Merchant of Record: Full Legal Ownership of the Sale
A merchant of record acts as the legal seller in the eyes of customers, card networks, and regulators. When a customer completes a purchase, the transaction appears on statements under the merchant of record's name, not the original supplier's. This entity assumes complete commercial and regulatory liability for the transaction.
Responsibilities extend far beyond processing. The merchant of record handles payment acceptance, refunds, chargebacks, fraud management, and full tax compliance, including calculating, collecting, and remitting sales tax, VAT, GST, and other levies across every jurisdiction where sales occur. It also manages PCI DSS compliance, data privacy requirements such as GDPR, and global KYC or AML obligations.
Businesses that benefit most from this model include SaaS platforms, subscription services, and companies expanding rapidly into multiple countries. The merchant of record removes the need to establish local merchant accounts, maintain tax registrations in dozens of markets, or build internal teams for chargeback defense and regulatory filings. Providers such as Paddle, PayPro Global, and certain specialized platforms operate in this capacity, often charging fees in the range of five to eight percent of transaction volume to cover the added liability and infrastructure.
MoR Advantages and Trade-Offs
The primary advantage is speed and simplicity for global growth. Merchants can launch in new markets without navigating local tax authorities or setting up separate acquiring relationships. A SaaS company selling to customers in 40 countries can begin accepting payments immediately through a merchant of record rather than spending months establishing local entities and tax registrations in each market.
The trade-offs include reduced control over customer experience, higher overall costs compared with direct acquiring, and potential data-privacy complexities when customer information flows through a third party. The five to eight percent fee structure is significantly higher than standard processing costs, but it covers services that would otherwise require substantial internal investment.
In 2026, merchants evaluating this route should confirm exactly which liabilities transfer and whether the provider's tax engine aligns with their specific product mix and customer base. Not all merchant of record providers handle every product category or jurisdiction identically, and gaps in coverage can create unexpected compliance exposure.
Payment Facilitator Model
A payment facilitator, commonly called a PayFac, operates under a single master merchant identification number granted by an acquirer. It then onboards and manages sub-merchants who process payments under that umbrella account. The facilitator does not become the legal seller of the goods or services. The sub-merchant retains ownership of the sale and appears as the merchant on customer statements in most cases.
Core responsibilities fall on risk and compliance management. The PayFac performs underwriting, KYC, and ongoing monitoring for every sub-merchant. It must implement fraud detection, chargeback handling, and transaction reporting that satisfy Visa and Mastercard rules for third-party agents. Acquirers require PayFacs to register formally and maintain continuous oversight, including reserves where appropriate and prompt reporting of terminated sub-merchants to industry databases such as the Visa Merchant Screening Service.
Platforms, marketplaces, and software companies that embed payments for their users frequently adopt the PayFac model. It enables rapid onboarding of thousands of sub-merchants without forcing each one through separate bank underwriting. The PayFac earns revenue through markups on processing fees or subscription charges while bearing portfolio-level risk for fraud and disputes across all sub-merchants.
PayFac Liability and Oversight
The structure delivers clear efficiency gains in speed to market and reduced administrative overhead for sub-merchants. However, the PayFac itself assumes substantial liability. A single high-risk or non-compliant sub-merchant can trigger heightened scrutiny, increased reserves, or even termination of the master account.
Visa and Mastercard treat PayFacs as third-party agents subject to strict global acquirer risk standards, demanding robust systems for merchant screening and activity monitoring. The PayFac must demonstrate that it can identify and manage risk across its entire portfolio, not just at the point of onboarding but continuously throughout the relationship.
Portfolio monitoring requires tracking chargeback ratios, refund rates, and transaction patterns at the individual sub-merchant level. Automated alerts that flag sub-merchants approaching network thresholds allow the PayFac to intervene before problems escalate to the acquirer level. In severe cases, the PayFac must be prepared to terminate sub-merchants and report them to industry databases to protect the broader portfolio.
Key Differences and When Each Model Fits
The central distinction lies in legal ownership. The merchant of record owns the commercial transaction and therefore the full spectrum of tax, refund, and customer-liability obligations. The PayFac facilitates payments and manages risk but does not take ownership of the underlying sale. Merchants seeking comprehensive outsourcing of taxes and global compliance often lean toward a merchant of record. Platforms or marketplaces that need to embed payments while keeping their users as the legal sellers typically choose the PayFac route.
In 2026, hybrid approaches have grown more common. Some businesses combine orchestration layers with either model to gain flexibility without locking into one structure. The choice hinges on scale, geographic reach, risk tolerance, and internal resources for compliance. Merchants should review contract language carefully to confirm exactly where liability resides and whether the provider maintains proper registrations with card networks and regulators.
Cloaking and Other Grey-Area Practices
Transaction cloaking and similar grey-area techniques attempt to disguise the true nature of a merchant's business or payment flow to bypass acquirer or PSP restrictions. Common methods include misrepresenting the merchant category code during onboarding, using vague or misleading billing descriptors, routing high-risk transactions through low-risk intermediaries, or employing technical masking to hide the origin of payments.
These practices appear in industries such as certain digital services, nutraceuticals, or content platforms where processors impose stricter scrutiny or higher fees. Operators may cloak transactions to secure lower interchange rates, avoid reserve requirements, or gain approval from providers that otherwise decline the vertical.
Other grey-area concepts that carry similar warnings include improper use of agent-of-payee exemptions to avoid money-transmitter licensing, aggregated processing without formal PayFac registration, and layering transactions through multiple intermediaries to obscure risk. Each tactic may seem like a shortcut in the moment but ultimately undermines the stability of the entire payment stack.
Consequences and Enforcement
The risks far outweigh any temporary gains. Card networks explicitly prohibit misrepresentation of business activity. Visa and Mastercard rules require accurate merchant category codes and transparent descriptors. Violations trigger immediate investigations, account termination, and placement on the MATCH list, making future processing relationships extremely difficult to obtain.
Regulatory exposure extends beyond network rules. Cloaking can violate money-transmission licensing requirements in multiple U.S. states or European frameworks under PSD3. In severe cases, it raises concerns under BSA/AML programs or OFAC sanctions compliance, potentially leading to civil penalties, criminal wire-fraud charges, or permanent exclusion from the financial system.
Even when cloaking does not cross into outright illegality, the practical consequences are severe. Processors deploy increasingly sophisticated AI monitoring that detects pattern inconsistencies in transaction data, descriptors, and velocity. Once identified, merchants face frozen funds, withheld reserves, and loss of all processing relationships simultaneously. Rebuilding trust after termination consumes significant time and capital, often at much higher costs.
The Sustainable Path
Merchants who encounter pressure to adopt these methods should instead pursue transparent partnerships with specialized high-risk providers or orchestration platforms that support legitimate routing and compliance tools. Full disclosure during underwriting, combined with robust fraud controls and accurate documentation, remains the only sustainable path to reliable processing in 2026.
Merchants who understand the legal boundaries around merchant of record and PayFac structures, and who steer clear of cloaking or misrepresentation, build payment operations that scale safely and withstand regulatory scrutiny. The short-term cost of proper compliance is always lower than the long-term cost of enforcement action, MATCH listing, and the operational disruption that follows.