Merchant of Venice – er, of RECORD

Whenever I see the word “merchant”, I think of the Merchant of Venice, a play by William Shakespeare about a guy named Antonio who can’t pay back a loan he took out on behalf of a friend. It’s a memorable story, with characters in disguise and the earliest known use of the phrase, “a pound of flesh.” But how does it relate to a Merchant of Record? Like the title character, the Merchant of Record is working on behalf of someone else. But unlike Antonio, the Merchant of Record is collecting money from consumers, not lending it.

First, we should consider, what is a Merchant of Record? A Merchant of Record is a company that aggregates payments and assumes fiscal responsibility for payment to other service providers. Let’s pretend I have a business called Portia’s Rings and Things, and I make turquoise rings for local craft fairs. I can accept cash easily enough, but I may not have a way to process payments made with credit or debit cards. However, I can use a Merchant of Record, like Square, to accept those payments. The Merchant of Record handles cross-borders payments and international taxes, so I can just concentrate on making rings, and when my customer looks at their statement, the Merchant of Record will be Square, and not Portia’s Rings and Things. (Square does differentiate between their clients on statements, but not all Merchants of Record do.)

Second, why do we care about Merchants of Record? Because the Federal Trade Commission (FTC) is holding them responsible for UDAAP violations and it gives a potential glimpse into this administration’s vision on enforcement. On June 16, 2025, the FTC announced a settlement, agreeing that UK company Paddle.com Market Limited, and its American subsidiary, Paddle.com, Inc would pay $5 million and would be banned from processing payments from tech-support telemarketers. While the FTC usually governs more traditional payment models, this is an example of the agency looking at a more novel model. The FTC used the Restore Online Shoppers’ Confidence Act (ROSCA), as a partial basis for its complaint, which is something we are seeing more often for regulation of sales and recurring payments. The 3-0 decision by the FTC also reflects an expanded interest in confronting foreign companies for harm to US consumers.
Third, what did Paddle do that was so bad? Card payment rules, which do not expressly recognize Merchants of Record, do require merchant aggregators to register as payment facilitators. Paddle failed to do so. This means they were not subject to merchant underwriting and monitoring requirements that other registered facilitators abide by.
Besides failing to register as payment facilitators, Paddle was accused of a raft of violations. (See what I did there?) The settlement did not require Paddle to concede to any of the allegations but the complaint alleged that,

• Paddle opened merchant accounts claiming to be a “merchant of record” or software “reseller,” then used these accounts to process card payments on behalf of numerous, unrelated third-party merchants.
• Paddle enabled overseas schemes to access the credit card system and collect payments from U.S. consumers, and to evade detection by merchant banks and card networks.
   
• Paddle facilitated schemes, like Restoro-Reimage, that allegedly used fake virus alerts and pop-up messages to impersonate familiar brands, such as Microsoft or McAfee.
   
• As the “merchant of record,” Paddle charged consumers for automatically renewing subscriptions without clearly disclosing that consumers would incur recurring charges.

In its allegations, the FTC contended that the Merchant of Record was not a neutral facilitator, but had effectively taken over the legal requirements of its clients by exercising meaningful control over business practices and consumer disclosures. It alleged the Merchant of Record was responsible for consumer protection, know your customer (KYC), and network rules. 

If your credit union uses a Credit Union Service Organization (CUSO) as a payment aggregator, you may want to double check to that it is compliance with all relevant consumer protection laws.