Cross-Border Acquiring for High-Risk Merchants: Optimising Approval, FX & Compliance Under PSD3

Cross-border card acquiring has always been challenging for high-risk merchants, but the 2025–2027 period marks the most significant shift in a decade. Approval rates are becoming increasingly volatile, FX costs are rising, and acquirers across Europe are tightening onboarding because of stricter PSD3 and EBA requirements. For sectors like gaming, crypto, travel, and online trading, cross-border acceptance is no longer simply a matter of adding the “right acquirer”; it now requires a fully engineered, data-driven payments strategy.

According to global routing benchmarks, cross-border declines frequently exceed 30-40%, especially where the BIN country, MCC and merchant location don’t align. At the same time, regulators are mandating greater transparency over FX fees, authentication, acquirer monitoring, and merchant onboarding. This combination of stricter compliance plus issuer-side de-risking is reshaping how PSPs and gateways must build cross-border payment infrastructure.

Why High-Risk Merchants Are Affected the Most

High-risk verticals depend on cross-border traffic for growth, especially where domestic acquiring is limited or unavailable. But they also face:

• Higher issuer risk scores
• More aggressive AML/CTF monitoring
• Tightening scheme rules (Visa/Mastercard)
• FX slippage during settlement
• Corridor-specific fraud and chargeback pressures.

The result? Merchants often struggle to maintain stable approval rates or predictable margins unless they deploy multi-acquirer routing, data enrichment and advanced FX management.

Additionally, research shows that cross-border payment complexity is expected to rise as regulation becomes more standardised across regions. This means merchants cannot rely on legacy acquiring setups or static gateway routing strategies.

What This Blog Will Cover

This article breaks down the full end-to-end mechanics of cross-border acquiring for high-risk merchants under PSD3, including:

• How issuers evaluate cross-border transactions
• Why approval rates are falling across key corridors
• How PSD3 changes onboarding, fraud controls and FX transparency
• How to build a multi-acquirer routing strategy
• How to control FX leakage and slippage across PSPs, acquirers and schemes
• What compliance infrastructure must high-risk merchants implement by 2026/27

This is a practical, technical, PSD3-aligned guide on how to rebuild cross-border card acceptance for the next regulatory cycle.

The Cross-Border Acquiring Landscape Today: Data, Declines & De-Risking Pressure

Cross-border acquiring is undergoing rapid transformation as issuers, schemes, acquirers, and regulators tighten controls. High-risk merchants face the sharpest impact, with approval volatility, AML scrutiny and corridor-specific restrictions growing across Europe, the UK and offshore jurisdictions. These pressures are intensifying ahead of PSD3 and the revised Payment Services Regulation.

Cross-Border Approval Rates Are Becoming Increasingly Unstable

While domestic EU approval rates remain relatively high, cross-border approvals can fall dramatically depending on:

• BIN country
• Merchant MCC
• Issuing-bank risk level
• Acquirer jurisdiction
• 3DS authentication outcome
• Corridor-specific fraud history

Issuers increasingly decline transactions before authentication based on risk scores, geographic mismatches or MCC sensitivity.

Regulators such as the European Banking Authority (EBA) have highlighted rising scrutiny over cross-border payments due to fraud, AML/CTF exposure and inadequate monitoring between PSPs and acquirers:

Why Issuers Penalise Cross-Border High-Risk Traffic

Issuers don’t simply block traffic because it is cross-border. They block it because the transaction matches patterns associated with fraud or regulatory risk. Common issuer-side triggers include:

• Country mismatch between merchant and cardholder
• High-risk MCCs (gaming, crypto, trading, ticketing)
• Offshore acquiring jurisdictions
• Velocity anomalies
• Device or IP inconsistency
• SCA friction or failed authentication
• Limited or missing enhanced data fields
• BIN ranges with elevated fraud risk

Under PSD3, issuer responsibilities for cross-border fraud, sanctions screening and transaction monitoring become even more stringent, meaning high-risk traffic is subject to more aggressive filtering.

Acquirer De-Risking: Shrinking Appetite for High-Risk Cross-Border Volumes

Acquirers across the EU and UK are withdrawing from many high-risk models due to:

• Strengthened AML and CTF expectations under EBA Guidelines
• PSD3-driven onboarding and monitoring requirements
• Increased compliance cost structure
• Higher collateral and reserve requirements
• Scheme penalties (e.g., excessive fraud or chargeback ratios)
• Reputational risks linked to specific MCCs
• Need for documented risk justification under the revised Payment Services Regulation

The European Commission’s PSD3 legislative package explicitly reinforces stricter KYB, ongoing monitoring, AML/CTF governance and FX transparency obligations:

As a result, acquirers reduce exposure by:

• Rejecting cross-border high-risk MCCs
• Limiting onboarding in certain jurisdictions
• Restricting volumes and settlement windows
• Applying tougher rolling reserves and monitoring policies.

The MCC Factor: Why Some Categories Face Higher Declines

Merchant Category Codes are now a core variable in issuer and acquirer risk modelling:

MCC Category	Risk Level	Cross-Border Impact
Gaming / iGaming	Very High	Issuer filtering; regional limitations
Crypto / Digital Assets	Extremely High	Many EU acquirers avoid onboarding
FX / Trading Platforms	Very High	Enhanced due diligence under PSD3
Ticketing / Events	High	Seasonal fraud spikes increase declines
Travel / Airlines	Moderate–High	Refund-heavy corridors trigger suspicion
Digital Goods	High	High-frequency transactions penalised

PSD3 will formalise stricter merchant assessment frameworks, especially around MCCs with elevated fraud or AML risk.

