Crypto On/Off-Ramps
How crypto exchanges plug into fiat rails: the PSP/aggregator layer, stablecoin settlement loops, Travel Rule integration, and chargeback defenses.
The on/off-ramp stack
Every fiat-to-crypto flow is composed of these layers:
| Layer | Function | Examples | Who licenses |
|---|---|---|---|
| User-facing UI | Onboarding, KYC, payment selection, quote | Exchange app, broker SDK | Exchange's own license |
| Aggregator / orchestrator | Routes a fiat-purchase request to the best provider/rail | Onramper, Stripe Crypto, Banxa orchestration | Aggregator is registered but typically not the MoR |
| PSP / Ramp provider | Acquires fiat, delivers crypto | MoonPay, Banxa, Ramp, Transak, Robinhood Connect | MTL stack + EMI + VASP |
| Acquirer / payment processor | Card / bank rail acquisition | Worldpay, Checkout.com, Stripe, Adyen | Scheme membership |
| Fiat rail | The actual money movement | UPI, PIX, SEPA, ACH, RTP, FedNow, Visa, etc. | Per regulators page |
| Stablecoin issuer | Mints / redeems the on-chain leg | Circle (USDC), Tether (USDT), Paxos (USDP) | NYDFS Trust (Paxos), state MTLs (Circle) |
| Blockchain | Custody & settlement | Ethereum, Solana, Base, Tron | n/a (decentralized) |
| Travel Rule provider | VASP-to-VASP info exchange | Notabene, Sumsub, TRP, Veriscope, 21 Analytics | Vendor only |
| Chain analytics | Address risk scoring, sanctions, mixer exposure | Chainalysis, TRM, Elliptic | Vendor only |
Integration patterns (with flow diagrams)
Pattern A — Embedded checkout (most common)
Exchange embeds a third-party ramp provider's checkout (iframe or redirect). Ramp provider acts as Merchant of Record.
User --(card/bank)--> RampProvider(MoR) --(USDC mint)--> Exchange wallet --(crypto)--> User wallet
- License burden: low — ramp provider holds MTL/EMI/VASP stack.
- Margin: low — 100–250 bps to ramp provider.
- UX: okay — extra checkout step, brand-mixed.
- Examples: MoonPay, Banxa, Ramp, Transak inside Trust Wallet, Uniswap, Phantom.
Pattern B — Aggregator (Onramper-style)
Aggregator routes one user request to the best of N ramp providers.
User --> Aggregator --routes to--> {MoonPay | Banxa | Ramp | ...} --> User wallet
- License burden: aggregator is a referral; ramp provider is MoR.
- Pricing: better — competing quotes per route.
- UX: single sign-on, transparent fee comparison.
Pattern C — Direct bank-rail (in-house)
Exchange holds its own MTL/EMI/VASP and integrates rails directly via sponsor banks.
User --(UPI/PIX/SEPA/ACH/FPS)--> SponsorBank --> Exchange omnibus --> Exchange credits crypto
- License burden: high — full MTL stack + scheme + Travel Rule + AML.
- Margin: highest — keep all fee revenue.
- Risk: own all the chargeback, fraud, compliance liability.
- Examples: Coinbase US, the company, Binance EU, CoinDCX (IN), Mercado Bitcoin (BR).
Pattern D — Stablecoin BaaS (Bridge / Brale)
Exchange uses a stablecoin orchestration provider to provision virtual accounts and route stablecoin settlement.
User --(ACH/wire)--> Bridge virtual account --(USDC mint)--> Exchange --> User wallet
User wallet --(USDC)--> Bridge --(ACH/wire)--> User bank (off-ramp)
- License burden: Bridge/Brale holds the MTL stack; you ride.
- Margin: medium — Bridge takes a per-transaction cut.
- Differentiator: simpler than building 50-state MTL; faster speed-to-market.
