prevention
Each reason code should have its own “file”: proof of delivery, log files, consent confirmation, receipts, chat history. It’s important to know the deadlines under dispute resolution rules and prepare representment within the timelines, otherwise the case is closed automatically. A good practice is a centralized merchant monitoring dashboard with alerts for deadlines and automatic evidence collection.
COREDO’s practice confirms the effectiveness of preventive measures: a clear refund policy design, an intuitive checkout, notifications about subscription auto-renewals and an easy cancellation option in the user account. This reduces the share of friendly fraud, which often masquerades as an “unrecognized” transaction.
Payment fraud prevention
A strong anti-fraud system is not only blacklists but also risk-scoring that takes into account context, geography and history. Machine learning fraud-detection models and a fraud rules engine with relevant rules provide a balance between protection and conversion. For cross-border traffic it is useful to set up geo-blocking where the risk is disproportionately high and to apply fallback scenarios.
The COREDO team implemented hybrid anti-fraud systems where ML scoring is connected to rules and manual review in EDD. The approach proves effective: overall declines decrease, the approval rate increases, and trivial card testing is quickly filtered out at the authorization stage.
Which metrics predict termination?
The acquirer looks at the chargeback rate, acquirer chargeback thresholds, the share of soft declines vs hard declines, authorization/approval rate and spikes in merchant sales velocity. If the trend worsens across several reporting periods, the likelihood of termination increases. A timely remediation plan with corrective measures often saves the account, but that requires some lead time.
I also recommend tracking decline bin management, currency mismatch detection and the dynamics of fallback transactions. If the share of fallback increases, it’s possible that one of the routes has degraded, and it’s worth rebuilding gateway routing rules before this affects the overall risk picture.
Financial planning and reserves
Reserves: a sensitive topic for any online store. Rolling reserve and reserve on hold affect cash flow and require transparent release conditions. Contractual provisions (indemnity and reserve clauses) should be clear and discussed in advance, otherwise the entrepreneur ends up with “frozen” liquidity without clear release triggers.
I always advise calculating the worst-case scenario and keeping a financial cushion in case of escalation into payment systems’ monitoring programs. This is better than urgently looking for post-termination strategies to preserve payment flow when the business has already stopped.
Rolling reserve vs reserve on hold
Rolling reserve is the withholding of a percentage of turnover for a fixed period, after which funds are gradually released. Reserve on hold: a stricter model where the reserve is held until contractual events occur. At COREDO we strive for transparent release conditions (release triggers): reduction of chargeback rate, stable approval rate, absence of AML violations.
The calculation of rolling reserve and its impact on cash flow should be included in the financial model already at the negotiation stage. Where the business is seasonal, it makes sense to seek a floating reserve percentage depending on the merchant risk scorecard and fraud KPIs.
Transparency of FX commissions and anti-fraud ROI
Conversion fees (cross-border FX fees) and unclear markups in pricing reduce margin. Transparency is achieved through separate accounting by acquirer, currencies and countries, as well as through regular tariff benchmarking. The ROI assessment for implementing an anti-fraud platform takes into account reduced chargebacks, increased approval rate and savings on fines.
In COREDO projects we separately calculate the impact of smart routing and 3DS optimization on profitability. Even a 0.5–1 percentage point increase in payment conversion pays back the integration within months, especially on international traffic.
Payment integration and routing
Technical integration is your insurance against local failures and the context for increasing conversion. A proper acquiring API integration and gateway routing with fallback branches reduce risks, and smart routing across multiple acquirers by BIN and geo raises the approval rate. It’s important to keep soft-decline under control and disable degrading routes in time.
I am an advocate of phased integration: start with one strong partner, but plan expansion to a second and third route from the outset. Such an architecture scales well and helps meet the requirements of different regulators and issuers.
Acquiring API: gateway and BIN routing
The heart of routing: rules that distribute transactions across acquirers based on BIN, geography, card type, amount, and approval history. BIN routing allows accounting for issuers’ preferences and reduces hard-declines, while fallback transactions help save payments during local outages. It’s important to log all branches and maintain a merchant monitoring dashboard with metrics by route.
The COREDO solution includes prioritization rules based on authorization rate, response time, and fee level. Such a matrix provides a stable payment flow and predictable yield, especially when new countries and currencies are added.
DS 2.0 integration to reduce declines
Deep integration of 3DS 2.0 with the ability to flexibly switch authentication modes reduces declines and risks. 3DS 2.x frictionless flow is available when you have quality data and issuer trust, and for high-risk cases stricter checks are embedded. In the EU, the impact of PSD2 and SCA makes 3DS a mandatory element, but proper configuration minimizes friction.
