Card Acquiring for Crypto Businesses: What Is Permitted, What Is Restricted, What Is Risky

The bulk of the content out there talks about card issuing to cryptocurrency holders. Card acquiring is the other way around: taking payments from customers.

This topic comes up in conversations about compliance. Yet, the founders of crypto businesses typically do not approach this from the perspective of acquiring. They start with the wrong problem.

What Card Acquiring Actually Means for Crypto Businesses

Card acquiring refers to the infrastructure that allows a business to accept payments from customers using a card. It is distinct from card issuing and receives less attention in crypto compliance discussions — often to the detriment of the businesses involved.

The issues with card acquiring in the crypto space are essentially rooted in the irreversibility of cryptocurrency transactions compared to the reversibility of credit card transactions. This is why card acquiring for crypto businesses is one of the most scrutinised areas in the industry.

How Card Schemes Classify Crypto Merchants

The classification a card scheme assigns to a crypto business directly determines which requirements apply and which acquiring partners are available. Two distinctions drive most of the outcomes: the Merchant Category Code and the difference between prohibited and restricted status.

Merchant Category Codes: Why MCC Assignment Matters More Than You Think

Every business that takes card payments gets a Merchant Category Code. This is a four-digit number that defines the type of business.

Cryptocurrency exchanges fall under a quasi-cash merchant category. This is one of the most restricted merchant categories with both Visa and Mastercard.

Some crypto businesses could qualify under a standard merchant category if they are specifically focused on providing a product or service. The product or service must be defined in the company's founding documents. The acquiring companies will cross-reference the merchant's description with the transaction details and values that a company provides to determine whether the description matches the transaction data.

Prohibited vs. Restricted: A Distinction That Opens Doors

Within the card payment industry, there is a clear difference between prohibited and restricted merchants.
The model of most crypto companies will fall under the restricted category. The path to acquiring a card is available to most crypto businesses that founders do not realise are eligible.

Payment Service Providers will go further than the card schemes in excluding crypto businesses from acquiring their services. Companies like Stripe and PayPal have additional rules that will deny card acquiring to crypto companies that the card schemes permit.

What Is Clearly Permitted (If Structured Right)

Eligibility for card acquiring in the crypto industry depends on how a business is structured, licensed, and documented — not on the industry category alone.

If a company offers a product or service, such as software, infrastructure, or services related to the blockchain, it could qualify for acquiring companies under less restrictive merchant categories.

Operating under a recognised financial license from the European Union or the United Kingdom will also improve the chances of acquiring a credit card. These licenses are given to financial companies that follow anti-money laundering (AML) and know your customer (KYC) rules. Simply having this license makes a company look more legitimate in the eyes of acquiring companies.

Certain verticals within the crypto industry have the potential to acquire a credit card if they are structured appropriately:

All of these entities must have their legal structure and license properly defined before they reach out to acquiring companies seeking to join their merchant partnership programs.

What Is Restricted by Schemes, PSPs, and Policy

Restrictions on card acquiring for crypto merchants operate at more than one level. Card scheme rules set the floor; payment service providers and individual acquirers often apply additional filters on top of them.

Scheme-Level Restrictions

Both Visa and Mastercard have very specific requirements for crypto exchange companies. These additional requirements include enhanced due diligence on these companies at the start of the relationship, followed by additional monitoring of their transactions. The requirements have become even more stringent since 2022.

The other issue with crypto companies using credit cards to purchase their products is that most banks will automatically classify these transactions as cash advances. This will result in the credit card company declining the transactions. This cannot be avoided by the acquiring company.

PSP and Acquirer-Level Restrictions

The major payment service providers have internal lists of companies that will automatically reject crypto companies as merchants. This is true of all the most popular payment companies. This means that crypto companies will have to seek out specialised acquiring companies that have the resources to handle their compliance needs.

Specialised acquiring companies will use rolling reserves for crypto merchants.

When acquiring cryptocurrencies, a rolling reserve will be put in place to hold a percentage of the merchant's sales for a period of time. This could be for a few months.

This reserve is used to cover chargebacks on transactions. If someone uses a credit card to purchase cryptocurrency, the company will be able to cancel the credit card transaction. However, the cryptocurrency cannot be rolled back to the company from which it was purchased. This creates a loss for the acquiring company. The rolling reserve prepares the acquiring company for such scenarios. It is a feature of all acquiring companies that do business with cryptocurrency.

The Practical Structure for "Safe" Card Acquiring in Crypto

Approaching an acquiring partner without the right structure in place is the most common reason crypto merchants are declined, even when they are eligible in principle. Two requirements stand above the rest.

Licensing as a Foundation, Not an Afterthought

A recognised financial license has become a baseline requirement for crypto merchants who approach any acquiring partner. It demonstrates that the company is under regulatory oversight and can stand up an AML program to be audited in the case of any wrongdoing.

Those who offer acquiring for crypto merchants are themselves subject to oversight by the card schemes. They must ensure that each merchant they onboard to their acquiring account satisfies certain regulatory standards. A license provides them with a foundation for this.

One thing that many crypto companies are unaware of is that the acquiring agreement must be held by the licensed entity. This is true even if the acquiring entity is part of a larger company. The entity that processes card payments must have the same license as the company running the AML program.

Flow-of-Funds Documentation

Acquirers need to know the flow of funds created by each transaction processed through their acquiring account. They need to know the flow of funds from the acquiring account to their operational and custodial accounts.

For crypto merchants, specifically, this flow-of-funds requirement extends to seeing how the fiat currency that is received from card payments is subsequently used — to purchase cryptocurrency, to rest in a protected account, or to go to a third-party custodian of the crypto company.

If this flow of funds is not documented properly by the crypto company, this is the single most common reason that acquiring companies will turn down a merchant application. The underwriters see the flow-of-funds documentation and recognise that there is risk associated with the merchant that they cannot control, hence the maximum risk rating to the acquiring company.

By providing proper documentation of the flow of funds and the controls placed over the transactions made with card payments, the acquiring company will find itself resolving many of these objections before the merchant approaches them with an acquiring application.

Common Pitfalls in Crypto Merchant Card Acquiring Compliance

Several recurring errors cause crypto merchants to lose their acquiring accounts or face fines — often after they have already been approved.

The Regulatory Outlook: MiCA and What It Changes for Acquiring

MiCA introduces a formal license category for crypto-asset service providers that acquiring companies can reference during due diligence. Its scope and its limits in the context of card acquiring are both worth examining.

The Markets in Crypto-Assets Regulation (MiCA) has given crypto-asset service providers (CASPs) a license category that can be referenced by acquiring companies and payment schemes to determine whether a cryptocurrency company is in compliance with regulatory standards. For crypto companies within MiCA's scope, having such a license will improve their eligibility to open acquiring accounts with European acquiring companies that are required to complete due diligence on crypto companies seeking their services.

MiCA provides acquiring companies and payment schemes a point of reference for crypto companies that surpasses the lack of regulatory clarity surrounding unlicensed cryptocurrency exchanges. However, MiCA does not override the rules of the payment schemes or the policies of the payment processor.

A company licensed under MiCA will still have issues obtaining approval for its acquiring application because of its business model. MiCA only covers due diligence regarding the regulatory standing of the company; it does not fulfil the criteria for flow-of-funds documentation, chargebacks, or monitoring requirements. Hence, MiCA is only one of many conditions that must be fulfilled for a cryptocurrency company to receive an acquiring account.