Money Arrived, Compliance Didn't—Regulatory Gaps in Stablecoin Merchant Acquisition and Business Selection

Writing by: Will Ah Wang

Receiving payments in USDT, ten seconds to arrive, chargebacks disappear — this is the real experience many digital entertainment merchants have when first using stablecoins for payment acceptance. But getting the money into your account is only the simplest part of the process.

In traditional acquiring systems, three parties — issuing banks, acquiring banks, and card networks — handle all the unseen tasks: identity verification, risk screening, suspicious transaction reporting, and dispute resolution. Stablecoins eliminate every intermediary layer in this mechanism. The moment on-chain transfer is completed, none of these four tasks are performed by any party.

This article discusses that gap: who fills it, how to fill it, and what level of compliance is required. For platforms building stablecoin payment services and merchants evaluating whether to adopt them, this isn’t a regulatory theory — it’s a compliance risk already present in your current business architecture.

1. Receiving payments and acquiring are not the same thing

By the end of 2023, a Southeast Asian digital entertainment merchant’s Stripe account was permanently closed due to exceeding chargeback thresholds. Three weeks later, they integrated a stablecoin payment platform registered in Saint Vincent, USDT started arriving, and chargebacks disappeared. But two years later, an audit found that during those 24 months, none of the transactions had undergone on-chain risk screening.

Money arrived. Compliance did not.

This is the real issue stablecoin acquiring needs to solve.

Stablecoins are inherently “receiving,” not “acquiring” — money moves from wallet A to wallet B, confirmed on-chain, and that’s all. We use the term “acquiring” because it points to a more precise problem: merchants need more than just receiving money; they need a service system that ensures the legality, safety, and verifiability of that money.

In traditional card systems, this system is shared among three parties: the issuer verifies the cardholder’s identity, the acquirer processes each transaction and bears risk exposure, and the card network handles clearing. When a merchant swipes a card, a whole responsibility distribution mechanism operates silently — KYC is done, risk is borne, chargebacks are handled, reports are submitted. Merchants are completely unaware and don’t need to manage these.

Stablecoins have eliminated all these middle layers. Funds arrive, but:

• No party has verified the payer’s identity (KYC)
• No one has performed risk screening (KYT)
• No suspicious activity has been reported to regulators (STR)
• No one can handle incorrect payments or disputes (Dispute)

These four missing elements are the entire gap between stablecoin payments and true “acquiring.” Who fills it, how, and to what extent for compliance — that’s what this article discusses.

Technically, stablecoin acquiring is peer-to-peer transfer. Commercially, it must cover all functions of traditional acquiring. The value of stablecoin acquiring is not on-chain; it’s off-chain.

2. Demand-driven: Why merchants are reaching this point

What pushes merchants toward stablecoin payments is never enthusiasm for new technology. The core needs driving their adoption are only three:

Demand 1: Eliminate chargebacks

Chargebacks are not an incidental risk of online payments; they are a structural feature. Without physical card swipes, signatures, or face-to-face verification, the burden of dispute evidence lies entirely with merchants.

Numbers illustrate the scale. Chargeflow data shows that by 2025, global e-commerce chargeback losses will reach $33.8 billion, expected to rise to $41.7 billion by 2028. The Sift Q4 2024 Digital Trust Index breaks down two layers: at the scale level, the average chargeback amount in Q1 2024 surged 59% year-over-year to $374; at the structural level, chargeback rates in online travel and accommodation soared 816%, e-commerce 222%, digital goods and services 59%. Digital entertainment and financial services account for 30% of all high-risk merchant disputes.

The root cause is the reversible design of the credit card system. Friendly fraud — where users claim “unauthorized transaction” after consumption — is a chronic problem for digital entertainment platforms. Worse, account closures: exceeding chargeback thresholds leads to account suspension by Stripe or Adyen, cutting off payments for 2-4 weeks, causing existing users to see “payment failed” and churn.

Blockchain has no “dispute and reversal” mechanism. Its irreversibility fundamentally cuts off this problem.

Data from NOWPayments confirms the scale: its iGaming transaction volume grew 40% year-over-year, accounting for about 15% of the industry’s market share. By 2025, stablecoins (USDT/USDC) will account for over 50% of on-chain transactions in global crypto iGaming. The drivers for iGaming moving to stablecoins are diverse — eliminating chargebacks is one, regulatory arbitrage and low entry barriers are others. But the market has already shifted.

Irreversibility eliminates chargebacks but also removes the consumer safety net — a topic revisited in Chapter 3.

Demand 2: Reduce online acquiring costs

Online acquiring costs are not a single number but a series of layered taxes.