Fraud, Chargebacks & AML Pressure Across Corridors

Cross-border high-risk corridors also face:

• Increased friendly fraud
• Elevated account takeover (ATO) rates
• Synthetic identity fraud risk
• Transaction laundering exposure
• Chargeback spikes linked to promotional or sub-vertical volatility
• Issuer monitoring programmes that target corridor-level anomalies

These pressures directly influence decline decisions, even when merchant behaviour is legitimate.

PSD3, PSR2 & EBA Technical Standards: What Changes for Acquirers, PSPs & Gateways

The transition from PSD2 to PSD3 marks one of the most significant regulatory shifts affecting cross-border acquiring, especially for high-risk merchants. Unlike PSD2, which focused heavily on authentication (SCA) and API access, PSD3 expands into merchant onboarding, cross-border monitoring, FX transparency, transaction-level data obligations and enhanced supervision of acquirers and PSPs.

These changes directly impact how acquirers evaluate risk, how PSPs and gateways transmit data, and how high-risk merchants must structure their flows.

Official reference for legislative context: Payment services

PSD3 Introduces Stricter Onboarding Standards for Acquirers

Under PSD3 and the accompanying Payment Services Regulation (PSR2 replacing the current PSR), acquirers need to apply enhanced due diligence for merchants handling cross-border volumes, including:

• Documented beneficial ownership
• Proof of operational presence
• Supply-chain and partner verification
• Transaction-laundering screening
• Jurisdictional risk scoring
• Sector-based risk evaluation, especially for high-risk MCCs

These onboarding standards are guided by the EBA’s AML/CTF and risk-based supervision guidelines

For high-risk merchants, onboarding will become slower, more data-heavy and more dependent on historical payment behaviour.

Enhanced Monitoring Obligations Across Cross-Border Transactions

PSD3 mandates tighter monitoring requirements across acquirers, PSPs and gateways. These include:

• Behavioural and transactional profiling
• Geographical risk scoring
• Payer and merchant identity verification
• Corridor-specific fraud detection
• Continuous AML and sanctions monitoring
• Transaction-level analytics for anomalies

Acquirers must demonstrate real-time or near-real-time monitoring of cross-border flows, with structured evidence trails to regulators.

Gateways must adapt their APIs to support deeper data transmission so acquirers can meet monitoring expectations.

Authentication & SCA: Stricter Enforcement for Cross-Border Payments

SCA (Strong Customer Authentication) remains mandatory under PSD3, but enforcement becomes more consistent across borders.

Key changes include:

• Reduced tolerance for SCA exemptions on high-risk MCCs
• Issuer-level monitoring of PSP exemption behaviour
• Stricter requirements for step-up authentication on suspicious cross-border flows
• EBA alignment of SCA logic across EU markets

The EBA outlines authentication obligations here: https://www.eba.europa.eu/regulation-and-policy/payment-services-and-electronic-money

This means PSPs must refine their 3DS2 orchestration and routing, ensuring cross-border traffic meets issuer expectations to avoid SCA-driven declines.

FX Transparency & Disclosure Rules Under PSD3

PSD3 introduces mandatory FX transparency, impacting acquirers and PSPs that process multicurrency transactions.

Obligations include:

• Clear disclosure of FX margins
• Transparent rate-source usage
• Breakdown of FX fees for payers
• Standardisation of how FX is presented to merchants and consumers
• Accurate record-keeping for regulatory audits
• Disclosure of DCC (Dynamic Currency Conversion) decisioning

This forces PSPs and gateways to redesign parts of their checkout and settlement flows to align with regulatory standards.

Data-Sharing & Scheme Compliance Requirements

PSD3 and PSR2 reinforce the need for stronger data sharing between PSPs, acquirers, gateways and schemes. This includes:

• Expanded transaction metadata
• Mandatory fraud-pattern sharing
• Structured reporting templates
• Enhanced data for dispute management
• Scheme-level monitoring compliance (Visa/Mastercard reporting obligations)

Failure to provide adequate data can trigger increased liability for acquirers and PSPs.

How PSD3 Differs from PSD2 (Summary Table)

Area	PSD2	PSD3 / PSR2 (2025–2027)
Authentication	Focus on SCA	Stricter enforcement + exemptions monitoring
FX Transparency	Limited	Full disclosure obligations
Onboarding	Basic KYB	Enhanced KYB + AML/CTF due diligence
Cross-Border Oversight	Fragmented	Standardised monitoring & reporting
Acquirer Monitoring	Light	Deep, mandatory real-time monitoring
Data Requirements	Partial	Expanded transaction-level metadata
Merchant Risk	MCC-based	Corridor + MCC + behavioural profiling

How Cross-Border Acquiring Actually Works: Full Technical Stack Architecture

Cross-border acquiring is often described as a “single payment flow”, but in reality, it is a complex interaction between multiple systems, each with its own risk logic, compliance checks, messaging formats and latency constraints. For high-risk merchants, this complexity becomes even more pronounced because every layer introduces a potential point of friction or decline. To optimise performance under PSD3, it is essential to understand how the cross-border acquiring stack actually functions from end to end.

Unlike domestic payments, which follow a relatively predictable pattern, cross-border transactions pass through additional authentication routes, farther network distances, multiple FX layers and stricter issuer scrutiny. The entire process is influenced by the location of the merchant, the acquirer, the cardholder’s bank, the card scheme and even the device used at checkout.

The PSP Layer: Where Transaction Integrity Begins

When a customer initiates a payment, the PSP handles the foundational elements of the transaction. This includes device intelligence, customer data capture, BIN identification, geo-verification, authentication preparation and early risk scoring. At this stage, decisions are made about whether to trigger exemptions, request Strong Customer Authentication, or adjust routing based on corridor performance.

