Close Menu
    Global Licensing & Legal Updates

    2026 Global Acquiring Rulebook: How Visa, Mastercard, and Regional Regulators Reshape Legal Obligations for High-Risk MCCs

    Updated:No Comments22 Mins Read
    Global acquiring rulebook 2026 visual showing Visa, Mastercard and regional regulatory frameworks surrounding high-risk MCCs

    The global acquiring landscape is entering one of its most significant reform cycles in over a decade. By 2026, Visa, Mastercard and regional regulators across the US, EU, APAC and LATAM will introduce updated rulebooks that redefine how high-risk merchants are onboarded, monitored and legally assessed. These changes go far beyond routine scheme updates; they form a coordinated tightening of standards aimed at reducing fraud, controlling misleading practices, improving transparency and protecting consumers across high-risk sectors.

    For merchants operating under high-risk MCCs such as gaming, subscription services, adult content, travel, nutraceuticals, digital goods or coaching these reforms bring a new level of scrutiny. Acquirers will no longer rely solely on their internal risk scoring; they must demonstrate to networks and regulators that merchants meet enhanced compliance, documentation and evidence requirements. This shift increases the legal and operational burden on high-risk merchants while raising the threshold for approval, monitoring and ongoing processing.

    2026 becomes a defining year because scheme rulebooks and regulatory frameworks are aligning in a way that eliminates ambiguity. Merchants who once relied on flexible onboarding, broad MCC interpretations or inconsistent UX practices will face stricter standards and more frequent audits. This blog outlines the new obligations that high-risk merchants must meet, how regional laws amplify scheme rules and what changes acquirers will expect before enforcement begins.

    More importantly, it provides a practical blueprint that high-risk merchants can use to prepare ahead of time protecting approval rates, ensuring continuity with acquiring partners and reducing exposure to legal or regulatory penalties.

    Table of Contents

    Why 2026 Is a Defining Year for Global Acquiring

    The year 2026 marks the point at which multiple global forces converge: tighter Visa and Mastercard rulebook revisions, stricter national regulations, rising fraud sophistication, and greater demand for consumer protection. While networks update their rules annually, the 2024–2026 cycle represents a more structural shift, one that fundamentally changes how high-risk merchants are evaluated and managed. For acquiring banks, the burden of demonstrating compliance no longer ends with initial onboarding. Instead, they are required to justify merchant decisions continuously based on transparent, documented, and auditable risk controls.

    This shift has a cascading impact on merchants. High-risk MCCs have always operated under heightened scrutiny, but 2026 raises the bar further by introducing new legal, operational, and behavioural expectations. Acquirers who fail to meet the updated rulebook requirements face penalties, monitoring restrictions, or even loss of scheme privileges. As a result, they will adopt a more conservative stance when approving or retaining high-risk portfolios.

    Merchants, in turn, must demonstrate a higher degree of accuracy in how they classify their business models, present their products, disclose terms, capture consent, and handle disputes. These new pressures arrive at a time when regulators are demanding more consistency across the payments ecosystem especially in sectors where fraudulent marketing practices, unclear subscription disclosures, or high dispute ratios are common.

    Visa and Mastercard have strengthened their global rulebooks in response to escalating fraud patterns. At the same time, regulators in the EU, US, APAC and LATAM have introduced new consumer-protection directives, fraud-prevention frameworks, and continuity-billing standards. The result is a harmonised push toward clearer merchant behaviour, stronger identity validation, and transparent transaction journeys.

    High-risk MCCs are at the centre of this convergence because their business models involve rapid transactions, digital delivery, recurring billing or complex fulfilment routes, all areas vulnerable to customer confusion or fraudulent exploitation.

    Why high-risk MCCs sit at the centre of these changes

    Networks and regulators both recognise that sectors like gaming, subscription services, adult content, nutraceuticals and travel produce higher levels of disputes, chargebacks, and misleading marketing cases. These industries historically relied on varied interpretations of network and regulatory rules. The 2026 frameworks eliminate this variability: high-risk MCCs must now meet precise, uniform, enforceable standards.

