Fact-checked by Grok 2 weeks ago

Acquiring bank

An acquiring bank, also known as an acquirer or merchant acquirer, is a financial institution that contracts with merchants to process and settle payment card transactions, enabling businesses to accept credit and debit card payments from customers.^[1] These banks own the necessary bank identification number (BIN) or interchange assignment number (ICA) required for clearing and settlement through card networks like Visa or Mastercard.^[1] In the payment processing ecosystem, the acquiring bank plays a central role by receiving transaction details from the merchant's point-of-sale system or payment gateway, authorizing the payment through card networks, and facilitating the transfer of funds from the customer's issuing bank to the merchant's account.^[2] Upon authorization, the acquirer assumes financial responsibility for the transaction, including reimbursing the merchant after deducting fees, while managing risks such as fraud, chargebacks, and compliance with card association rules.^[3] This process typically involves settlement via automated clearing house (ACH) credits or wire transfers, where the acquiring bank collects funds from issuing banks and deposits them into the merchant's account, often within one to two business days.^[1] Distinct from the issuing bank—which provides payment cards to consumers and approves transactions based on account balances—the acquiring bank focuses on the merchant side, partnering with payment processors or independent sales organizations (ISOs) to handle technical transmission of data.^[2] Merchants must work with an acquiring bank to gain access to card networks, as these institutions are licensed by regulators and schemes to ensure secure, compliant operations; without one, businesses cannot legally accept card payments.^[3] Acquiring banks charge fees such as the merchant discount rate (typically 1-4% of transaction volume) and interchange fees (set by card associations to cover issuer costs and risks), which collectively fund the processing infrastructure and risk management.^[1]

Overview

Definition

An acquiring bank, also known as an acquirer, is a financial institution that processes credit, debit, and other electronic payment transactions on behalf of merchants, serving as the merchant's primary bank in the payment chain.^[2]^[4] Key characteristics of an acquiring bank include being licensed by major card networks such as Visa and Mastercard to handle transaction routing and settlement, assuming financial liability for the validity and completion of transactions to protect merchants from chargebacks and fraud, and facilitating the transfer of funds from the cardholder's account to the merchant's account after authorization.^[3]^[5]^[6] This entity is specifically positioned on the merchant side of transactions, in contrast to the issuing bank, which represents the cardholder and issues payment cards.^[7] It is also referred to as a "merchant bank" or "merchant acquirer," terms that emphasize its role in enabling merchants to accept card payments.^[8] In the payment ecosystem, acquiring banks support both card-present transactions—where the physical card is swiped, dipped, or tapped at a point-of-sale terminal—and card-not-present transactions, such as those conducted online or over the phone, though the underlying processing remains focused on the merchant's behalf without altering the acquirer's core function.^[9]^[10]

Role in the Payment Ecosystem

In the payment ecosystem, the acquiring bank serves as a critical intermediary between merchants, payment networks such as Visa and Mastercard, and issuing banks, facilitating the acceptance of electronic payments by routing transaction authorizations and ensuring the settlement of funds into merchant accounts.^[11]^[12]^[3] This role enables merchants to participate in the broader network of card-based and digital transactions, connecting businesses directly to consumers' financial institutions and reducing reliance on cash for commerce.^[12] Acquiring banks provide essential merchant-facing services, including the setup of merchant accounts, provision of point-of-sale (POS) terminals for in-person retail, and online payment gateways for digital transactions, while supporting a range of payment methods such as credit and debit cards, digital wallets, and contactless options.^[11]^[3]^[12] These services allow merchants to process payments securely across various channels, with additional features like risk management and tokenization enhancing transaction reliability and customer trust.^[3] Economically, acquiring banks drive global commerce by enabling seamless electronic payments that minimize cash dependency and support over 400 billion transactions annually among the top global acquirers, thereby boosting merchant sales and expanding market reach.^[12] They generate revenue primarily through merchant discount rates (typically 1-3% per transaction), interchange fees (0.3-3%, passed from card networks to issuing banks), and assessment fees from payment schemes, which are deducted from settled funds to cover processing costs.^[3]^[12] In e-commerce, acquiring banks emphasize online gateways and cross-border capabilities to handle digital transactions, often integrating with platforms for mobile payments to reduce refusals and support international sales, whereas in brick-and-mortar retail, they focus on POS systems for contactless and in-store card swipes, ensuring rapid processing for high-volume environments.^[11]^[12]^[3]

Historical Development

Early Beginnings

The transition from cash and checks to more streamlined payment methods in the 1950s laid the groundwork for acquiring banks, as post-World War II economic expansion spurred demand for convenient consumer financing options.^[13] Prior to widespread card adoption, merchants relied on bilateral credit arrangements or paper-based instruments, but the decade's innovations shifted focus toward centralized processing to support growing retail transactions.^[14] A pivotal milestone occurred in 1950 with the launch of the Diners Club card, the first general-purpose charge card that necessitated merchant participation in a networked system, thereby introducing the rudimentary role of merchant acquirers to handle card-based settlements.^[15] This non-bank initiative required participating establishments to submit charges directly to Diners Club for reimbursement, often routing funds through local banks in a manual fashion.^[13] In 1958, Bank of America introduced the BankAmericard—precursor to Visa—establishing bank-sponsored acquiring by enabling financial institutions to process and guarantee merchant transactions on a broader scale.^[14] Early acquiring banks, exemplified by Bank of America, assumed the initial role of aggregating merchant charges via paper drafts, verifying transactions, and settling funds to businesses after consumer billings, thereby bridging issuers and merchants in the nascent ecosystem.^[13] These institutions credited merchant accounts directly while managing reimbursements, marking the origins of the four-party payment model.^[14] The inception faced significant challenges due to limited technology, relying on manual processes such as mailing physical sales slips and conducting telephone authorizations for approvals, which constrained efficiency and scalability.^[13] Despite these hurdles, the post-WWII consumer spending boom propelled rapid growth, driving merchant adoption of acquiring services.^[14]