Stripe’s standard fee for US merchants is 2.9% + $0.30 per transaction, with an additional 1% for international cards and another 1% for currency conversion — a $100 order from overseas consumers costs nearly $5 just in processing fees. Adyen’s Interchange++ model is more transparent for large clients, but after adding card network fees for cross-border transactions, the total cost easily exceeds 4%. High-risk industries face even higher surcharges and rolling reserves — Stripe outright refuses to serve most digital entertainment and high-risk categories.

A merchant processing $500,000 annually in online transactions spends $15,000–$20,000 just on processing fees, excluding chargeback losses, currency conversion, and platform monthly fees.

Stablecoin acquiring’s cost structure is entirely different. Platforms like Triple-A typically charge between 0.5% and 1.5%, with no cross-border surcharges or currency conversion layers — on-chain transfers are inherently “domestic” or “cross-border” without distinction. More importantly, settlement speed is vastly improved: traditional acquiring funds arrive in T+2 to T+3 days, while stablecoin settlement can be T+0 or real-time.

Eric Barbier, founder of Triple-A, estimates that operational capital needed for cross-border payments can be reduced to one-tenth using stablecoins. For startups, this isn’t just efficiency — it’s survival.

Demand 3: Reach coin-holding users and global internet consumers

This is the fastest-growing and most underestimated of the three needs.

A survey by BVNK and YouGov of over 4,600 stablecoin holders across 15 countries found that 52% had chosen to spend at merchants supporting stablecoins — payment methods are not just tools but customer acquisition channels. Stablecoin holders’ willingness to spend exceeds their actual spending proportion across tested categories, indicating the bottleneck is merchant adoption, not consumer willingness. Stablecoin users also have stronger international payment needs, with higher average order values and conversion rates than local credit card users.

On-chain data from Visa and Allium show that by August 2025, the total of small stablecoin transfers under $250 reached $5.84 billion — a record high. This signals everyday consumption, not speculation.

But stablecoin acquiring reaches beyond “coin holders.” For consumers in emerging markets with weak banking infrastructure, stablecoins provide a bypass to traditional banking and direct participation in global e-commerce. Data from NOWPayments covering 2023–2025 shows different market drivers: in the US, convenience; in India and Nigeria, bypassing banking restrictions; in Russia and emerging markets, a substitute after traditional payment channels fail. A one-size-fits-all global payment strategy risks losing 15–20% of potential conversions in these markets.

Razer Gold’s integration with Triple-A exemplifies this: a payment interface covering 130 countries’ internet users, without needing to connect local payment methods for each market.

The common point of these three needs: stablecoins solve real operational problems, not just minor payment experience improvements.

Stablecoin payments have already scaled massively before regulatory frameworks are fully in place.

Regulators’ real challenge isn’t “whether to allow it,” but “how to establish order on what’s already happening.”

3. The three-layer logic of acquiring platforms

On-chain, the money reaches the address — then what?

Order systems don’t recognize on-chain addresses; financial systems don’t record USDT; balance sheets can’t hold cryptocurrencies; regulators require suspicious transaction reports; consumers pay the wrong amount and need someone to handle it. None of these issues are solved by on-chain transfers.

The product logic of stablecoin acquiring is to layer these issues: the more layers covered, the higher the service value, and the heavier the regulatory obligations.

Layer 1: On-chain layer

Generate a unique receiving address for each transaction, monitor on-chain status, confirm receipt, and translate on-chain events into order callback signals recognizable by merchant systems. Mature platforms also offer multi-chain aggregation, smart contract-based split payments, and order status management (timeout closures, partial payments).

Without this layer, merchants have no idea which on-chain transfer corresponds to which order. Many platforms claim to be “neutral technology providers” — only providing technical tools, not intervening in fund flows, thus not considered regulated entities.

Whether this claim holds depends on the next layer.

Layer 2: Compliance layer

Every incoming fund requires KYT risk screening: is the wallet address on sanctions lists? Has it interacted with mixers, dark web markets, or known fraud addresses? Transactions exceeding thresholds require identity verification (KYC). Travel Rule mandates sharing payer and payee info between VASPs. Suspicious transactions must be reported (STR).

This layer is the core of compliance obligations and the key test for regulators to determine platform nature.

The FATF October 2021 updated virtual asset guidelines establish two principles: first, function over form — regulators focus on business functions, not technical form; second, owner/operator test — even if arrangements appear decentralized, “creators, owners, and operators, or others with control or influence,” may fall under VASP if they profit from the service, can modify parameters, or maintain ongoing commercial relationships.

Who exercises actual control over fund flows — regardless of whether they handle the funds directly — is the regulated entity. If a platform has a front end, charges fees, and has an identifiable operator, the “neutral tech provider” label is untenable. The scope of this test is broader than most platforms assume.