For high-risk merchants, gaming, FX trading, ticketing, and crypto, this layer becomes vital. Issuers evaluate high-risk traffic harshly, so PSPs must enrich the authorisation request with as much relevant data as possible. Without this enrichment, issuers often apply default decline logic to cross-border transactions perceived as high-risk or unusual.

The Gateway Layer: The Orchestration Brain Behind Routing

Gateways sit between the PSP and multiple acquirers, but they do far more than simple routing. They translate message formats, normalise transaction fields, ensure compatibility with each acquirer’s API, and maintain rule engines that decide where the transaction should be sent.

In a cross-border context, the gateway’s role expands significantly. It may need to dynamically select an acquirer based on merchant country, issuer geography, BIN behaviour, latency, or corridor fraud rates. Gateways also carry responsibility for compatibility with scheme mandates, domain-specific risk parameters, and acquirer-specific data requirements. When any field is missing, misformatted or inconsistent, cross-border transactions are far more likely to fail.

Authentication and 3DS2: The First Major Friction Point

Once the gateway prepares the transaction, authentication begins. Cross-border payments frequently face higher friction in 3DS2 flows because issuers apply stricter rules to overseas requests. For many high-risk MCCs, issuers will force a challenge flow even when exemptions are requested, increasing friction and abandonment.

Authentication also introduces technical risks: latency between regions, device inconsistency, and mismatched IP or location signals can create authentication failures. These errors are common in markets where users rely on VPNs, prepaid cards or mobile wallets, all of which exhibit higher decline patterns in cross-border contexts.

The Acquirer Layer: Risk, AML Controls and Scheme Connectivity

After authentication, the transaction reaches the acquirer, the entity legally responsible for submitting the authorisation request to the card scheme. Acquirers operating in cross-border environments perform rigorous checks, including transaction laundering detection, velocity monitoring, merchant profiling, sanction screening and MCC-level risk evaluation.

High-risk merchants encounter the most friction here because acquirers must justify onboarding and continued processing under PSD3’s enhanced due diligence rules. To protect themselves, acquirers may impose stricter limits, apply higher reserves, restrict specific regions or reject certain MCC combinations outright. These decisions directly influence whether a cross-border authorisation is even sent to the scheme.

The Scheme Layer: Global Network Routing and Risk Filters

Visa and Mastercard operate as global networks, routing the authorisation from the acquirer to the issuer. During this journey, schemes apply their own rules and fraud models, validate 3DS2 authentication data, check tokenisation status, review issuer preferences and score corridor risk.

In cross-border flows, schemes also apply additional logic tied to region-specific fraud rates, currency behaviour, historic decline patterns and network performance. Even before the issuer receives the request, schemes may downgrade, redirect or flag the transaction based on risk indicators.

Issuer Decisioning: The Final and Most Sensitive Layer

The issuer, the bank behind the card, ultimately decides whether to approve or decline. Issuers apply a unique combination of credit logic, cardholder behaviour analysis, fraud scoring, authentication evaluation, MCC risk rules, and geographic consistency checks.

Cross-border transactions are declined more often because they present more uncertainty. Unusual location patterns, mismatched currencies, offshore acquirers, or MCCs associated with elevated fraud cause issuers to apply conservative decisioning. High-risk merchants feel this impact disproportionately because issuer risk models penalise unfamiliar or historically problematic categories.

Clearing, Settlement and FX: The Back-End Workflows Merchants Rarely See

After approval, the transaction moves into clearing and settlement. This phase introduces the FX pipeline, often involving multiple layers of conversion depending on where the issuer, scheme, acquirer and merchant are located. FX spreads, timing differences, and currency mismatches can erode margins significantly.

For high-risk merchants with global traffic, FX slippage, settlement delays and multi-currency reconciliation problems are common. These issues become more material under PSD3, which introduces new FX transparency and disclosure obligations.

Why Cross-Border Transactions Decline More Often (Technical Breakdown)

Cross-border declines are not random; they are the result of structured, multi-layer risk engines designed by issuers, schemes and acquirers. These risk engines use geographic data, behavioural patterns, historical fraud models and corridor-level scoring to determine whether a transaction looks trustworthy. For high-risk merchants, this logic is exponentially stricter. Understanding why declines happen is the first step to designing an approval strategy under PSD3.

The Geography Paradox: Why Location Mismatches Trigger Declines

The first and most influential factor is geographic alignment. Issuers reward “familiar” patterns and penalise anything outside the cardholder’s expected behaviour. When the BIN country, merchant descriptor and acquirer location diverge, the issuer’s models consider the transaction a risk event.

Issuers maintain geo-risk scores for every merchant category and corridor. A UK-issued card transacting with an acquirer in Malta for a crypto merchant, or a German-issued prepaid card buying digital goods from a Singapore PSP, are automatically viewed as elevated-risk scenarios. These transactions resemble known fraud patterns, so issuers decline pre-emptively, sometimes before authentication is even initiated.

Cross-border buying is normal for consumers. But cross-border spending in high-risk MCCs is a red flag for issuer risk engines. PSD3 reinforces this behaviour by expecting issuers to demonstrate stronger cross-border monitoring and anomaly detection.

Authentication Friction: The Silent Killer of Cross-Border Approvals

In domestic payments, 3DS2 flows are relatively stable. Across borders, however, authentication creates unpredictable outcomes. A transaction may fail because:

• Device metadata doesn’t align with the cardholder’s typical profile
• The issuer flags inconsistent geolocation
• The ACS (Access Control Server) cannot retrieve enough historical behaviour
• The challenge is triggered, but the consumer abandons the flow
• Biometric challenge fails due to browser/device incompatibility
• Latency between regions causes timeouts

These issues compound for high-risk categories. Issuers often override exemption requests and force 3DS challenges, even for low-value payments, to satisfy regulatory expectations around fraud prevention. PSD3’s increased enforcement of authentication obligations further amplifies this trend.

