In the fast-evolving world of payments, managing merchant risk has never been more critical—or more complex. We sat down with Dan Frechtling, LegitScript’s Senior Vice President of Product and Strategy, to discuss what sets LegitScript apart in the merchant monitoring landscape.
In this Q&A, Dan shares insights on the company’s hybrid approach combining AI with human expertise, how LegitScript helps payment providers stay ahead of regulatory shifts, and the measurable impact clients see in reduced risk, faster onboarding, and stronger compliance.
Q: You’ve joined LegitScript as SVP of Product and Strategy. What interested you in returning to this industry and joining LegitScript in particular?
I’ve always believed that detecting and remediating merchant and platform risk is a noble cause. When bad actors slip through, it can create real harm for consumers, regulators, banks, and brands. That mission has always mattered to me.
In a previous role, I partnered with LegitScript and saw firsthand the depth of the data, the thoughtfulness of the team, and the innovation happening behind the scenes. After selling my previous business, I had the opportunity to choose what kind of challenge I wanted next. LegitScript is at a pivotal moment — expanding capabilities, investing in AI, and doubling down on high-risk verticals. It felt like the perfect mix of purpose, people, and potential.
Q: What capabilities differentiate LegitScript’s offerings from others in the market?
It’s what LegitScript does differently in this space that makes me so excited to be a part of this team. The first thing that comes to mind is the unparalleled depth of data. LegitScript has been collecting data across the commercial internet for more than 15 years. That’s billions of data points that help us quickly make connections and identify merchant risk. Startups today can’t touch that.
LegitScript's analysis provides a clear audit trail for your risk team to follow - something that allows you to follow the bread crumbs, rather than finding them yourself. Next is the combination of speed and accuracy. We deliver fast, accurate decisions even at high volume, and at a near real-time reporting cadence. Other solutions offer monthly reports, and that means your risk exposure window can be weeks. Our reports are not just accurate, but detailed. The LegitScript team provides clear classification, evidence, and recommendations to streamline remediation. It’s rare for a monitoring company to get that granular with results.
Finally, the part that really sets LegitScript apart is its hybrid model of artificial intelligence paired with human expertise. LegitScript has always been known in this industry as a white glove solution because of its expert team of analysts who review flagged merchant websites and catch transaction laundering in a way automated solutions can't. But it's the integration of AI that allows our solutions to scale at record speed. It’s the best of both worlds.
Q: In the competitive payment processing market, speed is essential. How fast can customers implement LegitScript’s onboarding/monitoring solutions, and what is required from them?
Time-to-value is critical, so we’ve optimized the process. In many cases, customers can begin processing onboarding decisions in hours to a few days, depending on integration depth.
We try to keep the process simple but comprehensive. First, we support the setup of an API or data feed integration. We support REST APIs, batch files, and webhooks. Then comes configuration. We work with you to define risk thresholds, verticals, jurisdictions, escalation workflows, and so forth. Some clients opt for a pilot (validation) to run in parallel for a short period before going fully live. After that, it’s time to go live. LegitScript handles monitoring and issue detection continuously.
Because our platform is modular and well-documented, most teams find the setup surprisingly lightweight. And once live, you immediately see reductions in manual review time and faster approvals.
Q: How much can LegitScript reduce risk for payments companies in terms of card brand fines or regulatory penalties?
One of the biggest drivers for partnering with LegitScript is risk reduction of financial penalties. Serious card network fines and regulatory penalties can quickly escalate into six- or seven-figure events. And that doesn’t include reputational damage, remediation costs, and increased audit scrutiny.
Across clients, we’ve consistently seen a significant reduction in BRAM and VIRP violations, a dramatic drop in undetected high-risk activity, fewer regulatory inquiries and remediations, and faster issue resolution when flags do occur. In fact, several customers went from receiving monthly card scheme inquiries to virtually zero after implementing LegitScript monitoring.
I love when we demonstrate our value by catching some nasty behavior. In more than one instance, our monitoring identified a network of related merchants laundering transactions through a low-risk merchant category code (MCC) before the card brand did. Those early catches can save acquirers millions.
For many clients, the ROI is straightforward: avoiding just one major enforcement action can pay for the solution many times over.
Q: What sort of cost or time savings do companies see when moving from in-house monitoring or switching from a competitor to LegitScript?
The savings are twofold, both operational and strategic. Let’s look first from an operational standpoint. We see manual review workload often drop by 50% to 70%. One of the biggest time savings is in onboarding, where decisions move from days to minutes or hours. Risk teams typically get reallocated from “checking” to “problem solving,” which is time better spent for them. And let’s not forget IT and product teams, which spend far less time maintaining internal tools or integrating multiple point solutions.
The cost savings are manifold. Companies moving off in-house systems typically eliminate engineering time, licensing fees, and compliance consulting charges. Then there’s also the savings from lost merchants because of slow approvals and, of course, unseen costs from inaccurate monitoring or missed violations.
In a few cases, clients have even cut third-party monitoring costs by consolidating multiple vendors into LegitScript’s single, more comprehensive platform.
But it’s not just cost, but quality. It’s hard to compare in-house monitoring with what LegitScript does because the actual quality of the solution is just so different. When switching from competitors, customers often tell us they were drowning in false positives or only performing shallow checks. It’s worth building that into your calculation.
Q: How do changes in card network rules and regulatory shifts affect merchant risk, and how is LegitScript staying ahead of those changes?
Card network rules now change more frequently and with more operational impact than ever. This includes Visa’s VAMP and VIRP, and Mastercard’s MMP and BRAM. They’re increasing the level of visibility, evidence, and proactive monitoring required from acquirers, payment service providers, and payfacs.
These shifts affect merchant risk in three major ways: first, higher expectations before onboarding (or what we’d call upfront due diligence); second, ongoing monitoring of live merchant behavior, including hidden or members-only areas; and third, more accountability on the payments provider, not just the merchant.
LegitScript is deeply involved in tracking, interpreting, and operationalizing these changes, often before they take effect. For example, with the Mastercard MMP changes effective January 1, we are helping clients by conducting pre-transaction scans on new merchants, performing full website monitoring (including gated or members-only content), and acting as a Mastercard-approved Merchant Monitoring Service Provider (MMSP).
Similarly, we support clients with Visa VIRP and VAMP requirements, ensuring they not only detect risk but can document and prove compliance through clear evidence and audit trails.
Because we combine deep regulatory expertise with technology, our clients stay ahead of rule changes. Instead of scrambling when networks update requirements, they leverage our platform and expertise to adapt quickly, maintain compliance, and avoid fines or disruptions.
