evaluation 2026-04-18 10 min read the underwriting desk

Why manual statement audits cost more than you think

Share X LinkedIn Reddit HN Email
3-minute scan
  • Manual statement audits are hated because they are tedious. The cost of skipping them is 15-50 bps of leaked fees per MID per month.
  • On a 10-MID portfolio at $30M/year, unaudited fee leakage is typically $150-450K annually.
  • Tooling can automate 60-80% of the audit; the remaining 20-40% still pays for itself at any portfolio above $3M/year.
On this page

    Portfolio CFOs and finance leads universally hate merchant statement audits. The statements are long, the line items are opaque, the fee codes change quarterly, and nobody wants to spend 4 hours a month reading Fiserv's reporting format. So they do not audit, and they assume the processor is billing correctly.

    The processor is not billing correctly. Never has been, probably never will be. This teardown is about the specific mechanisms of fee leakage that manual statement audits catch and how much money is actually at stake for portfolio operators.

    1. Why statements contain errors

    Merchant statements are generated from transaction-level data, processed through:

    • Interchange categorization (hundreds of rate categories).
    • Card-brand assessment fees.
    • Acquirer markup.
    • ISO reseller margin.
    • Monthly fees, PCI fees, non-compliance fees, chargeback fees, risk assessment fees.
    • Rate schedule changes (interchange adjusts twice a year; some schedules shift quarterly).

    Each layer introduces potential error. Processors are not defrauding customers deliberately (usually). They are running complex billing systems that generate statement errors at a non-trivial rate — roughly 3-5% of line items on any given statement contain something wrong.

    The baseline: At any statement cycle, assume 3-5% of line items are wrong. The error may favor you or them — mostly them, given the direction billing disputes flow.

    2. The types of errors that compound

    Systematic errors we see repeatedly:

    • Interchange downgrading — your transaction qualified for a lower interchange tier but was billed at a higher tier. Rate difference: 10-40 bps per affected transaction.
    • Assessment fee creep — card-brand assessments are regulated (0.13% Visa, 0.13% Mastercard base) but some processors add unexplained "assessment-related" line items.
    • PCI non-compliance fees billed when you are compliant — $20-50/month per MID.
    • Risk assessment fees that appear after onboarding and were not disclosed in the contract.
    • Monthly minimums billed on MIDs that exceeded the minimum.
    • Chargeback fees on representments you won.
    • Batch processing fees inflated by incorrect batch counts.
    • Gateway fees double-billed when gateway and processor are separate vendors.
    • Duplicate billing — yes, rare but happens, especially on newly onboarded MIDs.
    • Rate changes not communicated before they took effect.

    3. The portfolio multiplication

    On a single MID, a typical error burden is 15-30 bps per month — on $500K/month of volume, that is $750-$1,500/month of overbilling. Annoying but survivable.

    On a 10-MID portfolio, errors multiply because each MID has its own statement, its own ISO or processor, its own rate schedule, and its own error patterns:

    • 10 MIDs × $1,000/month avg error = $10,000/month = $120K/year.
    • 15 MIDs × $1,200/month avg error = $18,000/month = $216K/year.
    • Portfolios with mixed processors (some Fiserv, some WorldPay, some Stripe, some specialty high-risk) see even higher error rates because each processor has different patterns.

    $200K/year of fee leakage on a $30M portfolio is a 67 bps effective-rate tax that nobody budgeted for.

    4. Why manual audits cost so much time

    The manual process for one MID-month:

    • Pull the statement (PDF or CSV, varies).
    • Pull the transaction-level report (CSV, often needs conversion).
    • Categorize transactions by interchange category.
    • Cross-reference with current interchange rate tables (which update twice a year).
    • Check each line-item fee against the merchant agreement.
    • Build a delta table of charged vs expected.
    • Investigate anomalies (was this transaction coded as MOTO when it should have been card-present?).
    • Document findings.

    One MID-month: 2-4 hours for a fluent auditor. 10 MIDs × 12 months = 240-480 hours/year = 6-12 weeks of FTE time. At $100K fully-loaded, that is $25-50K of internal cost to recover the $200K leakage. The math works, but the tedium makes it the first thing CFOs drop when staffing is tight.