Risk Scoring Models: Why Issuers Penalise High-Risk MCCs

Every issuer uses MCC-specific risk thresholds. Some categories, gaming, crypto, online trading, and ticketing, receive immediate risk weighting regardless of other variables. This influences:

• Pre-authentication decline probability
• Authentication method selection
• Fraud scoring intensity
• Velocity checks applied
• Challenge vs frictionless routing

The issuer’s goal is not to block legitimate merchants, but to maintain fraud losses below regulatory and scheme thresholds. When MCC, geography, acquirer location and cardholder profile all create friction, the safest path for the issuer is to decline. High-risk MCCs produce that friction more frequently than others.

Card Type Sensitivity: Prepaid, Wallet & Emerging BINs Decline More Often

Cross-border transactions have disproportionately declined when the card is:

• Prepaid
• A virtual card
• A digital wallet-issued card
• A neobank BIN from a high-risk region
• Newly issued or recently activated

These cards carry a limited behavioural history. Issuers prefer predictable patterns, and cross-border high-risk transactions create uncertainty. Without past behaviour to anchor risk scoring, the issuer’s safest decision is rejection.

Routing Friction: When Acquirer and PSP Architecture Introduce Risk

Not all declines originate with issuers. Many happen because the request never reaches the issuer in the correct format. This is common when:

• PSPs send incomplete or inconsistent fields
• Gateways normalise data incorrectly
• Acquirer routing rules mismatch corridor risk
• Tokenisation logic conflicts with scheme preferences
• Required data fields are missing (email, phone, device ID)
• The acquirer’s jurisdiction is considered risky

High-risk merchants suffer most here because acquirers tend to place stricter validation rules on risky MCCs. If a single field doesn’t meet requirements, the acquirer may block the request before it reaches Visa or Mastercard.

Issuer Behavioural Modelling: When Fraud-Like Patterns Cause Automatic Declines

Issuer fraud engines evaluate behaviour across thousands of variables. Declines often occur due to subtle behavioural anomalies such as:

• Unusual time of day for the cardholder
• Inconsistent device fingerprint
• Sudden high-value overseas purchase
• Multiple failed authentication attempts
• Rapid-fire retries across regions
• New merchant or new acquirer not previously seen
• Use of VPN or anonymised IP

These signals resemble fraud patterns seen in synthetic identity attacks and account takeover scenarios. For high-risk merchants, the probability of triggering these patterns is significantly higher.

The Effect of Scheme-Level Controls on Cross-Border Traffic

Visa and Mastercard apply their own “network intelligence” filters before passing requests to issuers. These filters can downgrade authentication requests, force challenge flows or automatically decline requests if they violate scheme thresholds for fraud or chargebacks.

This adds a layer of unpredictability, especially for merchants operating in verticals already associated with elevated risk.

FX Under PSD3: Transparency, Margin Rules & the New Compliance Burden

Foreign exchange (FX) has always been one of the least transparent elements of cross-border acquiring. Under PSD2, FX margins and rate sources were typically left to acquirers and PSPs to disclose in their own formats, often resulting in pricing opacity, settlement discrepancies, and reconciliation challenges. PSD3 changes this dynamic completely. For the first time, the EU is imposing a formal, standardised framework governing how FX margins, rate sources, timing and disclosures must be presented throughout the payment chain.

Unlike authentication or onboarding rules, FX transparency obligations affect every layer of cross-border acquiring: merchants, PSPs, acquirers, schemes and, in some cases, even the issuer. What PSD3 introduces is not a technical tweak but a structural shift in how cross-border revenue is calculated, reported and audited. This has major implications for high-risk merchants, whose models often rely heavily on multi-currency processing and frequent cross-border settlement cycles.

A New Regulatory Philosophy: FX Pricing as a Consumer-Protection Obligation

PSD3 treats FX not simply as a commercial variable, but as a transparency obligation tied to consumer protection. The EU’s view is that consumers and merchants should understand how multi-currency pricing is calculated and whether a more expensive currency route is being used.

This means PSPs and acquirers must now show:

• How the FX margin was applied
• What base rate was used (e.g., ECB rate or an alternative source)
• When the FX rate was taken (timestamp)
• Whether additional layers of conversion were added downstream
• How Dynamic Currency Conversion (DCC) was decided or offered

For merchants, this introduces a new layer of operational responsibility. They must ensure their PSP or acquirer provides accurate, compliant FX breakdowns that can be communicated to customers clearly, before the transaction is executed.

FX Margin Transparency: Ending the Era of “Opaque” Pricing

One of the most impactful PSD3 changes is the requirement to break out FX margins separately from interchange, scheme fees and acquirer fees. This is a departure from PSD2, under which many PSPs and acquirers included FX margins within blended pricing models.

Under PSD3 rules, acquirers and PSPs must disclose:

• The exact FX margin applied
• The methodology used to calculate it
• How often are FX rates updated?
• How FX impacts the final amount charged

For merchants dealing with fast-moving currencies or multi-corridor traffic, this can expose inefficiencies that were previously hidden. It may also affect commercial negotiations, as merchants will now have visibility into where FX costs sit within the overall payment stack.

