What is a Merchant of Record? Everything you need to know before choosing a payment model

A Merchant of Record takes on legal liability for your transactions: handling tax collection, fraud, and chargebacks so you don't have to. Here's what that means in practice and when it makes sense for your business.

Picture this: it’s Friday afternoon, and an email hits your inbox. It's from your outside counsel, or your new VP of Finance (or occasionally a tax authority directly). The question is simple: who is the Merchant of Record for your international transactions?

Revenue is up, the roadmap is full, and customers are coming in from Germany, Australia, Canada, the UK. Nobody has spent much time thinking about the legal entity whose name appears on their card statements, or who bears liability when one of them disputes a charge.

For many companies, the honest answer is: we are, and we haven't fully reckoned with what that means.

This guide is for the executive who has just arrived at that moment. It explains what a Merchant of Record is, how it differs from the payment service providers most companies already use, when it makes sense to delegate that role to a third party, and what to look for when you do.

What is a Merchant of Record?

A Merchant of Record is the legal entity named as the seller in a transaction with an end customer. It is the name that appears on the cardholder's bank statement, and also the entity that bears liability for collecting and remitting sales tax, honoring refunds, contesting chargebacks, and maintaining Payment Card Industry compliance.

Whether you are aware of it or not, there is always a Merchant of Record in every transaction. The question is only whether that entity is you or someone else.

If your business acts as its own MoR, you own the infrastructure, the compliance obligations, and the liability that comes with them. If you engage a third-party MoR, they assume that burden - freeing your team to focus elsewhere (like growing your business).

The mechanics are straightforward: the customer pays the MoR, and the MoR pays you, minus its fees and applicable taxes. You remain the Seller of Record, meaning you own the product, the pricing, and the customer relationship.

What changes is who owns the legal and financial exposure in the transaction layer. That is the most consequential part of the decision.

Everything a Merchant of Record is responsible for

The responsibilities below fall to the MoR in every transaction, whether that entity is you or someone else.

Merchant accounts and local entity creation

To accept payments across international markets, a business needs merchant bank accounts in the countries where it has a substantial customer base, and those accounts typically require a local legal entity in each market. I asked Derek Wilmer, Head of Ecommerce at Whop, why local acquiring is so important:

Why would a Polish bank care about a US business? They don't. In the eyes of different regions and banks around the world, payment systems with local acquiring are looked at in a higher regard and with a higher level of trust. - Derek Wilmer, Whop

Incorporating a subsidiary, registering for tax, and building relationships with acquiring banks can take over two years and cost up to $2M per market. If your company is expanding into five or six countries at once, this is a substantial undertaking before a single payment is processed.

Payment and data compliance

Every market where you accept payments has its own security and data requirements. At the baseline, this means maintaining PCI-DSS compliance across your entire payment environment: the standard governing how cardholder data is stored, transmitted, and processed. Layered on top are local data regulations, like GDPR in the EU, that impose additional obligations on how customer payment data is handled and where it can be stored.

Currency conversion and payment routing

International customers pay in their local currency, which means someone needs to manage the conversion of those payments into your operating currency (and ensure that those payments actually go through).

Not all payment processors are equally reliable across all geographies or card types. A transaction declined as fraudulent by one processor when it should have gone through is simply lost revenue. Managing this requires integrating multiple processors and implementing routing and cascading logic, so that when a primary processor declines a transaction, an alternative is tried automatically.

Those same processors also charge interchange fees and markups on every transaction. An MoR, processing payments across thousands of sellers, can negotiate rates that no individual business could secure on its own.

Fraud prevention

Fraud management is not a one-time configuration. It requires building logic to flag suspicious transactions, manually reviewing borderline cases, and continuously refining rules as fraud patterns shift. The consequences of getting it wrong run in both directions.

"You don't even realize how much money you're losing to false declines, because you never see that revenue. Every processor has its own fraud rules: some overextend blocks that another processor wouldn't flag at all." - Maddie Cohen, Head of Trust at Whop

A rule that is too aggressive declines legitimate customers and costs you revenue you never knew was there. One that is too permissive increases losses and damages your chargeback ratio.

Disputes and chargebacks

When a customer disputes a charge with their card issuer, the resulting chargeback starts a formal process: respond with evidence, absorb the dispute fee regardless of outcome, and if your chargeback rate exceeds network thresholds — face penalties or account termination.

Managing disputes well requires documentation at the point of sale, a structured response process, and the capacity to engage in case reviews.

Taken together, these responsibilities represent a substantial operational infrastructure. For a business focused on building and growing a product, standing this up in-house (and maintaining it across multiple markets) is a significant diversion of capital, engineering time, and management attention.