Modern Evolution

In the 1980s and 1990s, acquiring banks underwent significant shifts toward electronic processing, driven by the introduction of electronic data capture (EDC) terminals and the expansion of ATM networks. Verifone's founding in 1981 and its launch of the ZON terminal series in 1983 standardized POS devices, enabling faster transaction authorization for merchants by capturing data electronically rather than through manual imprints.^[16] Simultaneously, shared ATM networks proliferated, with Visa acquiring an ownership interest in the Plus system in 1987 and Mastercard acquiring Cirrus in 1988, fostering interoperability and reducing costs for acquiring institutions.^[17] These developments solidified Visa and Mastercard as dominant payment networks, as their cooperative structures allowed acquiring banks to scale merchant services nationwide.^[13] The 2000s marked a digital boom for acquiring banks, with the rise of online acquiring coinciding with e-commerce growth and the establishment of security standards. As internet transactions surged, acquiring banks expanded into digital gateways to process card-not-present payments, necessitating robust fraud prevention amid increasing cyber threats.^[18] In 2004, the Payment Card Industry Data Security Standard (PCI DSS) was introduced by major card networks—Visa, Mastercard, American Express, Discover, and JCB—to unify data protection requirements and mitigate risks in online environments.^[19] This era also saw acquiring banks venturing into international markets, adapting to cross-border regulations and currency conversions to support global merchants.^[20] From the 2010s onward, acquiring banks embraced advanced technologies like EMV chip cards, mobile payments, and fintech collaborations, further transforming their role in a contactless ecosystem. EMV adoption accelerated in the U.S. after the 2015 liability shift, with chip card payment volume rising from 2% in 2015 to 82% by 2021, compelling acquirers to upgrade terminals for enhanced security.^[21] The launch of Apple Pay in 2014 popularized near-field communication (NFC) for mobile wallets, integrating acquiring processes with digital platforms and boosting in-store spending via tokenized transactions.^[21] Fintech integrations, such as partnerships with payment aggregators, streamlined acquiring for small businesses, while the COVID-19 pandemic in 2020 dramatically accelerated contactless adoption, with 69% of U.S. retailers reporting increased usage that persisted post-crisis.^[22] Industry consolidation reshaped the acquiring landscape, exemplified by Fiserv's $22 billion all-stock acquisition of First Data in 2019, creating a payments giant with enhanced end-to-end capabilities for merchants and institutions.^[23] This merger, completed in July 2019, combined Fiserv's core processing with First Data's merchant acquiring expertise, enabling greater innovation in integrated solutions amid competitive pressures from fintech disruptors.^[24] Post-2021, acquiring banks continued to evolve with the integration of real-time payments and artificial intelligence for fraud detection, supporting a surge in digital wallet usage and embedded finance solutions. As of 2025, non-cash transaction volumes have grown significantly, with acquiring institutions adapting to regulatory shifts like open banking initiatives and the expansion of account-to-account (A2A) payments to reduce reliance on card networks.^[25]

Key Functions

Transaction Authorization and Processing

When a merchant initiates a payment transaction, the acquiring bank plays a central role in authorizing it by receiving the request from the merchant's point-of-sale (POS) terminal, payment gateway, or e-commerce platform and routing it through the appropriate card network to the issuing bank for approval. This process begins with the merchant capturing transaction details, such as the card number, amount, and expiration date, which are then transmitted to the acquirer in real-time. The acquirer validates basic elements like merchant credentials and transaction limits before forwarding the authorization request to networks like Visa, Mastercard, or American Express. The technical backbone of this authorization involves standardized messaging protocols, notably the ISO 8583 standard, which structures the data exchange between the merchant, acquirer, network, and issuer to ensure secure and efficient communication. Under this framework, the acquirer assembles a message containing fields for transaction type, amount, card data, and security elements, then routes it via secure channels to the card network. Real-time decisioning occurs at multiple points: the acquirer performs initial checks, while the issuer evaluates account status, available credit, and risk factors. Additional verification layers, such as Address Verification Service (AVS) for matching billing addresses and Card Verification Value (CVV) checks for the card's security code, are integrated to confirm transaction legitimacy during this phase. Processing varies significantly based on transaction type. In card-present scenarios, such as swiped or chip-based (EMV) payments at physical terminals, the acquirer captures dynamic data from the card's chip or magnetic stripe, enabling enhanced security through one-time cryptograms that reduce counterfeit risks. Conversely, card-not-present transactions, including online, mail-order, or telephone-order (MOTO) payments, rely on static card details entered manually, prompting the acquirer to apply heightened scrutiny via 3D Secure protocols like Verified by Visa or Mastercard SecureCode for added authentication. For recurring or installment payments, the acquirer handles tokenization—replacing sensitive card data with unique identifiers—to streamline subsequent authorizations without re-entering full details, while ensuring compliance with network rules for billing frequency and limits. Performance is critical for seamless merchant experiences, with average authorization times typically under 2 seconds from submission to response, achieved through high-speed network infrastructure and automated routing algorithms that minimize latency. If a decline occurs—due to insufficient funds, expired cards, or exceeded limits—the acquirer receives an error code from the issuer via the network and relays it back to the merchant, often with a reason code for troubleshooting, such as "05" for transaction declined. This rapid feedback loop supports high-volume processing, handling billions of transactions annually across global networks.