Rate-Source Requirements: A New Expectation for Consistency

Another major shift involves the requirement to use consistent and auditable FX rate sources. Under PSD2, acquirers could use proprietary systems, internal reference rates or third-party providers without formal disclosure. PSD3 mandates clarity over:

• Which rate source was used (ECB, central bank, regulated provider)
• Whether the rate source is stable across regions
• How often is the reference rate refreshed?
• How rate differences are documented for audit purposes

The European Central Bank (ECB) is expected to be a primary reference point for many compliant systems because of its standing within the EU financial framework:

This change forces PSPs and acquirers to upgrade their FX engines, logging systems and settlement processors to ensure uniformity, audit traceability and compliance.

The Impact on Multi-Acquirer and Multi-Currency Merchant Setups

For high-risk merchants, FX complexity increases with every additional acquirer or settlement currency. PSD3 requires acquirers to be explicit about how multi-currency pricing is calculated. This reduces variability but also exposes discrepancies between acquirers that previously went unnoticed.

A merchant using:

• Acquirer A for EU traffic (EUR settlement)
• Acquirer B for LATAM traffic (USD settlement)
• Acquirer C for Asian wallets (local currency settlement)

will now need to ensure FX disclosure is uniform across all partners. If even one acquirer fails to align with PSD3 expectations, the merchant becomes exposed to compliance gaps.

DCC (Dynamic Currency Conversion): Stronger Rules, Less Flexibility

Under PSD2, DCC allowed merchants and acquirers to generate additional margin by offering cardholders the option to pay in their home currency. PSD3 tightens this practice significantly by:

• Enforcing stricter pre-transaction disclosures
• Requiring clearer breakdowns of DCC surcharges
• Mandating transparency on non-DCC alternatives
• Ensuring cardholders cannot be “nudged” into DCC unfairly

The European Commission has emphasised clearer consumer protection standards in pricing and currency choice:

These rules especially impact verticals where DCC revenues were used to offset high acquisition fees or corridor inefficiencies.

Backend FX Pipelines: Where Hidden Costs and Reconciliation Issues Emerge

Most merchants assume FX occurs once at the acquirer. In reality, cross-border transactions may pass through multiple FX layers:

• Issuer FX (cardholder currency)
• Scheme FX (if routing through international networks)
• Acquirer FX (processing currency to settlement currency)
• PSP FX (if the PSP converts funds before payout)

Each layer introduces potential mismatches between authorisation currency and settlement currency, creating:

• Reconciliation delays
• Unexpected margin leakage
• Variance between expected and actual settlement amounts

Under PSD3, merchants must be able to trace these steps clearly. This will force PSPs and acquirers to improve FX reporting, rate timestamping, and settlement transparency.

Why Acquirers De-Risk High-Risk Merchants: Banking, AML & Scheme Pressures

De-risking has become one of the defining themes of cross-border acquiring over the past several years, and it is accelerating as PSD3 reshapes the regulatory landscape. For acquirers, high-risk merchants are no longer evaluated purely through a commercial lens; they are assessed through the combined expectations of regulators, card schemes, correspondent banks, AML frameworks and internal risk governance. Under this environment, even legitimate cross-border businesses can lose access to acquiring if the operational cost and regulatory exposure outweigh the revenue opportunity.

Acquirers face direct obligations under EU and national law to prevent money laundering, terrorist financing, fraud and transaction laundering. These obligations require enhanced due diligence for merchants operating across borders, particularly in sectors with elevated MCC risk profiles. The due diligence burden includes verifying beneficial ownership structures, understanding the merchant’s business model in detail, validating geographical footprint, assessing third-party relationships and conducting ongoing behavioural monitoring. High-risk merchants often operate across multiple jurisdictions with complex partner networks, which increases the workload and heightens acquirer caution.

Scheme oversight adds another layer of pressure. Visa and Mastercard enforce risk-monitoring programmes that track fraud ratios, chargeback trends and corridor-specific anomalies. When high-risk merchants exceed thresholds, even temporarily, acquirers must intervene immediately. Failure to do so exposes them to fines, mandatory monitoring fees, and in severe cases, restrictions on processing specific categories. For cross-border merchants whose traffic spans several regions, volatility is inevitable, and acquirers must continuously justify why they should maintain the relationship. The reputational risk of appearing to support non-compliant or poorly controlled traffic is often enough to trigger derisking decisions.

Acquirers also face increasing exposure to transaction laundering, a risk that has grown sharply in the high-risk ecosystem. Transaction laundering is notoriously harder to detect in cross-border environments because merchant supply chains, affiliate structures and settlement flows are more fragmented. Under PSD3, acquirers must introduce stronger controls to detect undisclosed merchants, unauthorised payment flows and suspicious patterns. These controls require investment in monitoring tools, data science teams, and enhanced reporting frameworks, costs that many acquirers cannot justify for verticals with thin margins or erratic performance.

Another driver of derisking is the behaviour of correspondent banks. Acquirers operating in certain jurisdictions depend on correspondent banking partners to clear and settle card funds. If a correspondent bank flags a merchant category, region or acquirer portfolio as high-risk, the acquirer may be forced to reduce exposure, remove the merchant or block specific corridors to preserve banking relationships. In recent years, sectors such as crypto trading, high-risk digital content, gaming, travel ticketing and online financial services have all been subject to increased scrutiny from the wider banking ecosystem.

Cross-border transaction patterns themselves introduce challenges. Issuers in different markets apply inconsistent risk scoring, authentication expectations and fraud models. When a merchant processes traffic across dozens of corridors through a single acquirer, performance becomes uneven. High decline rates, concentrated fraud spikes, regional chargeback surges or repeated authentication failures create a risk story that acquirers must answer to. For high-risk merchants, this volatility becomes a structural disadvantage: acquirers prefer predictable domestic portfolios over complex cross-border ones with uneven issuer behaviour.

