Alex is Sprintlaw’s co-founder and principal lawyer. Alex previously worked at a top-tier firm as a lawyer specialising in technology and media contracts, and founded a digital agency which he sold in 2015.
If you sell online or plan to scale your ecommerce business, you’ve probably seen the term “merchant of record” come up alongside payment gateways, marketplaces and global expansion.
Put simply, the merchant of record (MoR) is the party legally responsible for processing a customer’s payment. That sounds straightforward, but it has big implications for taxes, refunds, chargebacks, compliance and how you structure your customer contracts.
In this guide, we’ll unpack what an MoR is, how the model works in Australia, when it makes sense for a small business to use one, and the key legal responsibilities to get right from day one.
What Is A Merchant Of Record?
The merchant of record is the entity that appears on your customer’s card statement and is legally accountable for the transaction. The MoR:
- Contracts with the payment processor and acquiring bank
- Collects funds and remits them (minus fees) to the seller or retains them if the MoR is the seller
- Manages chargebacks, refunds and disputes
- Is responsible for tax collection and invoicing for the sale in many scenarios
- Must comply with payment, consumer and data laws relevant to the transaction
Merchant Of Record vs Payment Service Provider
It’s easy to confuse an MoR with a payment service provider (PSP) or payment gateway. A PSP facilitates card payments (think: technology and rails), while an MoR takes on the legal responsibility for the sale itself.
Sometimes the seller is their own MoR (for example, your company uses a PSP to process payments but you’re the merchant on record). Other times, a third-party MoR stands in between you and the customer and becomes the contracted merchant for the transaction.
Where You’ll See MoR In Practice
You’ll commonly see MoR structures in:
- Digital marketplaces where the platform is the MoR for customer purchases
- SaaS and subscription platforms offering “payments as a service” with MoR included
- Global ecommerce expansion tools that handle local taxes and currency as MoR
How Does A Merchant Of Record Model Work?
There are two main models to consider.
1) You As The Merchant Of Record (In-House)
Here, your business is the named merchant on the receipt. You contract with a PSP or acquiring bank, set up your merchant account, and take responsibility for tax, invoicing, chargebacks and compliance.
This offers control and often lower per-transaction fees at scale, but you wear the administrative load and risk management.
2) Third-Party Merchant Of Record
In this model, a third party becomes the merchant for your sales. They process payments, issue invoices to customers (often in their name), handle refunds and disputes, and remit net proceeds to you. Many “sell globally” providers operate on this basis and may also take care of multi-currency pricing and local tax settings.
This reduces operational burden and can speed up market entry, but you’ll usually pay higher fees and must align your customer journey and terms with the MoR’s process.
Subscriptions, Surcharges And Payment Methods
If you sell subscriptions, decide whether you or a third party will be the merchant for recurring charges and how you’ll manage cancellations, renewals and grace periods. If you offer direct debit or BNPL, ensure your arrangements comply with Australian rules on recurring billing and authorisations, and understand the rules around direct debit laws.
Should Your Small Business Use A Merchant Of Record?
There’s no one-size-fits-all answer. Use these questions to help you decide.
Are You Selling Cross-Border?
If you’re entering multiple countries quickly, an MoR can simplify tax and compliance, especially where local invoicing or tax registration is complex. In Australia, you still need to think about how GST is handled on sales to Australian customers and how the MoR relationship is documented.
How Sensitive Are Your Payments And Data Obligations?
If you’re not ready to build in-house capabilities for fraud management, chargebacks and card data security, an MoR can reduce this risk. If you plan to store any card data or tokens yourself, make sure you understand your obligations around storing credit card details safely and only collecting what you truly need.
What Margin And Pricing Flexibility Do You Need?
Third-party MoR pricing usually includes a per-transaction fee (and sometimes a percentage cut). Factor this into your unit economics, especially if you also absorb FX slippage, refunds, or platform fees. Being your own MoR can lower fees over time, but budget for compliance and internal resourcing.
How Much Control Do You Want Over Customer Experience?
Being your own MoR lets you tailor your checkout, receipts and refunds, and show your brand on statements. With a third-party MoR, your experience must align with their processes (and sometimes their policies), which can be a benefit or a constraint depending on your strategy.
Legal Responsibilities In Australia If You’re The Merchant Of Record
Whether you handle MoR in-house or work with a third party, Australian laws still apply to your business. Here are the major areas to cover.
Australian Consumer Law (ACL) And Refunds
The Australian Consumer Law (ACL) applies to most business-to-consumer sales. If you’re the MoR, your customer obligations sit with you, including consumer guarantees, refunds, misleading and deceptive conduct rules, and honest pricing. Ensure your refund and warranty processes align with the ACL and that any platform or MoR arrangements don’t undermine those rights. If you need tailored guidance on your scenario, speak with a consumer lawyer.
GST, Invoicing And Tax
If your Australian business is registered for GST, you’re responsible for collecting GST on taxable supplies to Australian customers and issuing valid tax invoices. If a third-party MoR is issuing invoices to your customers, make sure the documentation clearly shows how GST is handled and that your contract covers settlement, tax and reconciliation responsibilities.
For international sales, check who is the deemed supplier for local VAT/GST and how taxes are collected and remitted. Even with a third-party MoR, you may have Australian tax reporting or transfer pricing considerations-get tax advice early.
Payment Compliance, Chargebacks And Surcharging
As MoR, you’ll manage chargebacks and dispute evidence. Make sure your checkout clearly discloses key terms, fees and delivery timeframes. If you surcharge for card payments, ensure your surcharge complies with Australian rules (it must not exceed your cost of acceptance and must be disclosed clearly).