    5. Why skipping is expensive

    When you skip statement audits:

    • Errors compound month over month without correction.
    • Processors interpret non-disputes as acceptance. The longer an error runs, the harder it is to recover retroactively — most processors will not refund beyond 90 days even on documented errors.
    • Rate creep goes unnoticed. Processors raise rates via statement changes that "require no action on your part." Skipping audits means missing these.
    • New fees get introduced via "fee schedule update" notices buried in the statement. Skipping means they stay.
    • The statement becomes the processor's unilateral declaration of what you owe, and you accept by payment.
    Non-audit is interpreted as consent. Processors treat unchallenged statements as accepted. The accumulated overbilling becomes baseline.

    6. The tooling path

    Statement audit tools exist. The category includes:

    • Boltive, CardFellow audit products — pull statements, run delta analysis.
    • Bespoke in-house tools — usually Python + SQL + statement-parser libraries.
    • Third-party consulting — Fee Rover, Paladin Group, various audit firms charge contingency fees (10-30% of recoveries).
    • ERP-integrated audit modules — some NetSuite and SAP modules parse statements.

    Tooling automates the repetitive 60-80% of the audit — parsing, rate-table comparison, anomaly flagging. The remaining 20-40% still requires human judgment (investigating specific anomalies, filing disputes, negotiating corrections).

    7. The contingency-fee consultants

    Third-party audit firms work on contingency: they take 15-30% of recoveries over a 2-3 year lookback period. This is a rational buy for portfolios that have skipped audits — they find 6-18 months of leakage and recover it, you pay them out of the recovery.

    Watch-outs:

    • Contingency firms typically want long lookbacks (3 years), which not all processors will honor.
    • They may negotiate rate changes going forward that look like savings but are actually partial clawback of future legitimate fees.
    • They typically will not share their methodology, making it hard to replicate internally.

    8. When manual audits are "fine" to skip

    Being honest: there is a threshold below which statement audits genuinely do not clear the ROI bar.

    • Portfolios under $3M/year total volume — error dollars rarely clear audit time cost.
    • Single-MID operations on pay-as-you-go processors with flat-rate pricing — errors are bounded by rate simplicity.
    • Portfolios using a single orchestration layer that already provides consolidated reporting with fee breakdowns.

    Everyone else should audit.

    9. The bare-minimum audit workflow

    If you are not ready for full audits, do this:

    • Calculate effective rate per MID per month (total fees / total volume). Watch for drift.
    • Compare effective rate to your contracted rate. Any delta >20 bps warrants investigation.
    • Check for new line items that did not exist in prior months.
    • Run this quarterly, not monthly, for a less tedious cadence.

    This 30-minute-per-quarter check catches the biggest errors without full audit overhead.

    10. What portfolios should actually do

    • For portfolios over $10M/year: full monthly audit, either tooled or delegated.
    • For portfolios $3-10M/year: quarterly effective-rate check, annual full audit.
    • For high-risk portfolios where rates are elevated: audit more aggressively because the absolute dollar stakes are higher.
    • For portfolios on multiple processors: prioritize audits by volume — audit the top 3 MIDs monthly, the rest quarterly.
    • Build audit findings into processor renegotiations. Every audit cycle is evidence for better terms.

    Apply in 12 questions and we will return a statement-audit plan calibrated to your portfolio.

    Found this useful? Share it X LinkedIn Reddit HN Email

    FAQ

    But my processor is reputable — surely they bill correctly?
    Reputable processors have billing systems that make errors. Reputation affects how quickly they correct errors, not whether errors occur.
    Can I just rely on my ISO to audit for me?
    ISOs are incentivized not to audit — their margin depends on the fees you pay. Self-audit or third-party audit.
    How far back can I claim refunds?
    Varies by processor. Typically 90-180 days without dispute. Documented errors from audit can sometimes extend to 1-2 years.
    Do contingency-fee audit firms actually help?
    Yes for portfolios that have never been audited. Diminishing returns after first engagement.
    What's the single biggest hidden fee to look for?
    Interchange downgrading. Transactions qualifying for better interchange tiers but billed at worse ones. 10-40 bps per affected transaction.

    Keep reading

    How to audit a merchant statement

    Full audit workflow.

    Read merchant statement — interchange, assessments, fake fees

    Line-item guide.

    Statement audit checklist Stripe

    Stripe-specific.

    Running multiple brands?
    multiflow was built for this.

    Start your application How it works

    The Operator Briefing

    Twice-monthly. No fluff.

    Processor shutdowns, reserve-hold playbooks, reconciliation lessons, and the merchant-account decisions that save operators six-figure years. Delivered to your inbox — never spam.

    No spam. Unsubscribe in one click.

    We use essential cookies · Privacy