Operational cost is an equally important factor. High-risk cross-border portfolios require significantly more compliance staffing, case reviews, corridor analysis, scheme reporting and real-time alert management. PSD3’s enhancements to merchant monitoring, AML governance and data transparency raise these costs further. Many acquirers, especially smaller EU institutions, evaluate the total cost of servicing a high-risk merchant and conclude that the economics simply do not work. In these scenarios, derisking becomes a business decision rather than a regulatory one.

Under PSD3, the direction is clear: acquirers must demonstrate stronger controls, deeper oversight and more consistent governance across all cross-border activity. This places high-risk merchants under sharper scrutiny, and any uncertainty, whether related to MCC, corridor, business model, operational controls or dispute patterns, can lead to restrictions, reduced volume, higher reserves or full offboarding. De-risking is no longer an exception in high-risk acquiring; it is rapidly becoming the default strategy for acquirers who cannot justify the regulatory, operational or reputational exposure.

How High-Risk Merchants Can Optimise Approval Rates Under PSD3

In today’s cross-border acquiring landscape, high-risk merchants cannot rely on default global routing models or generic PSP connectivity. They need a systematic, data-driven strategy that anticipates issuer behaviour, leverages multi-acquirer orchestration, and adapts dynamically to PSD3’s evolving compliance environment.

Understand the Approval Engine: Data, Routing & Risk Logic

Behind every declined transaction lies a decision model composed of data fields, routing logic and risk scoring. For high-risk merchants, mastery begins with understanding the topology of that engine.

On the data side, issuers and schemes expect enriched transaction payloads well beyond the basics. If merchant country, acquirer jurisdiction, BIN country, device fingerprint, velocity patterns or MCC category trigger concern, pre-emptive declines become likely. Merchants must therefore work with PSPs to ensure that every transaction is data-rich: cardholder behaviour history, device context, BIN reputation, geolocation consistency and merchant descriptor clarity.

Routing logic, meanwhile, is no longer about sending everything to the cheapest acquirer. It is about selecting the acquirer-corridor pair with the highest conditional approval probability. That means taking into account historical approval rates by BIN/acquirer/corridor, acquirer risk appetite for high-risk MCCs, settlement currency mismatches and regional behavioural norms. Under PSD3’s tighter oversight, merchants must treat routing as a dynamic optimisation problem, not a static configuration.

Multi-Acquirer Architecture: Reduce Single-Point Risk

For high-risk merchants, relying on a single acquirer leaves them exposed to sudden volume cuts, corridor restrictions or derisking decisions. Multi-acquirer architectures spread risk and enhance approval resilience.

Key elements include:

• Setting up two or more acquirers that specialise in different geographies or MCCs.
• Defining fallback logic: if Acquirer A falls below a threshold for a BIN range, route automatically to Acquirer B.
• Monitoring performance in real-time: approve rate, latency, error codes and merchant descriptors must be fed back into routing logic.
• Using gateway orchestration layers capable of switching acquirers on the fly, before the merchant or customer even notices.

The goal: ensure that declining approval rates or acquirer policy changes don’t instantly cut off major traffic volumes.

Descriptor Strategy & Conversion Quality

Merchant descriptors and BIN-BIN country alignment may look like small details to some, but for high-risk cross-border merchants, they make the difference between approval and decline. Issuers apply conservative logic for merchants they cannot easily identify or contextualise. If a German cardholder sees a descriptor linked to a country they don’t recognise, or a currency they don’t use, the risk score jumps.

High-risk merchants must therefore:

• Use consistent merchant naming across geographies.
• Match the descriptor language to the region of the cardholder.
• Align settlement currency with the BIN currency where feasible.
• Clearly display the merchant’s brand in a way the cardholder recognises and trusts (reducing friction and chargeback risk).

These steps may seem operational, but they directly influence issuer confidence, which under PSD3 becomes more important than ever.

Authentication Strategy: Balance Friction & Approval

Authentication is no longer just about compliance with SCA; it’s about approval optimisation. For high-risk merchants, every extra challenge or mismatch increases abandonment risk, but every unchecked exemption increases the likelihood of issuer decline.

Under PSD3’s uniform standards, merchants and PSPs must map authentication strategy across geographies, card networks and risk tiers:

• Use adaptive authentication: low-risk behaviour passes frictionless; high-risk triggers step-up.
• Ensure device fingerprinting and session history are captured and shared across PSP and the gateway.
• Monitor exemption usage: as PSD3 enforcement increases, issuers may treat high exemption volumes as a red flag.
• Update fallback logic: if a BIN or market shows a high challenge-fail rate, route via acquirer with stronger challenge success metrics.

Optimising authentication in this way improves approvals and reduces fraud risk, a dual win under PSD3.

Data Enrichment & Real-Time Feedback Loops

Traditional acquiring models treat appeals and dispute data as post-mortem. In the high-risk cross-border context, it must become live.

Merchants should implement:

• Real-time transaction analytics feeding back issuer decline codes, acquirer response times, error descriptions and routing performance.
• Dashboards showing approved decline by BIN, acquirer, corridor, MCC and payment method.
• Immediate action logic: if certain BIN/region combinations decline at a surge, route away before major volume is impacted.
• Collaboration with PSPs/gateways to include metadata fields such as device hash, behaviour profile, BIN-issuer country match and merchant-vertical risk modifiers.

Such intelligence gives merchants the real-time agility needed to compete in a PSD3 environment where risk thresholds shift regularly.

