In 2026, approval of high-risk e-commerce merchant accounts will depend on more than just the product category. Providers will look at how the ecommerce merchant bills, how they fulfill orders, how transparent their return and refund policies are, the ecommerce website’s design, and whether there will be a high fraud rate with their products. Because merchant account providers are liable for merchant losses, they must carefully evaluate ecommerce merchants with higher risk profiles.
In 2026, the risk environment has evolved, and the risks of fraud for merchants with high-risk ecommerce merchant accounts have been further increased by Visa’s VAMP framework. The threshold for excessive merchants in the United States, Canada, the European Union, and the AP regions has dropped to 150 basis points as of April 1, 2026. Additionally, the PCI Security Council has further emphasized the importance of ecommerce website security to protect ecommerce merchants from cyber threats. Therefore, approval for ecommerce merchant accounts in 2026 will not just be about getting approved for an account, but also about remaining supportable after the ecommerce site goes live.
What Is A High-Risk Ecommerce Merchant Account?
An ecommerce merchant account is the acquiring relationship that allows an online seller to accept card payments. A high-risk ecommerce merchant account performs the same functions but is intended for businesses that present a higher risk of issues such as fraud, chargebacks, returns, and more. Merchant account providers assess the risk of the transactions that a business will process, not whether the company sells its products or services online.
Because of this, ecommerce merchant accounts are evaluated differently for companies that offer subscription products, digital goods, tickets, coaching programs, travel services, nutraceuticals, and products with delayed customer order fulfillment. In these instances, the provider is evaluating whether the ecommerce business can handle any losses that may occur later in the order fulfillment cycle.
Why Ecommerce Merchants Can Be High-Risk
Because of the nature of ecommerce, there is inherently a higher risk of card-not-present fraud than in in-person retail. There is no physical card, no need to read the chip on that card, and no requirement for customer-salesperson interaction during ecommerce transactions. However, EMVCo states that its EMV 3-D Secure protocol was created specifically to prevent card-not-present transactions and to increase the security of ecommerce transactions.
Another major factor that increases the risk of credit and debit card fraud in the retail industry is the complexity of the retail model used by that store or other retailers. Models that use recurring charges, merchant-initiated transactions, annual prepay plans, delayed shipping, or hard-to-cancel subscription models increase the risk of fraud and payment disputes. Both Visa’s efforts with its stored credential model and its standards help explain the increased risk associated with those specific models.
Who Needs This
Individuals who may find this guide most useful are those who operate businesses similar to these:
- subscription ecommerce businesses
- digital goods and downloadable content sellers
- ticketing and event businesses
- travel and booking merchants
- coaching or membership businesses
- businesses that offer products with a delay in fulfillment
- cross-border ecommerce businesses
- Ecommerce businesses that have been declined or required reserves before going live
What Do Underwriters Look for During Approval?
| Approval Factor | Why It Matters | What The Merchant Should Be Ready To Show |
|---|---|---|
| Product and business model | Some models create more refund, fraud, or delivery risk | Clear explanation of what is sold and how fulfillment works |
| Billing structure | Recurring, prepaid, or delayed billing raises risk | Terms, consent language, and billing examples |
| Website disclosures | Underwriters review whether policies are visible and complete | Refund, shipping, cancellation, contact, and legal pages |
| Checkout design | Embedded pages and scripts create security scope and fraud exposure | Secure integration approach and processor-supported setup |
| Fraud controls | High-risk ecommerce needs stronger CNP controls | Authentication, screening, and order-review process |
| Dispute history or expected ratios | Networks and acquirers monitor fraud and disputes closely | Chargeback plan, descriptor discipline, and service workflow |
The important point is that underwriters do not only ask “Is this category risky?” They also ask whether the merchant operates like a business that can manage that risk.
What Makes Approval Harder in 2026?
What gets harder is the execution. Visa’s lowering of the VAMP threshold means that ecommerce models with a higher dispute rate will be affected. PCI SSC’s ecommerce guidance makes it harder for merchants to assume that because they have “hosted enough” of their ecommerce store, they have “handled” PCI compliance. Merchants must have high-quality applications at the time of submission.
