Merchant onboarding determines which risks enter the system in the first place. Transaction based risk models determine how those risks are managed day to day. Effective fraud prevention depends on the interaction between clear rules, artificial intelligence (AI), and corporate responsibility.

Few topics in payments are currently discussed as intensely as the use of artificial intelligence. Many debates create the impression that long established risk systems can simply be replaced by an AI model: put AI in, get risk out.

That view misses the bigger picture. Risk management in payments is not a single process. It is an ongoing responsibility that starts with access to the payments ecosystem and continues through the real time assessment of every individual transaction.

Modern AI does not transform this system by replacing rules. It transforms it by making responsibility scalable.

This becomes especially clear in two key areas: merchant onboarding as the gateway into the payments ecosystem, and the risk assessment of individual transactions during daily operations. Only the interaction between these two layers determines how stable, fair, and secure modern payments truly are.

Merchant onboarding as the first line of defense

Merchant onboarding is still often seen as a necessary evil: driven by regulation, expensive, and potentially slowing down growth. That perspective falls short. Anyone who sees onboarding as a purely administrative exercise overlooks its real purpose. It is the first and one of the most important lines of defense in payments. AI is not the risk here. It is what makes it possible to combine regulation, fraud prevention, and fairness effectively.

Against this backdrop, the use of artificial intelligence is often viewed with skepticism. Unfairly so. The real risk is not the technology itself, but its uncritical use. When implemented correctly, AI in merchant onboarding does not reduce control. It improves the ability to identify and contain risks.

One thing should be stated clearly: merchant onboarding is not a standard automation use case. Decisions are legally relevant, must remain explainable, and operate within strict regulatory boundaries. Fully automated black box approaches are neither permissible nor sensible.

At the same time, it would be a mistake not to use AI, especially in highly standardized areas. Well trained models make onboarding not only more efficient, but also more robust. Manual processes are prone to typing errors, copy and paste mistakes, and oversight. Automated extraction, processing, and assessment of data according to the same consistent logic reduces these risks. It also frees onboarding experts to focus on more complex cases, strengthening overall risk management.

From data points to complete risk profiles

The benefits of modern AI become particularly clear when extracting and structuring documents. Systems can now automatically and reliably recognize and interpret business reports, commercial register extracts, shareholder agreements, and media reports. In merchant onboarding, these approaches can handle increasingly complex documents while simultaneously checking plausibility and consistency.

This also includes automated authenticity checks for documents, which are becoming increasingly important as fraud schemes grow more sophisticated. Manipulation traces, edited images, inconsistent metadata, or synthetically generated content can now be identified reliably.

But the real value does not come from individual data points. It comes from how they interact. Modern AI models evaluate patterns rather than isolated information. Inconsistencies in application processes, timelines, structural similarities to known fraud setups, or contradictory self disclosures only become meaningful when combined. This ability to build reliable risk profiles from seemingly weak signals is what sets AI driven approaches apart from traditional checklists.

Another important lever for efficiency and quality is risk based prioritization. Not every merchant carries the same level of risk, and businesses do not need to apply the same level of scrutiny to every onboarding case. AI enables merchants to be categorized early based on their risk profile. Low risk merchants can move through accelerated onboarding processes and start operating more quickly, while higher risk cases receive deeper review.

This improves not only speed, but also fairness. Strongly rule based onboarding processes tend to interpret deviations as risks across the board. Unusual industries, international structures, or unconventional business models are often excluded more quickly even when they are not inherently problematic.

AI can take a more nuanced approach by considering context and distinguishing between “unusual” and “suspicious.” This reduces unjustified rejections without increasing risk in an uncontrolled way. Similar effects can be seen in sanctions and politically exposed person screenings. Modern AI driven matching systems take contextual information, name variations, and additional attributes into account, significantly reducing false positives without weakening regulatory standards.

Not every transaction is risky, but every uncontrolled merchant is

This is where the often underestimated role of merchant onboarding becomes obvious. Many losses that later appear at the transaction level originate much earlier. If fraudulent or high risk merchants never enter the system, the resulting damage never occurs. Merchant onboarding is therefore not an administrative obligation. It is a preventive safeguard that protects consumers, merchants, and payment providers alike.

It is no surprise, then, that this preventive approach is increasingly expected by both regulators and the market. International card schemes have made it clear in recent years that they do not want to leave the cleanliness of the payments ecosystem to chance.

Payment companies are required to review merchants before the first transaction, and fraudulent merchants are receiving greater scrutiny. Known fraud categories range from advance fee scams and investment fraud to identity deception and purchase fraud, all of which create significant financial damage. Strong risk management therefore protects not only acquirers and merchants, but stabilizes the entire payments ecosystem.

