Shaun Toh is the founder of PaymentBrief and Director of Digital Payments at Razer. Based in Singapore, he has 13 years of experience across payment strategy, fraud risk management, and global payment optimization — working with merchants, PSPs, and technology teams across North America, Europe, APAC, and Latin America.
PaymentBrief is his effort to close the gap between how payments are covered in the press and how payments actually work at the operator level. Everything published here is written from the perspective of someone who has to act on the information.
An operator runbook for refund controls: the chargeback double-pay trap, refund-vs-void-vs-chargeback decisions, refund fraud, and refund reconciliation.
Day-2 operations runbook for marketplaces: split-payment funds flows, seller payouts and holds, negative balances, reserves, split refunds, and disputes.
How operators actually accept payments in Egypt: routing across cards, Meeza, InstaPay, Fawry, wallets, and cash — and reconciling the lot.
When an AI agent holds the card, the operator's job is controls: scoped mandates, spending limits, kill-switches, and audit. A governance guide.
An approved authorization is a hold, not settled money. The operator guide to the card lifecycle: authorization, capture, clearing, settlement — and the gaps.
A live fraud spike is an attack in progress, not a metric. An incident-command runbook to confirm, classify, contain with reversible controls, and recover.
The payment stack is a map of who you contract with, who holds your money, who carries liability, and who you call when a payment breaks — not a glossary.
The merchant you approved drifts. A lifecycle playbook for risk-tiering, re-screening, monitoring signals, graduated response, and offboarding.
When a payout fails, localize the failed leg, never blind-retry, and use idempotency to avoid paying twice. An operator runbook for outbound-money failures.
Promo and referral abuse games growth rewards by exploiting eligibility, not stealing cards. An operator playbook for signals, controls, and response.
When a PSP or acquirer degrades, every second is failed payments. A runbook to detect the outage, fail over cleanly, and recover without double charges.
Operator runbook for stablecoin on/off-ramp failures: localize the failure to a leg, capture tx hash and chain, and why on-chain sends are irreversible.
Operator reference for the ISO 20022 camt investigation messages — camt.056, camt.029, camt.110, camt.111 — and how scheme scope changes their use.
Operator guide to Australia's A2A rails: the NPP real-time rail, PayTo (the NPP Mandated Payments Service), centrally-held mandates, and BECS migration.
Operator reference comparing PSP, PayFac, acquirer, aggregator/marketplace, and MoR models: who holds the merchant account, onboards, owns risk, and settles.
A KPI scorecard for SCT Inst health: initiation, timeouts, rejections, recalls, reconciliation, and VoP — with operator-set targets and fixed scheme deadlines.
Operator guide to Mexico's SPEI rail: Banxico-operated real-time A2A transfers, CLABE routing, irrevocability, refunds as new transfers, and PSP due diligence.
Field-level reference for Stripe and Adyen settlement files: the universal object model, balance_transaction vs pspReference, and which IDs to persist.
Capture and structure CE 3.0 evidence before a Visa 10.4 fraud dispute arrives: matching data elements, the prior-transaction logic, and a readiness scorecard.
Field-by-field mapping of MT103 to ISO 20022 pacs.008 for payment operators: UETR, EndToEndId, party fields, charges, and post-migration investigation flow.
Operator runbook for PSP reconciliation breaks: three-way match, per-PSP ID chains, 10 settlement-mismatch types with causes and fixes, plus escalation steps.
Operator runbook for SCT Inst rejections, timeouts, returns, and recalls — pacs.002 status handling, action per failure class, and bank escalation checklists.
Every SEPA R-transaction reason code — reject, return, refund, reversal, refusal, recall — across SCT, SCT Inst, and SDD, with what each means for operators.
What VoP and CoP results mean — Match, Close Match, No Match, Not Possible — the EU's four codes, the UK's reason codes, and how operators handle each.
Operator runbook for tracing delayed SWIFT payments: UETR format, gpi Tracker status codes, stall-point triage, and what to ask your bank.
You have a PSP shortlist. How to evaluate finalists: score across 8–12 dimensions, run proof-of-claim tests, and disqualify before the contract.