Our engineers at COREDO helped online stores implement 3DS with segmentation in mind: returning customers followed a simplified scenario, new ones — a strengthened one. This reduced overall declines and cut chargebacks, especially for disputed reason codes.
Geo-blocking and currency mismatch by IP
Geographical checks (geo-blocking, IP intelligence) help pre-emptively cut off high-risk regions or route them to a ‘strict’ verification scenario. Currency mismatch detection identifies attempts to pay with a currency that doesn’t match the geo and card settings, which is often a sign of test attacks. These rules protect against fraud while increasing acquirers’ trust in your traffic.
In one case, adjusting geo-check rules and restricting non-standard currency pairs reduced hard-declines and improved the approval rate on Asian routes. After that, the acquirer relaxed the rolling reserve and lifted some temporary turnover restrictions.
Regulatory requirements in the EU and Asia
Regulation in the EU and Asia affects acquiring architecture and compliance processes. PSD2 requires SCA, GDPR: strict data storage rules, and sanctions regimes require continuous monitoring of counterparties. In Asia the emphasis shifts to local licensing rules and AML controls, for example in Singapore under MAS supervision.
COREDO has supported international projects for many years and builds compliance with multiple rule sets into payment architecture in advance. This reduces reputational and operational risk and also speeds up entry into new markets.
How PSD2 and SCA affect flows
PSD2 strengthened authentication requirements and introduced exemptions that should be used cautiously. SCA reduces fraud but can hurt conversion without proper integration of 3DS 2.x and exchange of extended data. We configure rules to balance security and UX while maintaining a high authorization rate.
In EEA countries attention should also be paid to T&E rules, subscriptions and low-value transactions. Proper documentation of SCA exemptions improves dialogue with the acquirer and reduces the risk of regulatory issues.
Customer data storage under GDPR
GDPR specifies what data and how you can store and process. For payments this means minimizing personal data, clear retention periods and the customer’s right to erasure. Using tokens and moving card data to certified providers reduces your risks and the scope of your liability.
In COREDO projects we document retention policies and remove excessive logs that may contain personal data. This simplifies annual audits and speeds up approvals with EU partners.
AML monitoring of SDN (OFAC) and EU sanctions lists
Sanctions lists change frequently, and ignoring them closes the door to international acquiring. Sanctions screening must be built into onboarding and periodic monitoring of clients and counterparties. This protects against indirect involvement in prohibited operations and helps maintain the acquirer’s trust.
The COREDO team automated sanctions screening and PEP checks for several clients with flows to the EU and Asia. As a result, the compliance workload decreased and the number of false positives was reduced thanks to contextual adverse media checks.
Termination: prevention and appeals
Closing an acquiring account (termination): not a sudden event but the result of accumulated risks without an adequate response. The best tool: prevention through metrics, compliance and clear contracts. But if the threat already exists, quick negotiations with the acquirer, corrective measures (remediation plan) and a careful appeal are important.
I always tell clients: keep a “rescue package” ready: metrics data, action plan, legal analysis of contractual covenants and a list of alternative routes. This saves days and sometimes decides the fate of the business.
How to avoid being terminated
- Set up monitoring for key KPIs: chargeback rate, approval rate, soft/hard decline, merchant sales velocity, dispute timelines.
- Implement 3DS 2.x and SCA with a focus on frictionless where possible.
- Ensure PCI DSS compliance, use tokenization and a token vault, reduce SAQ scope.
- Build a fraud rules engine, device fingerprinting, velocity limits and behavioral biometrics.
- Maintain a merchant risk scorecard, conduct regular CDD/EDD, PEP and sanctions screening.
- Update the refund policy, improve checkout and subscription communications.
- Agree transparent rolling reserve and release triggers, monitor FX fees.
- Keep alternative acquirers in reserve and scenarios for smart routing/fallback.
Negotiations with the acquirer and indemnity
When risks rise, it is advisable to preempt the acquirer and propose a remediation plan: tightening KYC/AML, updating anti-fraud, changing the refund policy and restricting high-risk geographies. It is important to understand contractual covenants so as not to breach terms and accelerate termination. Separately, indemnity and reserve clauses should be worked out so that reserved funds are released under clear rules.
At COREDO we negotiate based on data and concrete steps, not promises. This approach often buys extra time to adjust the process and reduces the likelihood of account closure.
Post-termination retention strategies
If termination does happen, there is a chance for an appeal and reinstatement if a convincing remediation plan and improved metrics are provided. During the appeal you should activate post-termination strategies: rerouting traffic to a backup PSP, alternative payment methods, segmentation by countries with more lenient requirements.
COREDO’s practice shows that a properly prepared termination appeal process with a report on corrective actions and KPI improvements can restore the acquirer’s trust. Even if reinstatement with the same bank is impossible, a well-prepared package speeds onboarding into a new setup.
