Fraud prevention is a real-time optimisation problem; compliance is a structural obligation. Both require deliberate investment, and operators who treat either as a cost centre consistently underinvest until the cost surfaces as a crisis. The gap between acceptable chargeback rates, AML obligations, and KYB requirements is where underprepared operators get terminated or sanctioned.
Fraud
Detection models, velocity checks, behavioural biometrics, 3DS2 friction trade-offs, and the rule-engine vs ML hybrid architectures that determine your real-time decline rate.
Chargebacks
Representment economics, Visa VAMP and Mastercard ECM thresholds, dispute infrastructure, and the operational discipline that separates acceptable loss from terminated MID.
Regulatory Frameworks
PCI DSS 4.0, KYC and KYB obligations, AML monitoring, PSD3/PSR, and the regional variants — what is enforced versus what is published, and where the next compliance shift comes from.
The operator question What breaks first if you underinvest here — your acceptance rights, or your licence to operate?
EU Parliament's ECON Committee approved PSD3 (55–3–5) and PSR (50–2–2) on May 5, 2026. Plenary expected late May. OJ publication targets June/July. The 21-month implementation clock starts at publication — operators have ~24 months total.
How 3DS2's challenge flow mechanics, issuer threshold decisions, and liability shift rules create measurable conversion costs that operators need to actively manage.
The average merchant contests fewer than 20% of eligible chargebacks and wins less than half of those. Here's the dispute lifecycle, evidence requirements, and when representment programs actually pay off.
How KYB's beneficial ownership complexity, UBO screening requirements, and orchestration tooling differ from KYC — and what that means for embedded finance platforms at scale.