When a merchant hesitates over taking crypto at checkout, the sticking point is rarely the technology. It is the money itself, and the history that travels with it.
Demand is no longer hypothetical. A January 2026 survey from PayPal and the National Cryptocurrency Association found that nearly four in ten US merchants already accept crypto, and almost nine in ten had fielded customer questions about it. At that level of interest, few merchants are still debating whether to accept digital assets. The harder question is how to do it without taking on someone else’s problem.
Price volatility is mostly a solved problem. Settle in a dollar-pegged stablecoin, convert on arrival, and the exchange-rate risk disappears. What keeps finance teams up is provenance. A blockchain payment is final, and it carries its entire history with it. Accept a transfer that traces back to a sanctioned wallet, a hack, or a mixer, and the issue is no longer a clumsy sale. You have taken in funds you were legally required to refuse.
A small merchant who slips up here faces reputational damage. A licensed institution faces something heavier. In Europe, crypto-asset service providers now sit inside roughly the same compliance perimeter as banks: they operate under MiCA, while their anti-money-laundering duties and the “travel rule” come from the EU’s AML rules and the Transfer of Funds Regulation. A single suspicious settlement can become a report to a financial intelligence unit, and a pattern of them can cost a firm its authorization. Get acquiring wrong, and the price is not a chargeback. It is the license.
This is the problem we work on at FinHarbor, building modular payment and compliance infrastructure for licensed institutions, and it shapes what a crypto-acquiring module has to do.
Checking the payment before it lands
A modern acquiring module doesn’t take the money first and reconcile later. It scores every incoming payment against AML and Know-Your-Transaction rules before the funds are ever credited.
When a customer pays, the system traces the originating wallet and its counterparties, then checks them against a live picture of on-chain risk: sanctioned entities, darknet markets, mixers, ransomware and scam wallets, high-risk exchanges. Each payment comes back with a risk score and, depending on the merchant’s policy, an instruction to clear it, hold it for review, or reject it. That decision happens inside the transaction, not in a compliance inbox the next morning.
The important distinction is exposure rather than a static blacklist. A wallet does not have to carry its own sanctions listing to be a problem; it can sit one or two hops away from one. Screening that works looks at where the money has been, which is something a fixed list of bad addresses cannot do.
Machine learning finds it, AI reviews it
Two different jobs sit behind that screening, and they often get lumped together.
Machine learning handles the first: making the screening work at scale. Connecting pseudonymous addresses to real-world risk categories, across millions of wallets and dozens of chains, is a pattern problem: how funds cluster, how known bad actors move, which signals link one wallet to another. Chainalysis, whose tools sit beneath a large part of the industry, describes its KYT product as screening in real time and cutting false positives by as much as 90% against rules-based systems, where false alarms can exceed 95% of all alerts.
The second job begins after a transaction is flagged. Someone has to review it, pull the context, check the counterparties, and make a call. In most compliance operations that review cycle is the real bottleneck, and its cost grows with the number of alerts an analyst has to clear, not with revenue. This is where the current generation of tooling has been rebuilt. Chainalysis now frames AI as the decision layer over its blockchain data, with the stated aims of improving alert quality, prioritizing material risk, and accelerating review, so analysts spend their time on the alerts that carry real risk rather than clearing false ones. The same approach runs through its newer products: AI-driven triage that surfaces what matters about an address in seconds, and real-time fraud tools that intercept scam-linked transfers before the funds leave a customer’s account.
Together, the two make mass-market acquiring workable. The models narrow millions of transactions down to the handful worth a human’s attention, and the review tooling makes clearing that handful cheap enough that compliance can keep pace with payment volume rather than buckling as it grows.
The target is also smaller than the headlines suggest. Chainalysis put illicit flows at a record $154 billion in 2025, up 162% and driven largely by sanctioned actors, yet that still amounts to under 1% of all measured crypto activity, with stablecoins now carrying 84% of it. An acquiring engine’s task is to filter out that thin slice and let the rest through clean.
What changes for regulated players
Screening built in this way changes what compliance looks like for a licensed business. The check moves ahead of settlement and runs on every transaction, automatically and with an audit trail behind it. When a regulator asks, the firm can point to evidence that tainted funds never reached its books in the first place, rather than to an investigation opened after the damage was done.
That is the standard mass-market crypto acquiring will be measured against. The checkout experience is largely settled now that stablecoins have smoothed it out, and the value has shifted upstream, into the model that decides what to let through. Connecting a payment widget takes a weekend. The edge will belong to firms that can accept a digital asset and prove, in the moment, that it was clean.
