You may have read our recent blog on creating frictionless experiences for onboarding. As SaaS Founders we all want to over-index on providing exceptional customer experiences. A smooth merchant underwriting and onboarding experience is key to making a positive first impression. With fraud continuously on the rise, software platforms must take the necessary precautions to ensure they have the proper measures in place. In fact, McKinsey found that 37% of merchants seek fraud prevention as one of their top value-added services in their Payment Service Provider. With more conversations and education around this topic, we already expect that percentage to have risen. By the same token, ensuring the safety and security of your platform so that ‘bad actors’ are not committing fraud should be also considered part of creating positive user experiences.

Not only can bad actors cause significant losses for your software platform, but they can also put your entire payment processing program in jeopardy with Sponsor Banks, Card Networks, and regulators. Some big names in the payments industry have recently come under fire for lax Know-Your-Customer (KYC) policies allegedly enabling activity like money laundering and illicit sales of contraband. In this blog, we discuss how software platforms should balance frictionless merchant onboarding with proper merchant underwriting and risk protocols to build their payments business the right way.

So when we say ‘frictionless onboarding’, we should add an asterisk saying, “for the good businesses who intend to actually use our platforms.”

Defining Good Actors vs. Bad Actors

While we’re not part of the Oscars Committee, Payabli is determined in distinguishing good actors from bad actors. Let’s start with defining what a good actor versus a bad actor means for software platforms embedding payments:

Good actor: A good actor in the context of payments and fintech operates a legitimate business and intends to adhere to the terms of service of your platform as well as payment network requirements or government regulations.

In simpler terms, these are your regular users and clients of your platform who intend to run payments through a legitimate business without breaking any rules and regulations. It’s important to note that some good actors may operate large, complex, or even regulated businesses that require greater due diligence.

Bad actor: A bad actor can come in many forms even when applying just the context of accepting and disbursing funds. These are persons or organizations that engage in fraudulent activities like attempting to attack your hosted or embedded payment capabilities with stolen card data or even worse, trying to impersonate a business by creating a synthetic identity and submitting it as an application for services. There are even cases when good customers develop fraudulent intent, despite having a positive history but have recently changed their motives due to unknown circumstances.

Now that we have a general understanding of good actors and bad actors. Let’s dive into the merchant onboarding and underwriting process that Payment Service Providers like Payabli must perform to enable good actors to process payments and prevent bad actors from infiltrating our ecosystem.

What Goes into Merchant Underwriting?

With the help of automated tools, underwriters at reputable Payment Service Providers evaluate the application based on a variety of methods such as but not limited to:

  • Blocklists: To identify previous bad actors, any suspicious demographics, how frequently the same application details have come through, and many more functions to prevent repeat offenders.
  • Fraud and Identity Verification: Reputable Payment Service Providers want to catch bad actors immediately. This includes rules for detecting synthetic identities, reviewing device and browser details, geolocation, and more.
  • Know Your Customer (KYC): To confirm the identity and accuracy of the information on the application about the business and its owners.
  • AML, Sanctions, and Watchlists: To meet our regulatory obligations by verifying the business and its owners against the list of sanctions, politically exposed, and other government lists.
  • Creditworthiness: Credit risk will vary by product and client so it’s important to be flexible. Payment Service Providers will evaluate businesses and their owners based on industry type, transaction volume, financial stability, and other factors.

Upon approval, businesses are set up with an account and provided with payment processing capabilities for collecting invoices for goods and services and paying their bills to vendors. However, even with approval, it’s wise to have compensating controls for mitigating credit and other types of risk after onboarding.

Balancing Frictionless Boarding with Comprehensive Risk Management

Risk processes don’t have to be invasive or require intense back and forth between applicants and risk teams. Modern risk capabilities should operate continuously throughout the customer’s interaction with your platform. For example,

  • When a user creates an account – a Payment Service Provider like Payabli can identify where the application is originating in the background and compare that with information being submitted to calculate the physical distance between them. We can then block that IP from submitting further information to our platform.
  • When an unknown customer attempts to process a transaction – we can hold transactions from being captured and processed when they occur at suspicious times like 3am. The user may see an authorization but it will not settle until a risk officer approves it.
  • When someone attempts to login into an account – we can compare this with a history of previous interactions to detect anomalies in their login attempt such as an unrecognized device. We can then push an alert to the account owner that someone has attempted to log in from a different device and IP Geolocation than normal.

Using tools that operate discreetly allow software platforms to manage their risk without noticeably impacting good actors. It’s important to note that False Positives can still arise so it’s wise to collect more information. Typically, a bad actor won’t upload bank statements, much less get on the phone when we catch them. This quickly hampers their attempts. Most good actors are well aware of review processes for financial products and feel safer when a partner does verify their information.

Streamlining Complex Businesses with Care

Setting expectations is crucial in life and especially in payments. Every vertical is different so you don’t want to use the same rules, conditions, or requirements to underwrite them all. There are certain industries and business sizes that will require greater due diligence than the average micro-merchant. When we are working with these types of businesses, it’s useful to ask for information up-front or to automate additional tasks. A few examples could be:

  • A large construction company requests merchant services but processes some very large transactions worth hundreds of thousands. Our partners can choose to segment their boarding processes with templates so that their enterprise customers like this construction company get asked to upload financial statements as part of their application process.
  • A seasonal business invoicing thousands of dollars with advanced payments for services has requested processing. Based on these inputs, we can automatically pull financials, assets, liabilities, and balance data to decide without ever needing to interact with the client to determine they are in good standing.
  • A fitness studio that offers high-ticket yoga retreats as an ancillary service to some of their customers has applied for merchant services. Every now and then they receive cancelations but they’ve always been able to return the funds to customers historically with no issues based on a review of their processing statements. However, taking lessons from the start of the pandemic it would be hard to weather all canceled trips. So as part of boarding these types of nuanced scenarios, you let your clients know you will be collecting a rolling reserve as part of the transaction processing to serve as a rainy day fund in case things go south (and I don’t mean to the Bahamas.)

Oftentimes people forget that opening a merchant account is akin to receiving an unsecured loan. When a business asks for a loan they typically expect some financial due diligence to be conducted. At a certain amount of volume requested, you and your customers should anticipate providing some additional financial documentation to mitigate undue risk and prevent bad actors from committing fraud. As we mentioned, certain scenarios and industries will require Payment Service Providers like Payabli to perform this additional level of review. However, it shouldn’t have to be painful or time-consuming for customers. So, working with a partner who understands how to handle this with finesse is key.

*Note: Though we do not cover it in this post, it’s important to keep a pulse on these businesses even after merchant underwriting and onboarding to properly manage your ongoing exposures. Keep your eyes peeled for a future post on ongoing monitoring.


Balancing frictionless onboarding with effective risk management is crucial for your software platform’s success. Distinguishing between legitimate and fraudulent actors, Payment Service Providers like Payabli implement stringent merchant underwriting processes to mitigate risks. It is also important to note that as business owners or software platforms, making the effort to integrate personal interaction and request additional information via phone calls, or other forms of direct communication can yield significant value during the merchant underwriting and onboarding processes.

Through measures like blocklists, fraud verification, and tailored criteria, payment providers like Payabli can strike a balance – welcoming compliant businesses while safeguarding against potential threats. This nuanced approach fortifies platform integrity, fosters trust, and supports sustainable growth in the dynamic digital landscape. ​​

Interested in learning more? Schedule some time to chat with one of our payment experts.