The easier part of 2026 will be the clarity on what the providers want. Providers are now more specific about the policies they will require of merchants. Those who prepare in advance for these questions will have more valuable applications than those who focus only on providing merchants with the best possible rate and speed for their orders.
Common Mistakes That Delay Approval
The most common mistakes that occur during operation are:
- building a website that is not complete and thin
- hiding the terms and conditions
- using vague recurring billing terms
- storing payment credentials without consent
- using embedded forms for payments without meeting the security requirements for the scripts
- commencing operations before the fraud, support, and fulfillment departments are ready to receive the orders
While these mistakes are fixable, they are best addressed before the underwriters encounter them.
How Long Does Approval Take?
Approval timing for a high-risk ecommerce merchant account usually depends on how complex the business model looks to underwriting. A straightforward ecommerce merchant with a clean website, clear policies, and complete documentation may move through review relatively quickly. A merchant with recurring billing, delayed fulfillment, subscription terms, cross-border sales, or a category that already receives more scrutiny will usually take longer.
In practice, the biggest delay is often not the underwriter’s review itself. It is the back-and-forth created by missing documents, weak website disclosures, or unclear explanations of how the business bills and fulfills orders. Merchants that submit a complete application, a finished website, and a clear description of their billing model usually move faster than merchants that treat approval like a form-fill exercise.
Documents Required for Approval
Most providers want enough information to understand both the business and the payment risk behind it. For a high-risk ecommerce merchant, that usually means giving underwriting a clear picture of ownership, banking, billing, and fulfillment.
Common documents and materials may include:
- Business formation documents
- EIN or tax documentation
- Government-issued ID for owners
- Voided check or business bank letter
- Recent processing statements, if the business has processed before
- Website URL with live product, policy, and contact pages
- Refund, cancellation, shipping, and terms-of-service policies
- Explanation of billing model, including recurring or prepaid charges
- Expected monthly volume, average ticket, and highest ticket
- Supplier, fulfillment, or inventory information when relevant
Some providers may also ask for additional documents if the business is subscription-based, cross-border, preorder-driven, or otherwise more complex. The more clearly the merchant can show how customers are charged, how orders are fulfilled, and how disputes are prevented, the easier the review usually becomes.
Quick Approval Checklist
Before applying, merchants should make sure the basic underwriting questions can be answered without guesswork. That usually means checking the website, policies, billing model, and payment flow with the same level of care you would give a live launch.
Use this checklist before submitting an application:
- Your website is live, complete, and professionally finished
- Product or service descriptions clearly explain what the customer is buying
- Refund, cancellation, shipping, and contact policies are easy to find
- Recurring billing terms are disclosed clearly, if applicable
- Your checkout flow is working and consistent with your stated business model
- Your statement descriptor and business name are easy for customers to recognize
- You can explain your average ticket, monthly volume, and fulfillment timing
- You have fraud controls, support workflows, and dispute handling procedures in place
- Ownership, banking, and business documents are ready to submit
- Your provider choice actually fits your category and billing model
A quick checklist like this does not guarantee approval, but it does help merchants avoid the most common preventable problems. For high-risk ecommerce, the businesses that look easiest to approve are usually the ones that already look operationally ready.
How to Get Approved for a High-Risk Ecommerce Merchant Account in 2026
Build A Clean Website Before You Apply
Provider reviews of your website will look for information like contact information, return and refund policies, shipping policies, and other details about your business. A poorly detailed website can be a signal of risk to the underwriting department, regardless of your business performance.
Explain Your Billing Model In Plain Language
Underwriters typically like to know upfront how and when customers are billed for your products or services. This information may include whether you use one-time billing, recurring billing, annual billing, usage-based billing, or delayed billing until after order fulfillment. Both Braintree’s underwriting guidelines and their periodic review materials make clear that providers want to know a current view of your business model and billing practices.
Tighten Your Checkout Architecture
Underwriting for ecommerce companies is not just about the products that you offer. The architecture of your checkout system matters. The Payment Card Industry’s Security Standards Council (PCI SSC) published guidance in 2025 about how ecommerce companies with embedded checkout forms could satisfy their requirements for “SAQ A” vulnerability assessments. Their guidance reaffirmed in January 2025 that their requirements were unchanged since they published their policy in 2024.
