CatalystConversations with Wolfgang Specht, Group Executive Director Merchant Risk at PAYSTRAX

Welcome back to our #CatalystConversations series where we sit down with industry experts and leaders from our partner network to unpack the trends, threats, and transformations shaping the future of payments.

In this edition, we’re joined by Wolfgang Specht, Group Executive Director Merchant Risk at PAYSTRAX, a trusted acquiring partner in CatalystPay’s multi-acquirer ecosystem.

From chargeback prevention to Visa VAMP compliance and evolving fraud tactics, Wolfgang shares critical insights into how acquirers assess risk, what merchants often get wrong, and what they should be doing right now to stay ahead

From an acquirer’s perspective, what are the biggest misconceptions merchants have about payment risk and their role in managing it?

One of the biggest misconceptions is that managing payment risk is solely the acquirer's responsibility - that once a merchant is onboarded, risk mitigation happens "behind the scenes." In reality, effective risk management is a shared responsibility. Merchants often underestimate how much control they actually have in influencing fraud rates, chargebacks, and compliance standing.

Another common misconception is that fraud and chargebacks are inevitable and unmanageable. In fact, many issues stem from preventable operational practices - unclear refund policies, misleading marketing, or lack of fraud screening tools and affiliate monitoring processes. Merchants who proactively invest in strong customer communication, robust fraud detection, proper affiliate monitoring and clean transaction flows tend to maintain far healthier risk & compliance profiles.

When assessing merchant risk, what specific factors or behaviors raise red flags?

Risk is assessed at two levels: onboarding and ongoing monitoring.

During onboarding, PAYSTRAX looks closely at:

• High-risk verticals (e.g., crypto, supplements)
• Chargeback/fraud history with past acquirers
• Mismatched declared vs. expected volumes
• Evasive or vague disclosure around fulfillment, refund practices, or sub-merchants

Post-onboarding, red flags include:

• Sudden volume spikes or high average ticket growth
• Increasing fraud-to-sales ratios
• Suspicious or inconsistent MCC usage
• High cross-border transaction volume without justification
• Rising TC40 fraud alerts or network early warnings
• Negative media mentions or unusual transaction behaviors

“These signs can point to synthetic IDs, money laundering, or even failing business models. That’s why we intervene early,” Wolfgang notes.

With Visa’s VAMP rules coming into force how is PAYSTRAX helping merchants prepare?

Visa’s new VAMP framework, particularly the inclusion of TC40 alerts in fraud ratio calculations, is a major shift. The advisory period has been extended through 30 September 2025, giving merchants a rare window to adapt.

The extended advisory period is a valuable opportunity, and at PAYSTRAX we’re using this time to help merchants prepare systematically and reduce their TC40s & TC15s. We’re approaching this phase with a two-pronged strategy: education and proactive data monitoring.

We’re:

• Educating merchants about the new VAMP thresholds, what TC40 alerts are, and how they now feed directly into fraud ratio calculations.
• Encouraging the use of advanced fraud prevention tools - including 3DS, velocity checks, device fingerprinting, and address verification systems (AVS).
• Reviewing merchants’ historical TC40 alert volumes with them and providing guidance on how to improve their fraud profiles ahead of enforcement.
• Segmenting merchants based on risk exposure so we can tailor support -  from technical assistance with fraud filters to policy reviews.
• Helping merchants with a balanced country mix to reduce TC40s and recommending calculating a fraud probability score based on historical data and metrics such as jurisdictions, BINs, etc. and then based on a certain fraud probability score void those transactions through Authorization/Capture delays and if above a certain score not capturing those authorizations to prevent potential TC40s and overall lower the TC40 count.

"The goal is to help our merchants not just avoid penalties but establish long-term fraud resilience as the ecosystem becomes more transparent and data driven." 

What future risks should merchants prepare for in 2025 and beyond?

The payment risk landscape is evolving fast. Wolfgang highlights four core shifts that merchants (and acquirers) need to stay ahead of:

• Synthetic identity fraud is on the rise - especially in industries with high customer churn or digital delivery models. Merchants need to adopt more intelligent onboarding and authentication mechanisms.
• Regulatory scrutiny is increasing, particularly in high-risk sectors and cross-border commerce. Acquirers will be expected to enforce stronger KYC/AML compliance from day one.
• Tokenization and network token use will become more central as schemes like Visa and Mastercard push for safer transactions - acquirers must help merchants implement and optimize tokenized payment flows.
• Real-time payments and alternative rails (like open banking) will introduce new fraud vectors that differ from card-based risks - acquirers will need to help merchants adapt fraud models accordingly.

“The role of the acquirer is shifting. We’re no longer just compliance enforcers - we’re strategic partners, providing the tools, data, and guidance merchants need to scale securely,” Wolfgang explains.

What role do ISOs like CatalystPay play in helping merchants manage risk and stay compliant?

ISOs like CatalystPay play a vital role in bridging the gap between merchants and acquirers. They’re often the first point of contact and the ones closest to the merchant’s day-to-day realities, especially for SMEs or merchants expanding across borders.

In the context of risk and compliance, ISOs can:

• Pre-screen merchants effectively and ensure clean, compliant applications.
• Educate merchants about evolving scheme rules, like VAMP changes or PCI DSS requirements.
• Provide hands-on support to reduce chargebacks and fraud exposure early.
• Offer localized insights in markets where acquiring rules and risk appetites may vary.

"A strong ISO-acquirer relationship ensures that merchants receive both the agility of a specialized partner and the regulatory oversight of a licensed acquirer. It’s a partnership model that drives sustainable growth and long-term stability in a complex ecosystem."

Wrapping Up

In a world of rising fraud, tightening regulations, and shifting expectations, merchants can no longer afford to treat risk as someone else’s responsibility.

As Wolfgang Specht puts it, the strongest merchant-acquirer partnerships are built on shared accountability, proactive education, and real-time data.

At CatalystPay, we’re proud to partner with PAYSTRAX - not only for their robust acquiring infrastructure, but for their commitment to merchant success through transparency and guidance.

This is what CatalystConversations is all about: real talk with the people who keep the payments industry running.

Stay ahead of risk with CatalystPay

Need help understanding your risk profile or adapting to new VAMP rules?
Talk to our team - we’re here to help you stay compliant, reduce fraud, and grow with confidence.