From onboarding to transaction risk

Even perfect onboarding cannot eliminate risk entirely. Payments remain a dynamic system. Merchant behavior changes, fraud patterns evolve, and new attack scenarios emerge only after onboarding.

This is where the second line of defense begins: the real time risk assessment of individual transactions. And this is where it becomes especially clear why neither rigid rule systems nor pure AI models are sufficient on their own.

Let’s start with rule based systems. They currently suffer from an image problem. They are often seen as inflexible, cumbersome, and incompatible with modern data driven approaches. What is frequently overlooked is that these rules provide the stable framework within which models can operate effectively. They define hard boundaries, non negotiable exclusion criteria, regulatory guardrails, and known fraud patterns. In other words, they are the system’s seatbelts.

But this is critical: no one should operate static rules on a “set it and forget it” basis. Rules also need continuous adjustment to reflect new fraud patterns, regulatory requirements, and market developments. Fraud is dynamic, and any static system loses effectiveness without constant maintenance.

Unzer has worked with this approach for many years, long before AI became a buzzword. Logistic regression models, scorecards, and rule based decision logic are not new inventions. They are established methods that have powered some of the most stable and successful risk systems in the industry for years. These methods meet all the core criteria associated with AI: they automate decisions, learn from historical data, recognize patterns, and calculate probabilities. Most importantly, they remain explainable, which is non negotiable in regulated payments.

Why rules and AI belong together in fraud prevention

The strength of combining rules, models, and commercial responsibility becomes especially visible in areas with high uncertainty and limited data availability, such as Buy Now, Pay Later (BNPL). In these cases, there is naturally only a limited amount of primary data available. Traditional credit data exists, but it is often not sufficient for fraud detection. The real advantage lies not in the volume of data, but in how intelligently it is processed.

This is where so called weak signals become essential. Device fingerprints, timestamps, address patterns, and behavioral sequences may appear insignificant individually, but together they create highly accurate risk profiles. This not only lowers fraud rates, but directly improves acceptance rates. Every avoided false decline benefits merchants, consumers, and payment providers alike.

Modern AI models are designed precisely for this challenge. They can derive reliable risk indicators from fragmented and weakly correlated information without sacrificing transparency or traceability. In this way, they extend rather than replace traditional algorithms.

Another advantage lies in automated anomaly detection. Unusual patterns can be identified faster, more accurately, and with significantly less manual effort than in traditional setups. This improves response times while easing pressure on operational teams, an increasingly important factor in times of rising cost pressure.

Fraud affects the entire ecosystem

Despite all technological progress, one uncomfortable truth remains: even highly advanced models still reject up to one in twenty requests in some payment methods because of insufficient data. At the same time, not all of these requests are fraudulent. A significant share comes from legitimate customers whose profiles simply cannot be validated sufficiently. The challenge is to continuously improve models so this gap becomes smaller without increasing risk uncontrollably. Risk management remains a balancing act.

One particularly difficult category is first party fraud, sometimes referred to as “friendly fraud.” This happens when cardholders dispute fundamentally legitimate transactions by claiming they did not authorize the purchase, never received the goods, or received items that did not match the description. Examples include children using their parents’ credit cards without permission, or customers requesting refunds despite having received products on time.

For small and medium sized merchants in particular, these cases can quickly become expensive. AI driven anomaly detection helps identify such patterns early, often delivering better results with far less manual effort than traditional review processes.

The surrounding ecosystem also matters. Without the right payment partner and reliable logistics processes, these issues can escalate quickly. Encouragingly, European card issuers are now actively addressing this challenge and strengthening their own controls.

What ultimately matters: acceptance, risk, and continuous fine tuning

The numbers show why this effort matters. With simple in house models, roughly four out of five purchases in markets such as Germany can be processed reliably. With specialized providers like Unzer, acceptance rates above 90 percent are realistic. But this success does not come from static systems. It comes from continuously fine tuning rules, thresholds, data points, and models. The result is a win win win situation: merchants generate revenue, customers enjoy seamless purchasing experiences, and payment providers earn revenue only when transactions succeed.

Looking at onboarding and transaction decisions together makes one thing clear: risk management in payments is not a single process, but an integrated system. Rules provide stability, regulatory security, and clear minimum standards. AI provides adaptability, scalability, and pattern recognition across highly complex data environments.

What matters most is the broader perspective. Merchant onboarding protects the payments ecosystem from structural abuse. Transaction based risk models protect merchants and consumers in daily operations. These two layers are inseparably linked.

For payment companies, this means AI is not simply an efficiency project. It is infrastructure for responsible risk management. Anyone who sees AI as a replacement for proven and reliable rules will fail. Those who use it to strengthen structure, transparency, and accountability will build resilient systems, even in a world where fraud is becoming increasingly sophisticated.

AI is not magic. But in the hands of risk management, it is an exceptionally powerful tool.