Sales tax

For a business selling across multiple countries and US states, tax is not a single calculation, it is hundreds of them, updated continuously as jurisdictions change their rules. An MoR calculates the applicable sales tax, VAT, or GST on each transaction at the point of sale, files the returns, and remits the collected tax to the relevant authority on your behalf.

Without this, your business is responsible for registering in every jurisdiction where you have tax nexus, staying current on rule changes, and filing accurately (or bearing the consequences of not doing so).

MoR vs PSP vs PayFac: understanding the difference

Understanding what a MoR is responsible for makes it easier to see what a payment service provider actually covers, and what it doesn't.

A payment service provider - Stripe, Adyen - gives you the infrastructure to accept payments. It processes the transaction, moves the money, and charges you for the privilege. What it doesn't do is take on legal responsibility for the sale. You remain the Merchant of Record: you own the tax obligations, the chargeback liability, the compliance exposure.

A third-party MoR is a different arrangement. Everything above becomes their obligation to fulfil, not yours. You keep the product, the pricing, and the customer relationship. The legal and financial exposure in the transaction layer moves off your plate.

Payment facilitators - PayFacs - are often mistaken for a similar arrangement, but the distinction matters. A PayFac aggregates merchants under a master account to simplify onboarding. Liability stays with the sub-merchant. It is a faster way in, not a different set of responsibilities.

Why the MoR decision is particularly important for internet businesses

Choosing a Merchant of Record is always a significant decision, but for internet businesses, it is a particularly consequential one. Here's why:

Physical goods move through established channels, such as tariff codes, import duties, VAT on goods. These frameworks are not simple, but they are mature, and the obligations well understood. The infrastructure exists to meet them, and the professionals who navigate them have been doing so for decades.

Internet businesses do not have that history behind them. For companies selling SaaS subscriptions, software licenses, digital courses, and online communities, the global tax and risk framework is still being constructed in real time, and the rules a business built its compliance around last year may not be the rules that apply today.

You only need to look at how quickly the regulatory landscape has shifted to understand why this matters.

This is what a decade of regulatory catch-up looks like

The EU introduced VAT on digital services in 2015. The VAT in the Digital Age package, adopted in March 2025, is rolling out progressively through 2035, with mandatory real-time digital reporting for cross-border transactions becoming compulsory from 2030. 

Australia followed with GST on digital goods in 2017. Canada, Singapore, and the Philippines — which introduced a 12% VAT on digital services in 2025 — have each built their own regimes on their own timelines, with their own thresholds, their own filing requirements, and their own penalties.

For a SaaS company selling into 40 countries, this means hundreds of individual tax calculations, recalibrated continuously across jurisdictions that do not coordinate with each other.

I asked Iman Deschâtres, Founder of Deptax, to paint a picture: what does tax compliance look like for a SaaS company selling into 40 countries when it starts to break down?

"It is messy and potentially extremely costly from a financial perspective. I had to supervise this and it involves different teams from IT, to Tax, to Finance and Treasury, all at once.

The data is not just late, it is structurally late by design. You're coordinating returns across time zones, overpaying because tax authorities apply exchange rates you can't predict, and if a payment is returned, you might not find out for weeks. By then, interest and penalties have already been running: and you still can't know exactly how much to send to fix it, because the interest keeps accruing until the moment the funds land. Now multiply that across 40 countries, every month or quarter."

Managing that under a self-managed PSP model means either building a sophisticated internal tax function or stitching together third-party tools, none of which assume liability for what they calculate. When a tax authority determines the number was wrong, the assessment comes back to you, with interest.

The consequences range well beyond a fine, from backdated tax payments with interest to criminal investigation. For example, Under French law, deliberate tax fraud carries up to five years imprisonment and a €500,000 fine, doubling if the proceeds of the offence warrant it.

"Collection of indirect tax was designed as an intermediary function: it was never built for international sales with registrations in more than 100 countries. What I see happen when something goes wrong is that the intermediary ends up on the hook for tax, interest, and penalties that can exceed the entire margin earned on the sale. Extend that over years, and the amount can reach what I call a 'lose the ranch' quantum."

— Iman Deschâtres, Founder, Deptax

For a fast-growing internet business that has outpaced its own compliance infrastructure (which, in practice, describes most of them) this is a real risk.

The hidden cost of managing risk yourself

Even if the tax obligations are manageable, they are only part of the picture. Fraud and chargebacks further complicate the situation.

Card-not-present transactions, the default for every online sale, carry chargeback rates of between 0.6% and 1%, much higher than the 0.5% average for card-present transactions. Digital goods and services are even more exposed due to the difficulty of disputing a charge on an intangible product.

Your business can absorb this loss at low volumes: a dispute here, a chargeback there. It’s frustrating, but survivable. The problem is that chargeback exposure grows as your business does, and so does the operational infrastructure required to manage it.