Settlement and Funding

The settlement process begins after transaction authorization, where the acquiring bank aggregates approved transactions into batches, typically at the end of the business day, and submits them to the card network for clearing. Card networks like VisaNet facilitate this by processing the batches through interbank clearing systems, where transactions are netted—offsetting debits and credits between acquiring and issuing banks—to minimize the actual funds transferred and reduce operational costs. This netting occurs daily, with the network calculating the net settlement position for each participant bank.^[26]^[27]^[28] Once cleared, the acquiring bank receives funds from the issuing banks via the network and advances them to the merchant, often on a next-day basis (T+1 settlement), after deducting applicable fees. This funding is typically deposited into the merchant's account through automated clearing house (ACH) systems or wire transfers, ensuring the merchant receives the net proceeds promptly while the acquirer manages the liquidity risk of fronting the funds. In traditional setups, batch processing dominates, grouping multiple transactions for efficiency, though emerging real-time settlement options—enabled by faster payment rails—allow for instant fund transfers in select markets, reducing merchant wait times to seconds. Multi-currency settlements add complexity, as acquirers must handle exchange rate conversions and timing discrepancies during batch netting to avoid cash flow disruptions.^[1]^[29]^[30] The fees deducted during funding form the merchant discount rate (MDR), which typically ranges from 1% to 3% of the transaction amount and breaks down into three main components: interchange fees (paid to the issuing bank, averaging 1-3% depending on card type and region), assessment fees (charged by the card network, usually 0.1-0.15% of the transaction volume), and the acquirer's markup (covering processing costs and profit, often 0.2-0.5%). These components are calculated per batch and withheld before the final deposit, with interchange and assessments varying by network—for instance, Visa's assessment is around 0.14% and Mastercard's 0.14-0.15%. This structure ensures cost recovery while providing merchants with transparent pricing tied directly to settlement volume.^[31]^[32]^[33]

Relationships and Models

Interaction with Issuing Banks

Acquiring banks and issuing banks engage in a bilateral flow during transaction authorization, where the acquirer submits a request through a card network such as Visa or Mastercard to the issuer for approval. The issuer evaluates the request against the cardholder's available credit or funds, account status, and fraud indicators, responding with an approval or decline typically within seconds.^[7]^[34]^[35] In dispute resolution, issuing banks initiate chargebacks when cardholders contest transactions, crediting the cardholder's account and seeking reimbursement from the acquiring bank via the card network. The acquiring bank then debits the merchant's account and may defend the transaction on the merchant's behalf by submitting evidence, such as receipts or proof of delivery, within specified timelines such as 9 calendar days in the US and Canada or 18 calendar days elsewhere under Visa rules (effective July 2025); unresolved disputes can escalate to arbitration.^[34]^[1]^[35]^[36] Acquiring and issuing banks operate under interbank agreements governed by card network bylaws, which establish shared rules for transaction processing, liability allocation, and compliance with standards like PCI DSS. These bylaws mandate data sharing through network systems for fraud prevention, such as reporting suspicious activities or using shared blacklists to monitor patterns like counterfeit transactions.^[37]^[35]^[38] In cross-border transactions, acquiring and issuing banks collaborate on currency conversion, with the acquirer or network applying wholesale exchange rates to settle funds in the appropriate currency, ensuring transparency in disclosures to avoid disputes over conversion fees.^[35]^[7]

Acquiring Models

Acquiring banks operate within several structural models that define their relationships with merchants, payment networks, and other entities in the payment ecosystem. The most prevalent is the four-party model, which involves four key participants: the merchant, the acquiring bank, the card network (such as Visa or Mastercard), and the issuing bank. In this model, the acquiring bank serves as the merchant's financial institution, handling the receipt of transaction data from the merchant, routing it through the card network for authorization by the issuing bank, and facilitating settlement by crediting the merchant's account after deducting fees. This structure promotes competition and scalability, as acquirers can partner with multiple networks and issuers, but it requires coordination among separate entities, potentially increasing processing times compared to integrated alternatives.^[39]^[40] In contrast, the three-party model consolidates the roles of the issuing and acquiring banks into a single entity, creating a closed-loop system where one provider manages both the cardholder's account and the merchant's settlement. This approach, commonly used by American Express, streamlines operations by handling authentication, authorization, and funding internally, often resulting in faster transaction processing. However, it typically involves higher fees for merchants, as the provider retains the full interchange and assessment revenue without sharing it across multiple parties, and it limits interoperability with other networks unless additional integrations are established. The model's efficiency suits providers with established customer and merchant bases but can hinder broader adoption due to the need for proprietary infrastructure.^[39]^[40] For smaller or high-volume merchants, ISO and aggregator models provide accessible alternatives to direct acquiring relationships. Independent Sales Organizations (ISOs) act as registered third-party intermediaries authorized by acquiring banks to solicit, sell, and service merchant accounts, often bundling payment processing with additional tools like point-of-sale equipment or customer support. In direct acquiring, merchants contract solely with the acquirer, bearing full compliance responsibilities, whereas sponsored acquiring—common in ISO and aggregator setups—involves the ISO or aggregator assuming some oversight under the acquirer's sponsorship, enabling easier onboarding for low-volume or specialized merchants. This model reduces barriers for entry but shifts certain risks and fees to the sponsoring acquirer.^[41]^[42] Evolving from these frameworks, hybrid models such as payment facilitators (PayFacs) have gained prominence since the 2010s, particularly for digital platforms and marketplaces. PayFacs are third-party entities registered and sponsored by an acquiring bank to onboard and manage submerchants—often small sellers on platforms like Stripe—under a master merchant account. Unlike traditional ISOs, PayFacs directly handle transaction aggregation, risk monitoring, and rapid settlements on behalf of the acquirer, allowing for near-instantaneous onboarding and funding while the sponsor retains ultimate liability for compliance and chargebacks. This sub-acquirer structure supports scalable, tech-driven ecosystems but demands robust fraud controls to mitigate aggregated risks.^[43]^[44]