Privacy And Data Protection
If you collect personal information from customers, you’ll likely need a clear, compliant Privacy Policy and processes that align with the Privacy Act 1988 (Cth). If you use analytics, third-party payments or cross-border data transfers, map your data flows and ensure you have a lawful basis for collection and sharing.
If you engage an MoR provider who processes customer personal information on your behalf, a Data Processing Agreement (or equivalent privacy terms) should set out roles, security standards and data breach notification steps. Only collect what you need and avoid handling raw card data unless you absolutely must.
Online Trading, Website And Platform Terms
Your public-facing terms must match how you actually sell. If you are the MoR, your site should include current Website Terms and Conditions, a transparent checkout process and a clear returns policy that matches the ACL.
For B2B sales, use robust Terms of Trade that cover payment terms, delivery, risk and liability. If you sell subscriptions, ensure your auto-renewal wording, notice periods and cancellation rights are easy to find and written in plain English.
Security And Incident Response
While payment security standards (like PCI DSS) are industry frameworks rather than Australian statutes, regulators expect you to implement reasonable safeguards. Have a data breach plan, use tokenisation where possible, and ensure you can act quickly if a provider suffers an incident. Your agreements should require prompt notice and cooperation in the event of a breach.
AML/KYC And High-Risk Products
Some payment flows trigger anti-money laundering and know-your-customer (AML/KYC) obligations under AUSTRAC’s regime (for example, certain remittance or stored value models). Many third-party MoR providers build this in, but you should still check your obligations based on what you sell and to whom.
Payment Methods And Emerging Tech
If you accept alternative payment methods, ensure you’ve thought through legal and compliance implications. For example, if you’re considering digital assets at checkout, start with a practical overview of accepting cryptocurrency payments in Australia and how you’ll handle refunds, volatility and tax records.
Essential Contracts And Policies For A Merchant Of Record Setup
Strong documents won’t just tick a compliance box-they’ll reduce disputes, keep cash flowing and protect your brand. Consider the following.
- Customer Terms (Online Or Offline): If you’re the MoR, your customer-facing terms should be clear, fair and consistent with the ACL. For websites and apps, keep your Website Terms and Conditions up to date and accessible at checkout.
- Privacy Policy: Explain what personal information you collect, why, and who you share it with. Link your Privacy Policy in the footer and at data collection points, and ensure your practices actually match your policy.
- Returns, Refunds And Warranties: Align these with the ACL. If you offer voluntary warranties, ensure your wording doesn’t limit mandatory consumer guarantees.
- Terms Of Trade (B2B): For wholesale or B2B sales, use commercial Terms of Trade that set payment terms, interest on overdue amounts, delivery and risk allocation.
- Data Processing Agreement (DPA): Where a third-party MoR or PSP handles customer data for you, a Data Processing Agreement should cover security, sub-processors, breach notifications and data return/deletion on exit.
- Merchant/Platform Agreements: If you are the merchant with a PSP, review your merchant services agreement for fees, reserves, chargeback thresholds and termination rights. If you use a third-party MoR, ensure the commercial agreement clearly covers who is the seller of record, tax handling, settlement timelines, FX, refunds and customer service responsibilities.
- Direct Debit Authorities: If you bill via direct debit or stored payment tokens, ensure your authorities and disclosures meet Australian standards and reflect the direct debit laws that apply to your billing model.
Don’t Forget Operational Policies
Have practical playbooks for fraud review, chargeback responses, customer complaint handling and data breaches. These internal policies help your team apply your contracts consistently and reduce errors that lead to disputes.
Common Pitfalls And How To Avoid Them
Misaligned Terms Between You And The MoR
If your website promises instant refunds but your MoR agreement allows seven days for processing, you’ll cause customer frustration and possible ACL complaints. Align your customer terms with your provider contracts before you go live.
Unclear Tax And Invoicing Responsibilities
When a third party issues invoices in their name, make sure you understand GST treatment for Australian customers and how you’ll reconcile revenue in your accounts. Spell out responsibilities for tax collection, reporting and record-keeping in your agreement.
Over-Collecting Sensitive Data
Collect the minimum personal information you need to fulfil the order. Avoid storing card details yourself unless absolutely necessary, and follow best practice when it comes to storing credit card details or using tokenisation via your PSP or MoR.
Inadequate Disclosure At Checkout
Surprises cause chargebacks. Disclose pricing (including surcharges), renewal terms for subscriptions, delivery windows and any material limitations up front. Keep your returns policy clear and consistent with the ACL.
Ignoring Data Retention And Deletion
Holding onto data “just in case” increases your risk. Set retention periods that reflect legal requirements and business needs, and document how you’ll securely delete data you no longer need. As part of your privacy compliance program, consider your obligations under Australian data retention laws when applicable.
Key Takeaways
- A merchant of record is the entity legally responsible for customer payments, refunds, chargebacks and often tax-this can be you or a third party.
- Using a third-party MoR can speed up global expansion and reduce admin, while running MoR in-house offers more control and potentially lower fees at scale.
- In Australia, you must align your MoR setup with the ACL, GST and invoicing rules, privacy obligations, and fair disclosure at checkout.
- Your core documents should include clear customer terms, a compliant Privacy Policy, B2B Terms of Trade if relevant, a Data Processing Agreement with providers, and robust merchant/platform contracts.
- Avoid pitfalls by aligning your website terms with your MoR agreement, clarifying tax responsibilities, minimising sensitive data collection and making transparent disclosures.
- Getting tailored legal advice early will help you choose the right MoR model, set up strong contracts and stay compliant as you grow.
If you’d like a consultation on setting up your merchant of record model in Australia, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.