Without careful management, your chargeback rate could very well drift above card network thresholds and into account termination territory.

With all of the above in consideration, it is clear to see that a Merchant of Record that assumes this liability does not just remove administrative burden of taxes and fees. It restructures the risk profile of the business, as the fraud losses, dispute fees, and compliance exposure across every market move off your balance sheet and onto theirs. 

When using a Merchant of Record makes sense

Despite the myraid of reasons to use an MoR, the model is not the right choice for every business. Delegating the above responsibilities comes at a cost, typically 5% to 8% per transaction, compared to 2.9% plus $0.30 under a standard PSP arrangement.

For some companies, the cost of engaging an MoR outweighs the benefits. For others, it is an easy decision: a higher per-transaction fee in exchange for the time, compliance overhead, and liability that would otherwise sit on their plate.

The question, then, becomes whether the specific shape of your business makes the tradeoff worthwhile.

Signs the MoR model is the right fit

The businesses that benefit most from the MoR model tend to share a recognisable profile. They are selling digital goods, SaaS subscriptions, or content into multiple countries. Their founding team is focused on product and growth, not compliance, and they are not in a position to build a dedicated tax or finance function any time soon. International expansion is either already underway or imminent, which means the compliance surface area is about to grow considerably.

A chargeback rate trending above 0.5% on an existing PSP is another early indicator that dispute management is becoming an operational burden.

None of these conditions alone is decisive, but when most of them apply, the MoR fee structure starts becomes worth the problems it solves.

Signs a self-managed PSP may be the best choice

For some businesses, the MoR model is an answer to a problem they do not actually have. A company operating in one or two markets with stable tax treatment, a finance function equipped to manage compliance, and pricing complexity that exceeds what standardised MoR platforms support may find that a PSP paired with the right tooling is the more rational choice.

The MoR model solves a real set of problems. The question is whether they are your problems.

Leading Merchant of Record providers

If the above has convinced you that your business could benefit from engaging a third-party Merchant of Record, here is where to start.

Whop 

Whop is a technology platform for internet businesses that acts as Merchant of Record. Tax remittance, chargeback liability, and compliance infrastructure are handled by Whop, not the seller. Currency conversion is handled automatically, with payouts settled in the local currency of your organization's geography.

Beyond the MoR coverage, sellers get access to the Whop Payments Network: 187+ countries, 135+ currencies, 100+ payment methods including iDEAL, SEPA, and Bancontact, and 10 BNPL providers including Klarna, Afterpay, and Splitit. Multi-provider orchestration with automatic retry on decline adds a revenue lift of up to 6%.

Pricing is transparent and published: 2.7% + $0.30 domestic, with optional modules for orchestration, automated billing, tax remittance, and affiliate processing.

Paddle 

Paddle has been a Merchant of Record for over 13 years, operating as the MoR for software companies. Paddle covers fraud protection, chargeback management, cross-border sales tax compliance and subscription billing in one fee: 5% + 0.50. For enterprise-level businesses, Paddle offers tailored pricing and access to optional premium services and success management.

Paddle is a strong fit for SaaS businesses selling internationally that want a mature, purpose-built solution.

Stripe Managed Payments

Stripe Managed Payments is Stripe's MoR offering, covering global tax compliance across 75+ countries, fraud and disputes, and the checkout experience. Built on the foundation of Stripe's acquisition of Lemon Squeezy, it is designed for businesses already embedded in the Stripe ecosystem that want MoR coverage without migrating to a new provider.

Uniquely, Managed Payments can be applied at the transaction level, so businesses can use Stripe as MoR selectively for specific markets or products while keeping their existing setup intact elsewhere.

The bigger question behind the MoR decision

If you've made it this far, you already understand the complexity sitting underneath every online transaction. At some point, every founder has to decide what kind of company they are building, and how much of the back office they want to run themselves.

There are companies that have built proprietary payment and compliance infrastructure, with dedicated finance and legal teams, and for them, the investment pays off in negotiating leverage, data control, and pricing flexibility.

But for most companies, the honest unit economics look different once you account for fraud losses, compliance overhead, tax advisory costs, and the opportunity cost of your own time. The hours, the headcount, and the liability you would otherwise be carrying yourself: that is what the MoR fee is actually buying. For a business focused on building a product and growing revenue, that is usually the better deal.

So, who is your Merchant of Record?

There is always a Merchant of Record in every transaction. The question is whether your business has made a deliberate choice about who that is, and whether that choice matches your markets, your growth stage, and your appetite for operational complexity.

Whop Payments Network gives businesses the full stack: MoR coverage, multi-provider orchestration, global payment methods, and automated tax remittance.

If you're ready to hand off the complexity, start with Whop Payments Network.