Risks and Challenges

Financial and Operational Risks

Acquiring banks face substantial financial risks primarily stemming from their liability for chargebacks that exceed merchant reserves, particularly when merchants operate in volatile sectors or encounter financial distress.^[1] In such scenarios, if a merchant cannot reimburse disputed transactions, the acquiring bank assumes the loss as a credit exposure, which can escalate during periods of high dispute volumes.^[45] Exposure is heightened for merchants in high-risk industries like gambling, where elevated chargeback rates—often due to customer dissatisfaction or regulatory scrutiny—amplify potential liabilities and threaten the acquirer's financial stability.^[46] Operational risks for acquiring banks include system downtime, especially during peak transaction periods such as holiday shopping seasons, which can disrupt payment processing and lead to lost revenue or customer dissatisfaction.^[47] These institutions often depend on third-party networks for transaction routing and authorization, introducing vulnerabilities if those partners experience failures; typical service level agreements (SLAs) mandate 99.99% uptime to minimize such disruptions, yet any lapse can cascade across the payment ecosystem.^[48]^[49] To mitigate these risks, acquiring banks commonly establish reserve accounts, withholding 5-10% of a merchant's monthly processing volume to cover potential chargebacks or shortfalls.^[50] Additionally, they employ ongoing monitoring of merchant portfolios through risk scoring models that evaluate factors like transaction patterns, financial health, and industry classification to identify and de-risk problematic accounts proactively.^[51]^[52] A notable case illustrating these vulnerabilities is the 2013 Target data breach, where hackers compromised point-of-sale systems, exposing 40 million card details and triggering an avalanche of chargebacks that strained acquiring banks' operational continuity as they processed disputes and coordinated settlements amid heightened scrutiny and volume surges.^[53]^[54]

Fraud and Chargeback Management

Acquiring banks employ sophisticated fraud detection mechanisms to identify and mitigate unauthorized transactions in real time. One key tool is 3D Secure (3DS), an authentication protocol that adds an extra layer of verification, such as a one-time password or biometric check, during online card-not-present transactions to confirm the cardholder's identity and reduce fraud liability.^[55] Additionally, AI-based anomaly detection systems analyze transaction patterns for irregularities, including velocity checks that monitor the frequency of transactions from the same IP address, device, or card within short timeframes to flag potential fraud rings or account takeovers.^[56]^[57] These AI models, often powered by machine learning, enable acquiring banks to adapt to evolving fraud tactics by learning from historical data and scoring transactions for risk.^[57] The chargeback lifecycle begins when a cardholder disputes a transaction, typically within a 120-day window from the settlement date under major card network rules like those of Visa and Mastercard.^[58] Upon receiving the chargeback from the issuing bank, the acquiring bank notifies the merchant and facilitates the initial reversal of funds. If the merchant believes the dispute is invalid, the acquirer represents the merchant by submitting a representment—also known as second presentment—within 30 to 45 days, including compelling evidence such as delivery receipts, authorization logs, or proof of customer communication to challenge the claim.^[59] This process may escalate to pre-arbitration or arbitration if unresolved, where the network reviews documentation and assigns liability, emphasizing the acquirer's role in compiling and presenting merchant defenses to minimize financial losses.^[59] To prevent fraud and chargebacks, acquiring banks implement proactive measures, including mandatory merchant training on PCI DSS compliance to ensure secure handling of cardholder data and reduce breach-related vulnerabilities.^[60] Another critical strategy involves fraud liability shift rules, such as those introduced with EMV chip technology, which transfer counterfeit fraud liability from the acquirer to the issuer if the merchant uses EMV-compliant terminals, incentivizing adoption of chip-and-PIN over magnetic stripe for card-present transactions.^[61] These shifts, effective since 2015 in major markets, have significantly lowered acquirer exposure to certain fraud types by promoting standardized security protocols.^[61] Global chargeback rates typically range from 0.5% to 1% of total transactions, with eCommerce sectors experiencing higher spikes, such as a 222% increase in rates from Q1 2023 to Q1 2024. As of 2025, global chargeback volumes are projected to reach 337 million by year-end.^[62]^[63] A substantial portion of these disputes stems from friendly fraud, where customers intentionally challenge valid purchases—often citing non-delivery or unauthorized use—accounting for up to 75% of chargebacks and driving an 18% average annual increase reported by merchants over recent years.^[64] This trend amplifies costs for acquiring banks, as unresolved friendly fraud contributes to projected global losses exceeding $28 billion by 2026.^[63]

