Last year, we wrote about the great regulatory rollback that defined 2025: a neutered CFPB, BNPL regulations reversed before the ink dried, and a crypto market emboldened by a White House that finally had its back. If 2024 was the year of the regulatory crackdown, 2025 was the year Washington put the brakes on.
So, what is 2026? We might call it the year of the counterpunch.
Federal enforcement may still be light, but the battlegrounds have shifted. Merchants are pressing hard on swipe fees through a revived bill with rare bipartisan teeth. A landmark stablecoin law is working its way through implementation. State capitals are writing rules that Washington won’t. And there’s a quiet regulatory wildcard that’s easy to miss: AI-powered payment decisions are drawing fresh scrutiny, even as agencies gut their staff.
For payment processors, POS providers, and the merchants they serve, the landscape hasn’t gotten simpler—it’s just gotten different. Here’s what to watch in 2026.
The Credit Card Competition Act Gets Serious
As we’ve discussed for years now, the Credit Card Competition Act (CCCA) was a perennial also-ran; it was serious enough to make headlines, but could never pass muster. The Durbin-Marshall bill would require banks with over $100 billion in assets to give merchants a choice of routing networks beyond just Visa and Mastercard every time a credit card is swiped. In January 2026, it was reintroduced with renewed bipartisan support. Then President Trump posted his endorsement on Truth Social, calling swipe fees “out of control ripoffs.” Suddenly, the bill feels like a much stronger prospect.
Source: St. Louis Federal Reserve
The numbers back up consumers’ frustration. In the US, Visa and Mastercard credit card swipe fees hit a record $65 billion in 2025, and worldwide swipe fees across credit and debit topped $198 billion. The average rate has crept from 2% to 2.36% over fifteen years, and premium rewards cards, now the majority of transactions, routinely run 3% to 4%.
The CCCA wouldn’t cap those fees directly. Instead, it would force routing competition—the same model applied to debit cards by the Durbin Amendment—and let market pressure theoretically bring rates down. Critics argue it would hollow out rewards programs and disrupt fraud protection infrastructure. Supporters, including most of the merchant community, say it’s long overdue.
For payment processors and POS providers, this one is worth watching closely. A routing competition mandate wouldn’t just affect card issuers; it would ripple through the entire payment ecosystem.
The GENIUS Act: Crypto’s Coming-Out Party for Payments
One year ago, paying for something in stablecoins was still a fringe concept. That changed in July 2025, when President Trump signed the Guiding and Establishing National Innovation for U.S. Stablecoins Act—the GENIUS Act—into law. It was the first federal law to create a comprehensive regulatory framework for payment stablecoins, and it was a bigger deal than many merchants and payment firms initially realized.
Here’s the short version: the GENIUS Act defines what a payment stablecoin is, specifies who can issue one, requires 100% reserves in high-quality assets (think cash and short-term Treasuries), and explicitly removes stablecoins from the securities and commodities frameworks that have caused so much regulatory and adoption paralysis for crypto. The OCC has already granted national trust bank charters to Circle, Paxos, and others. Implementation regulations are still being finalized, but the industry is moving fast.
The downstream effect for payments is significant. Industry analysts project stablecoins could represent 3% of all US dollar payments in 2026, rising to 10% by 2031. A major payment processor has already launched stablecoin support for subscription payments. Major card networks have introduced fiat-to-stablecoin payout options. Banks are building their own permissioned stablecoins for institutional settlement.
None of this replaces traditional card processing tomorrow. But it does signal that stablecoins are graduating from a crypto curiosity into a legitimate payment rail—one that processors and POS platforms will eventually need to support.
Quiet CFBP Leaves a Vacuum
The story of the CFPB didn’t change much from 2025 to 2026: the agency finished 2025 having concluded just one enforcement action all year. Its headcount has been slashed, its rulemaking calendar gutted, and the BNPL and open banking initiatives that were the hallmarks of the Chopra era have either stalled or been formally withdrawn.
States are filling the void fast. New York moved quickly to pass its own BNPL Act—one of the first state-level frameworks to regulate Buy-Now-Pay-Later products after federal rules were dropped. Expect more states to follow. California, Illinois, and Massachusetts have each shown interest in local payment regulation, and the patchwork of state rules may eventually create more compliance complexity than a single federal regime ever would have.
There’s also the open banking question. The CFPB’s Section 1033 rule—which requires financial institutions to share consumer financial data with authorized third parties—remains technically on the books, with compliance deadlines still in play for 2026. The industry is watching closely to see whether the CFPB enforces those deadlines or quietly lets them slide.
For fintechs and payment platforms, the lesson isn’t that the rules are gone. It’s that the rules are multiplying at the state level, and keeping track of them requires real effort.
AI in Payments: The Compliance Blind Spot
Here’s one that often gets overlooked amid the bigger headlines: regulators haven’t stopped watching AI-powered payment decisions, even as enforcement of everything else has softened. The CFPB and FTC have both signaled that AI-driven credit decisions, fraud scoring, and underwriting models are held to the same Fair Lending, UDAAP, and adverse action standards as any other decision tool. Algorithms don’t get a pass.
In practice, this means that fintechs and payment companies using machine learning for anything from chargeback predictions to credit approvals need to be able to explain their models. “The algorithm decided” is not a compliant explanation for denying someone an account or flagging a transaction. The regulatory standard is explainability and non-discrimination—even when the underlying system is a black box.
This is a relatively new compliance surface area, and many smaller payment firms haven’t fully mapped it yet. As AI tools become standard infrastructure in the payments stack, expect this issue to surface more and more.
COCARD: Tracking What Matters
2026 is shaping up to be a consequential year for payments regulation; not because of sweeping federal action, but because of the convergence of a half-dozen slower-moving forces that are finally reaching critical mass at once.
Swipe fees are under political pressure from an unlikely bipartisan coalition. Stablecoins have a legal framework, and major institutions are building on it. States are writing their own regulatory playbooks as the federal government takes a step back. And just about every government, voter, and company has a strong opinion on how to regulate AI.
At COCARD, we’ve navigated enough regulatory cycles to know that the right move is never to wait and see. It’s to stay informed, stay adaptable, and make sure your payment infrastructure is built on solid ground, regardless of which way the political winds blow. Whether you’re a merchant trying to understand what the Credit Card Competition Act might mean for your processing costs, or a business exploring new payment rails, we’re here to help you make sense of it.
If you’d like a partner who knows the payments landscape inside and out, reach out to COCARD today.