Data Analytics2 July 202613 min read

Merchant Portfolio Analytics: Build Risk & Revenue Intelligence

Most payment facilitators are sitting on a goldmine of merchant data and doing almost nothing with it. Here is how to fix that — and what it is worth when you do.

Merchant AnalyticsPayment FacilitatorsFintechChargeback RiskData Engineering

Merchant portfolio analytics is the practice of systematically extracting risk, performance, and revenue intelligence from the transaction and behavioural data generated by a portfolio of merchants — giving payment facilitators, ISOs, and acquirers a live, actionable view of every account in their book. Done well, it reduces chargeback exposure, surfaces repricing opportunities, and flags merchants heading toward termination before the damage is done. Done badly — or not at all — it leaves you managing risk reactively with a spreadsheet, discovering problems only after card schemes have already noticed them.

If you operate as a payment facilitator or ISO and your primary visibility into your merchant portfolio is a monthly report from your processor, you are not managing risk. You are hoping nothing goes wrong. In 2026, with the merchant acquiring market growing at a CAGR of 10.8% and portfolio complexity multiplying alongside it, that hope is becoming an increasingly expensive strategy.

This post is about what merchant portfolio analytics actually looks like when it is built properly — the data model, the metrics that matter, the alerts that earn their keep, and the mistakes that cost real money.

Why Most PayFac and ISO Analytics Are Broken Before They Start

The failure mode here is predictable, and we see it repeatedly. A payment facilitator grows to a few hundred merchants, then a few thousand. The founding team built a dashboard in Metabase or Looker that pulls from the processor's settlement files. It shows volume, count, and maybe a chargeback rate column. Leadership calls it "the dashboard" and trusts it implicitly.

Then two things happen simultaneously. First, the portfolio complexity outgrows the dashboard — new MCCs, new geographies, SCA in Europe, different decline code taxonomies from different acquirers. Second, someone in risk realises the dashboard is showing yesterday's chargeback rate, not the current dispute velocity, and it has no idea what the underlying transaction mix looks like by card type or issuer. The dashboard that looked like analytics was actually just a settlement summary with a chart on it.

The deeper problem is structural. When one payment data interface defines "acceptance rate" differently than another, your optimisation decisions become guesswork. Multiply that across five processors, three geographies, and two funding models, and you have a portfolio where no two numbers mean the same thing — and where any merchant-level comparison is, at best, directional.

Research found that 65% of merchants do not receive detailed raw response codes on failed payments — which means the majority of payment facilitators are building risk models on top of incomplete decline data from the very first step. You cannot build reliable portfolio analytics without reliable, normalised, raw event data at the transaction level.

Fintech risk analyst reviewing merchant portfolio chargeback and acceptance rate analytics dashboard


📺 Watch: What is an Assignment Agreement on a Merchant Portfolio Buyout?

What is an Assignment Agreement on a Merchant Portfolio Buyout?


The Four Data Layers Every Merchant Portfolio Needs

Merchant portfolio analytics is not one problem — it is four distinct data problems stacked on top of each other. Most teams try to solve layer four without having built layers one through three, then wonder why their risk alerts keep misfiring.

Layer 1 — Transaction-level event data. Every authorisation attempt, every response code, every settlement record, every dispute notification. This is your source of truth. It needs to land in a warehouse (BigQuery or a Redshift equivalent) in near real-time, fully deduplicated, with a consistent schema regardless of which acquirer or processor originated it. If you are landing settlement CSVs once a day and calling it a data pipeline, you are not operating at the granularity you need.

Layer 2 — Normalised merchant master. MCC, business type, risk tier, onboarding date, underwriting score, geographic region, funding model, contractual chargeback threshold. This is the metadata that makes transaction data interpretable. Without it, you cannot segment your portfolio or benchmark one cohort of merchants against another. We often find this data living in three different systems — a CRM, an onboarding tool, and someone's spreadsheet — with no single source of truth and no automated join to the transaction layer.

Layer 3 — Derived metrics in a semantic layer. Chargeback rate by MCC cohort, acceptance rate by card scheme and issuer BIN, decline velocity trends, rolling 30-day fraud rate, average ticket delta vs. onboarding baseline. These should be defined once — in dbt models sitting on top of your warehouse — and served consistently to every downstream consumer: risk dashboards, finance reports, executive summaries. If your risk team and your finance team are computing chargeback rate using different denominators, you have a governance problem that no dashboard can fix.

Layer 4 — Portfolio intelligence products. Alerts, scoring models, cohort benchmarks, repricing signals. This is where the value is visible. But it is only reliable when layers one through three are solid. A risk alert that fires on bad input data is worse than no alert at all — it trains your team to ignore the system.