Regulations and Compliance

Key Regulatory Frameworks

Acquiring banks operate under a complex array of regulatory frameworks designed to ensure the security, efficiency, and integrity of payment processing, consumer protection, and financial stability. These regulations address risks associated with electronic transactions, data handling, and operational resilience, with oversight varying by jurisdiction and enforced through national authorities, supranational bodies, and industry standards organizations. Compliance with these frameworks is mandatory for acquiring banks to participate in payment networks and avoid penalties, including fines or loss of licensing. In the United States, Regulation E, implemented under the Electronic Fund Transfer Act (EFTA), governs electronic fund transfers, including debit card transactions processed by acquiring banks, by establishing consumer rights, error resolution procedures, and liability limits for unauthorized transfers.^[65] Additionally, the Durbin Amendment, enacted as part of the Dodd-Frank Wall Street Reform and Consumer Protection Act in 2010 and effective from 2011, caps debit card interchange fees at 21 cents plus 0.05 percent of the transaction value (with a potential $0.01 fraud-prevention adjustment) for issuers with more than $10 billion in assets, indirectly impacting acquiring banks' fee structures and merchant relationships.^[66] In the European Union, the Revised Payment Services Directive (PSD2), adopted in 2015 and fully applicable from January 2018, regulates payment services providers, including acquiring banks, by mandating strong customer authentication for electronic payments to reduce fraud and enabling secure open banking through regulated access to account information.^[67] Complementing PSD2, the General Data Protection Regulation (GDPR), effective since May 2018, imposes strict requirements on acquiring banks for the processing, storage, and transmission of personal data in transactions, emphasizing consent, data minimization, and breach notification within 72 hours.^[68] Globally, the Payment Card Industry Security Standards Council (PCI SSC) maintains the PCI Data Security Standard (PCI DSS), a set of security requirements that acquiring banks must follow to protect cardholder data throughout the payment lifecycle, including network segmentation, access controls, and regular vulnerability assessments.^[69] Furthermore, the Basel III framework, developed by the Basel Committee on Banking Supervision and implemented progressively since 2013, requires acquiring banks—as financial institutions—to maintain higher capital reserves against credit, operational, and market risks, with minimum common equity tier 1 ratios of 4.5 percent plus buffers to enhance resilience.^[70] Payment card networks impose their own enforceable rules on acquiring banks. Visa's Core Rules and Product and Service Rules mandate that acquirers conduct thorough merchant underwriting, including risk assessments and due diligence, prior to onboarding, and implement ongoing monitoring to detect high-risk activities such as excessive chargebacks.^[71] Similarly, Mastercard's Rules require acquirers to establish policies for merchant evaluation, transaction monitoring, and compliance validation to prevent fraud and ensure adherence to network standards.^[72]

Compliance Requirements

Acquiring banks are subject to stringent compliance requirements to safeguard cardholder data, prevent financial crimes, and ensure operational integrity in payment processing. The primary framework is the Payment Card Industry Data Security Standard (PCI DSS), which outlines 12 core requirements for protecting cardholder information, including installing and maintaining network security controls, protecting stored data through encryption and access restrictions, and regularly testing systems for vulnerabilities. Acquiring banks must validate their own PCI DSS compliance annually through self-assessments or third-party audits and extend this obligation to merchants and service providers by requiring validation reports, with non-compliance potentially leading to fines from card brands or termination of processing privileges.^[73] For instance, Visa's Account Information Security (AIS) Program mandates that acquirers ensure all service providers demonstrate PCI DSS compliance at least every 12 months via on-site assessments.^[74] Similarly, Mastercard's Site Data Protection (SDP) Program requires acquirers to oversee and report merchant compliance status to the network.^[75] Under the Bank Secrecy Act (BSA) and its anti-money laundering (AML) provisions, acquiring banks must implement a comprehensive AML compliance program that includes risk-based customer due diligence (CDD), customer identification programs (CIP) for verifying merchant identities, and ongoing monitoring for suspicious activities such as unusual transaction patterns indicative of money laundering or terrorist financing.^[76] This involves filing Suspicious Activity Reports (SARs) with FinCEN for transactions exceeding $5,000 that lack a clear business purpose, as well as screening merchants and transactions against the Office of Foreign Assets Control (OFAC) sanctions lists to block dealings with designated entities.^[1] The Federal Financial Institutions Examination Council (FFIEC) emphasizes that acquiring banks, particularly those handling high-risk merchants, must conduct enhanced due diligence, including background checks on merchant principals and periodic financial reviews, to mitigate exploitation risks in merchant processing.^[77] Data privacy compliance is governed by the Gramm-Leach-Bliley Act (GLBA), which requires acquiring banks to provide annual privacy notices to consumers detailing information-sharing practices and to implement safeguards for nonpublic personal information, such as cardholder details shared during transactions.^[78] The GLBA Safeguards Rule mandates administrative, technical, and physical protections, including risk assessments and third-party oversight, to prevent unauthorized access or breaches, with acquiring banks bearing responsibility for ensuring ISO and processor compliance to avoid contingent liabilities.^[1] Violations can result in civil penalties up to $100,000 per violation, enforced by the Federal Trade Commission (FTC) and banking regulators.^[79] Beyond these, acquiring banks must adhere to card scheme-specific rules, such as Visa's Core Rules and Global Acquirer Risk Standards (GARS), which require robust merchant underwriting, chargeback monitoring, and contractual agreements ensuring compliance with network policies on transaction authorization and fraud prevention.^[71] Mastercard's Transaction Processing Rules similarly mandate acquirers to maintain authorization requirements, including real-time screening for high-risk activities, and to conduct regular audits of third-party processors.^[80] Overall, the Office of the Comptroller of the Currency (OCC) supervises these requirements through examinations, expecting acquiring banks to allocate capital based on risk profiles and maintain contingency plans for operational disruptions, with non-compliance potentially leading to enforcement actions under 12 CFR 3.^[1]

