Why Payment Processors Like Stripe, PayPal, and Braintree Don't Solve FSA/HSA Acceptance
Stripe, PayPal, Braintree, and other processors move money—but without SIGIS/IIAS compliance, they can't make FSA/HSA acceptance work. Here's why merchants face declines, IRS fines, and substantiation headaches, and what to do instead.
15 minute read
Why Payment Processors Like Stripe, PayPal, and Braintree Don't Solve FSA/HSA Acceptance
If you're a telehealth or e-commerce merchant, you're probably running on a modern processor like Stripe, PayPal, or Braintree. They make it easy to accept Visa, Mastercard, and digital wallets.
But here's the catch: when it comes to FSA and HSA cards, processors alone don't work.
Without SIGIS/IIAS compliance, you'll quickly run into problems:
Declines at checkout when eligibility can't be confirmed.
Illegal approvals that put consumers and merchants at risk of IRS fines.
Manual substantiation requests (receipts, doctor's notes) because processors don't connect to benefits administrators.
In this guide, we'll break down:
How FSA/HSA card compliance really works
What SIGIS and IIAS are, and why they matter
Why processors like Stripe, PayPal, and Braintree fall short
The risks merchants face when relying on processors alone
The two real solutions: IIAS compliance or reimbursement-first
How FSA/HSA Cards Work
FSA and HSA cards look like standard debit cards, but they're governed by IRS rules:
Eligible spend only. Funds can be used only on IRS-approved healthcare products/services.
Auto-substantiation required. Every transaction must be automatically validated at checkout.
Manual substantiation fallback. If auto-substantiation isn't possible, consumers must upload receipts or LMNs manually.
That means running FSA/HSA cards through Stripe or PayPal without IIAS logic leads to declines—or worse, approvals that violate IRS rules.
SIGIS & IIAS: The Hidden Gatekeepers
SIGIS
Special Interest Group for IIAS Standards (SIGIS): the governing body that manages merchant certification.
IIAS
Inventory Information Approval System (IIAS): verifies items in a cart against eligibility databases.
If 100% eligible → approved.
If not → declined.
Certification Options
IIAS Merchant Certification
Requires SIGIS-certified POS or TPS provider.
Demands SKU mapping, audits, and processor support.
90% Rule Certification
If 90%+ of sales are eligible, you can skip SKU checks.
Mostly applies to brick-and-mortar pharmacies.
Why Stripe, PayPal, and Braintree Don't Solve This
These processors can move money—but they don't provide the compliance logic required for FSA/HSA.
1. Declines Aren't the Only Risk
Without IIAS, most transactions on Stripe, PayPal, or Braintree decline.
Worse: when they do go through, they may be non-compliant—exposing consumers and TPAs to IRS penalties.
2. Manual Substantiation Headaches
Since processors don't pass SKU-level data to TPAs, consumers get flagged for receipt uploads and LMN paperwork.
This frustrates customers and reduces FSA/HSA utilization.
3. Subscriptions Are Off-Limits Without IIAS
IRS rules forbid recurring FSA/HSA charges unless auto-substantiated via IIAS.
Telehealth subscriptions or refills will decline—or require receipts—if processed directly through Stripe or Braintree.
4. Mixed-Cart Failures
A cart with both eligible and ineligible items usually declines in full.
Neither PayPal nor Stripe can split-cart logic without IIAS.
The Merchant Risks of Relying on Processors Alone
Merchants that rely only on processors face:
Lost revenue from declined transactions.
IRS compliance risk from illegal approvals.
Customer frustration from substantiation requests.
Subscription churn because recurring FSA/HSA charges aren't supported.
Your Real Options
Option 1: Achieve IIAS Compliance
Pros: Compliant at checkout, approvals happen in real time.
Cons:
Requires SKU mapping and audits
Costly and time-consuming
Doesn't work for subscriptions or bundled services
Not every processor (including PayPal or Stripe) integrates IIAS natively
Option 2: Go Reimbursement-First
Platforms like Burst take a reimbursement-first approach:
Shopper pays with any method—credit, debit, Apple Pay, PayPal.
Eligible spend is flagged post-purchase.
Funds are reimbursed automatically from the FSA/HSA account.
Why it's better:
100% IRS-compliant (no illegal approvals).
Subscriptions reimbursed automatically.
Mixed carts handled seamlessly (eligible items reimbursed, others not).
No SKU mapping or POS rewiring.
Customers never see substantiation requests.
Comparison Table
Feature | Stripe / PayPal / Braintree | IIAS-Compliant Merchant | Reimbursement-First (Burst) |
|---|---|---|---|
Declines | ❌ Frequent | ✅ Reduced | ✅ None |
IRS compliance risk | ❌ High | 🟡 Low | ✅ Low |
Manual substantiation | ❌ Required | 🟡 Only once | ✅ None |
Subscriptions supported | ❌ No | 🟡 With auto-substantiation | ✅ Yes |
Mixed-cart handling | ❌ Declines | ❌ Declines | ✅ Eligible reimbursed |
Setup complexity | Low (but fails) | High (audits, SKU work) | Low (days to weeks) |
Conclusion
Payment processors like Stripe, PayPal, and Braintree are great at moving money. But without SIGIS/IIAS compliance, they can't make FSA/HSA acceptance actually work.
That leaves merchants with two choices:
Go through the long, costly road of IIAS certification.
Or choose a reimbursement-first model like Burst—compliant by design, subscription-friendly, and built for modern e-commerce and telehealth.
If you're betting on pre-tax healthcare dollars as a revenue stream, don't assume your processor has you covered. You need compliance—or a partner that abstracts it away.