    The end of “lightweight high-risk onboarding”

    For years, certain acquiring banks offered simplified onboarding for high-risk merchants, relying on manual reviews or flexible policy interpretations. This model disappears in 2026. Acquirers must now:

    • Document why the merchant qualifies for the MCC
    • Demonstrate adequate risk controls and disclosures
    • Maintain ongoing evidence of compliance
    • Prove monitoring is active and auditable

    Merchants who cannot meet these expectations may face onboarding rejection, reserve requirements, or contract termination.

    Understanding High-Risk MCCs Under Visa & Mastercard Frameworks

    Visa and Mastercard classify certain Merchant Category Codes (MCCs) as “high-risk” due to elevated fraud rates, higher chargeback likelihood, complex fulfilment models or regulatory sensitivity. While MCC assignment might appear administrative, it carries deep operational and legal implications. In 2026, these implications expand considerably as both schemes tighten onboarding expectations, strengthen monitoring rules and require acquirers to justify the acceptance of any high-risk merchant relationship.

    For years, high-risk categories have operated with varied levels of oversight across markets. But the 2026 rulebooks aim to standardise global treatment. This means transparency, documentation and compliance rigour must increase especially in industries where customer trust is fragile, fulfilment may be digital or intangible and subscription or upsell mechanics create room for dispute ambiguity.

    Which MCCs are categorised as high-risk in 2026

    While lists vary slightly across regions, the following MCCs consistently fall under scheme-designated high-risk categories:

    • Gaming & Gambling (MCC 7995)
    • Adult Content & Services (MCC 5967 / 5815)
    • Nutraceuticals & Supplements (various MCCs with upsell/continuity models)
    • High-Risk Coaching & Digital Education (MCC 8299 variations)
    • Digital Goods & Downloads (MCC 5816)
    • Subscription/Continuity Programs (across multiple MCCs)
    • Crypto-touch or wallet-adjacent services (region-dependent MCC assignments)
    • Travel & Ticketing (MCC 4722, 4511) due to chronic dispute exposure

    These MCCs are not only flagged due to fraud or abuse rates, they also involve business models where customers frequently misunderstand renewal mechanics, product scopes, refund rules or fulfilment expectations.

    In 2026, Visa and Mastercard expect acquirers to prove that they understand why a merchant belongs in a specific MCC and whether their business model complies with that MCC’s requirements.

    MCC-specific obligations and elevated evidence requirements

    Different MCCs trigger unique obligations under the 2026 rulebooks:

    • Adult + Gaming: mandatory age verification, location controls, identity assurance
    • Subscription Models: explicit renewal disclosures, pre-renewal notices, easy cancellation
    • Digital Goods: device fingerprinting, proof of delivery logs, in-session behavioural evidence
    • Travel: transparent itinerary, cancellation and FX policies
    • Nutraceuticals: clear product claims, refund terms, continuity program transparency

    Acquirers will require merchants to maintain audit-ready evidence packs, including screenshots of checkout flows, renewal terms, disclosures, confirmation logs and customer communication trails.

    How schemes tighten global registration and monitoring standards

    Visa and Mastercard are expanding their risk programs, including:

    • Visa GBPP (Global Brand Protection Program) tightening controls on misleading marketing and adult/gaming traffic
    • Mastercard BRAM (Business Risk Assessment & Mitigation) updates with deeper MCC audits
    • Enhanced registration requirements for certain MCCs
    • Real-time monitoring of fraud KPIs, complaint patterns and dispute ratios
    • Stricter termination triggers for repeated non-compliance

    These programs require acquirers to maintain ongoing visibility into merchant operations. High-risk merchants now face far more frequent scrutiny not because of isolated incidents but because 2026 mandates continuous, auditable oversight.