Compliance & Partnership Strategy

Optimising approval is not just a product strategy; it interacts with compliance. Under PSD3, acquirers will scrutinise high-risk merchants not just on conversion but on adherence to new monitoring, AML, FX transparency and documentation rules.

High-risk merchants should:

• Work proactively with PSPs and acquirers to demonstrate AML controls, merchant partner vetting, transaction monitoring and corridor-specific chargeback mitigation.
• Ensure they are closed-loop in describing business models, jurisdictions, refund policies, currency flows and partner networks.
• Treat compliance as an enabler of approval; the clearer the acquirer sees the risk controls, the higher the willingness to route volume.

Without this partnership mindset, routing architecture and descriptor optimisation may improve approvals temporarily, but merchant sustainability remains at risk.

FX Cost Optimisation: Reducing Slippage, Spreads & Recon Issues

FX remains one of the most expensive components of cross-border acquiring, especially for high-risk merchants who operate across multiple regions and currencies. Under PSD3, FX becomes more transparent and auditable, meaning merchants must rethink how they manage conversion costs and reconciliation processes.

Where FX Costs Actually Occur

Cross-border transactions pass through several entities, issuer, scheme, acquirer, PSP and FX can be applied at more than one stage. Even a single extra conversion creates cost leakage, especially when authorisation occurs in one currency and settlement happens in another. High-risk merchants feel this more sharply because their acquirers often work in multi-jurisdiction setups where conversion methods vary.

Rate Timing and Variance

One of the biggest sources of slippage is timing. Authorisation, clearing and settlement may all occur at different points in the FX cycle. If each party uses a distinct rate source or time window, the settled amount can diverge from the authorised value. PSD3’s transparency rules around rate timestamps will make these differences visible, but merchants still need to align internal processes to minimise timing-related variance.

Settlement Currency Decisions

Choosing the right settlement currency is one of the most direct ways to reduce FX exposure. Settling in the issuer-friendly currency can avoid unnecessary conversions, while regional settlement for certain corridors can stabilise volatility. However, global merchants must balance lower FX costs with operational simplicity. Centralised settlement may be easier, but not always cheaper.

Reconciliation Challenges

FX differences often appear during reconciliation, particularly when acquirers use different rate methodologies or update rates at inconsistent intervals. This creates mismatches between authorised and settled amounts. PSD3 will improve transparency, but reconciliation will still require merchants to track FX behaviour across acquirers and regions to avoid hidden leakage.

Routing as an FX Control Mechanism

Routing is often seen as an approval optimisation tool, but it can also materially influence FX cost. Choosing acquirers with regional presence, or those processing in currencies closer to the issuing market, reduces conversion layers. Merchants who compare FX variance across acquirers will be able to shift volume toward partners offering more predictable outcomes.

Why FX Optimisation Matters Under PSD3

PSD3 places formal expectations on PSPs and acquirers to disclose FX margins, rate sources and conversion logic. For merchants, this is an opportunity to regain control over a cost area that was historically opaque. With clearer disclosure, high-risk merchants can benchmark partners, adjust routing and protect margins in cross-border environments where FX behaviour directly influences profitability.

PSD3 Compliance Framework for High-Risk Merchants & PSPs

PSD3 introduces a far more structured and evidence-driven compliance environment for cross-border acquiring. For high-risk merchants and their PSPs, the shift is not limited to stronger authentication or clearer FX disclosure; it extends into onboarding, monitoring, data governance and the way acquirers assess merchant suitability. These changes require both operational discipline and a closer alignment between merchants and PSP partners.

Enhanced KYB and Merchant Verification

Under PSD3, acquirers and PSPs must demonstrate a deeper understanding of a merchant’s business model, ownership structure and operational footprint. High-risk merchants, especially those with cross-border volume, will undergo stricter checks around beneficial ownership, partner networks, licensing status and the jurisdictions in which they operate. This process becomes more continuous than before: onboarding is no longer a single event but an ongoing compliance obligation supported by transaction-level monitoring.

Strengthened Transaction Monitoring Requirements

PSD3 expects PSPs and acquirers to identify suspicious behaviour through near-real-time analysis. This is particularly significant for high-risk verticals where corridor volatility, chargeback surges or unusual spending patterns occur more frequently. Merchants must ensure that PSPs can capture device data, geolocation signals, velocity markers and behavioural patterns that support these monitoring requirements.

For high-risk businesses, this means adopting tighter internal controls as well, clear refund processes, consistent descriptors, regional compliance logic and transparent operational records all support acquirer confidence.

AML & CTF Controls Integrated with Payments Flow

High-risk merchants often interact with global audiences, affiliates and multiple settlement routes. PSD3’s AML/CTF enhancements require merchants and PSPs to demonstrate:

• Clear visibility of partners and flow of funds
• Documented policies around suspicious activity
• Internal procedures that align with acquirer expectations.

PSPs and gateways must feed enriched data into acquirer systems to help detect laundering patterns or unauthorised third-party processing. Any ambiguity in the merchant’s operating model can increase scrutiny or put onboarding at risk.

Data Quality and Scheme-Level Compliance

PSD3 introduces greater emphasis on data completeness and accuracy. Issuers and schemes rely heavily on correct data fields to score cross-border transactions, and merchants with inconsistent or incomplete metadata face higher decline rates. Under PSD3, PSPs must ensure that transactions carry the correct MCC, address fields, authentication data, rate-source identifiers and FX breakdowns where relevant.

High-risk merchants should expect more frequent data validation reviews from PSPs and acquirers, especially if they operate across several markets. Poor data quality becomes a compliance risk, not just an operational issue.