How operators manage recurring billing: MIT credential setup, network tokens, direct debit mandates, retry logic, and involuntary churn recovery.
Steps to exit Visa VAMP monitoring: confirm the TC40/TC15 ratio, stop it from worsening, and run parallel fraud and dispute remediation.
OUR, SHA, and BEN are SWIFT charge instructions that set who pays correspondent bank fees. SHA is the default — and why B2B invoices often arrive short.
How foreign operators accept payments in South Korea — the local-PG requirement, KakaoPay/Naver Pay, FSC-regulated MDR, and data-residency rules.
How foreign operators accept Alipay, WeChat Pay, and UnionPay. PBOC licensing realities, CIPS for B2B CNY settlement, and 2024–2026 regulatory changes.
Accept payments in Indonesia: QRIS (one QR for GoPay, OVO, DANA), BI-FAST, MDR rates, and the licensed-aggregator entry path foreign operators must use.
Chargeback management compared by operating model: network pre-dispute alerts (Verifi, Ethoca), representment automation, managed recovery, and in-house.
Direct debit payments explained for operators: mandates, ACH, SEPA SDD, Bacs, eGIRO, returns, disputes, timing, and when to use each rail.
Sift, Forter, Riskified, Signifyd, and Kount compared by operating model: guarantee, managed decisioning, and risk scoring — which fits your fraud operation.
Recurring payment rails compared for operators: card mandates, direct debit, A2A/VRP, and wallet billing — mechanics, risks, and when to use each.
SWIFT payment processing explained for B2B operators: MT103, ISO 20022 migration, gpi tracking, correspondent fees, timelines, and alternatives.
Fraud operations scorecard with 18 KPIs across loss, detection, friction, efficiency, model quality, and chargeback spillover.
The 15 payment routing metrics that matter: auth rate, failover, cost efficiency, latency, and recovery — the operator scorecard for routing teams.
Decision framework for multi-currency treasury: where to hold balances, when to convert, when to hedge, and where specialist platforms and virtual IBANs fit.
A scorecard for dispute and risk teams: 16 KPIs across compliance, operational, outcome, quality, and cost — with targets, cadence, and escalation logic.
A multi-axis decision matrix for choosing a PSP class by volume, operating model, and geography — before comparing individual providers.
Mastercard Mastercom dispute categories — all 7 codes, cardholder filing windows, merchant response deadlines, and ECP/HECM thresholds as of 2026.
Reference for Pix, UPI, SPEI, PromptPay, PayNow, NAPAS 247, InstaPay, and DuitNow: MDR model, settlement, identifiers, and cross-border readiness.
A full chargeback costs 2–3x the transaction value when you account for lost goods, representment labour, VAMP thresholds, and reserve impact.
Complete reference for Visa Claims Resolution codes — all four categories, workflow assignment, filing deadlines, and 2024–2026 consolidations.
APP fraud exploits real-time rail irrevocability. UK mandatory reimbursement live since October 2024 means operators face direct liability on both sides.
Stripe dominates online and SaaS; Square dominates card-present retail and SMB. Here's how to choose based on your business model, not feature checklists.
DORA has applied since January 2025. Payment institutions, e-money institutions, and AISPs are all in scope. What compliance actually requires in production.
LCR is an RBA mandate for dual-network debit cards in Australia. Cost-based routing across card, A2A, and domestic scheme rails: the math and implementation.
MDR is a five-layer stack, not a single fee. What each layer is, who pays whom, what's negotiable, and how to decompose your own processing statement.
MCP, Stripe Agent Toolkit, Visa TAP, and Mastercard Agentic Tokens: four-layer stack covering protocol, PSP, and network layers for agentic commerce operators.
ML compresses merchant onboarding from days to minutes. Document AI, UBO extraction, risk scoring, and straight-through processing logic at PSPs and PayFacs.
SEPA payments explained for operators: SCT, SCT Inst, and SDD Direct Debit, with scheme coverage, timing, fees, and merchant use cases.
PayNow can't pull recurring. UPI AutoPay tripled in one year. Pix Automático launched June 2025. What each market's recurring billing rail delivers.
VRP: standing-consent bank pulls, no interchange, no expiry. UK mandated sweeping VRP in 2022; commercial merchant VRP rolling out through 2026–2027.
