Merchant monitoring helps detect fraud, ensure compliance, and reduce risk. Learn how it works for banks, PSPs, and aggregators.
Merchant Monitoring: How It Works & Why It Matters
A true blue millennial trying to engineer her full time-career around the world of content. How cliché is that?
Table of Contents
| KEY HIGHLIGHTS 1. Merchant monitoring is an ongoing compliance process — not a one-time check — that ensures businesses on your platform remain legitimate after onboarding. 2. Banks and PSPs face significant liability if merchants they sponsor commit fraud; continuous monitoring limits that exposure. 3. Up to 30% of merchants flagged for policy violations had passed initial KYC checks — proving onboarding alone is not enough. 4. Regulatory pressure is intensifying globally: Visa VMMPs, Mastercard MATCH, RBI guidelines for payment aggregators, and EU PSD3/AML6 all mandate active post-onboarding oversight. 5. Decentro’s OmniScan provides banks and PSPs with automated KYB, website scanning, watchlist monitoring, and audit-ready compliance trails in a single platform. |
The Stakes Are Real: Market Context
The digital payments ecosystem is growing at a breakneck pace. Global digital payment transaction values are projected to surpass $20 trillion by 2026 — and with that scale comes an equally massive fraud and compliance challenge.
| Metric | Figure |
| Global payment fraud losses are projected to reach annually by 2027 | $40.62 Billion |
| Chargebacks are processed globally each year | 615 Million+ |
| Merchants flagged for policy violations that passed initial KYC checks | Up to 30% |
| Average cost of a single chargeback for a merchant | $190+ |
The uncomfortable truth: onboarding a merchant is not the end of the risk story. It’s just the beginning. Fraudulent actors are increasingly sophisticated — they’ll pass initial checks clean, then quietly shift their business model, start laundering transactions, or operate in prohibited categories. Without continuous monitoring, these shifts go undetected until the damage is done.
What Is Merchant Monitoring?
Merchant monitoring is the ongoing process of reviewing, screening, and assessing merchants after they have been onboarded — whether onto a bank’s current account and UPI access platform, a payment aggregator’s network, or a PSP’s acquiring portfolio.
For banks, this is particularly relevant in the context of the RBI’s guidelines on monitoring current account behaviour for digital merchants. For PSPs and payment aggregators, it’s about maintaining a clean, compliant sub-merchant portfolio that protects their card network relationships and regulatory standing.
Think of it as the difference between hiring someone and then managing their performance — you don’t run a background check once and walk away. A merchant that was fully legitimate at onboarding might pivot to a high-risk product category six months later. Merchant monitoring is the discipline that catches that drift before it becomes a liability.
In practice, merchant monitoring involves:
- Continuously scanning merchant websites and storefronts for prohibited or high-risk content
- Tracking transaction patterns to detect unusual spikes, suspicious behaviour, or fraud signals
- Re-verifying business legitimacy and compliance status at regular intervals
- Identifying transaction laundering, where one merchant processes payments on behalf of another unregistered entity
- Monitoring for negative news, regulatory actions, or blacklist appearances
Who Needs Merchant Monitoring?
For Banks: Current Account and UPI Onboarding
Banks sourcing merchants for current accounts and UPI access — whether digitally or through branch channels — face a specific set of compliance obligations. The RBI’s circulars on current account monitoring require banks to conduct digital due diligence on new merchants at the point of onboarding and on an ongoing basis thereafter.
The typical bank workflow without a monitoring solution looks like this:
- KYC/KYB agents collect merchant documentation manually through branch or digital channels
- Relationship managers do limited checks on the merchant’s website and business legitimacy
- Branch managers and ops staff are burdened with manual flagging and review after the merchant has already gone live
- There is no systematic cross-check of MCC classification, social presence, or adverse media at the point of onboarding
This creates several compounding pain points:
| Pain Point | Impact |
| Lengthy, complex onboarding forms | High drop-off rates; lost business opportunities |
| Lack of guided verification for agents | Errors in collected data; compliance gaps |
| Manual post-live review burden | Slow detection of policy violations; operational strain |
| No automated adverse media or sanctions checks | Regulatory exposure; reputational risk |
| MCC misclassification undetected | Revenue leakage and compliance breaches |
For PSPs and Payment Aggregators: Sub-Merchant Portfolio Oversight
For payment service providers and aggregators managing hundreds or thousands of sub-merchants, the compliance challenge scales dramatically. Card networks hold PSPs directly liable for the merchants they sponsor — meaning a single bad actor in your portfolio can trigger fines, increased scrutiny from Visa or Mastercard, or in extreme cases, loss of processing privileges.