Chargeback Governance and Dispute Transparency

Dispute patterns are a critical indicator for acquirers assessing merchant sustainability. Under PSD3, merchants must maintain stronger internal dispute tracking and cooperate closely with acquirers on remediation when chargeback ratios rise. High-risk merchants that cannot demonstrate control over disputes, refund workflows or customer communication practices may face immediate restrictions, increased reserves or offboarding under stricter PSD3 expectations.

Alignment Across PSPs, Gateways & Acquirers

The most significant shift under PSD3 is the expectation that all parties involved, merchants, PSPs, gateways and acquirers, maintain aligned compliance logic. In cross-border high-risk environments, this coordination becomes essential. Acquirers will increasingly require evidence of how PSPs gather device data, manage authentication, enforce AML checks and monitor high-risk corridors. Merchants must be prepared to share operational details, supply-chain workflows and risk mitigation documentation more frequently.

PSD3 effectively elevates compliance into a shared responsibility model. For merchants handling global traffic, the quality of their PSP and gateway partners becomes as important as the performance of their acquirers.

Gateway & PSP Roadmaps: What Must Change for PSD3

PSD3 introduces new technical and operational obligations for PSPs and gateways supporting high-risk, cross-border merchants. The updated framework emphasises transparency, data integrity, real-time monitoring and stronger authentication orchestration. To remain compliant and commercially relevant, PSPs must redesign several components of their infrastructure.

Core Infrastructure Alignment with PSD3 Standards

Gateways and PSPs must ensure their technology stack supports the enhanced data, monitoring and reporting duties set out under PSD3 and the Payment Services Regulation (PSR). This includes adapting middleware, APIs and internal data models to transmit complete and correctly structured information to acquirers and schemes. For high-risk cross-border traffic, insufficient or inaccurate data increases decline rates and raises compliance exposure.

Key requirements include:

• Consistent handling of authentication indicators
• Inclusion of enhanced metadata fields
• Correct application of MCC and merchant attributes
• Structured transmission of risk-relevant information

These elements must be embedded into routing logic and authorisation flows.

Strengthening Authentication and Risk Orchestration

PSD3 reinforces expectations around Strong Customer Authentication (SCA). PSPs will need to refine their 3DS2 orchestration logic to reduce friction and align with issuer expectations across different regions. High-risk and cross-border traffic often requires more robust authentication paths; PSPs must design flexible workflows that adjust to issuer behaviour, BIN patterns and corridor risk.

This includes:

• Adaptive challenge logic
• Device and behavioural data integration
• Dynamic adjustment of exemption requests
• Improved ACS communication handling

Risk orchestration must become more granular, informed by real-time BIN and market intelligence.

FX Transparency and Rate-Source Integration

Under PSD3, PSPs that support multi-currency processing must upgrade their FX modules to provide merchants and acquirers with clearer disclosure of margin structure, rate sources and timing. This requires system-level updates to ensure rate identifiers, timestamp data and margin breakdowns are communicated in a standardised format.

For cross-border high-risk merchants, PSPs should also support routing decisions based on FX cost patterns and settlement preferences to reduce multilayer conversion exposure.

Enhanced Monitoring, AML Alignment and Data Sharing

PSPs are expected to implement stronger transaction-monitoring capabilities to support acquirer AML/CTF and fraud obligations. This includes:

• Improved behavioural monitoring
• Corridor-specific anomaly detection
• Integration of device, IP and geolocation signals
• Automated escalation to acquirers where required

Gateways must be able to share relevant insights efficiently, enabling acquirers to meet their own obligations under PSD3 and scheme requirements. Monitoring must be consistent across all regions where the merchant operates.

Multi-Acquirer Routing and Scheme Compliance

Routing strategies must evolve to address issuer behaviour under PSD3. PSPs and gateways should incorporate:

• Dynamic multi-acquirer routing
• Performance-based BIN-level decisioning
• Fallback routing for challenge or risk failures
• Issuer preference logic for specific corridors

Scheme compliance frameworks must also be updated. Visa and Mastercard require PSPs to maintain accurate reporting, consistent data structures and up-to-date integration with scheme rule changes. PSPs serving high-risk merchants must demonstrate that routing, authentication and data practices align with scheme risk thresholds.

Operational Governance and Merchant Support

PSD3 expects PSPs to maintain more structured governance around merchant support, particularly for high-risk verticals. Documentation, onboarding, periodic reviews and issue-resolution procedures must be strengthened. PSPs should proactively support merchants with guidance on descriptor strategy, authentication optimisation, routing logic, FX configuration and dispute management to reduce overall risk.

Conclusion

Cross-border acquiring for high-risk merchants is entering a period of structural change. PSD3 reshapes the regulatory environment, requiring greater transparency, stronger authentication, clearer FX disclosure and more consistent data standards across the entire transaction lifecycle. Acquirers, PSPs and gateways must adapt their infrastructures, monitoring frameworks and governance models to meet these expectations, while merchants must align business practices, routing strategies and operational controls to remain sustainable.

High-risk merchants face tighter scrutiny from issuers, schemes and acquirers. Approval rates, corridor stability and dispute ratios will increasingly depend on the quality of data provided, the precision of authentication flows and the level of compliance maturity demonstrated across regions. PSPs and gateways become critical partners, as their systems and orchestration capabilities directly influence performance under PSD3.

The merchants best positioned for 2026 will be those who treat cross-border acquiring as a technical discipline rather than a commercial toggle. By prioritising data accuracy, authentication strategy, FX optimisation, routing intelligence and compliance alignment, they can navigate derisking trends and improve resilience in a more demanding regulatory landscape. PSD3 does not eliminate complexity; it standardises it, creating clearer expectations and a more transparent framework for merchants operating in high-risk global markets.

---

FAQs