MIT flagging avoids SCA on recurring charges. Most operators assume it works automatically. Four implementation gaps driving European decline spikes.
A fraud model dropped 95% to 87% accuracy in eight months. Chargebacks arrive 60–120 days late. What production payment ML actually requires to stay accurate.
AI adds exception triage, narrative generation, and mapping to reconciliation but doesn't replace deterministic matching. What changes and what doesn't.
51 new PCI DSS 4.0 requirements enforced March 31, 2025. First assessment cycles are finishing. The eight failure patterns showing up most in production.
PayPal's 440M-user network converts better in some demographics; Stripe Billing handles the full subscription lifecycle. How SaaS operators should choose.
Static routing rules freeze yesterday's PSP performance. ML routing learns from authorization outcomes to continuously optimise cost, auth rate, and latency.
The EU AI Act is live. Fraud scoring is not automatically high-risk; BNPL credit scoring likely is. Correct classification for every major payment AI use case.
Multi-acquirer routing is a tactic; orchestration is the infrastructure enabling it. When to use both, what routing strategies work, and the hidden complexity.
Visa VTS and Mastercard MDES tokens are portable and auto-update; PSP tokens are processor-locked. Auth-rate and portability trade-offs for multi-PSP operators.
The PSP contract clauses most operators sign without reading: the terms that shift liability, lock up cash, limit exit options, and cost more than expected.
MoR vs PSP: who owns tax remittance and chargeback liability, and when direct PSP beats paying the MoR premium. Decision framework for digital and SaaS sellers.
Visa: VDMP/VFMP retired March 2025, CE 3.0 live October 2025. Mastercard: tightened arbitration, consolidated reason codes. Full dispute map for both schemes.
90–95% TM false positives. LLMs as the third layer: alert triage, SAR drafting, investigator support. Production stack and regulatory constraints.
A 6-12 month migration playbook covering tax registration sequencing, subscription re-authorisation, invoice continuity, chargeback policy transition.
Compare Pix, UPI, SPEI, and PromptPay across confirmation speed, settlement, identifiers, risk controls, and operator trade-offs.
The global chargeback burden hit $33.8B in 2025, but merchants net only 8.1% on representment. Here's where AI automation changes the math and where it doesn't.
BCB Resolution 561, published April 30, 2026, bans Brazilian eFX providers from settling cross-border payments via stablecoin or crypto rails —.
Where PSD3 and PSR stand in 2026: legislative status, the 21-month implementation clock, and an operator checklist for the SCA, fraud, and access changes ahead.
Three orchestration platforms: Spreedly for PSP-agnostic vaulting, Primer for visual workflow builders, Gr4vy for cloud-native flexibility.
148% YoY ATO growth in Q4 2025. Transaction fraud detection misses it — ATO happens before payment. Device intelligence, biometrics, adaptive authentication.
MoR providers absorb VAT, GST, and US sales tax collection and remittance across dozens of jurisdictions. But income tax, corporate filings, transfer.
100ms to authorize or block. Production fraud decisioning — feature stores, model cascades, latency budgets, and the accuracy tradeoff nobody talks about.
Stripe publishes rates, Adyen gates IC++, Checkout.com says contact sales. Compare landed effective cost per dollar — auth-rate gaps dwarf headline fee deltas.
Outgrowing a Merchant of Record is not triggered by a revenue milestone. The real signals are qualitative — enterprise B2B mix and compliance maturity.
Adyen's unified platform and data advantage versus Worldpay's coverage and pricing flexibility. Enterprise comparison for European acquiring strategy.
Stripe unveiled a foundation model for payments fraud in 2025. Sardine reduced account takeover by 34.8% using behavioral biometrics. Here's what.
Paddle, Lemon Squeezy, Polar & FastSpring compared by tax footprint, coverage, and fit — how to choose the Merchant of Record matched to your seller type.
PayNow Corporate vs PayNow P2P: API-initiated pulls, push-by-UEN, real-time reconciliation — the rail for platform collections and B2B in Singapore.