Use Stored Credentials Correctly
If you will be billing customers for your products again later, then your use of stored credit and authentication credentials is a feature of your system that must be addressed. Visa says that any use of stored credentials must reveal to the merchant and the issuing bank how the stored credentials will be used, and that any instances of recurring billing for products or services should be made distinct and identified within the system.
Show How You Control Fraud And Disputes
A high-risk ecommerce company must have systems in place to handle fraud and customer payment and service disputes. Systems like EMV 3D Secure prevent fraud that does not involve the reader of the payment card by using challenge protocols to confirm that a customer attempting to make the purchase actually has that card. Additionally, Visa’s 2025 version of the VAMP program puts high-risk ecommerce companies through a process that examines how many transactions they process per month and how many of those transactions are returned due to customer disputes. Any company that processes above certain thresholds is subject to additional and more intensive consequences should they be determined to be excessive for that company.
Why Approval Isn’t the End: Ongoing Monitoring Explained
Underwriters do not view your initial approval to begin working with a provider as the end of the road for your relationship with that provider. Companies like Braintree include information in both their underwriting policies and their periodic review policy that make clear that periodic reviews are a feature of their usual operations and are used to maintain an accurate assessment of the company and its ecommerce model. Your best application is the one that can prove your business can survive these periodic reviews.
FAQs
Q: What is a high-risk ecommerce merchant account?
A: A high-risk ecommerce merchant account is for ecommerce merchants in a category or with a structure that introduces more risk to the merchant account than an ordinary ecommerce business. This is still an ecommerce merchant account; it just undergoes closer scrutiny regarding reserve and fraud policies.
Q: Why do some ecommerce merchant accounts get declined?
A: Many ecommerce merchant accounts get declined because of the nature of their website, their ecommerce policies, their ecommerce fraud controls, or the nature of the products they offer.
Q: Do all ecommerce merchant accounts need stronger fraud tools in 2026?
A: No. However, the high-risk category of ecommerce merchants will require stronger fraud controls to prevent the noxious effects of card-not-present fraud. Both EMVCo and Visa have introduced methods to prevent this form of fraud and make the cost more prominent for ecommerce merchants with weak fraud control systems.
Q: How does PCI impact the approval of a high-risk ecommerce merchant account?
A: The PCI standard has a major impact on approving high-risk ecommerce merchant accounts because of how the ecommerce website handles the checkout process. According to the PCI Security Standards Council, ecommerce websites that use embedded pages must protect those pages from script attacks.
Q: What documents do you need for a high-risk merchant account?
A: Merchants should have their website live and ready, their ecommerce policies set up and visible on the site, their ecommerce billing and fulfillment processes ready to explain to the merchant account provider, the expected ecommerce volumes, and ecommerce fraud controls ready to discuss.
Q: Is approval for a high-risk merchant account enough, or will it eventually be reviewed again?
A: Approval is just the start. Braintree, for example, states that its high-risk merchants are subject to periodic reviews to ensure their ecommerce model continues to meet merchant account expectations. This review can happen at any time, so high-risk ecommerce merchants should be prepared for this from the beginning of the merchant account acquisition process.
Conclusion
The best way to get approved for a high-risk e-commerce merchant account in 2026 is to show the merchant account companies that you are a well-run ecommerce business. Your website, your billing model, your security, and your fraud policies will work better for getting you approved than any “instant approval” company ever will.
If you’d like help finding the right ecommerce merchant account companies for your ecommerce business model, Payment Nerds can help you with that. The right merchant account company for your ecommerce business is not just about getting approved for the account, but about staying stable with that merchant account after you get approved for it.
Sources
- Braintree. “Underwriting Overview.” Accessed March 2026.
- Braintree. “Ecommerce Website Requirements.” Accessed March 2026.
- Visa. “Visa Acquirer Monitoring Program Overview.” Accessed March 2026.
- PCI Security Standards Council. “FAQ Clarifies New SAQ A Eligibility Criteria for E-Commerce Merchants.” Accessed March 2026.
- Visa. “Stored Credential Transaction Framework.” Accessed March 2026.