    Visa Rulebook 2026: The New Obligations for High-Risk Merchants

    Visa’s 2026 rulebook cycle introduces some of the most substantial updates high-risk MCCs have seen in years. These changes are driven by several key factors: increasing global fraud, rising consumer complaints, misuse of trial/continuity billing models, and gaps in merchant transparency. Visa is now shifting more responsibility onto acquiring banks and, in turn, expecting merchants to provide cleaner documentation, clearer customer journeys and stronger evidence of compliance.

    Diagram comparing Visa and Mastercard 2026 high-risk MCC obligations including onboarding, disclosures, monitoring and evidence requirements

    For high-risk MCCs, Visa’s reforms impact onboarding, ongoing monitoring, dispute handling and marketing practices. Acquirers must maintain audit-ready justification for every high-risk merchant relationship, meaning merchants can no longer rely on minimal documentation or flexible interpretations of scheme expectations. Instead, Visa expects merchants to deliver accurate disclosures, predictable billing behaviours and verifiable customer intent across every transaction flow.

    Updated merchant registration, underwriting and disclosure rules

    Visa is tightening its requirements for registering high-risk merchants, including:

    • More detailed business-model descriptions
    • Evidence that the MCC assignment is accurate
    • Full visibility into fulfilment methods, pricing structures and refund workflows
    • Proof of compliant marketing and sales practices
    • Clear disclosure of continuity billing terms

    Acquirers will now require screenshots, policy copies and product/plan explanations as part of standard onboarding not optional additional documentation.

    This reduces the risk of merchants misrepresenting pricing, renewal mechanics or product claims, which historically contributed to high dispute rates.

    Visa GBPP: Global Brand Protection Program tightening

    Visa’s GBPP has long targeted misleading marketing and prohibited-content activity, but the 2026 update expands its reach. High-risk MCCs especially adult, gaming, supplements and coaching will face:

    • Increased scrutiny of landing pages
    • Tighter restrictions on “free trial” or “limited-time discount” language
    • Examination of upsells and cross-sells
    • Stricter requirements for claim accuracy
    • More frequent manual content reviews by acquirers

    If a merchant’s website, ads or funnels do not meet Visa’s GBPP standards, acquirers may refuse onboarding or demand corrective action within short time frames.

    Enhanced refund, cancellation and descriptor requirements

    Visa is prioritising transparency and customer clarity, resulting in several rulebook updates:

    • Refund/return terms must be explicit and accessible
    • Cancellation pathways must be simple, visible and functional
    • Billing descriptors must clearly identify the merchant and match website branding
    • Auto-renewal notices may require timestamped evidence

    In high-risk sectors, unclear descriptors or hidden cancellation links are among the top causes of disputes. Visa’s 2026 rules aim to eliminate this entirely.

    CE v4.0 and pre-dispute evidence impact on merchant practices

    Visa’s Compelling Evidence 4.0 reflects a major shift toward preventing friendly fraud by requiring merchants to submit:

    • Device fingerprints
    • Customer-login history
    • Behavioural evidence
    • Repeated-use transaction patterns
    • IP consistency and device continuity

    This forces merchants to maintain better evidence systems and more detailed customer-activity logs. Without enhanced evidence readiness, high-risk merchants will lose more disputes and face higher compliance pressure.

    Mastercard Rulebook 2026: BRAM, Monitoring and High-Risk Controls

    Mastercard’s 2026 rulebook revisions reinforce its long-standing position: high-risk MCCs require deeper scrutiny, stricter onboarding, and continuous monitoring. While Mastercard’s BRAM (Business Risk Assessment & Mitigation) program has existed for years, the 2026 updates materially expand its operational and legal expectations. Acquirers must now prove that every high-risk merchant relationship is well-justified, policy-aligned and supported by verifiable compliance evidence.

    For merchants, this means additional documentation, clearer marketing practices, stronger identity logs, and consistent operational transparency. Mastercard’s approach is increasingly harmonised with global regulatory trends including the tightening continuity-billing rules in the US, PSD3/PSR in the EU and new consumer-protection standards across APAC and LATAM. High-risk MCCs are no longer evaluated only by operational performance but by end-to-end transparency across their entire customer experience.