The sub-merchant workflow requires:
- Configurable onboarding workflows matched to different merchant risk tiers
- Real-time MCC verification to catch misclassification (merchants understating risk to obtain better rates)
- Continuous chargeback ratio monitoring, with alerts before card network thresholds are breached
- Automated watchlist and sanctions screening across OFAC, UN, EU, and domestic lists
- Maker-checker approval processes for relationship managers, branch managers, and ops teams
Merchant Monitoring vs. Transaction Monitoring: What’s the Difference?
These two terms are often used interchangeably, but they are distinct disciplines that work together.
| Merchant Monitoring | Transaction Monitoring | |
| Focus | The merchant entity & business behaviour | Individual payment transactions |
| What it checks | Website content, business model, compliance status | Dollar amounts, frequency, velocity, patterns |
| Primary goal | Detect high-risk or prohibited merchants | Detect fraud, money laundering, chargebacks |
| Trigger | Time-based or event-based rescreening | Real-time or near-real-time transaction flows |
Merchant monitoring often catches problems that transaction monitoring misses — like a merchant quietly selling counterfeit goods or pharmaceutical products without a licence. Both layers are necessary for a complete compliance posture.
How Merchant Monitoring Works: The Process
A robust merchant monitoring programme typically runs in cycles and covers several overlapping layers of review.
Periodic Re-Screening
Merchants are re-evaluated at defined intervals — monthly, quarterly, or triggered by anomalies. This includes re-running KYB checks, sanctions screening, and reviewing updated business documentation.
Website and Content Scanning
Automated crawlers scan merchant websites to detect policy violations: prohibited product categories (narcotics, unlicensed pharmaceuticals, counterfeit goods), misleading claims, or changes in business scope. Intelligent scanning also reviews all linked URLs, social media handles (Instagram, LinkedIn, Twitter), app store reviews, and platforms like AmbitionBox and MouthShut. Domain analytics — including domain vintage, monthly traffic, and visitor metrics — add another layer of legitimacy assessment.
Transaction Pattern Analysis
Monitoring tools flag unusual transaction behaviour: a sudden 500% spike in volume, an unusual mix of high-ticket items, or an unusually high refund rate. These can indicate account takeover, transaction laundering, or the early signs of bust-out fraud.
Chargeback and Dispute Tracking
Card networks like Visa and Mastercard set strict thresholds. Merchants exceeding 1% chargeback ratios face fines, increased scrutiny, or termination. Monitoring tools track these ratios in real time and flag breaches before they escalate.
Negative News and Blacklist Monitoring
Automated news monitoring and watchlist checks identify merchants who appear in adverse media, regulatory enforcement actions, or sanctions lists — often before formal legal notification arrives.
MCC (Merchant Category Code) Verification
Merchants sometimes misrepresent their category to obtain better rates or bypass restrictions. Ongoing MCC monitoring cross-checks transaction data against the declared business type to catch misclassification.
What’s New: Regulatory Shifts Driving Merchant Monitoring
The regulatory landscape for merchant oversight is tightening globally, and the direction of travel is clear: greater accountability, faster response times, and more severe penalties for non-compliance.
| Regulator / Body | Key Requirement |
| Visa (VMMPs) | Acquirers must actively monitor and remediate high-risk merchants, with specific programmes for excessive chargebacks and fraud |
| Mastercard (MATCH) | Acquirers must report terminated merchants and check the MATCH list before onboarding new ones |
| EU (PSD3 / AML6) | Increasing requirements for continuous due diligence on payment service users; PSPs must build automated monitoring pipelines |
| India (RBI) | Mandates ongoing KYC and transaction monitoring for payment aggregators, with specific requirements around sub-merchant onboarding and oversight |
| FATF | Updated guidance on virtual assets and payment platforms reinforces real-time monitoring of high-risk counterparties |
Non-compliance is expensive. Fines for AML violations in financial services exceeded $4.2 billion globally in 2022, and that number continues to grow. The cost of a proactive monitoring programme is a fraction of the cost of a single enforcement action.
