High-risk merchants often treat European payment regulation as something that sits in the background: a PSP problem, an acquirer problem, or a legal team problem. PSD3 and the new Payment Services Regulation make that view harder to hold.
The rules may not turn merchants into regulated payment institutions, but they can change the payment environment merchants depend on. Fraud controls, payee checks, open banking access, fee transparency, customer support standards and provider accountability all move closer to the real checkout experience.
For high-risk sectors such as iGaming, Forex, crypto, adult, subscriptions and travel, that matters. These merchants already operate under closer review, more documentation requests and more payment-route sensitivity than ordinary retail businesses.
The real question is not only what PSD3 and PSR say on paper. It is how PSPs, acquirers and payment partners respond and how that response affects onboarding, conversion, customer trust and payment operations.
- Europe’s Payment Rulebook Is Moving From Access to Control
- Why High-Risk Merchants Should Not Treat PSD3 and PSR as a PSP-Only Issue
- Fraud Prevention Becomes a Bigger Part of the Checkout Conversation
- PSP Liability May Change Provider Behaviour Around High-Risk Flows
- Trading Names, Descriptors and Fee Transparency Become More Commercial Than They Look
- Open Banking May Gain More Access, But Not a Friction-Free Path
- What High-Risk Merchants Should Review Before PSD3 and PSR Land
- The Real Preparation Is Not Legal Panic, But Payment Discipline
- Conclusion
- FAQs
Europe’s Payment Rulebook Is Moving From Access to Control
PSD2 was often discussed as the regulation that opened Europe’s payment market further. It supported competition, strengthened electronic payment security and helped open banking become a real part of the payment conversation.
PSD3 and PSR are arriving in a different market. Digital payments have grown, open banking has matured, non-bank payment providers are more visible, and fraud has become more sophisticated. The European Commission’s financial data access and payments package proposed to modernise PSD2 into PSD3 and introduce a new Payment Services Regulation, with the aim of keeping electronic payments safe and secure while preserving consumer rights and improving choice of providers.
That shows the direction clearly. Europe is not only trying to widen access. It is also trying to make the payment market more controlled, transparent and accountable.
For merchants, this matters because payment rules do not stay neatly inside regulatory documents. They shape how providers build payment journeys, how they monitor fraud, how they explain fees, how they assess risk and how much confidence they need before supporting certain flows.
High-risk merchants should read PSD3 and PSR as a signal: growth in European payments will increasingly be tied to trust, control and evidence.
Why High-Risk Merchants Should Not Treat PSD3 and PSR as a PSP-Only Issue
At first glance, PSD3 and PSR may look like rules for banks, payment institutions, account servicing providers and open banking players. That is partly true. The legal obligations sit heavily with regulated providers.
But high-risk merchants rarely feel regulation only through direct legal duties. They feel it through provider behaviour.
The rule may sit with the provider, but the experience reaches the merchant
If a PSP faces stronger expectations around fraud prevention, it may ask more questions before onboarding a merchant. If a provider has to be clearer about fees, the merchant may need to understand its own cost structure more carefully. If payee verification becomes more important, customer-facing payment details and trading names become more sensitive.
For high-risk merchants, the indirect effects may show up through:
- Deeper onboarding and underwriting questions
- Closer scrutiny of payment flows and customer journeys
- More attention to trading names, descriptors and support processes
- Stronger review of refund, complaint and fraud-handling patterns
- More caution around unclear licensing, geography or business-model risks
This does not mean every high-risk merchant will face the same impact. It means merchants should expect their European payment partners to become more structured in how they assess and defend the flows they support.
Fraud Prevention Becomes a Bigger Part of the Checkout Conversation
Fraud prevention is one of the clearest themes in the PSD3 and PSR discussion. The Council of the EU said the agreed rules aim to better fight payment fraud, boost fee transparency and increase consumer protection, while also supporting technological innovation.
The Council also points to a broader anti-fraud framework, including measures around spoofing fraud, payee-name and account-identifier checks, and fraud-related information sharing between PSPs. The European Parliament’s announcement similarly describes a deal focused on stronger defences against fraud and data breaches, including strong customer authentication, risk assessments, spending limits and blocking measures.
For merchants, this is not only a security story. It is also a checkout story.
Better protection can still create more payment friction
A stronger fraud-control environment can improve trust, but it can also introduce more points where a payment is questioned, delayed, refused or reviewed. That matters in high-risk sectors where customers may already be sensitive to payment friction.
An iGaming operator may care about fast deposits. A Forex platform may care about funding reliability. A subscription business may care about continuity. A travel merchant may care about payment completion before inventory changes. In each case, stronger fraud controls can improve safety, but they can also affect conversion if the journey becomes unclear or interruptible.
That is the mature way to read PSD3 and PSR. Fraud prevention is not separate from merchant performance. It increasingly becomes part of how the payment experience works.