References

[1]
[PDF] Merchant Processing, Comptroller's Handbook - OCC.gov
Acquiring banks usually pay merchants by initiating ACH credits to merchants' deposit accounts at the merchants' local banks. If an acquiring bank employs a ...
[2]
What businesses need to know about acquiring banks - Stripe
Apr 25, 2023 · An acquiring bank, also referred to as an “acquirer,” is a bank or financial institution that processes customer credit or debit card payments ...What Is An Acquirer? Here's... · Acquiring Bank Vs. Issuing... · Acquirer Vs. Payment...
[3]
What's an acquiring bank and why you need one - Adyen
Acquiring banks process payments for merchants. When your customer submits their payment card details, your acquirer initiates a request to authorize the ...
[4]
What is a merchant acquirer? | Nuvei
Acquirers are licensed by major card networks like Visa, Mastercard, and ... The merchant-acquiring bank plays a crucial role in protecting businesses ...
[5]
What is an Acquiring Bank? The Acquirer's Role in Payments
Apr 28, 2025 · An acquiring bank is a financial institution that accepts and processes credit and debit card transactions on behalf of merchants.Missing: definition | Show results with:definition
[6]
What Is the Difference Between a Merchant Acquirer and a Payment ...
Nov 7, 2023 · A merchant acquirer, sometimes referred to as an acquiring bank ... licensed by card schemes (such as Visa and Mastercard) to authorise ...
[7]
Understanding payment processing: Acquirer vs. issuer - Stripe
May 23, 2023 · If we think of the issuer as representing the customer in the transaction, then the acquirer, also called the acquiring bank, represents the ...
[8]
Acquiring Bank vs. Issuing Bank: What's the Difference? | Nuvei
Acquiring banks (otherwise called acquirers and merchant banks) are financial institutions involved in managing merchant transactions made via card networks.
[9]
Card-present vs card-not-present transactions - Checkout.com
Nov 3, 2023 · A card-not-present (CNP) transaction takes place when neither the cardholder nor the credit card is physically present during the transaction.
[10]
Card-present vs. card-not-present transactions - Stripe
Feb 25, 2025 · Since CP transactions are considered less risky than card-not-present transactions, the processing fees for CP transactions are often lower.What is a card-present... · Benefits and challenges of... · Benefits · Challenges
[11]
Acquiring bank vs. issuing bank: merchant guide to payment flow
### Summary of Acquiring Banks in the Payment Ecosystem
[12]
Understanding acquiring banks: Merchant guide - Solidgate
Jul 1, 2024 · An acquiring bank is a bank that helps businesses facilitate credit/debit card payments and handles funds settlement.Acquiring Bank: Definition... · Acquirer's Role In... · Acquiring Bank Vs Issuing...
[13]
Electronic Point-of-Sale Payments | Federal Reserve History
Sep 25, 2024 · Development of bank-issued credit cards in the 1950s and 1960s. Almost 100 banks began issuing credit cards in the 1950s (Federal Reserve 1968 p ...Missing: acquiring | Show results with:acquiring
[14]
[PDF] A History of Credit Card Transaction Costs and the Suppliers Newly ...
In the 1960s and early 1970s, payment-card transactions were processed largely without the benefit of computer technology. Sales clerks conducted card.
[15]
When Were Credit Cards Invented? The Complete History of Credit ...
The credit card was invented in February 1950 with the launch of the Diners Club card, founded by Frank McNamara. The idea originated after McNamara forgot ...
[16]
A brief history of the Payment Card Industry - Printec Blog
Jun 27, 2019 · The POS terminal was first introduced in 1979 by VISA. That year, Mastercard introduced the magnetic stripe (or magstripe in colloquial term) ...
[17]
[PDF] The evolution of shared ATM networks
In February 1987, Visa acquired an ownership interest in Plus, and in January 1988 MasterCard acquired Cirrus. In June 1987, Visa and MasterCard, with the ...
[18]
The History of PCI Compliance: How It Started and Where We're ...
Sep 14, 2023 · PCI DSS was created by five card networks in 2004 to protect cardholder data due to increased fraud from online shopping. Visa had earlier ...
[19]
What's the History of PCI DSS? | Insights - Worldpay
PCI DSS began in 2004, with early roots in the late 1990s. Visa's CISP was in 1999. PCI DSS 1.0 was introduced in 2004, and the current version is 3.2.1 (2018).
[20]
PCI DSS History: How the Standard Came To Be - Secureframe
Oct 2, 2024 · PCI DSS was first introduced in December 2004 and provides a uniform standard for card payment security for businesses worldwide.
[21]
Big Tech's Role in Contactless Payments: Analysis of Mobile Device ...
Sep 7, 2023 · The share of card payment volume in the U.S. using EMV chip cards rapidly grew from two percent in 2015 to 82 percent in 2021. The use of NFC ...
[22]
How The Pandemic Changed Mobile Payments - Forbes
Aug 27, 2021 · 69% of retailers saw an increase in contactless payments during the pandemic, and 94% expect that increase to continue over the next 18 months.
[23]
Fiserv Completes Combination With First Data Further Cementing ...
Jul 29, 2019 · The combined company will carry the Fiserv brand and will continue to trade on The Nasdaq Global Select Market under the ticker symbol FISV. As ...
[24]
Fiserv-First Data Merger Is Complete - PYMNTS.com
Jul 29, 2019 · The big deal is now complete: Fiserv announced this morning (July 29) that it has completed its acquisition of First Data Corporation.
[25]
[PDF] Clearing and Settlement of Interbank Card Transactions
It is also during the settlement process that interchange fees22 are collected from acquiring banks and credited to issuing banks for sales transactions.
[26]
How Credit Card Processing Works - CardFellow
A merchant(business) begins the settlement process by sending a batch of approved authorizations to their acquiring bank (or the bank's processor).