If you are looking for a practical framework for how to structure these layers, explore how Fintel Analytics approaches this — we have built exactly this stack for payment facilitators operating across multiple acquirers and geographies.

The Metrics That Actually Matter in a Merchant Portfolio

Not all metrics are equal. Here are the ones that consistently surface value in delivery — and the ones that look important but routinely mislead.

Chargeback rate — but measure it right. The Visa and Mastercard thresholds (1% for Visa's standard monitoring programme) are well known. What is less well understood is that the thresholds are calculated on transaction count, not volume — and many PayFac dashboards calculate on volume. A merchant processing £50,000 in one transaction and fifty £20 transactions will look low-risk on volume-weighted chargeback rate and high-risk on count-weighted rate. The card schemes use count. Build both, surface the count-weighted figure as your primary risk signal, and set your internal alert threshold below the scheme threshold — not at it.

Dispute velocity, not just chargeback rate. A merchant's chargeback rate as reported today reflects disputes filed against transactions from 60–90 days ago. By the time a chargeback rate breaches threshold, the underlying problem may have been running for three months. Dispute velocity — the rate at which new dispute notifications are arriving this week compared to the same week last month — is an earlier signal. Build this metric and alert on it at the merchant level, not just at the portfolio level.

Acceptance rate by issuer BIN. A 9%+ acceptance rate increase was achieved for one business after analysing its decline response data and making technical adjustments — translating to exponential revenue gains. At the portfolio level, a systematic decline rate from a specific issuer cluster often indicates a routing configuration issue, not merchant-level fraud risk. Approximately 80 to 90% of payment failures are classified as soft declines — typically caused by minor issues that could be detected earlier with proper analytics. Surfacing these patterns by issuer BIN and MCC combination is one of the fastest ways to recover revenue that is silently leaking from an otherwise healthy portfolio.

Risk delta — the underrated signal. When merchants go through underwriting, most systems assign them a risk score based on dozens of factors. As they sell, grow, and evolve over time, their risk profile changes — and periodic re-underwriting provides new risk scores that can be analysed to determine upward or downward trends. This is a pattern that almost no early-stage PayFac operationalises. They underwrite once at onboarding and never look at the merchant again unless something breaks. A merchant whose average ticket size has tripled, whose transaction mix has shifted from domestic to cross-border, and whose refund rate has doubled is a different risk profile than the one you approved. Build a risk delta model that re-scores merchants monthly and surfaces the outliers.

Residual margin per merchant. This is the metric that converts portfolio analytics from a pure risk function into a commercial one. If you know the interchange cost, the processing fee, the scheme fee, and the funding cost for every merchant, you can compute true per-merchant margin and compare it against the contractual rate you are charging. Internal data can surface discrepancies between clusters of similar merchants — for example, noticing that medical clinics pay a higher rate than dental clinics with a similar risk profile, and using that gap to drive a targeted repricing exercise.

Data engineer building dbt models for merchant portfolio risk and settlement analytics in BigQuery

What a Production-Ready Merchant Portfolio Analytics Stack Looks Like

In delivery, the architecture that performs reliably at Series A through Series B scale — typically 500 to 10,000 merchants, two to five acquirer connections — looks like this:

Ingestion. Event-driven pipelines from each acquirer and processor into a central warehouse. Where real-time event streams are available (webhooks, Kafka), use them. Where only batch files are available (most legacy processors), land them hourly, not daily. The difference between hourly and daily dispute notification ingestion is the difference between catching a fast-moving fraud event in the morning and finding out about it the following afternoon.

Transformation. dbt models that normalise across processor schemas, compute the metric layer, and apply business rules. Chargeback rate calculation, risk score computation, issuer BIN enrichment — all defined in SQL, version-controlled, tested. If a metric definition changes, it changes in one place and propagates everywhere. This is the single-source-of-truth principle applied concretely.

Serving. A BI layer — Holistics, Looker, or equivalent — that gives risk analysts, account managers, and leadership access to merchant-level and portfolio-level views without requiring them to write SQL. Role-based access matters here: your account managers should see their own merchant cohort; your risk team should see the full portfolio with alert queues; your leadership should see the aggregate view without being overwhelmed by transaction-level noise.

Alerting. Programmatic alerts fired from dbt tests and scheduled queries — not from a dashboard that someone has to remember to open. A merchant whose dispute velocity has increased 40% week-on-week should trigger a Slack notification to the risk analyst and a task in your CRM. An acceptance rate drop of more than five percentage points from a rolling 30-day baseline should flag for technical review. These alerts should have documented thresholds, owners, and SLAs — not just exist as ideas.