PSP Liability May Change Provider Behaviour Around High-Risk Flows
One important point must be handled carefully: PSD3 and PSR should not be presented as making merchants directly responsible for every fraud loss. The official material focuses heavily on PSP obligations and provider-side responsibility.
The European Parliament states that payment service providers may be liable for customer losses if they fail to implement appropriate fraud prevention mechanisms. It also says users who are victims of impersonation fraud should be reimbursed where the relevant conditions are met, including reporting to the police and informing the PSP.
For merchants, the commercial impact is indirect but important.
If PSPs face more responsibility when fraud prevention fails, they may become more cautious about the flows they support. That could mean more structured due diligence, closer review of merchant websites, better evidence requests, deeper analysis of customer geography, or more questions around trading names, refund practices and customer communication.
This is especially relevant for high-risk sectors because provider confidence already matters. A PSP does not only assess whether a merchant can process payments. It assesses whether the merchant’s flow is explainable, defensible and supportable under its own risk framework.
PSD3 and PSR may strengthen that behaviour. Not because every merchant becomes liable, but because providers may have less tolerance for unclear payment journeys.
Trading Names, Descriptors and Fee Transparency Become More Commercial Than They Look
Some regulatory details look small until they reach customer behaviour.
The Council says merchants will need to ensure that their normal trading name matches the name appearing on a customer’s bank statement, helping customers recognise charges and reducing confusion. For high-risk merchants, this is not a minor operational point.
A confused customer can become a support ticket, a dispute, or a lost repeat user
Many high-risk merchants operate through multiple brands, entities, websites, market-specific PSPs or local payment partners. If the name shown during or after payment does not feel familiar, the customer may not think like a payment operations team. They may think something is wrong.
That can create support tickets, refund requests, fraud concerns, chargeback attempts or simple loss of trust.
Fee transparency also matters. The Council says the new rules improve transparency on fees and exchange rates before transactions occur, and that companies providing card payment facilities to merchants will need to make clear the fees they charge for their services.
For high-risk merchants, that should encourage a more disciplined view of payment economics. Processing cost is not only the headline rate. It can include FX, settlement fees, refund fees, chargeback costs, reserve terms, third-party technical costs and market-specific charges.
The more transparent the environment becomes, the harder it is for merchants to manage payments through vague assumptions.
Open Banking May Gain More Access, But Not a Friction-Free Path
Open banking is another important part of PSD3 and PSR, but merchants should avoid the simple conclusion that open banking will automatically become easier, cheaper and smoother in every checkout.
The European Parliament says the agreement aims to reduce market barriers for open banking services, prevent account servicing payment service providers from discriminating against authorised providers, and give users dashboards to manage permissions for data access.
That direction matters for merchants because A2A, pay-by-bank and open banking journeys are becoming more commercially relevant. Better access and clearer permissions may support broader adoption. But open banking growth will still sit inside a more fraud-conscious and customer-protection-led environment.
For high-risk merchants, this is the key point: open banking should not be treated only as a lower-cost alternative to cards. It is also a trust and control rail.
A payment journey can be technically available but still underperform if customers do not understand it, if permissions feel unclear, if fraud warnings interrupt the flow, or if provider-side controls are poorly matched to the merchant’s customer behaviour.
PSD3 and PSR may support open banking competition, but not under a friction-free assumption.
What High-Risk Merchants Should Review Before PSD3 and PSR Land
High-risk merchants do not need to wait for every final implementation detail before reviewing their payment setup. The direction of travel is already clear enough to start asking better questions.
A useful review should cover the areas most likely to affect merchant performance:
- PSP and acquirer exposure: Which European providers support your flows, and how dependent are you on one provider’s risk appetite?
- Fraud-control readiness: Are your checkout, refund, support and customer verification journeys strong enough to stand up to closer provider review?
- Trading-name clarity: Will customers recognise the name shown during payment and on bank statements?
- Fee visibility: Do you understand acquiring fees, FX, settlement fees, refund costs, chargeback costs and technical fees across each route?
- Open banking strategy: Are you pushing A2A because it fits the customer journey, or only because it looks cheaper?
- Documentation quality: Can you clearly explain your business model, licensing position, customer geography, payment flows and risk controls?
This is not legal panic. It is a payment discipline.
The merchants that struggle most under tighter payment expectations are often not the ones with the most complex business model. They are the ones that cannot explain that business model clearly to banks, PSPs, acquirers and compliance teams.
The Real Preparation Is Not Legal Panic, But Payment Discipline
PSD3 and PSR should not push merchants into overreaction. They should push merchants into better preparation.
High-risk merchants do not need to memorise every regulatory article to understand the commercial meaning. They need to understand how the rules may change provider behaviour. Payment partners will care more about whether a merchant can explain its flows, identify its customers, reduce confusion, manage disputes, support fraud controls and keep payment journeys transparent.