[27]
Getting Started with VisaNet Connect - Acceptance - Visa Developer
Step 6: Client receives settlement and related reports from Visa either directly or through sponsor bank – Visa sends acquiring bank the daily settlement ...
[28]
How Payment Settlement Works and How Long It Takes - Stripe
Oct 14, 2025 · The networks transfer these funds to the acquiring bank, typically within one to three business days.Missing: T+ | Show results with:T+
[29]
Decoding functionality of Credit Card Settlement Process - Airtel
Aug 5, 2022 · The Acquiring bank then sends these batches to the issuing bank using the card network (Visanet or Banknet). It also deposits the funds in the ...
[30]
Understanding Merchant Discount Rates - Chargeback Gurus
Oct 7, 2025 · The merchant discount rate consists of three separate components: the interchange fee, the assessment fee, and the processor's markup. The ...
[31]
What Is The Merchant Discount Rate & How Does It Work? - Airwallex
Dec 10, 2024 · The merchant discount rate (MDR) is a fee merchants pay to payment processors for card transactions, usually 1-3% of the transaction, and is ...
[32]
Credit Card Processing Fees: All You Need to Know | Unlimit
Oct 31, 2025 · Visa's assessment fee is 0.14% of the transaction amount, whereas MasterCard charges 0.14% for transactions under 1000 USD, and 0.15% for ...Interchange Fee (paid To The... · Assessment Fees (paid To The... · Processor Markup (paid To...<|separator|>
[33]
The Difference Between an Acquiring Bank and Issuing Bank - Kount
Nov 28, 2023 · An acquiring bank (sometimes just called an acquirer) serves a merchant by “acquiring” funds from cardholder banks when debit and credit card ...
[34]
[PDF] Visa Core Rules and Visa Product and Service Rules
Apr 12, 2025 · The Visa Rules must not be duplicated, in whole or in part, without prior written permission from Visa. If you have questions about Visa's rules ...<|control11|><|separator|>
[35]
Acquirer vs. Issuer Explained: What They Do and How They Work
Sep 4, 2024 · Learn the critical differences between acquiring and issuing banks, and how they work together to process payments, from authorizing transactions to settling ...
[36]
https://docs.adyen.com/risk-management/understanding-disputes/dispute-timeframes
[37]
Acquiring Models | CGAP Research & Publications
Oct 2, 2019 · Finally, (6) the acquiring bank pays the merchant, minus a merchant discount fee, which covers the acquiring costs, including interchange, ...Share · Payments Acquiring Models · Merchant Acquiring Models
[38]
Glossary: Payment terms - Mastercard Services
What is the three-party model? The three-party model is an alternative to the four-party model with the role of issuing bank and acquiring bank combined.<|separator|>
[39]
[PDF] Third Party Agent Registration Program – TPA Types and Functional ...
Independent Sales Organizations (ISO). • ISO Merchant (ISO – M) – Conducts merchant account or transaction processing solicitation, sales, customer service ...
[40]
[PDF] Third Party Agent Registration Program Frequently Asked Questions
The Third Party Agent Registration Program is a Visa-mandated program to ensure compliance with Visa Rules and security standards regarding Third Party Agents.Missing: aggregator | Show results with:aggregator
[41]
[PDF] Visa Payment Facilitator Model
In an acquiring context, a PF is a third-party agent that: • Signs a merchant acceptance contract with a sponsored merchant on behalf of an acquirer. This means ...
[42]
Find a payment facilitator - Mastercard
Mastercard defines a payment facilitator as a service provider that is registered by an acquirer to facilitate transactions on behalf of submerchants.
[43]
[PDF] Acquiring Banks: - Teneo
Without active monitoring of their portfolio of merchants, some acquirers may be at risk of distress and insolvency resulting from chargebacks if significant ...
[44]
High-risk merchant accounts explained | Stripe
Jun 10, 2024 · A high-risk merchant account is a bank account designed for businesses considered to be at a higher risk of issues such as chargebacks and fraud.Missing: insolvency | Show results with:insolvency
[45]
How Payment Processors Achieve 99.99% Uptime for ... - DECTA
Jun 20, 2025 · This article details the technical and operational strategies payment processors use to achieve 99.99% server uptime for acquirers.
[46]
Solidgate Acquiring | Seamless Global Payment Processing
99.99% uptime SLA. Guaranteed availability across all supported regions – even during peak traffic and high load. Planet icon with blue background. Multi ...
[47]
[PDF] Risk management in the acquiring business - Visa
Acquiring banks are focusing on advanced real time fraud detection and prevention systems to address the challenges they are facing. Acquirers like Worldpay are ...Missing: downtime | Show results with:downtime<|control11|><|separator|>
[48]
Understanding Merchant Account Reserves for 2025 - PaymentCloud
Jul 7, 2025 · On average, most banks require a reserve of 5-10% of the merchant's expected monthly sales volume. What Merchants Are Required to Have a ...
[49]
The Evolving Landscape of Merchant Risk for Acquirers - NPST
Acquirers evaluate merchant risk using a scoring system that considers: Business Verification – Is the merchant operating as claimed? MCC Classification ...
[50]
How Acquirers Are Assessing Merchant Risk | Datos Insights
Successful acquirers will be those that have best-in-class risk management processes, enabling them to gain market share in higher-margin merchant segments ...
[51]
Inside Target Corp., Days After 2013 Breach - Krebs on Security
Sep 21, 2015 · In December 2013, just days after a data breach exposed 40 million customer debit and credit card accounts, Target Corp. hired security experts at Verizon to ...
[52]
Target Data Breach: What Really Happened And How It Still Impacts ...