Layer 3: Financial layer

Users pay in USDT, merchants want fiat (HKD, USD). Instant currency conversion, fixed exchange rates, and settlement into merchant bank accounts are needed. Merchants don’t want to hold cryptocurrencies on their balance sheets — this is not just preference but a strict financial compliance requirement for most businesses.

Without fiat settlement, stablecoin acquiring becomes a financial burden rather than a payment tool for most companies.

Beyond these three layers: structural gap in dispute resolution

The first three missing elements (KYC, KYT, STR) are covered by some platforms systematically. But the fourth — consumer dispute handling — remains unaddressed by any standard acquiring service, leaving a significant gap.

In the credit card system, chargeback rights are not a customer service feature but a legal obligation (e.g., US Regulation E/Z, EU PSD2). The irreversibility of on-chain transactions eliminates chargebacks and consumer recourse channels. From the merchant’s perspective, this is an “advantage,” but from a regulator’s view, it’s a “gap.”

Market solutions are emerging: off-chain manual refunds (Triple-A model), smart contract escrow conditions, and on-chain arbitration protocols like Kleros — but none are widely adopted in acquiring scenarios. Consumer protection cannot be waived just because the underlying tech is different. This remains an open issue.

The more layers an acquiring platform covers, the lighter the merchant’s compliance burden, but the platform’s regulatory obligations grow. This is the industry’s core trade-off.

4. Choosing which layer to cover determines your role

The three-layer framework is a choice. How deep you go determines your role and regulatory status. The three main architectures in the market correspond to three different choices and fates.

Light involvement: Regulatory arbitrage window

Platforms only do Layer 1: generate addresses, monitor receipts, funds go directly to merchant wallets. NOWPayments exemplifies this — registered in Saint Vincent and Grenadines, with minimal regulatory requirements for virtual assets. Compliance obligations are explicitly stated in service agreements: FD Transfers LLC states the platform “does not bear responsibility for KYC, KYB, or AML compliance of merchants or end users,” and “merchants and end users are fully responsible for their transactions.”

CoinPayments (supporting over 100 crypto assets) and PayRam (focused on self-hosted nodes) follow the same path: only providing technical tools, with full compliance responsibility shifted to merchants and users.

This model operates efficiently during regulatory vacuum periods, serving areas traditional acquirers avoid. But on-chain records are permanent; all past transactions are traceable at any time. This means current compliance decisions impact not only future risk but also legal exposure from the past two years.

The problem with NOWPayments’ approach isn’t “whether something will go wrong now,” but “when something does, the window has already closed.”

Moderate involvement: No money handling, no license equals

Platforms do Layer 1 + Layer 2: perform KYT screening and sanctions filtering before funds are released, but do not handle currency exchange or fiat settlement. Coinbase Commerce (now Coinbase Payments) is often misinterpreted as this model.

The on-chain direct-to-merchant logic is attractive: funds go straight from user wallet to merchant wallet, platform doesn’t handle funds, so why claim to be a financial service provider? Coinbase’s terms explicitly state it does not custody merchant assets — but it reserves the right to modify, suspend, or terminate services. It has a front end, charges fees, has an identifiable operator, and can shut down services — all conditions of the owner/operator test are met.

Coinbase holds FinCEN MSB registration, multi-state money transfer licenses, Luxembourg CASP license (EU passport), and other licenses across jurisdictions. This is the correct way to handle intermediary involvement: after doing Layer 2, the platform recognizes itself as a regulated entity, not just a risk control provider trying to avoid classification.

Heavy involvement: Making compliance a product

Platforms cover all three layers — receiving, screening, and fiat settlement — so merchants see fiat in their accounts without touching crypto. Triple-A exemplifies this mature model.

Triple-A’s terms explicitly reflect this role: not just a tech provider, but a full payment processing and settlement service — the platform performs currency exchange, deducts fees, and pays merchants in fiat net amounts, with KYB and ongoing compliance obligations included in the agreement. Licensing includes Singapore MAS’s major payment institution (MPI), Luxembourg’s ACPR license (EU passport), FinCEN MSB registration, US state money transfer licenses, Canada’s FMSB, South Africa’s FSCA, etc.

Major brands like Grab, Razer, and Farfetch choose Triple-A not because of the lowest fees, but because it absorbs all three layers, enabling companies to open markets via a single API without handling crypto themselves. Other players like Stripe (via USDC settlement after acquiring Bridge) and traditional acquirers like Shift4 (launching stablecoin settlement by end of 2025) show that mainstream payment companies are entering — a sign of market maturity.

