All Playbooks

PLAYBOOK · ADULT · UK / EU

Card Acquiring for UK and EU Adult Content Platforms
Online Safety Act and DSA aligned

Adult content is a card-scheme registered high-risk category under Visa's Integrity Risk Programme (VIRP Tier 1) and Mastercard's Specialty Merchant Registration. Since 17 January 2025, UK Part 5 providers must operate highly effective age assurance under the Online Safety Act, and EU platforms must satisfy DSA Article 28 minor-protection duties. Acquirers will only underwrite once both regimes are evidenced inside the application file.

Check Your Approval OddsFree · No sign-up

WHY THIS COMBINATION IS HARD

What goes wrong when generalist acquirers see this profile.

VIRP Tier 1 plus Mastercard SMR registration

Adult content sits in Visa's Integrity Risk Programme as Tier 1, the highest-scrutiny bracket, and on Mastercard's Specialty Merchant Registration list. The acquirer must hold an adult programme, pay the annual registration fee per merchant outlet and submit control-assessment evidence. Generalist acquirers will decline rather than start that file.

Online Safety Act Part 5 highly effective age assurance

Since 17 January 2025, UK services that publish their own pornographic content must operate highly effective age assurance and acquirers now ask to see which method is live (facial age estimation, photo-ID with liveness, open banking, digital ID or credit-card check). Self-declaration and a card-on-file check alone fail Ofcom's threshold and will fail underwriting.

DSA Article 28 and national minor-protection rules

EU platforms hosting adult content fall inside DSA Article 28 child-protection duties, plus member-state rules such as Germany's JMStV/KJM age-verification approval and France's ARCOM age-verification referential. Acquirers underwriting EU adult traffic require evidence the platform is compliant in each material market or geoblocked from it.

MCC 5967 and aggregation risk

Direct response adult content is coded MCC 5967 (Direct Marketing - Inbound Teleservices Merchant) which itself triggers enhanced monitoring. Acquirers will not allow you to hide adult flow under MCC 7995, 5816 or a non-adult MCC, and any attempt to mis-MCC is treated as transaction laundering and grounds for immediate termination.

VAMP exposure on rebill and trial models

Under Visa's Acquirer Monitoring Programme (VAMP, replacing VDMP/VFMP from 2025) the combined fraud-plus-dispute ratio is monitored at portfolio level. Adult subscription and free-trial models historically run hot on TC40 fraud and CB4853 'cancelled recurring' chargebacks, so acquirers want documented cancellation, free-trial disclosure and refund flows before they will quote.

Content-moderation evidence is now an underwriting line

Following the 2020-2021 scheme interventions on user-generated adult platforms, acquirers underwriting UGC adult require documented performer-ID verification (2+ government IDs plus consent records), takedown SLAs, hash-matching against known CSAM databases and proof you operate under a recognised standard such as the IWF or NCMEC reporting flow. No moderation policy file means no quote.

WHAT TO EXPECT

Realistic terms for this combination.

ROLLING RESERVE

10-15% rolling over 180 days is the typical opening position; UGC platforms or free-trial models can see 15-20% over 180-270 days

SETTLEMENT

T+7 to T+14 weekly; some EU acquirers run bi-weekly until 6 months of clean history

MCC CODES

5967 (direct marketing adult), 7841 (video tape rental - legacy studio), 5816 (digital goods - only where adult is incidental and segregated)

Scheme reporting: VIRP Tier 1 registration fees and control assessments on the Visa side; Mastercard SMR registration plus excessive chargeback monitoring under ECM/ECP. VAMP fraud-plus-dispute ratio is monitored monthly and adult merchants are expected to stay under 0.65% (above-standard) and well clear of the 1.5% excessive threshold.

ACQUIRER LANDSCAPE

Who actually underwrites this combination.