    BRAM (Business Risk Assessment & Mitigation) updates

    The BRAM program governs high-risk merchant acceptance, requiring acquirers to review:

    • Merchant business models and pricing structures
    • Continuity billing mechanics
    • Marketing funnels, claims and ad partners
    • Refund and cancellation visibility
    • Supply chain clarity (for physical products)
    • Compliance with consumer-protection laws

    The 2026 updates introduce:

    • Stricter pre-approval requirements for adult, gaming, nutraceuticals and coaching
    • Enhanced monitoring for merchants driving traffic from high-risk affiliates
    • Clearer thresholds for action when merchants exceed dispute or complaint levels
    • More robust checks on “trial-to-subscription” billing paths

    BRAM now expects merchants to proactively maintain compliance, not respond reactively when an acquirer flags issues.

    Tighter onboarding and MCC-specific due-diligence

    Mastercard is harmonising global onboarding obligations so that all high-risk MCCs must present:

    • A complete description of product/services and value proposition
    • Detailed disclosure screenshots
    • Sample customer-support interactions
    • Cancellation pathway evidence
    • Business-owner/UBO verification
    • Delivery or fulfilment documentation

    Acquirers are required to reject or escalate onboarding for merchants who cannot supply verifiable information. This ends the era of “light-touch” approvals for borderline MCCs.

    Monitoring thresholds, KPIs and ongoing compliance audits

    Mastercard is increasing monitoring frequency for high-risk MCCs, including:

    • Real-time dispute and chargeback alerts
    • Complaint volumes and regulatory actions
    • SCA and authentication failure patterns
    • Descriptor clarity and mismatch issues

    Merchants exceeding thresholds may face:

    • Remediation plans
    • Reserve requirements
    • Traffic restrictions
    • Mandatory UX/checkout updates
    • Contract termination in severe cases

    Mastercard’s direction is clear: monitor continuously, intervene early, document everything.

    Implications for digital goods, coaching and subscription merchants

    These verticals face particular scrutiny due to disputes stemming from unclear expectations, instant fulfilment and aggressive marketing. Mastercard now expects:

    • Strong device, IP and behavioural logs
    • Full visibility into delivery of digital goods
    • Documentation of curriculum, program scope or coaching deliverables
    • Transparent subscription renewal logic with auditable timestamps

    Failure to meet these standards increases the likelihood of acquirer interventions or BRAM penalties.

    Regional Regulations; When Local Laws Override or Amplify Scheme Rules

    While Visa and Mastercard provide the global foundation for high-risk merchant governance, regional regulators increasingly shape how acquirers enforce those rules. In many markets, local laws now sit above or in parallel with scheme requirements, creating a layered compliance environment. For high-risk MCCs, this means obligations can differ significantly by geography, even when the acquiring relationship is global.

    2026 is the first cycle in which acquirers must demonstrate not only scheme compliance but also jurisdiction-level alignment across disclosures, refunds, billing transparency, identity controls and customer communication. High-risk merchants must understand that scheme adherence is no longer sufficient; regional regulators expect higher standards and more precise documentation.

    United States: CFPB, FTC & state-level continuity billing laws

    The US regulatory environment emphasises consumer protection within subscription and digital service models. Key 2026 expectations include:

    • Clear, upfront disclosures of pricing, renewal timing and cancellation terms
    • Simple, frictionless cancellation routes
    • Prohibition of “dark patterns” in checkout and upsells
    • State-specific rules requiring pre-renewal notices
    • Increased enforcement against misleading claims in coaching, nutraceuticals and digital programs

    Acquirers serving US merchants must validate compliance with these rules or risk regulatory penalties making onboarding more demanding for high-risk MCCs.

    European Union: PSD3/PSR interaction with scheme obligations

    The EU’s PSD3 and Payment Services Regulation introduce:

    • Stronger authentication requirements
    • Enhanced transparency for pricing, FX and recurring billing
    • Mandatory complaint-handling processes
    • Higher fraud and scam monitoring standards

    For high-risk MCCs, this means Visa/Mastercard rules + PSD3/PSR obligations function together, not separately. Acquirers will require detailed evidence of compliance with both frameworks during onboarding and ongoing monitoring.