That is why the practical response is not to rewrite the entire payment strategy overnight. It is to clean up the parts of the payment operation that providers already question.
Clear trading names. Better documentation. Stronger support processes. More transparent fee analysis. Better fraud-control alignment. More realistic open banking expectations.
PSD3 and PSR may create more pressure for fragmented or unclear payment setups. But they may also reward merchants that are easier for providers to understand, monitor and defend.
That is the preparation mindset high-risk merchants need.
Conclusion
PSD3 and PSR are not just European compliance updates for payment institutions. They are part of a wider shift towards payment trust, fraud control, transparency, open banking discipline and provider accountability.
For high-risk merchants, the impact may appear indirectly through PSP behaviour, onboarding scrutiny, checkout friction, statement-name clarity, fee visibility and open banking journeys. That makes the topic commercially relevant even where the formal obligation sits mainly with regulated providers.
The merchants best prepared for PSD3 and PSR will not be the ones that memorise every legal detail. They will be the ones that can show clean payment flows, clear customer journeys, recognisable trading names, strong fraud controls and provider-ready documentation.
In Europe’s next payment rulebook, discipline becomes a commercial advantage.
FAQs
1. What are PSD3 and PSR in simple terms?
PSD3 and PSR are the EU’s next major update to payment services rules. PSD3 is the directive side, while PSR is the regulation side. Together, they aim to modernise payments, strengthen fraud controls, improve transparency, support open banking and create more consistent rules across the European payment market.
2. Why should high-risk merchants care about PSD3 and PSR?
High-risk merchants should care because the rules may affect how PSPs, acquirers and payment partners manage risk. Even when obligations sit mainly with providers, merchants can feel the impact through onboarding checks, fraud controls, payment interruptions, statement descriptors, fee visibility and open banking journeys.
3. Will PSD3 and PSR make merchants directly liable for fraud losses?
The rules should not be understood as making merchants directly responsible for every fraud loss. The strongest obligations sit with PSPs and regulated payment providers. However, merchants may still feel the commercial effect if providers become more cautious around high-risk flows, unclear customer journeys or weak fraud controls.
4. How could PSD3 and PSR affect merchant onboarding?
Payment providers may ask for stronger documentation before supporting certain merchants or flows. High-risk businesses may need to explain their licensing position, customer geography, payment model, refund process, trading names, fraud controls and support structure more clearly during PSP or acquirer review.
5. Why are fraud controls important under PSD3 and PSR?
Fraud prevention is a major theme because Europe is trying to strengthen trust in digital payments. For merchants, stronger fraud controls can improve customer protection, but they may also create more payment checks, warning moments, refusal points or provider reviews that affect checkout conversion.
6. Could PSD3 and PSR create more payment friction?
Yes, in some cases. Better fraud protection can still create extra friction if payments are questioned, delayed or blocked due to suspicious patterns or payee-check issues. Merchants should not assume stronger rules will only improve safety; they should also prepare for possible checkout and support impacts.
7. Why do trading names and descriptors matter more now?
Trading-name clarity matters because customers need to recognise payments on bank statements. If the name looks unfamiliar, customers may raise support tickets, request refunds, suspect fraud or start disputes. This is especially important for merchants using multiple brands, entities, websites or payment partners.
8. How could PSD3 and PSR affect open banking payments?
PSD3 and PSR may support open banking access and permission management, but merchants should not treat this as a friction-free A2A growth story. Open banking payments will still depend on customer trust, fraud controls, provider quality, clear permissions and a smooth payment experience.
9. What should high-risk merchants review before PSD3 and PSR land?
Merchants should review PSP exposure, acquirer relationships, fraud-control readiness, trading-name clarity, fee visibility, open banking strategy and documentation quality. The goal is to make payment flows easier for providers to understand, monitor, support and defend under a more controlled European payment environment.
10. Will PSD3 and PSR make payment fees more transparent?
The direction of the rules includes stronger transparency around fees and exchange rates, including clearer information around payment services. For merchants, this means payment teams should understand the full cost of acquiring, FX, settlement, refunds, chargebacks, reserves and technical fees across each route.
11. How should high-risk merchants prepare without overreacting?
Merchants should avoid panic and focus on payment discipline. That means cleaner documentation, clearer customer journeys, recognisable trading names, stronger fraud controls, better support processes and more transparent fee analysis. The strongest preparation is making the payment setup easier for providers to understand and approve.
12. What is the main takeaway from PSD3 and PSR for merchants?
PSD3 and PSR are not only legal updates for payment providers. They signal a more trust-driven European payment market. High-risk merchants that can show clear flows, strong controls, transparent costs and provider-ready documentation will be better placed than merchants with fragmented or unclear payment operations.