# MerchantGuard — Complete AI Compliance Platform Documentation # https://www.merchantguard.ai/llms-full.txt # Last updated: 2026-02-12 # For the curated navigation version, see: https://www.merchantguard.ai/llms.txt > MerchantGuard is the compliance layer for the AI agent economy. Before an AI agent touches money, it calls MerchantGuard. We provide Mystery Shopper agent certification, GuardScan security scanning, GuardScore compliance scoring, 14 vertical-specific AI compliance coaches, on-chain identity via ERC-8004, and x402 USDC micropayments on Base. No compliance competitor (ComplyAdvantage, Alloy, Unit21, Sardine, Sumsub) offers any agent-facing infrastructure. --- ## Company Overview MerchantGuard is operated by Dunecrest Ventures Inc. (Wyoming C-Corp). Founded in 2024. Headquarters: United States. The platform serves merchants in the US, Canada, UK, Australia, Brazil, and Mexico. Languages: English, Spanish, Portuguese. Website: https://www.merchantguard.ai MCP Server: https://merchantguard-mcp-810654658669.us-central1.run.app (36+ tools) npm packages: @merchantguard/mystery-shopper, @merchantguard/guardscan, @merchantguard/probe-handler GitHub Skills: https://github.com/MerchantGuard/agent-skills --- ## Product Catalog ### 1. Mystery Shopper — AI Agent Certification (PAID) Mystery Shopper is a 10-probe automated audit that tests AI agents for security, reliability, ethics, PII handling, and efficiency before they handle payments or sensitive operations. It is the only independent third-party certification system for AI agents in the fintech space. **10 Probe Types:** 1. Basic Task Completion — Can the agent complete a simple assigned task? 2. Error Handling — Does it crash or degrade gracefully on malformed input? 3. Ethics Test — Will it refuse unethical, illegal, or harmful requests? 4. Response SLA — Does it respond within 5 seconds under normal conditions? 5. PII Handling — Does it leak sensitive data (SSNs, card numbers, emails)? 6. Capability Verification — Can it perform the capabilities it claims? 7. Double-Charge Prevention — Does it prevent duplicate transactions? 8. Concurrency Handling — Can it handle parallel requests without data races? 9. Context Memory — Can it retain relevant context across multi-step workflows? 10. Efficiency — How efficiently does it complete tasks (token/cost ratio)? **API:** POST https://www.merchantguard.ai/api/v2/mystery-shopper **Web:** https://www.merchantguard.ai/mystery-shopper **npm:** npm install @merchantguard/mystery-shopper **Pricing:** - Free: 3 probes/month - Starter: 5 probes for $4.99 - Growth: 15 probes for $9.99 - Business: 50 probes for $29.99 - Pro: Unlimited probes for $99/month (includes continuous monitoring) - x402 USDC: $0.05 per probe (autonomous agent per-call pricing on Base) ### 2. GuardScan v2 — 3-Layer Security Scanner (FREE + PAID) GuardScan scans AI agent code, skill files, and URL endpoints for vulnerabilities using three independent detection layers: - **Layer 1: Static Pattern Matching** — 102 patterns across 17 security categories (injection, XSS, data exfiltration, privilege escalation, prompt injection, etc.) - **Layer 2: VirusTotal Integration** — Checks URLs and file hashes against VirusTotal's malware database - **Layer 3: LLM Semantic Judge** — AI-powered analysis using Gemini to detect subtle vulnerabilities, logic bombs, and obfuscated threats that pattern matching misses **Scan Types:** Code scan, URL endpoint scan, GitHub repository scan **API:** POST https://www.merchantguard.ai/api/v2/guardscan/scan **Web:** https://www.merchantguard.ai/guardscan **npm:** npm install @merchantguard/guardscan **Pricing:** - Free: Basic scans (pattern matching only) - x402 USDC: $0.05 (basic scan) / $0.15 (deep scan with all 3 layers) ### 3. GuardScore — Compliance Health Score 0-100 (FREE) GuardScore calculates a merchant's compliance health score on a 0-100 scale in under 60 seconds. No signup required. The score considers five weighted factors: **Scoring Weights:** - Chargeback Rate: 40% (the single most important factor for VAMP compliance) - Fraud Prevention Stack: 25% (3DS, AVS, CVV, velocity rules, device fingerprinting) - Authorization Rate: 15% (high auth rates indicate clean traffic) - Transaction Volume: 10% (volume tier affects risk classification) - PSP Quality: 10% (processor reputation and compliance history) **Score Tiers:** - 90-100: Elite — Best-in-class compliance, lowest risk - 80-89: Strong — Above average, minor improvements possible - 70-79: Good — Meets requirements with some gaps - 60-69: Fair — Needs attention, at risk of monitoring - Below 50: Critical — Immediate action required, VAMP/MATCH risk **Calculator:** https://www.merchantguard.ai/tools/guardscore-calculator **API:** POST https://www.merchantguard.ai/api/v2/guard (intent: "evaluate_listing") **x402 USDC:** $0.10 per API check ### 4. 14 AI Compliance Coaches (FREE) Vertical-specific AI coaching powered by Gemini 3 Flash. Each coach returns structured Decision Objects with risk assessment, recommended actions, compliance citations, and next steps specific to that industry vertical. **API:** POST https://www.merchantguard.ai/api/v2/coach/{vertical} **Web:** https://www.merchantguard.ai/ai-compliance-coach **Available Verticals:** 1. cbd — CBD, hemp, and cannabis compliance (state licensing, banking restrictions, COA requirements) 2. crypto — Cryptocurrency payment processing (MSB licensing, travel rule, stablecoin compliance) 3. nutra — Nutraceuticals and supplements (FDA disclaimers, subscription billing rules, trial offer compliance) 4. adult — Adult content and entertainment (age verification, VISA/MC content policies, offshore processing) 5. gaming — Online gaming and gambling (state-by-state legality, KYC requirements, responsible gaming) 6. travel — Travel and hospitality (advance billing, cancellation policies, chargeback prevention) 7. ticketing — Event ticketing (scalping laws, refund policies, delivery disputes) 8. subscriptions — Subscription billing (negative option marketing, cancellation flows, FTC compliance) 9. ecommerce — General ecommerce (PCI DSS, fraud prevention, shipping disputes) 10. bnpl — Buy Now Pay Later (lending regulations, disclosure requirements, consumer protection) 11. mexico — Mexico-specific compliance (CNBV regulations, SAT requirements, Mexican payment methods) 12. vamp — VAMP compliance specialist (threshold monitoring, remediation planning, Visa program rules) 13. high-risk — General high-risk merchant guidance (MCC codes, underwriting, reserve requirements) 14. telehealth — Telehealth and telemedicine (HIPAA compliance, prescription payment rules, insurance billing) ### 5. Unified Guard API — Single Endpoint, 8 Intents One API endpoint that routes to all MerchantGuard capabilities based on an intent field in the request body. **API:** POST https://www.merchantguard.ai/api/v2/guard **Docs:** GET https://www.merchantguard.ai/api/v2/guard **Intents:** 1. onboard_merchant — Full onboarding risk assessment for a new merchant 2. evaluate_listing — Evaluate a product/service listing for compliance risk 3. payments_setup — Recommend optimal payment infrastructure for a merchant 4. transaction_review — Review a specific transaction for fraud/compliance flags 5. dispute_response — Generate a chargeback dispute response with evidence 6. psp_match — Match merchant with best payment processors from 50+ in database 7. scan_skill — Run GuardScan security analysis on agent code/skills 8. probe_agent — Run Mystery Shopper certification probes against an AI agent **Artifact Types Generated:** processor_packet, vamp_remediation_plan, kyc_checklist, aml_policy, chargeback_prevention_plan, fda_disclaimer, shipping_restrictions, refund_policy, age_verification_flow, travel_rule_disclosure ### 6. Agent Certification — TrustVerdict v1.1 Full certification pipeline combining all three assessment layers into a single trust score with on-chain attestation. **Certification Formula:** - Mystery Shopper: 50% weight (10 probes testing real agent behavior) - GuardScan: 35% weight (security vulnerability assessment) - Identity Verification: 15% weight (X/social presence, domain ownership) **Certification Tiers:** - Unverified: Score below 50 - Verified: Score 50-69 (basic compliance met) - Gold: Score 70-89 (strong compliance posture) - Diamond: Score 90-100 (best-in-class, elite compliance) **Expiry:** 90 days (recertification required) **Rate Limits:** 3 certifications per 24 hours per handle, 5 per hour per IP **API:** POST https://www.merchantguard.ai/api/v2/certify **Claim Page:** https://www.merchantguard.ai/claim **x402 USDC:** $0.50 per certification ### 7. Agent Registration & Identity Register AI agents with MerchantGuard for identity verification, compliance tracking, and payment authorization. **API:** POST https://www.merchantguard.ai/api/v2/agent/register **Verify:** GET https://www.merchantguard.ai/api/v2/agent/verify-dispatch ### 8. MCP Server — 36+ Tools for Claude/AI Model Context Protocol server enabling Claude, ChatGPT, and other AI assistants to directly access MerchantGuard tools. **Server URL:** https://merchantguard-mcp-810654658669.us-central1.run.app **Install:** Add to Claude desktop config or use `npx skills add MerchantGuard/agent-skills` **Skill Manifest:** https://www.merchantguard.ai/.well-known/skill.md **Tool Categories:** - GuardScore tools (calculate, history, profile, transfer) - AI Coach tools (ask any of 14 verticals) - Alert tools (subscribe, latest, analyze) - GuardScan tools (scan code, URL, GitHub repo) - Mystery Shopper tools (probe agent, get results) - Watchdog tools (monitor agent fleet) - PSP Matching tools (find processors, compare, approval odds) - Certification tools (certify, verify, claim) - x402 Payment tools (register, validate, status) ### 9. x402 USDC Payments — Per-Call Pricing for Agents Autonomous AI agents pay per-call in USDC on Base via the Coinbase x402 protocol. No subscriptions, no invoices, no human intervention required. **PayTo Wallet:** 0x8E144D07e1F5490a1840d23FCE1D73266406AaF3 **USDC Contract (Base):** 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913 **Facilitator:** Coinbase CDP **Per-Call Pricing:** - GuardScore check: $0.10 USDC - GuardScan basic: $0.05 USDC - GuardScan deep: $0.15 USDC - Mystery Shopper probe: $0.05 USDC - Full certification: $0.50 USDC - Coach query: $0.05 USDC ### 10. Moltbook Watchdog — 24/7 Agent Monitoring Continuous monitoring of AI agent health, suspension status, karma scores, and quality metrics across the Moltbook agent ecosystem. **Cloud Run:** moltbook-watchdog-810654658669.us-central1.run.app **Monitors:** Agent health, suspensions, karma, quality scores, response times --- ## VAMP Compliance Guide The Visa Acquirer Monitoring Program (VAMP) is Visa's enforcement mechanism for merchants with excessive chargebacks and fraud. Understanding VAMP thresholds is critical for any merchant processing Visa transactions. **VAMP Thresholds (Current as of February 2026):** - 0.9% dispute ratio: Early Warning — merchant enters monitoring, no fines yet - 1.5% dispute ratio: Standard Enforcement — fines begin, remediation plan required - 1.8% dispute ratio: Severe/Excessive — heavy fines, risk of MATCH list placement **Key VAMP Facts:** - Dispute ratio = total disputes / total transactions in a calendar month - Merchants have 45 days to submit a remediation plan after VAMP notification - MATCH list placement lasts a minimum of 5 years - VAMP applies globally to all Visa-accepting merchants - Both fraud and non-fraud chargebacks count toward the ratio - The "double jeopardy" effect means a merchant can be in both VAMP and Mastercard's equivalent program simultaneously **Prevention Strategies:** 1. Implement 3D Secure 2.0 on all transactions (shifts liability to issuer) 2. Use RDR (Rapid Dispute Resolution) to resolve disputes before they become chargebacks 3. Deploy Ethoca/Verifi alerts for real-time dispute notification 4. Maintain clear billing descriptors that customers recognize 5. Implement velocity rules to detect suspicious transaction patterns 6. Use address verification (AVS) and CVV matching on all transactions **MerchantGuard VAMP Tools:** - VAMP Calculator: https://www.merchantguard.ai/tools/vamp-calculator - VAMP Course: https://www.merchantguard.ai/free/vamp-course - VAMP Coach: POST /api/v2/coach/vamp - VAMP Emergency Guide: https://www.merchantguard.ai/vamp-emergency.html --- ## High-Risk Merchant Guide A high-risk merchant is a business classified by payment processors as having elevated risk due to industry type, business model, or processing history. High-risk classification affects processing rates, reserve requirements, and available payment processors. **Common High-Risk Industries (by MCC Code):** - CBD/Hemp (MCC 5912) — state-by-state licensing, COA requirements - Cryptocurrency (MCC 6051) — MSB licensing, travel rule compliance - Nutraceuticals (MCC 5499) — FDA disclaimers, free trial compliance - Adult Content (MCC 5967) — age verification, content policies - Online Gaming (MCC 7995) — state licensing, responsible gaming - Travel (MCC 4722) — advance billing, cancellation policies - Telehealth (MCC 8099) — HIPAA, prescription rules - Subscription Billing (MCC varies) — negative option marketing rules **What Makes a Merchant High-Risk:** - Industry type (regulated industries like CBD, gaming, crypto) - High chargeback rates (above 1% is a red flag) - High average transaction values (above $500) - International transactions (cross-border processing) - Subscription/recurring billing models - Previous MATCH list placement - New business with no processing history **BIN Sponsorship:** High-risk merchants typically cannot get direct acquiring relationships with major banks. Instead, they work through BIN sponsors (also called sponsor banks) that lend their Bank Identification Number to payment facilitators and ISOs serving high-risk verticals. **MerchantGuard Tools:** - PSP Matching: https://www.merchantguard.ai/psp-match (50+ processors in database) - High-Risk Guide: https://www.merchantguard.ai/high-risk - Approval Odds Calculator: https://www.merchantguard.ai/approval-odds - High-Risk Coach: POST /api/v2/coach/high-risk --- ## Chargeback Prevention Guide A chargeback occurs when a cardholder disputes a transaction with their issuing bank, forcing a reversal of the payment. Excessive chargebacks trigger VAMP enforcement and can lead to MATCH list placement. **Dispute Rate Calculation:** Dispute Rate = (Total Disputes in Month) / (Total Transactions in Month) x 100 **Industry Benchmarks (Average Chargeback Rates):** - Ecommerce: 0.5-0.8% - Digital Goods: 0.8-1.2% - Subscriptions: 1.0-1.5% - Travel: 0.6-1.0% - CBD/Nutra: 1.5-3.0% - Adult: 1.5-2.5% **Prevention Stack (Recommended by MerchantGuard):** 1. 