Visa Intelligent Commerce, Mastercard Agent Pay, and OpenAI's checkout API are live. But 3DS doesn't work for agents, liability is unresolved, and MCC.
Klarna, Afterpay, and Affirm: different merchant fees, consumer networks, and geographic coverage. Operator comparison for checkout BNPL selection.
UK VRP and EU PSD3 promise card displacement for subscriptions — but bank coverage gaps, commercial VRP delays, and mandate ambiguity complicate the picture.
A breakdown of the clauses in payment service provider contracts that quietly drain merchant margins — and what to negotiate before you sign.
Stablecoins run on 15+ chains with different cost, finality, and regulatory acceptance. Which to accept and which to avoid: Ethereum, L2s, Solana, and Tron.
How payments work in Saudi Arabia for operators: Mada debit (95%+ of cards), SARIE instant transfers, STC Pay — and the SAMA licensing or local-acquirer path.
Most 'AI for finance ops' pitches are vapor. Reconciliation and exception matching is one area where LLMs genuinely work — but only for specific.
Stablecoin B2B payments: six stages, each with its own provider, cost, settlement window, and failure mode. Full anatomy from fiat-in to fiat-out.
From fraud scoring to dynamic routing, AI is now embedded in every layer of the payments stack. Here's where it's working, where it's hype, and what's.
How USDC and USDT are becoming genuine settlement infrastructure for cross-border B2B payments, and what the custody, regulatory, and FX dynamics mean.
M-Pesa has grown from a closed-loop Kenyan wallet to a multi-country network with interoperability mandates and API access. What operators need to know.
Travel Rule, wallet-address sanctions screening, and chain analysis: the compliance layer stablecoin operators need that traditional payment operators don't.
ML fraud models outperform rules on aggregate metrics. But rules still win on regulatory explainability, instant deployment, and edge cases where.
Synthetic identities pass verification, build credit history over months, then bust out. How the fraud pattern works and what ML signals actually catch it.
FX markup on international card acceptance is rarely disclosed but often the largest variable cost. What drives the spread and how to negotiate it down.
RBI's card-on-file tokenization rules ended raw PAN storage in India. How network tokenization works for recurring payments and aggregator compliance.
MiCA, MAS, and the GENIUS Act define payment stablecoin compliance across the major jurisdictions. Overlap, divergence, and cross-border operator implications.
1% auth rate uplift on $1B GMV recovers $10M. Most merchants leave it on the table. Network tokens, intelligent retries, BIN routing, soft-decline recovery.
e-CNY has processed $986 billion in transactions. mBridge reached Minimum Viable Product in 2024. The digital euro is in preparation phase. Here's what.
Vietnam's NAPAS 247 instant rail and VietQR standard are maturing fast, but foreign operators need an SBV intermediary license or a licensed local partner.
How Thailand's PromptPay became the blueprint for instant payment infrastructure across Southeast Asia, and what other markets can learn from its.
Strict liability, not a compliance warning. How OFAC, EU, and UN sanctions list screening works, where the gaps appear, and how to build a defensible programme.
Regulation (EU) 2024/886 makes euro PSPs offer instant credit transfers at standard prices with IBAN/name checks. The full operator compliance timeline.
Surcharging and convenience fees: what each is, where each is permitted, how to implement within scheme rules, and whether the margin math actually works.
JPM Coin and Citi Token Services are bank deposits on blockchain. Different regulatory treatment, bankruptcy standing, and operator access from stablecoins.
Cross-border B2B receivables break at the infrastructure level: SWIFT delays, memo truncation, FX timing, reconciliation gaps. What modern AR needs.
On-chain settlement is cheap. The fiat on-ramp and off-ramp are where real cost lives. Provider landscape, corridor math, and round-trip economics vs SWIFT.
First-party fraud now dominates dispute volume at most e-commerce merchants. Why it's growing, who commits it, and the playbook for evidence-based defence.
One auth rate point is a revenue number, not an engineering metric. How to calculate what it's worth, what drives declines, and which interventions move it.
Embedded finance is a $7 trillion opportunity in the US alone by 2026. But the infrastructure requirements — BIN sponsorship, ledger architecture, KYB.