    APAC: MAS (Singapore), RBI (India) and ASIC (Australia) tightening high-risk flows

    Asia-Pacific regulators are adopting stricter frameworks due to rising digital fraud:

    • Singapore MAS: enhanced due-diligence for gaming, digital products, fintech models
    • India RBI: mandates localised authentication, data storage and recurring billing controls
    • Australia ASIC: tighter rules on advertising accuracy, financial services and digital coaching

    High-risk merchants that do not localise their flows for APAC markets will face approval challenges or settlement restrictions.

    LATAM: PIX enforcement, FX transparency & domestic scheme rules

    LATAM markets prioritise:

    • Adherence to domestic payment rails (PIX, SPEI)
    • Transparent FX conversion disclosures
    • Stronger refund and cancellation clarity
    • Documented proof of fulfilment for digital and travel services

    Cross-border-only setups perform poorly; local acquiring expectations continue to increase.

    The 2026 acquiring rulebook introduces a new level of legal accountability for merchants operating under high-risk MCCs. Rather than viewing compliance purely as a scheme-driven requirement, merchants must now adapt to a broader legal environment that blends Visa/Mastercard obligations with national consumer-protection frameworks. The result is a shift from basic documentation to evidence-backed compliance, meaning every claim, term, descriptor or renewal must be verifiable, timestamped and audit-ready.

    For high-risk merchants, the biggest change is that acquirers will require far more clarity and continuity across disclosures, billing practices, subscription flows, product descriptions and refund processes. Legal obligations now extend into UX design, customer communications, marketing accuracy and identity/logging frameworks. The days of “minimum viable compliance” are over; the new standard is continuous demonstrable compliance.

    Stronger onboarding documentation and business-model justification

    Acquirers must now prove to schemes and regulators why a high-risk merchant is acceptable. As a result, merchants must supply:

    • Full business-model explanations
    • Screenshots of checkout disclosures and pricing
    • Sample billing journeys (initial charge → renewal → cancellation)
    • Clear evidence of customer support workflows
    • Proof of product legitimacy (digital goods, coaching, supplements, travel itineraries)
    • Delivery or fulfilment confirmation logic

    The key shift: documentation must match what the customer actually sees, not internal assumptions.

    Mandatory disclosure clarity: pricing, renewals, refunds and settlement

    Legal frameworks across the US, EU, UK, APAC and LATAM now emphasise:

    • Transparent pricing
    • Visible renewal dates
    • Clear trial terms (if applicable)
    • Accessible refund and cancellation terms
    • Accurate FX disclosures (where relevant)

    Even small inconsistencies such as mismatched fees or unclear descriptor text can trigger scheme violations or regulatory complaints.

    Enhanced fraud reporting and richer data requirements

    High-risk merchants must now maintain:

    • Detailed device, IP and behavioural logs
    • Dispute-response evidence packs
    • Fraud-prevention and monitoring documentation
    • Complaint-handling records

    These are no longer optional elements; they are part of the merchant’s legal defence when challenged by acquirers, issuers or regulators.

    Stricter compliance with consumer and advertising standards

    Regulators are now targeting misleading claims, unsubstantiated marketing statements and opaque subscription practices. Merchants must ensure that:

    • Marketing language matches actual product outcomes
    • Claims are verifiable
    • Upsell paths are transparent
    • Ads and landing pages adhere to scheme and regulatory standards

    High-risk merchants with aggressive copywriting or unclear funnels face the highest exposure.

    Acquirer Expectations and Monitoring: What Will Change In Practice

    As the 2026 rulebooks take effect, acquirers will adopt stricter, more transparent oversight models for high-risk merchants. Instead of relying on periodic reviews or reactive checks, acquirers must now continuously demonstrate that every high-risk MCC they support is compliant, properly monitored and commercially justified. This transforms onboarding from a one-time hurdle into an ongoing governance obligation.