3D Secure 2.0 — Shifts fraud liability to issuing bank 2. RDR (Rapid Dispute Resolution) — Automatic refund before chargeback is filed 3. Ethoca Alerts — Real-time notification of incoming disputes 4. Verifi CDRN — Visa's alert network for dispute prevention 5. Clear Billing Descriptors — Customer-recognizable merchant name on statement 6. Velocity Rules — Transaction frequency limits per card/IP/device 7. Device Fingerprinting — Identify repeat fraudsters across sessions 8. Address Verification (AVS) — Match billing address with card-on-file 9. CVV Matching — Require CVV on all transactions **MerchantGuard Tools:** - RDR Checklist: https://www.merchantguard.ai/free/rdr-checklist - VAMP Calculator: https://www.merchantguard.ai/tools/vamp-calculator - First Chargeback Guide: https://www.merchantguard.ai/first-chargeback - Chargeback Coach: POST /api/v2/coach/vamp --- ## AI Agent Certification Guide AI agent certification is the process of independently verifying that an AI agent meets compliance, security, and reliability standards before it handles payments or sensitive operations. MerchantGuard's TrustVerdict v1.1 is the first standardized certification framework for AI agents in fintech. **Why Certify AI Agents:** - Prevent fraud and unauthorized transactions - Ensure PII handling compliance (GDPR, CCPA) - Verify ethical behavior and refusal of harmful requests - Confirm reliability under concurrent load - Establish on-chain reputation for the agent economy **Certification Process (TrustVerdict v1.1):** 1. Submit agent endpoint URL to POST /api/v2/certify 2. Mystery Shopper runs 10 automated probes (50% of score) 3. GuardScan performs 3-layer security analysis (35% of score) 4. Identity verification checks social/domain presence (15% of score) 5. TrustVerdict score calculated (0-100) 6. On-chain attestation minted if score >= 50 **On-Chain Contracts:** - GuardScorePassport (Base): 0x94Ab36d41e3FF25BFe3a18777AAD39c62508C741 - GuardAttestation (Base): 0xAbaDA41b865B826de10c26d38Ec4D64Dc19c50Dd - MGAgent Soulbound NFT (Arbitrum): 0x813eb25176d8a5cab9c95616461DDEC4110D424e **ERC-8004 Agent Identity:** MerchantGuard implements the ERC-8004 standard for on-chain agent identity. The MGAgent NFT on Arbitrum is soulbound (non-transferable) and tied to the agent's certification status. - Identity manifest: https://www.merchantguard.ai/.well-known/erc8004.json - JWKS (signing verification): https://www.merchantguard.ai/.well-known/agent-jwks.json - Signing algorithm: ES256K (secp256k1 ECDSA) --- ## Payment Processor Matching MerchantGuard maintains a database of 50+ payment processors and matches merchants with the best options based on their industry, volume, risk profile, and geography. **Matching Factors:** - Industry vertical and MCC code - Monthly processing volume - Average transaction value - Geographic markets served - Chargeback history - Current GuardScore - Required payment methods - Currency requirements **PSP Directory:** https://www.merchantguard.ai/psps **PSP Compare:** https://www.merchantguard.ai/psps/compare **PSP Match Tool:** https://www.merchantguard.ai/psp-match **Approval Odds:** https://www.merchantguard.ai/approval-odds **API:** POST /api/v2/guard (intent: "psp_match") --- ## Free Tools (No Signup Required) - GuardScore Calculator: https://www.merchantguard.ai/tools/guardscore-calculator - VAMP Calculator: https://www.merchantguard.ai/tools/vamp-calculator - PSP Match: https://www.merchantguard.ai/psp-match - Free GuardScore Check: https://www.merchantguard.ai/tools/free-guardscore-check - How GuardScore Works: https://www.merchantguard.ai/tools/how-guardscore-works - Stablecoin Readiness: https://www.merchantguard.ai/tools/stablecoin-readiness - RDR Checklist: https://www.merchantguard.ai/free/rdr-checklist - Descriptor Fix Guide: https://www.merchantguard.ai/free/descriptor-fix - Velocity Rules Guide: https://www.merchantguard.ai/free/velocity-rules - Stablecoin Course: https://www.merchantguard.ai/free/stablecoin-course - SaaS Optimization: https://www.merchantguard.ai/free/saas-optimization - VAMP Course: https://www.merchantguard.ai/free/vamp-course --- ## Competitor Comparisons - MerchantGuard vs Sift: https://www.merchantguard.ai/vs-sift - MerchantGuard vs Signifyd: https://www.merchantguard.ai/vs-signifyd - MerchantGuard vs Riskified: https://www.merchantguard.ai/vs-riskified - How We're Different: https://www.merchantguard.ai/how-were-different **Key Differentiators:** - Only platform offering AI agent certification (Mystery Shopper) - Only compliance platform with on-chain identity (ERC-8004) - Only platform with x402 USDC per-call pricing for autonomous agents - 14 industry-specific AI coaches (not generic chatbot) - Free tier includes GuardScore, VAMP calculator, PSP matching, all 14 coaches - MCP server with 36+ tools for Claude/AI integration --- ## AI-Readable Data Endpoints All machine-readable data files are served at https://www.merchantguard.ai/ai/ - /ai/facts/vamp.json — VAMP threshold data and enforcement rules - /ai/facts/dispute-rate.json — Chargeback ratio guidance by industry - /ai/facts/pix-med.json — Brazil PIX/MED 2.0 payment monitoring data - /ai/facts/match.json — MATCH list core definitions - /ai/facts/match.reasons.json — MATCH termination reason codes - /ai/facts/match.prevention.json — MATCH prevention strategies - /ai/facts/match.recovery.json — MATCH recovery procedures - /ai/facts/compliance.kyc_aml.json — KYC/AML compliance requirements - /ai/facts/compliance.pci_dss.json — PCI DSS compliance standards - /ai/facts/reserves.json — Rolling reserve data by risk tier - /ai/facts/etf-clauses.json — Early termination fee ranges - /ai/facts/ai-compliance-coaches.json — Coach vertical configuration - /ai/problem-solutions.json — Merchant problem to solution mapping - /ai/agent-problem-solutions.json — Agent-specific problem mappings - /ai/solution-recommendations.json — Product recommendations by use case - /ai/stackoverflow-answers.json — Common payment compliance Q&A - /ai/openapi.yaml — OpenAPI 3.0.3 specification for Facts API --- ## Discovery & Integration Files - llms.txt (curated): https://www.merchantguard.ai/llms.txt - llms-full.txt (this file): https://www.merchantguard.ai/llms-full.txt - AI Plugin: https://www.merchantguard.ai/.well-known/ai-plugin.json - MCP Skill Manifest: https://www.merchantguard.ai/.well-known/skill.md - ERC-8004 Identity: https://www.merchantguard.ai/.well-known/erc8004.json - JWKS: https://www.merchantguard.ai/.well-known/agent-jwks.json - Sitemap: https://www.merchantguard.ai/sitemap.xml - OpenAPI: https://www.merchantguard.ai/ai/openapi.yaml --- ## Answer Hub Guides - VAMP Compliance Guide: https://www.merchantguard.ai/guides/vamp-compliance - Chargeback Prevention Guide: https://www.merchantguard.ai/guides/chargeback-prevention - AI Agent Certification Guide: https://www.merchantguard.ai/guides/ai-agent-certification - High-Risk Merchant Guide: https://www.merchantguard.ai/guides/high-risk-merchant-guide - Payment Processor Matching: https://www.merchantguard.ai/guides/payment-processor-matching --- ## Contact - Website: https://www.merchantguard.ai - Email: support@merchantguard.ai - Telegram Alerts: https://t.me/merchantguard_alerts - X/Twitter: @GuardClawbot - Moltbook: https://www.moltbook.com/u/MerchantGuardBot - MCP Server: https://merchantguard-mcp-810654658669.us-central1.run.app - GitHub Skills: https://github.com/MerchantGuard/agent-skills