Alex is Sprintlaw’s co-founder and principal lawyer. Alex previously worked at a top-tier firm as a lawyer specialising in technology and media contracts, and founded a digital agency which he sold in 2015.
Contents
- What is an internet merchant account - and why it matters
- Merchant accounts vs business accounts
- How PayPal internet merchant accounts work
- Legal and regulatory requirements in the UK
- Typical fees and costs
- Banks vs third-party providers
- Common legal risks - and how to avoid them
- Speak to a lawyer before you launch
- Key takeaways
- Need help?
Ready to start selling online? Whether you’re running a small side hustle or scaling a UK start-up, you’ll need a secure, compliant way to accept card payments. This guide explains how internet merchant accounts work, how PayPal fits in, and what legal steps you must take to protect your business and your customers.
What is an internet merchant account - and why it matters
An internet merchant account is a special type of business bank account that allows you to process and settle online card payments. It’s where funds are temporarily held while payments are authorised and cleared before being deposited into your main business account. This structure improves security, fraud prevention, and compliance. Without one, your business can’t legally or securely process online credit and debit card payments.- Customers pay online using a card or digital wallet.
- Funds first land in your merchant account for authorisation and anti-fraud checks.
- After settlement (usually within a few days), cleared funds move to your business current account.
Merchant accounts vs business accounts
- Business bank account - used for everyday business income and expenses.
- Merchant account - used specifically to receive and process card transactions before transfer to your main account.
How PayPal internet merchant accounts work
PayPal combines both roles - it acts as the payment gateway and the merchant account provider. Here’s the process:- The customer pays using PayPal or a card on your website.
- PayPal processes and authorises the payment securely.
- Funds are held in your PayPal merchant account while checks are completed.
- Once cleared, you transfer funds to your business bank account.
Legal and regulatory requirements in the UK
Accepting online payments involves several layers of regulation. You must ensure your systems and documents comply with:- Consumer Rights Act 2015 - clear pricing, terms of sale, refund and complaints procedures.
- Consumer Contracts Regulations 2013 - transparent pre-contract information and cancellation rights for consumers.
- Data Protection Act 2018 and UK GDPR - proper handling of customer data with a compliant Privacy Policy.
- PCI DSS (Payment Card Industry Data Security Standard) - required for any business accepting card payments, even through a third party like PayPal or Stripe.
- E-commerce Regulations 2002 - require you to display your legal business name, address, contact details, and VAT number (if applicable) on your site.
- Anti-Money Laundering (AML) rules - certain higher-risk merchants may need additional verification to meet FCA or HMRC obligations.
Setting up an internet merchant account
Step 1: Choose your provider
You can apply through:- Banks - traditional, slower approvals, higher setup fees, and fixed-term contracts.
- Third-party providers - faster onboarding via PayPal, Stripe or Square, often ideal for SMEs and start-ups.
Step 2: Gather documentation
- Proof of business registration (Companies House, partnership, or sole trader evidence)
- Business bank account details
- Photo ID and address proof for directors or owners
- Website URL and product or service details
- Up-to-date Terms and Conditions and Privacy Policy
Step 3: Approval and compliance review
Your provider will assess your business for financial risk and compliance. They may review your website to confirm transparency and regulatory adherence before approving your account.Step 4: Integration with your platform
Connect your merchant account or PayPal to your e-commerce platform (Shopify, WooCommerce, Wix, etc.). Always test payments for security and usability before launch.Step 5: Monitor and maintain compliance
Review transactions regularly, respond promptly to chargebacks, and keep PCI and GDPR documentation current. Schedule annual compliance reviews with your provider or legal adviser.Typical fees and costs
- Setup fees - may apply for traditional banks (often free with PayPal or Stripe)
- Transaction fees - typically a percentage + flat fee (e.g. 2.9% + 30p per transaction)
- Monthly service fees - more common with banks
- Currency conversion or cross-border charges
- Refund and chargeback fees
Banks vs third-party providers
Choosing the right provider depends on your business model:- Setup speed - third-party providers can be live within hours; banks may take weeks.
- Contracts - banks often require long-term commitments; PayPal and Stripe are pay-as-you-go.
- Settlement speed - PayPal usually settles funds within 24–48 hours; banks may take longer.
- International sales - PayPal handles multi-currency automatically; banks may require extra setup.
- Support - consider quality of customer service, especially for disputes or fraud alerts.
Common legal risks - and how to avoid them
- Hidden fees - read contracts carefully and compare effective transaction costs.
- Chargebacks - keep records of all transactions, deliveries, and communications.
- Settlement delays - avoid mismatched details and maintain clear documentation for audits.
- Non-compliance - review PCI DSS, GDPR and consumer law obligations regularly.
- Data security - always use SSL certificates and secure integrations to prevent breaches.
Speak to a lawyer before you launch
Before integrating payment systems, it’s wise to speak with a lawyer. A commercial and technology lawyer can:- Review your Terms of Sale, Privacy Policy and Website Terms for consumer and data protection compliance.
- Check your merchant agreements and payment processor contracts for hidden risks.
- Advise on refund, chargeback and dispute resolution procedures.
- Ensure your setup meets PCI DSS and e-commerce transparency requirements.
Key takeaways
- Internet merchant accounts enable secure online card payments and are separate from your business bank account.
- PayPal acts as both payment gateway and merchant account for simplicity.
- Comply with GDPR, PCI DSS, consumer protection, and e-commerce regulations.
- Compare providers for cost, speed, and international support.
- Keep policies, contracts and compliance documentation up to date.
- Speak to a lawyer before launch to ensure everything aligns legally and commercially.