InstaPay vs PESONet for Philippine payouts: real-time low-value vs batch high-value clearing, disbursement-API routing, and EMI vs bank-partner trade-offs.
3-D Secure 2 reduces fraud but adds checkout friction that taxes authorization and conversion — how operators measure and manage the authentication cost.
MDR = interchange + scheme fees + acquirer margin. Scheme fees alone hold 30+ line items, up 20–30% since 2019. What operators can actually do about it.
Stablecoin treasury requires decisions traditional treasury doesn't: custody model, key architecture, hot/cold tiering, insurance, and segregation of duties.
Both launched as central-bank-mandated real-time payment systems. Pix hit 160M users in 18 months. CoDi is effectively dead. The delta isn't luck —.
Not a feature comparison — a decision framework based on operator archetype. Marketplaces, SaaS platforms, enterprise global expanders, and high-volume.
Card testing validates stolen credentials against your payment endpoint. Auth costs, fraud signals, and VAMP exposure — attack anatomy and operator defence.
Reserve due diligence for USDC, USDT, PYUSD, and USDe: composition, custodian concentration, maturity profile, off-balance-sheet exposure, and timing flags.
How payments actually work in Japan: JCB and global cards, PayPay and QR wallets, konbini cash, and what cross-border operators need to accept them locally.
Rolling reserves and settlement timing are capital your PSP holds — not line items. How to calculate the real cost and which contract terms move the number.
The average merchant contests fewer than 20% of eligible chargebacks and wins less than half of those. Here's the dispute lifecycle, evidence.
USDC, USDT, PYUSD, and USDe: reserve backing, regulatory standing, and redemption mechanics compared for acceptance, treasury, and settlement use cases.
Correspondent banking chains, opaque FX markups, and two-day settlement lags persist in B2B cross-border payments despite fintech's decade-long assault.
Pure-play card acquirers face structural margin compression: interchange caps expanding, network fees rising, real-time rails eating volume. Why Stripe.
Visa replaced VDMP and VFMP with VAMP in April 2025. The new threshold model, enforcement triggers, and what acquirers and merchants need to do differently.
1:1 reserves, monthly attestations, OCC or Fed oversight — what the GENIUS Act changes for operators using USDC, USDT, and PYUSD in US-facing payment flows.
Blended pricing hides the acquirer margin; interchange-plus exposes it. What each model costs, who each suits, and whether switching moves your effective rate.
Southeast Asia's digital wallet market is fragmenting by country, consolidating by regulation, and being forced open by QRIS and interoperability.
Token portability, file-format lock-in, and termination clauses: where PSP switching costs accumulate. Practical guide to preserving exit optionality.
UPI processed 228 billion transactions worth $3.6 trillion in 2025. Here's what the architecture, MDR debate, and global expansion actually mean for.
Grab's evolution from ride-hailing to financial super-app is the defining fintech story in Southeast Asia — and the unit economics finally support the.
VTS and Mastercard MDES deliver 6% auth improvement and up to 30% fraud reduction. Most operators are still running PSP-only tokens that deliver neither.
Stablecoins are replacing SWIFT in specific cross-border corridors where correspondent banking is slow, expensive, and unreliable. A.
PSP pricing isn't fixed after signing. Operator leverage after year one and what to actually negotiate: interchange-plus, reserve release, and SLA penalties.
An analytical comparison of USDC and USDT across reserve transparency, regulatory posture, liquidity depth, and on-ramp availability for corporate.
Mexico received $64.7 billion in remittances in 2024, making the US-Mexico corridor the largest in the world. Here's how the infrastructure works, why.
SWIFT gpi improved speed and transparency, but bilateral real-time rail links and project Nexus are challenging its dominance on key corridors.
How KYB's beneficial ownership complexity, UBO screening requirements, and orchestration tooling differ from KYC — and what that means for embedded.
PIX has processed over 196 billion transactions since 2020 and redefined merchant economics across Brazil. Here's what operators need to know before.
UK Pay by Bank passed 350M payments and cVRP is live. EU PSD3 is agreed but bites in 2028. A market-by-market look at open banking payment adoption.
Klarna's S-1 reveals a business that's grown into profitability but carries structurally thin margins, credit loss sensitivity, and a regulatory.