    Acquirers will strengthen monitoring across four core areas:

    • Fraud and dispute ratios, with tighter thresholds for intervention
    • Renewal and refund behaviour, especially for subscription models
    • Descriptor accuracy and customer complaint patterns
    • SCA quality, device consistency and behavioural integrity where applicable

    Merchants who fail to provide clean data, transparent disclosures or audit-ready evidence may face reserve requirements, stricter terms, remediation plans or ultimately processing restrictions.

    2026 marks a shift where the burden of compliance becomes shared but enforced downstream meaning high-risk merchants must operate with higher discipline, clearer customer pathways and verifiable operational controls at all times.

    What Merchants Must Fix Before 2026: The Practical Blueprint

    With scheme and regulatory frameworks tightening simultaneously, high-risk merchants must complete several practical, operational upgrades before the 2026 enforcement cycle begins. These actions ensure acquirer approval, reduce dispute exposure and demonstrate continuous compliance readiness.

    First, merchants must redesign checkout and disclosure elements so pricing, renewal dates, cancellation paths and refund policies are clear, consistent and compliant with regional regulations. Ambiguity particularly in subscription, coaching or digital goods funnels is no longer acceptable.

    Checklist-style blueprint outlining the operational and compliance fixes high-risk merchants must complete before 2026

    Second, merchants must maintain evidence-grade records that acquirers and issuers can rely on during audits or dispute reviews. This includes screenshots of disclosed terms, timestamped consent logs, device and behavioural data, support communication trails and delivery/fulfilment records.

    Third, transaction integrity must be strengthened:

    • Descriptors must match brand identity
    • FX disclosures must be transparent
    • Routing must avoid inconsistent metadata or MCC confusion
    • Billing patterns must reflect what is stated in the customer journey

    Finally, merchants must adopt internal governance frameworks, compliance checklists, policy updates, audit cycles and training to ensure consistent adherence to the 2026 rulebook. Acquirers will prioritise merchants who operate with maturity and predictable, well-documented processes.

    Market-by-Market Snapshot: How Enforcement Differs Globally

    Although Visa and Mastercard provide a unified global framework, the real-world impact of the 2026 rulebook varies widely by region. Each market applies additional layers of regulatory or consumer-protection oversight, meaning high-risk merchants must tailor their compliance and checkout practices accordingly.

    North America

    The US and Canada focus heavily on subscription transparency, dispute reduction and advertising accuracy. State-level rules, especially California’s ARL raise the bar for renewal disclosures, cancellation flow clarity and product claims.

    European Union / UK

    EU merchants must comply with PSD3/PSR alongside scheme rules, resulting in stricter authentication, pricing transparency and refund expectations. The UK follows a similar direction through FCA enforcement and APP scam rules.

    APAC

    Markets like Singapore, India and Australia require localized authentication, identity assurance and billing controls. High-risk MCCs must match local consumer-protection norms, not just global scheme expectations.

    LATAM

    Brazil, Mexico and Chile emphasize local payment rails, FX transparency and fulfilment evidence. Cross-border-only setups often perform poorly and attract higher scrutiny.

    Understanding these regional differences ensures that high-risk merchants launch with realistic expectations and remain compliant across corridors.

    How Different High-Risk Merchants Should Prepare

    Different high-risk verticals will feel the 2026 acquiring rulebook changes in different ways. These short scenarios illustrate how merchants should adapt to ensure smooth onboarding, stable approvals and long-term compliance.

    Gaming Operator (MCC 7995)

    Gaming platforms must enhance identity, location and session integrity, while maintaining clear deposit terms and transparent refund logic. Visa and Mastercard will expect logs proving player authentication consistency and responsible gaming disclosures.

    Subscription Platform (Trials & Continuity Billing)

    This segment faces the strictest scrutiny. Merchants must implement prominent renewal dates, clear trial disclosures and frictionless cancellation. Acquirers will require timestamped consent and screenshots of all pricing displays.