A pattern we see repeatedly in early-stage PayFacs is that the alerting infrastructure gets built last, after the dashboards. In practice, the alerts are where most of the day-to-day operational value lives. Build them second, not last.

For relevant context on building the underlying payment data infrastructure that feeds this stack, our post on PSP Data Analytics: Build Intelligence Into Your Payment Stack covers the ingestion and normalisation layer in detail.

The Real Cost of Not Building This

In our work with payment facilitators and acquiring businesses, the cost of not having merchant portfolio analytics rarely shows up as a single catastrophic event. It accumulates quietly.

A merchant operating a subscription model shifts their billing cycle and their average ticket size doubles. Nobody notices until the chargeback rate breaches the Visa threshold three months later and the remediation plan requires a dedicated resource for six weeks. That is a recoverable problem — but a preventable one.

A cohort of 80 merchants onboarded in the same quarter, in the same MCC, are all being charged a processing rate that is 15 basis points below where market pricing has moved. That rate was set at onboarding and never revisited. The revenue difference, at £2 million monthly volume across the cohort, is £3,600 per month — or £43,200 per year — gone silently. No alert fires. No dashboard shows it. Nobody knows.

We rebuilt a reconciliation process for one payments business that was taking 30–50 minutes to run manually each morning — it was rebuilt as an automated SQL pipeline and now completes in under 3 seconds, giving the operations team an hour of analytical capacity back every single day. Applied to merchant portfolio management, that kind of infrastructure shift turns reactive firefighting into proactive portfolio stewardship.

As of 2025, U.S. merchants lose an average of $5.75 for every $1 lost to fraud — a figure that reflects not just the direct loss, but the investigative, operational, and compliance overhead that surrounds it. For a PayFac with sub-merchant liability, that multiplier applies to every merchant in your portfolio who slips through without adequate monitoring.

Frequently Asked Questions

Q: What is merchant portfolio analytics?

A: Merchant portfolio analytics is the systematic use of transaction, dispute, and underwriting data to monitor the risk, performance, and profitability of every merchant in a payment facilitator or ISO's portfolio. It typically includes chargeback monitoring, acceptance rate analysis, risk re-scoring, and revenue margin tracking — built on a data warehouse and served through role-specific dashboards and automated alerts.

Q: What metrics should a payment facilitator track for each merchant?

A: The most operationally critical metrics are: chargeback rate (count-weighted, not volume-weighted), dispute velocity, acceptance rate by issuer BIN, risk delta versus onboarding baseline, and net residual margin. Secondary metrics include refund rate, average ticket size drift, cross-border transaction mix, and scheme fee exposure. The exact set should be driven by your risk appetite and business model.

Q: How often should merchant risk scores be refreshed?

A: Monthly re-scoring is the practical minimum for an active portfolio. High-volume or high-risk merchants should be scored weekly. Risk scores built only at onboarding and never updated are a false assurance — merchant behaviour, transaction mix, and business model all evolve, and your scoring should reflect that.

Q: What data do I need to build merchant portfolio analytics?

A: At minimum: transaction-level event data from every acquirer connection (authorisations, declines, response codes, settlements), dispute and chargeback notifications, merchant master data (MCC, risk tier, onboarding date, contractual terms), and scheme fee reports. Ideally this lands in a centralised warehouse with a consistent schema applied at ingestion — not normalised manually in spreadsheets downstream.

Q: When does a payment facilitator need a proper data warehouse for merchant analytics?

A: Earlier than most teams think. Once your portfolio exceeds 200–300 active merchants across more than one acquirer connection, spreadsheet-based portfolio monitoring becomes unreliable — the join complexity, update frequency requirements, and alert logic cannot be maintained manually. That is typically the point at which a warehouse, a transformation layer, and structured alerting deliver a clear return on investment.

At Fintel Analytics, we have helped payment facilitators and acquiring businesses at every stage from Series A to post-Series B build the merchant portfolio intelligence their risk, commercial, and executive teams actually need — from raw data ingestion through to live dashboards and automated risk alerting. If your portfolio is growing faster than your visibility into it, that is a solvable problem — and the cost of solving it is a fraction of one undetected chargeback wave.

New from Fintel Analytics

Fintel Insight — AI audit of your data stack

Connect your GitHub or warehouse and get a scored report across cost, quality, security, and code health in under 10 minutes, with actionable recommendations to fix what matters most. $99 flat, data never stored, GDPR compliant.

Get your data audit →

Work with Fintel Analytics

Ready to unlock the value in your data?

We work with businesses globally to design and deliver data solutions that drive real, measurable results — from strategy through to production.

Book a free data strategy consultation →