Skip to content

What You Need to Know About the Different Levels of Merchant Risk

Levels of risk.

Many risk mitigation approaches focus on high-risk merchants, but what about medium-risk merchants? Being aware of the various levels of risk and which category your merchant falls into is a critical step in quantifying risk. Let’s delve into what low-, medium-, and high-risk merchants are and the various types of risk. Then watch The Rise and Fault of Merchant Risk on-demand for insights directly from industry leaders.

Levels of Risk: Low-, Medium-, and High-risk or High-integrity Risk Merchants

The three levels of risk refer to the three different buckets that define various types of risk: low-, medium-, and high-integrity risk. Mitigating risks in your merchant portfolio or downstream requires a nuanced understanding of these three levels.

Taking a risk-based approach means ensuring persistent monitoring appropriate to the level of risk the merchant poses. For example, it’s best practice to review low-risk merchants annually and medium-risk or high-risk merchants more consistently.

Low-risk Merchants

While low-risk merchants such as retail stores, restaurants, grocery stores, and card-present stores may not typically indicate a cause for concern, it’s important to ensure they’re periodically reviewed. A merchant whose services are generally considered low-risk could still present higher-risk behavior in other ways.

Medium-risk Merchants

Risk levels aren't dictated solely by the type of merchant and the products or services they offer. When discerning a medium-risk merchant from a low and/or high-risk merchant, it’s important to understand how various factors — like the volume of transactions or the timeframe for a delayed delivery — could potentially impact a merchant's level of risk.

Listed below are examples of merchants who may be considered medium-risk.

  • A low-risk merchant with delayed delivery
  • A low-risk merchant who has ownership but has financial difficulties
  • A low-risk merchant with a very high average transaction size
  • A high-risk merchant with a strong reserve
  • A merchant whose processing volume comes from influencer-motivated sales
  • A merchant who borders on restricted industries
  • A low-risk merchant that you haven’t reviewed recently or ever

High-integrity Risk Merchants

Visa’s Payment Facilitator and Marketplace Risk Guide calls high-risk or high-integrity risk merchants “high-brand risk merchants,” and defines them “as [businesses that] present an elevated risk to the payment system — specifically due to higher levels of disputes or
brand/reputation risk.”

Merchants categorized with the highest level of risk may operate within high-risk industries such as online gambling, online pharmacies, or adult content. It is also likely that a merchant could be deemed high-risk for operational reasons.

Operational reasons a merchant may be considered high-risk include but are not limited to:

  • Large processing volume
  • Cross-border transactions
  • Merchants who are new
  • Merchants with low credit scores
  • Charges for products or services offered in the future

Quantifying the Various Types of Risk

When categorizing a merchant as low, medium, or high risk, it’s important to quantify the various types of risk that merchant may present. One type of risk could indicate there are legal concerns while other types of risk are strictly associated with financials. Mitigating these risks requires payment service providers to be cognizant of where to look for potential risk indicators.

Let’s explore what indicators to look out for when identifying legal, financial, transactional, and/or reputational risk.


Indicators of legal risk could include improper sanction screenings, inadequate KYC/KYB checks, ownership changes, bank account management, terminated merchant file management, and improper MCC management.


Financial risk indicators may be buried in reserves, settlement holds, enhanced due diligence processes, pricing, periodic reviews, trending reports, and background checks.


Transactional risk can be identified during the pre-authorization, post-authorization, and post-settlement phases.


Reputational risk occurs during a breach or audit, when card networks doll out fees, or when the FTC fines your business. In Visa’s guide for payment facilitators, they elucidate that brand and reputational risks “introduced into the ecosystem can erode trust and extend beyond payments [impacting your companies] brand and reputation.”

Learn Directly From Industry Leaders By Watching Our Latest Webinar On Demand

The Rise and Fault of Merchant Risk poll results revealed attendee's merchant portfolios comprised, on average, 35% low risk merchants, 45% medium-risk merchants, and 20% high-risk merchants. Earn one hour of ETA continuing education credit by watching Cihat Fitzgerald, a global payments risk and compliance leader with 25 years in the industry, and Caroline Hometh, the Managing Partner at RPY Innovations, discuss the phenomena of the rise in medium-risk merchants.

LegitScript’s Sophisticated Intelligence Ecosystem Helps You Mitigate Your Risk

Are you a payfac, payment processor, ISO, sponsor bank, or acquiring bank looking for a monitoring solution that detects every level of risk? LegitScript Merchant Monitoring and Onboarding is a comprehensive, sophisticated intelligence ecosystem spanning the commercial internet.

Contact us to mitigate the risks associated with onboarding low, medium, and high-risk merchants.

Smelting words into subject matter expertise since 2020, Thea Le Fevre specializes in B2B SaaS Content Marketing. She believes in embracing innovation and produces AI-assisted content along with organically crafted content. Take a deep dive into her work for up-to-date industry news surrounding issues in trust & safety, payments risk & compliance, healthcare, and more.

Recent Blog Articles

AI and ROI in trust and safety.

Navigating Marketplace Risk: AI and the ROI of Trust and Safety

Every year, professionals from around the world come together at the Marketplace Risk Management Conference to discuss issues of risk on online platforms and other technology. Explore the most critical takeaways from 150+ industry-leading speakers spanning 70+ sessions. Then contact us to see how Le...
Pride Month Addiction Treatment Certification application fee waiver.

This Is How LegitScript Is Celebrating Pride Month

LegitScript is celebrating Pride Month by waiving application fees for a limited number of new applicants who provide specialty care for the LGBTQ+ community - along with addiction treatment services. Let's unfurl Pride Month's origins, and discuss why the LGBTQ+ community needs support for addictio...
Northern Colorado Hemp Exposition (NOCO)

Navigating Compliance: LegitScript’s Insights from NOCO

Join LegitScript on a journey to the 10th annual Northern Colorado Hemp Exposition (NOCO), where we immersed ourselves in the heart of the CBD industry. LegitScript shared critical compliance knowledge, exchanged insights with industry peers, and absorbed vital regulatory updates from the FDA and US...

What’s Hiding on Your Marketplace? A Look at How Risk Infiltrates Your Platform

You monitor seller listings on your e-commerce marketplace, but do you know what's going on behind the scenes - or, rather, behind the screens? Illegal and brand-damaging activity isn't always easy to spot, and the risk only compounds as your platform scales. In this post, we explore violative activ...