Compliance becomes a product itself, with its value rising as regulation tightens.

The window for light involvement is closing; regulatory boundaries are tightening for moderate involvement; the threshold for heavy involvement is rising. NOWPayments’ growth was fueled by regulatory vacuum; Triple-A’s by tightening regulation. The same industry, two opposite drivers.

5. The online merchant’s multiple-choice question

Most merchants ask: “Is it compliant for our platform to adopt stablecoin acquiring?”

There’s no simple answer because they’re asking the wrong question. Compliance isn’t binary; it’s the intersection of two variables:

Where are your consumers? How much compliance responsibility does your platform assume?

Only by crossing these variables can merchants understand their remaining obligations.

Variable 1: Where are your consumers?

Regulatory obligations follow the business location, not the registered entity. A Cayman-registered acquirer serving Hong Kong users paying Hong Kong merchants is under Hong Kong jurisdiction, regardless of where the platform is registered. Offshore registration can avoid taxes but not regulation.

Different markets have varying stances on stablecoins (virtual assets vs. payment tools), with different licensing requirements. Regardless of classification, licensing obligations are strict.

Tether has not yet received MiCA authorization; USDT’s compliance status in the EU is uncertain, and some EU platforms have delisted USDT. Merchants serving EU consumers need contingency plans for stablecoin choices.

Variable 2: How much compliance responsibility does your platform assume?

The more compliance responsibilities a platform takes on, the fewer obligations merchants have, but the service fee premium increases.

Discrepancy in on-chain KYC

Stablecoin acquiring faces a structural issue absent in traditional acquiring: on-chain payments carry no identity info. When a user scans a QR code, USDT moves from one wallet address to another — only exposing a chain address, no name, ID, or bank account. In traditional acquiring, KYC is done by the issuer, trusting that result. Without a card issuer, the KYC chain simply doesn’t exist.

This doesn’t mean anonymous wallets are exempt from compliance. Regulators require “risk-matched measures”: KYT as a baseline, sanctions address filtering as a red line, identity verification for transactions over thresholds, and deep investigations for suspicious activity. Travel Rule mandates sharing payer and payee info between VASPs, but when consumers pay with self-custody wallets, that info simply doesn’t exist.

These issues lack unified regulatory guidance — but regulators won’t wait for consensus before acting.

Obtaining a license only proves regulators permit operation. True compliance involves executing KYT screening for every transaction, completing KYB for each merchant onboarding, and providing complete transaction records upon regulator request. Missing either is a vulnerability. The only difference is which vulnerability is discovered first.

6. What’s next

Rules are taking shape. For some participants, this is good news; for others, bad.

Regulatory clarification is the ticket to entry

2024–2025 will be a watershed for stablecoin regulation. The world’s three major financial jurisdictions have completed foundational legislation — but passing laws doesn’t mean rules are clear. The GENIUS Act governs issuance; its impact on acquiring is still debated among US states. MiCA’s CASP licensing varies in approval standards across EU countries. Hong Kong’s Stablecoin Ordinance regulates issuers, but enforcement cases on platform scope are lacking. A March 2025 survey by Fireblocks of 295 financial institutions and payment providers shows the perception that “regulation is an obstacle” has dropped from about 80% to less than 20% — but smaller obstacles don’t mean the path is clear.

Regulatory endorsement is replacing product strength as the main driver of customer acquisition

Over the past two years, Triple-A has expanded enterprise clients significantly, not because its product is better, but because its regulatory backing allows giants like Grab, Razer, and Farfetch to adopt with confidence. Stripe launching stablecoin settlement, Shift4 offering stablecoin options for tens of thousands of merchants — traditional payment giants entering the space signals that stablecoin acquiring has shifted from “gray area alternative” to “mainstream payment infrastructure.”

Implication: service providers’ compliance consulting, on-chain analysis tools (Chainalysis, TRM Labs), and cross-jurisdiction legal services will see increased market value as regulation intensifies. Compliance is no longer a cost center but a core business component.

Cost isn’t just a technical issue — it’s a competitive one

Who bears the compliance costs? Platforms passing costs to merchants risk losing them if they’re unacceptable. If platforms absorb costs themselves, they must recover via premiums, which makes merchants question “why not use cheaper unlicensed platforms?”

The traditional payment industry’s experience shows that after regulation becomes standard, competition shifts from “compliance vs. non-compliance” to “who can lower costs within the compliance framework.”

Stablecoin acquiring will follow a similar path — as unlicensed platforms exit systematically, compliance costs become a baseline for all players. The next phase of competition is about maximizing efficiency at this baseline. The current scale advantages of Triple-A and BVNK are essentially positioning for that race.

Who can go all the way? No guesswork needed.