Navigating the complexities of in-app payments

Meera Navale, Associate Economist at CMSPI, sheds light on the specifics of in-app payments to help merchants better understand the intricacies of in-app commerce. 

In-app payments (IAP) are no longer a convenience; they have evolved into a baseline expectation for consumers. While the fundamentals have been around for a while, IAPs are in a phase of rapid growth, and pressures of user experience, regulation, business model shifts, and emerging payments technologies are transforming how customers pay in-app. In the US alone, IAP revenue reached USD 52.4 billion in 2024. Globally, that number reached USD 150 billion, with a YoY growth of 12.5%. While mobile gaming accounts for nearly half of total global in-app spend, categories like streaming subscriptions, social media apps like TikTok, and even dating apps are seeing rapid growth.

What looks like a simple click-to-pay button hides a complex web of processors, token service providers, issuers, acquirers, and wallet operators. Each introduces its own costs, operational nuances, and compliance pressures, amplified by the app environment. To navigate that complexity, it helps to focus on three key tender types that behave differently when transacted in-app: card-on-file, digital wallets, and account-to-account (A2A). Understanding these nuances is key for merchants who want to optimise routing and maintain high approval rates, while facilitating a top-tier user experience.

Card-on-file: the engine of in-app commerce

Card-on-file transactions form a crucial segment of in-app commerce for merchants of all business models. From subscription services or recurring billing to one-time purchases of goods, stored credentials can make payments fast, predictable, and frictionless for customers.

One of the biggest challenges in managing card-on-file payments in-app is credential maintenance. Cards can expire or be reissued for several reasons, and underlying accounts can be closed. Without automated credential management through account updater services or network tokenization, merchants risk declines and customer retention losses. Success can vary even when such methods are used – based on provider capabilities, as well as across issuers and regions–, ultimately leaving merchants to handle the lower approval rates and manual retry costs. Without an optimal payment-retry strategy, mounting fees associated with each new authorisation request may increase merchant costs while decreasing approval rates.

Consistency across different channels poses another major challenge. A customer may have a card saved in a merchant’s website, a separate token stored in their app, and varying in-store purchasing habits. Without centralised credential vaulting, merchants can lose visibility into customer behaviour and identity across channels, making it difficult to track spend patterns or decline reasoning.

Digital wallets and tokenization

Card-backed digital wallets like Apple Pay, Google Pay, and Samsung Pay, as well as local alternatives in other markets, have completely shifted the checkout process. With their convenience and device-level security measures, digital wallets have grown significantly in use over the last decade alone – especially in-app, where biometric authentication can be seamlessly integrated. From a merchant perspective, however, these tokenized payments can introduce a layer of complexity around routing and reduce transparency for merchants.

When a customer transacts with a digital wallet, the underlying card’s Bank Identification Number (BIN) is replaced with a token BIN, often issued by the network. This process is intended to enhance transaction security by preventing other parties in the flow from seeing the true card number. This security can come at a cost: once tokenized, the merchant may have reduced visibility into the card’s underlying attributes. Characteristics such as card type, regulation, and available networks badged on cards may be hidden along with the original BIN. Without access to the latest information on network availability, this may inhibit a merchant’s ability to implement least cost routing strategies to reduce acceptance fees.

Account-to-account and stored-value systems

Account-to-account (A2A) payments and Open Banking frameworks are increasingly popular, allowing customers to pay merchants directly from their bank accounts and bypass card networks completely. These transactions may settle in real time and have a lower cost associated for merchants to accept. From a customer perspective, the security of A2A payments often involves biometric or two-factor authentication within the bank’s app, the same verification methods customers already trust to log into their bank accounts.

This model does have its own challenges, the most notable of which surrounds the need for a structured chargeback and dispute framework. If a customer contests a transaction, A2A providers may not offer the same level of support as credit card charge disputes, leaving the burden on merchants to resolve. This is largely why CMSPI’s 2025 State of the Industry Report ranks Pay by Bank payments lower than card payments in error resolution frameworks.

User experience, especially for one-time purchases, also poses challenges. Due to its direct bank authentication, some providers require users to manually enter credentials, effectively slowing down their checkout process through redirections from the main checkout page.

One creative area in which merchants are leveraging A2A frameworks is integrating them within stored-value systems. These operate on a closed-loop model, whereby merchants control both the issuing and redemption ends of the transaction. These solutions may encourage pre-loading funds within the app, allowing merchants to pay fees only once the funds are added rather than at every purchase. As a result, stored-value balances can be associated with reduced payments costs. Additionally, a closed-loop structure could enable complete data visibility for merchants, along with quicker settlement times.

Although potentially cost-efficient, operating stored-value systems can be highly resource-intensive. The merchant facilitating this service may need to act effectively as a bank for customer funds, which can require additional licences, risk management frameworks, and compliance oversight mirroring those of financial institutions.

Final takeaways

On the surface, IAP can seem convenient and frictionless for customers; however, for merchants trying to optimise their payments acceptance, a comprehensive IAP strategy must reflect their unique risk considerations, performance levers, and cost structure nuances. As the environment evolves, leading merchants are increasingly treating IAP as a distinct optimisation area within their broader payments strategy.

 

About the author

Meera Navale is an Associate Economist at CMSPI, where she delivers data-driven insights that inform smarter payments decisions for leading global merchants. Her specialisms include analysing trends in local and alternative payment methods, regulatory impacts, and competitive network dynamics across international markets.

 

 

About CMSPI

CMSPI is a global payments advisory that helps the world’s leading merchants optimise their payments strategy. We combine expert consulting, market visibility, and proprietary analytics to uncover hidden inefficiencies, deliver high-impact savings, drive sales growth, and develop world-class payment strategies.