    Digital Goods Marketplace

    Instant fulfilment demands strong device fingerprinting, IP stability and behavioural evidence. Merchants must maintain detailed logs demonstrating digital delivery and customer activity patterns.

    Nutraceutical or Supplement Merchant

    Regulators and schemes will prioritise accuracy of product claims, refund policy visibility and genuine continuity billing transparency. Misleading claims or aggressive upsells are high-risk.

    Travel OTA (MCC 4722/4511)

    Travel merchants must provide accurate itinerary, cancellation and FX disclosures. Ambiguous terms remain a top driver of disputes and scheme violations.

    Conclusion

    The 2026 global acquiring rulebook marks a structural shift in how high-risk merchants are evaluated, approved and monitored. Visa, Mastercard and regional regulators are aligning around a single expectation: high-risk MCCs must operate with transparency, predictable customer journeys and evidence-driven compliance. For merchants, this means upgrading documentation, refining disclosures, strengthening data integrity and proving operational maturity at every stage of the customer lifecycle.

    Acquirers will no longer accept minimal or inconsistent practices every claim, renewal, descriptor and fulfilment step must be verifiable and audit-ready. High-risk merchants that prepare early will secure stronger onboarding outcomes, better approval performance and long-term processing stability. Those who delay risk stricter contract terms, elevated reserves or loss of acquiring access altogether.

    In 2026, compliance becomes a competitive advantage for merchants willing to operate with clarity and discipline.

    FAQs

    1. What makes 2026 a major turning point for high-risk merchant acquiring?

    2026 is the year Visa, Mastercard and multiple regional regulators synchronise new rulebooks, creating stricter onboarding, documentation and monitoring requirements for all high-risk MCCs.

    2. Which MCCs are considered high-risk under the 2026 rulebooks?

    Adult content, gaming, nutraceuticals, coaching/education, continuity billing, digital goods, crypto-touch services and certain travel categories consistently fall under high-risk classifications.

    3. What is the biggest change for high-risk merchants under Visa’s 2026 updates?

    Visa now requires more detailed disclosures, stronger evidence of customer intent and stricter transparency across pricing, renewals and cancellations supported by verifiable, audit-ready documentation.

    4. How does Mastercard’s BRAM program affect high-risk merchants?

    BRAM requires enhanced business-model justification, stricter marketing oversight, improved dispute management and continuous risk monitoring across fraud, complaints and refund patterns.

    5. Do acquirers now face more liability when onboarding high-risk MCCs?

    Yes, acquirers must justify every approval decision with documented evidence, making them more cautious and demanding during underwriting.

    6. How do regional regulations interact with scheme rules?

    Local laws such as EU PSD3/PSR, US continuity billing rules, APAC authentication mandates and LATAM FX transparency requirements often sit above scheme rules, raising the compliance bar further.

    7. What documentation will merchants need for onboarding in 2026?

    Clear checkout screenshots, renewal terms, refund flows, fulfilment proofs, support scripts, UBO data, product descriptions and a comprehensive business-model explanation.

    8. How will dispute handling change under the new rulebooks?

    Schemes now require richer behavioural and device data, timestamped consent logs and clearer descriptors. Merchants must maintain strong evidence trails to prevent and defend disputes.

    9. Will subscription merchants face more scrutiny?

    Yes, subscription and continuity billing models face the strictest expectations, including pre-renewal notices, transparent trial terms and easy cancellation mechanisms.

    10. How do the 2026 rulebooks affect marketing and advertising?

    Misleading claims, aggressive upsells and unclear product benefits are now clear violation triggers. Merchants must align marketing with actual deliverables.

    11. What happens if a merchant fails to meet the new standards?

    They may face onboarding rejection, reserve requirements, remediation plans or termination. Persistent issues can trigger scheme fines for acquirers.

    12. What should high-risk merchants prioritise before 2026?

    Clear disclosures, compliant subscription flows, accurate descriptors, robust logging, strong identity and behavioural data, and audit-ready documentation across every customer journey.

    Share.

    Related Posts