The pool is narrow: a handful of EU credit institutions with established VIRP Tier 1 adult programmes (mostly Netherlands, Malta and Cyprus headquartered), UK e-money institutions that white-label onto one of those bank BINs, and specialist offshore acquirers in Curacao or the Caribbean for non-EEA traffic. Generalist UK acquirers - including most high-street bank merchant services and the large independent acquirers - exclude adult content by category in their underwriting policy, so applications there are wasted weeks. The viable acquirers expect documented OSA Part 5 age assurance, content moderation, performer verification and a VIRP registration budget before pricing.

HOW ICETREE APPROACHES IT

Our approach for merchants in this combination.

  • We pre-screen against acquirers that hold a live VIRP Tier 1 adult programme and a Mastercard SMR adult registration, so the application starts inside the policy rather than fighting it.
  • We package the Ofcom Part 5 age-assurance evidence (method, vendor, audit logs) and DSA Article 28 documentation into the underwriting file in the format adult-programme underwriters expect.
  • For UGC platforms we structure the performer-ID, consent-record and takedown SLA evidence pack up-front, which is now the single biggest cause of decline at file review.
  • We negotiate the rolling reserve and release schedule against your actual TC40 and chargeback profile rather than the category default, with step-down review at 3 and 6 months.
  • We split traffic by geography where it improves economics - for example UK and DACH on an EU bank acquirer with the right age-verification stack, rest-of-world on an offshore acquirer - rather than forcing one acquirer to take everything.

FAQ

Common questions answered.

Ofcom does not run a licence register for Part 5 services - the duty applies automatically if you publish pornographic content accessible from the UK. What acquirers want is evidence that highly effective age assurance is live, which method you use (facial age estimation, photo-ID with liveness, open banking, digital ID or credit-card check) and your audit log. Self-declaration or a tickbox alone will not pass underwriting.

Yes, credit-card verification is on Ofcom's non-exhaustive list of methods capable of being highly effective, but it has to be a genuine credit (not debit) card check with the issuer and supported by the rest of your safeguards. Most acquirers prefer to see it combined with a second method such as facial age estimation, because credit-card-only checks are weak against shared-household card use.

A new adult merchant on an EU acquirer typically opens at a 10-15% rolling reserve held for 180 days, released on a 30-day trailing basis. UGC platforms, free-trial offers and high-rebill subscription models open higher, often 15-20% over 180-270 days. Clean TC40 fraud data and chargeback ratios under 0.65% are the lever for step-down reviews at 3 and 6 months.

Yes, but the underwriting file has to evidence the controls explicitly: two government-issued IDs per performer, signed consent and content-licence records, a documented takedown SLA (typically 7 days for disputed content, 24-48 hours for flagged CSAM risk), hash-matching against PhotoDNA or equivalent, and an NCMEC or IWF reporting flow. Without that pack, even adult-programme acquirers decline at file review.

Adult merchants sit in Visa VIRP Tier 1 with an annual registration fee per acquirer plus per-transaction integrity fees, and Mastercard charges an annual SMR registration. These are normally passed through to the merchant - either as a fixed annual line item or baked into the MDR. Expect 10-20 bps of transaction cost on top of standard interchange-plus pricing to cover the scheme programmes.

No - the OSA Part 5 duty is based on the service being accessible from the UK, not on where you process. Using an offshore acquirer for UK consumers without highly effective age assurance exposes you to Ofcom enforcement (including business-disruption measures against payment providers) and the offshore acquirer themselves can be terminated by Visa for taking traffic that breaches scheme local-law clauses. Compliance has to be done at the platform layer regardless of acquirer geography.

RELATED PLAYBOOKS

ADULT · Global

Card Acquiring for Adult Platforms with Robust Age Verification

ADULT · Global

Card Acquiring for Adult Creator / Subscription Platforms

GAMING · United Kingdom

Card Acquiring for UKGC-Licensed iGaming Operators

CBD · United Kingdom / EU

Card Acquiring for UK / EU CBD Brands

Want IceTree on your side?

Run the Approval Predictor for a 2-minute estimate of your acquirer fit, expected reserve range, and what to prepare — specific to United Kingdom / EU and Online Safety Act / DSA.

Run Approval PredictorBook a Call

We use cookies to analyse site performance and measure the effectiveness of our outreach. Privacy policy