Jul 22, 2025 · In 2013, hackers gained entry to Target's network through a vendor. ... Of that amount, MasterCard card issuing banks received $19 million ...
[53]
Online payment fraud detection: best strategies and prevention tips
May 16, 2025 · It uses tools like 3D Secure (3DS), machine learning, and AI to identify and mitigate risks effectively. Businesses must stay vigilant as ...<|separator|>
[54]
[PDF] Velocity Checks | U.S. Payments Forum
Velocity checks monitor the number of times that certain transaction data elements occur within certain intervals and look for anomalies or similarities to ...
[55]
AI-Powered Merchant Fraud Prevention Solutions - Mastercard
With our real time AI risk technology you can detect patterns and anomalies that could indicate potentially fraudulent activity by merchants. People working ...
[56]
Credit Card Chargeback Time Limit (Visa, Mastercard, Amex)
Chargeback time limit: Card networks give cardholders up to 120 days to dispute a transaction. But merchants generally have less than 30 days to respond.
[57]
[PDF] Chargeback Guide Merchant Edition - Mastercard
May 13, 2025 · This guide covers network processing, chargeback cycles, arbitration, third party disputes, compliance, reversals, and dual message system ...Missing: lifecycle window
[58]
PCI Acquirer Training
PCI Acquirer Training helps acquirers understand PCI DSS, covering compliance roles, payment data, and brand programs, to assist merchants in their security.Missing: fraud prevention
[59]
Fraud liability shift: What businesses should know | Stripe
Jun 12, 2025 · A liability shift defines who's responsible when a payment is identified as fraudulent. That responsibility can shift depending on who in the payment chain ...Liability Shift Explained... · Emv Chip Card Transactions · Online Transactions
[60]
Chargeback Statistics Every Merchant Should Know in 2025
May 8, 2025 · Across all industries, the average chargeback rate now hovers around 0.65%, but that number doesn't tell the whole story. Rates vary widely ...
[61]
Chargeback Stats: All the Key Dispute Data Points for 2025
Apr 8, 2025 · eCommerce chargeback rates rose 222% between Q1 2023 and Q1 2024. ... 72% of merchants reported an increase in friendly fraud chargebacks in 2024.
[62]
The Ultimate Friendly Fraud Guide for eCommerce in 2025
25% of merchants experience more than 1 million chargeback transactions yearly, with 75% of all chargebacks attributed to friendly fraud. This isn't just a ...
[63]
12 CFR Part 205 -- Electronic Fund Transfers (Regulation E) - eCFR
This part carries out the purposes of the Electronic Fund Transfer Act, which establishes the basic rights, liabilities, and responsibilities of consumers.
[64]
Regulation II: Debit Card Interchange Fees and Routing
The rule prohibits an issuer from receiving "net compensation" from a payment card network with respect to electronic debit transactions or debit card-related ...
[65]
Directive - 2015/2366 - EN - Payment Services Directive - EUR-Lex
Directive 2015/2366 is about payment services in the internal market, amending previous directives and repealing directive 2007/64/EC.
[66]
Regulation - 2016/679 - EN - gdpr - EUR-Lex - European Union
Regulation 2016/679 is about the protection of natural persons regarding the processing of personal data and the free movement of such data.(EU) 2016/679 · Regulation - 2016/679 · L_2016119EN.01000101.xml
[67]
Payment Card Data Security Standards (PCI DSS)
PCI Security Standards are developed and maintained by the PCI Security Standards Council to protect payment data throughout the payment lifecycle.Card Production and... · More information & resources · Contactless Payments on...
[68]
Basel III: international regulatory framework for banks
Basel III is an internationally agreed set of measures developed by the Basel Committee on Banking Supervision in response to the financial crisis of 2007-09.
[69]
[PDF] Visa Core Rules and Visa Product and Service Rules
Apr 12, 2025 · ... Acquiring Identifier License and Administration. 148. 2.3.1 BIN and Acquiring Identifier Use and License. 148. 2.3.2 Administration of BINs, ...
[70]
[PDF] Mastercard Rules
Jun 3, 2025 · ... Acquiring—Europe Region Only ... Issuing Activity ...
[71]
[PDF] PCI Quick Reference Guide
The goal of the PCI Data Security Standard version 1.2 (PCI DSS) is to protect cardholder data that is processed, stored or transmitted by merchants.
[72]
Account Information Security (AIS) Program and PCI | Visa
Issuer and acquirers must ensure all their service providers demonstrate PCI DSS compliance at least every 12 months. Complete the annual on-site PCI data ...
[73]
Mastercard Site Data Protection (SDP) Program & PCI
Merchants are required to submit their PCI validation documents to their acquiring bank, who oversees compliance and, when required, reports the status to ...
[74]
Assessing Compliance with BSA Regulatory Requirements
CUSTOMER IDENTIFICATION PROGRAM. Objective: Assess the bank's compliance with the BSA regulatory requirements for the Customer Identification Program (CIP).
[75]
Assessing Compliance with BSA Regulatory Requirements
The cornerstone of a strong BSA/AML compliance program is the adoption and implementation of risk-based CDD policies, procedures, and processes for all ...
[76]
Gramm-Leach-Bliley Act - Federal Trade Commission
Financial institutions covered by the Gramm-Leach-Bliley Act must tell their customers about their information-sharing practices and explain to customers their ...
[77]
[PDF] VIII. Privacy —GLBA - FDIC
Title V, Subtitle A of the Gramm-Leach-Bliley Act. (“GLBA”)1 governs the treatment of nonpublic personal information about consumers by financial ...
[78]
[PDF] Transaction Processing Rules | Mastercard
Jun 10, 2025 · Chapter 2: Authorization and Clearing Requirements............................................... 35. 2.1 Acquirer Authorization Requirements ...