Why Merchant Monitoring Is Non-Negotiable for Banks and PSPs
Protecting Against Financial Liability
Acquirers and payment facilitators are ultimately liable for the merchants they sponsor. If a merchant on your platform commits fraud, the chargebacks and fines land on your balance sheet. Continuous monitoring limits that exposure.
Preserving Card Network Relationships
Visa and Mastercard can terminate your processing privileges if your portfolio consistently violates their standards. For any payments business, this is existential.
Regulatory Compliance and Licensing
Regulators increasingly expect documented evidence of ongoing due diligence — not just point-in-time KYC. Merchant monitoring creates the audit trail that demonstrates compliance across RBI, FATF, and EU frameworks.
Reducing Operational Burden on Branch and Ops Teams
When monitoring is automated, the burden on relationship managers, branch managers, and operations staff drops significantly. Fewer manual reviews, fewer escalations, and faster time-to-service for legitimate merchants.
Building Trust with Customers and Partners
Consumers and business partners are more likely to engage with platforms that take compliance seriously. Visible investment in fraud prevention and merchant quality is a genuine competitive differentiator.
Powering Merchant Monitoring with Decentro’s OmniScan
Most banks and PSPs know they need merchant monitoring — the challenge is building and maintaining the infrastructure to do it at scale, especially when managing hundreds or thousands of sub-merchants across different geographies and risk tiers.
That’s where Decentro’s OmniScan comes in.
OmniScan is a merchant diligence utility purpose-built for banks and PSPs that need to move fast without cutting compliance corners. It integrates directly with existing CRMs via APIs and supports a maker-checker workflow across relationship managers, branch managers, and ops teams.
At onboarding, OmniScan takes two inputs:
- The merchant’s live website URL
- The UBO/Directors’ mobile number
And produces detailed diligence reports that cover:
| Capability | What It Does |
| Intelligent Website Scan | Thorough analysis of the live website plus all attached URLs, social handles, and linked digital media |
| Domain Analytics | Reviews domain history: vintage, monthly traffic, and visitor metrics to assess legitimacy |
| Linked Media Analysis | Scans social media handles, app store/Play Store reviews, AmbitionBox, MouthShut, Reddit |
| KYB & KYC Verification | Real-time verification from authoritative business registries and identity sources |
| Watchlist & Sanctions Screening | Continuous screening across OFAC, UN, EU, and domestic lists |
| MCC Verification | Cross-checks declared merchant category against actual transaction behaviour |
| Maker-Checker Dashboard | Role-based access for RM, branch manager, and ops to review and approve |
| Audit-Ready Compliance Trails | Structured records for regulatory submissions and internal audit |
Whether you’re a bank scaling digital merchant acquisition in India, or a PSP managing a complex sub-merchant portfolio across Southeast Asia, OmniScan gives your team the infrastructure to onboard faster and monitor continuously — without stitching together a dozen different vendors.
Conclusion
Merchant monitoring is not a back-office compliance task. For banks and PSPs, it is a core function that protects revenue, card network relationships, regulatory standing, and customer trust.
The merchants on your platform will evolve. Their business models will change. Some will drift toward risk — quietly, incrementally, in ways that no single onboarding check would ever catch. The question isn’t whether that will happen. It’s whether your systems will catch it before it costs you.
As transaction volumes grow and regulators sharpen their expectations, the banks and PSPs that invest in continuous, automated merchant monitoring will be the ones that build durable, scalable businesses. The ones that don’t will find out why it matters the hard way.
Ready to build a monitoring-first merchant stack? Explore how Decentro’s OmniScan can help you onboard faster and stay compliant — every step of the way.