COREDO Case
Case studies show how methodology turns into results. I’ll present three stories where a comprehensive approach to acquiring, licensing and AML delivered measurable effects. Details are anonymized, but the steps and results correspond to real projects in the EU and Asia.
Chargebacks in fashion e-commerce: EU and Asia
Client: a large fashion retailer delivering to the EU and Southeast Asia faced a rising chargeback rate and the threat of termination. The COREDO team analyzed reason codes, implemented 3DS 2.x with flexible configuration, strengthened device intelligence and updated the refund policy design. Additionally, we launched smart routing and BIN routing for Asian issuers with more lenient SCA requirements.
Within 90 days the chargeback rate returned below monitoring thresholds, the approval rate increased by 2.1 percentage points, and the rolling reserve was reduced by a third with clear release triggers. The acquirer cancelled the termination notice and provided increased limits for the seasonal sales peak.
PayFac: BIN sponsorship and underwriting
The platform launched a PayFac model and encountered lengthy underwriting and refusals for BIN sponsorship due to an unclear onboarding procedure for sub-merchants. The solution developed at COREDO included a full merchant onboarding framework, a merchant risk scorecard, KYT scenarios and automated PEP/sanctions/adverse screening. We reworked the contract documentation and prepared reports for PCI DSS and SAQ.
As a result, the client received BIN sponsorship and launched the sub-merchant model in three EU countries. The approval rate stabilized at a level that enabled scaling of traffic, and the acquirer set predictable rolling reserves without additional withholdings during peak periods.
Crypto/Fintech: licenses in the EU and Singapore
The fintech provider planned international acquiring for an online store with crypto-payment elements. The COREDO team carried out legal entity registrations and supported the application for a payment license in the EU (PI with prospects of EMI), and also advised on MPI in Singapore. We developed AML policy, CDD/EDD procedures, KYT and sanctions monitoring.
The company successfully passed acquirer underwriting, gained access to international acquiring and integrated 3DS 2.x and SCA. Over six months, fraud and chargeback metrics met the acquirer’s chargeback thresholds, which allowed reducing reserves and opening new markets.
Registration, licenses, AML and acquiring
International acquiring is part of a broader picture. Company registration in the right jurisdictions, Licensing and stable AML processes create the foundation on which the payment infrastructure operates predictably. I always insist on a holistic approach where legal, compliance and technology go hand in hand.
COREDO closes this loop: from strategy and registration to payment integration and license support. This removes gaps between teams and speeds up time-to-market.
Registering companies abroad
choice of jurisdiction affects access to local acquirers and PSPs, AML requirements and data protection. Our lawyers set up companies and ownership structures taking into account the requirements of banks and regulators. Differences between, say, Estonia and Cyprus are significant, and this needs to be considered even before designing the payment architecture.
In Dubai and Singapore, local presence and compliance with specific reporting rules are often required. We integrate these requirements into the launch roadmap and allocate time for licensing and onboarding.
Obtaining financial licenses
Payment services licenses (PI/EMI in the EU, MPI in Singapore), as well as permits for forex and crypto activities, open the door to direct relationships with banks and acquirers. The COREDO team prepares internal policies, risk management frameworks, an AML framework and a transaction monitoring plan. This speeds up regulatory approval and increases partners’ trust.
We support the client even after obtaining the license: process audits, updates for new regulatory requirements and interaction with banks and payment systems. Such ongoing support saves time and reduces the risk of sanctions from supervisory authorities.
How to build a KYC/AML compliance function
A strong compliance function: protection against termination and regulatory claims. We implement CDD/EDD procedures, PEP and adverse media screening, sanctions screening and AML monitoring with KYT. A separate component: team training and regular tabletop exercises to rehearse incidents.
COREDO’s practice confirms that this approach increases organizational maturity, improves the quality of negotiations with acquirers and regulators, and accelerates scaling without unnecessary risks.
Conclusions
International acquiring for e-commerce: it’s not just ‘enable card acceptance’. It’s a strategy where legal structure, licenses, AML processes, security and payment routing work together. When an entrepreneur sees the whole system, termination risks are manageable, and the payment flow remains resilient even at high growth rates and when entering new countries.
Over the years of developing COREDO I have become convinced that discipline in data, accuracy of integrations and transparency in agreements with partners create a competitive advantage. The COREDO team has implemented dozens of projects in the EU, the UK, Singapore and Dubai, and each time the foundation of success was a systematic approach: well-thought onboarding, strong anti-fraud, PCI DSS compliance, 3DS 2.x, smart routing and appropriate reserves. If you are building an international online store, marketplace or payment platform, start with a risk map, define key KPIs and put together a workable remediation plan: this way you will save time, money and reputation, and the payment infrastructure will become your strategic asset.