Frozen Accounts and Suspended Payments: How LegitScript Became a Payment Processing Requirement for Wellness Clinics

Most wellness clinic owners discovered LegitScript through their advertising. An ad got disapproved. A campaign was paused. An account was flagged.

What fewer owners anticipated is that the same compliance credential has become critical infrastructure for a completely different part of their business: payment processing.

If your clinic collects any payment outside of a direct, in-person card swipe — through a website, an online booking platform, a telehealth portal, or even a phone-based payment — you may already be in a category that Visa, Mastercard, and major payment processors treat as high-risk. And the consequences of that classification are more disruptive than most clinic owners realize until they're in the middle of them.

What Changed — The Visa VIRP and Mastercard Requirements

On April 1, 2024, Visa launched what it calls the Visa Integrity Risk Program (VIRP). The program increased scrutiny and compliance requirements for businesses in high-risk Merchant Category Codes (MCCs) — including MCCs 5122 and 5912, which cover pharmaceuticals, pharmacies, and related healthcare merchants.

All merchants in these categories that process card-not-present (CNP) transactions are automatically classified as high-risk. This includes:

• Online sales of medications, including GLP-1s, HRT, and compounded prescriptions
• Online sales of supplements, peptides, or IV therapy packages
• Telehealth consultations paid for digitally
• Phone or invoice-based payment for services that include prescription medication
• E-commerce platforms where a clinic sells wellness products that include medical-grade compounds

"Taking online payment for a medication that is subsequently shipped by the pharmacy is also considered risky and non-compliant with most payment processors." — Optima Ntra Compliance Advisory

In practical terms: if a patient books a GLP-1 consultation on your website and pays online, that transaction may be flagged. If a patient purchases a peptide therapy package through your patient portal, that transaction may be flagged. The payment itself — not the medication — is what triggers the scrutiny.

What "High-Risk" Classification Actually Means for Your Clinic

Being classified as a high-risk merchant has real operational consequences:

Higher Processing Fees

High-risk merchants are typically charged higher interchange rates and processing fees. For clinics doing meaningful volume in GLP-1 or peptide services, this adds up quickly.

Reserve Requirements

Payment processors often require high-risk merchants to maintain a rolling reserve — a percentage of revenue held back as a buffer against chargebacks or refunds. This is money sitting unavailable to your business.

Account Freezes and Fund Holds

When compliance flags trigger a payment processor review, accounts can be frozen — meaning funds already collected are held and not disbursed. This can happen without warning. For a clinic counting on those funds to cover payroll or supplies, a freeze is genuinely destabilizing.

Account Termination

In the most serious cases, payment processors terminate the merchant account entirely. Getting reinstated — or finding a new processor willing to take on a business with a termination history — can take months and may require significant legal and compliance work.

In 2024, the industry saw a 300% increase in payment processor violations tied to GLP-1 and peptide sales. Those aren't violations being committed by clinics acting in bad faith. Many of them are legitimate, licensed providers who didn't understand that online payment for prescription-adjacent services triggers specific compliance requirements.

LegitScript's Role in Payment Compliance

LegitScript certification provides a documented compliance credential that payment processors — including those operating under Visa and Mastercard's frameworks — use to assess merchant risk.

Certified merchants benefit in two concrete ways:

• Reduced classification risk — LegitScript-certified businesses are treated as lower risk by payment networks, which can reduce or eliminate the high-risk surcharges associated with MCC 5122 and 5912
• Processor access — some payment processors will not onboard healthcare merchants offering prescription-based services unless they are LegitScript certified or hold recognized pharmacy accreditation

The certification doesn't eliminate compliance obligations — you still need to structure your transactions correctly, maintain proper documentation, and work with a processor that understands the healthcare merchant category. But it fundamentally changes how payment networks perceive your business.

How to Structure Your Payments Compliantly

Even with LegitScript certification, how you collect payments matters. Some practical principles:

• Collect payment for services — the consultation, the clinical oversight, the membership — separately from the medication itself wherever possible
• Where a pharmacy is fulfilling a prescription, have the pharmacy bill the patient directly rather than routing payment through your clinic's merchant account
• For in-person transactions, use EMV (chip reader) terminals — card-present transactions carry significantly lower risk classification than CNP
• Ensure your merchant account documentation accurately reflects your business category and services
• Review your current processor's healthcare merchant policies — many standard processors are beginning to enforce compliance requirements that weren't actively monitored before 2024

Why This Matters More If You're Scaling

For a solo-practitioner clinic doing modest volume, payment processor issues are an inconvenience. For a clinic scaling its GLP-1 program, adding peptide services, or operating across multiple locations — payment processor instability is a genuine threat to the business model.

Multi-location clinics, membership programs with recurring billing, and telehealth platforms processing high monthly transaction volumes are exactly the businesses that payment networks scrutinize most closely. Getting LegitScript certification and aligning your payment structure with compliance requirements before you scale is far less disruptive than addressing it after enforcement hits.

Wellness MD Group's Approach to Compliance Infrastructure

Wellness MD Group works with med spas, IV hydration clinics, GLP-1 programs, and peptide therapy practices to build the compliance infrastructure that makes growth sustainable. LegitScript certification is part of that — but so is the surrounding structure:

• Medical director placement that meets the clinical oversight requirements LegitScript reviews
• Protocol and standing order development that demonstrates legitimate physician involvement
• Website and advertising review to remove content that could delay certification or create payment processor flags
• Guidance on payment structure — how to collect correctly for services that include prescription medications

The wellness industry is profitable. It's also increasingly regulated. The clinics that build compliant infrastructure now will be the ones still operating — and growing — in three years.