PSP / aggregator detailed comparison
| Provider | Type | Best for | Coverage | Retail fee | Settlement to integrator | License stack | Notes |
|---|---|---|---|---|---|---|---|
| MoonPay | White-label ramp PSP | Web3 wallets, dApps | ~180 countries | ~3.5–4.5% | Crypto to user wallet; integrator gets rev share | 50-state MTL, EMI, VASP stack | Card-heavy, increasingly bank rails |
| Banxa | Gateway PSP | Exchanges, CEX integrations | Global ex-US restrictions | ~2–4% | Crypto to user wallet | VASP, MSB, AUSTRAC | Strong APAC + LATAM rails |
| Ramp Network | PSP | EU + UK | 180+ countries | ~2.5–3.5% | Crypto | FCA, FinCEN MSB, EMI partners | Strong card + UK Open Banking |
| Transak | PSP | Web3 wallets | Global | ~3–4% | Crypto | FinCEN MSB, VASP partners | SDK + iframe |
| Onramper | Aggregator of PSPs | Best-quote routing | Per-provider | Inherits | Inherits | FCA registered crypto firm | Not a MoR; orchestrator only |
| Stripe Crypto | Aggregator + own ramp | US apps | Mostly US + select EU | ~1.5% + 30¢ | Crypto to user wallet | 50-state MTL | Acquired Bridge (2024); now stablecoin orchestration |
| Bridge (Stripe) | Stablecoin orchestration | B2B fintech / crypto exchange | US-led, global expanding | Per-txn + spread | Stablecoin or fiat to integrator | MTL stack | Virtual accounts, ACH/wire/SEPA → USDC |
| Brale | Stablecoin issuance + treasury | Firms minting their own stablecoin | US | Per-txn + custody | Stablecoin | MTL holder | Issue your own branded stablecoin |
| Robinhood Connect | Embedded ramp | Apps targeting RH users | US | Spread on quote | Crypto | 50-state MTL | Leverages RH KYC |
| Coinbase Onramp | Embedded ramp | Apps targeting CB users | ~60+ countries | Spread + network fee | Crypto | 50-state MTL + EU VASPs | Leverages CB KYC |
Stablecoin settlement loops
Three canonical loops every payments-savvy PM needs to recognize:
Loop 1 — Fiat-in, crypto-out (on-ramp)
1. User pays fiat via local rail (UPI/PIX/SEPA/ACH/card)
2. Acquirer credits PSP omnibus account
3. PSP requests USDC mint from Circle (or holds inventory)
4. USDC transferred on-chain to user (or custodied for them)
Loop 2 — Crypto-in, fiat-out (off-ramp)
1. User sends stablecoin to PSP-controlled on-chain address
2. PSP redeems with issuer (USDC → USD at Circle) OR sells to OTC desk
3. PSP initiates fiat payout (PIX, SEPA, ACH, FPS) to user's bank
Loop 3 — Stablecoin as cross-border correspondent
USA payer → ACH → US PSP (Bridge) → USDC on Ethereum → BR PSP → PIX → BR receiver
Total time: minutes. Total cost: 5–20 bps vs 50–200 bps for SWIFT.
This loop is replacing correspondent banking in many corridors. Bridge, Brale, and several crypto-native banks (Mercury, Lead Bank, Cross River) compete here.
Chargeback / fraud defenses by rail
Crypto on-ramps are uniquely exposed: once crypto leaves your custody, you cannot reverse it. Standard defenses:
| Rail | Risk profile | Recommended defenses |
|---|---|---|
| Card (Visa, MC, Amex) | Highest — up to ~120 days, friendly fraud | 3DS2 (SCA) mandatory + ID-doc match to card name + velocity caps + first-purchase crypto hold (24–48h) + Sift / Ravelin fraud ML |
| ACH | High — 60-day return for consumer | Plaid balance check + name-match + 5-day crypto release hold OR sell-protection insurance |
| SEPA Direct Debit | Highest — 8-week unconditional refund | Avoid for crypto on-ramp; use SCT/SCT Inst push instead |
| SCT Inst / FPS / PIX / UPI / RTP / FedNow | Low — instant push with finality | VoP (verification of payee) where mandated + sanctions screen + scheme-level fraud-recall handling (MED for PIX, APP reimbursement for FPS) |
| Bank wire (Fedwire, CHAPS, RTGS) | Lowest — gross final | Sanctions screen on counterparty |
| Stablecoin | None on-chain — but social engineering still real | Address risk scoring (Chainalysis/TRM), Travel Rule, post-finality wait |
Travel Rule integration in the on-ramp flow
For any crypto leg above the local threshold, originator + beneficiary info must accompany the transfer. The protocol layer sits between your KYC system and your Travel Rule provider.
User KYC ──► Travel Rule provider (Notabene / Sumsub / TRP)
│
IVMS-101 message
▼
Counterparty VASP (their TRP) ──► Their KYC system
| Vendor | Protocol | Coverage | Strength |
|---|---|---|---|
| Notabene | TRP, TRISA, Sygna interop | ~1,000 VASPs | Largest network, beneficiary-VASP discovery |
| Sumsub Travel Rule | TRP, TRISA | Sumsub KYC customers | Bundled with KYC |
| TRP (Travel Rule Protocol) | TRP only | UK/EU bias | Open standard, originally Standard Chartered-led |
| 21 Analytics | OpenVASP, TRP | Swiss focus | Self-hosted, AOPP for non-custodial |
| Veriscope (Shyft) | Shyft network | Asia presence | Discovery layer |
| CODE | CODE protocol | Korea | Korean VASP consortium |
Dispute mechanism mapping
Quick lookup: if a customer claims fraud after on-ramping, who handles the dispute?
| Funding rail | Dispute body | Window | Burden on exchange |
|---|---|---|---|
| Visa / MC / Amex | Issuer-scheme chargeback (reason codes) | ~120 days | Provide compelling evidence; otherwise lose |
| ACH | ODFI; Reg E (consumer) for FI | 60 days consumer / 2 days commercial | Reverse the credit; loss is yours |
| SEPA SDD | Consumer's bank | 8 weeks unconditional / 13 months unauth | Funds clawed back automatically |
| PIX | MED (devolução especial) | ~80 days for fraud claims | BACEN-governed; narrow grounds |
| UPI | NPCI ODR / RBI dispute resolution | Generally short | PSP-mediated |
| FPS | Voluntary CRM Code + PSR mandatory APP reimbursement | ~13 months | Mandatory reimbursement of APP fraud since Oct 2024 |
| SCT Inst | Recall request; beneficiary consent | Limited | Generally not reversible without consent |
| Wire (Fedwire, CHAPS, SWIFT) | Recall request; beneficiary consent | n/a | Generally not reversible |
| Stablecoin | None on-chain; off-chain civil only | n/a | None |