Accepting cryptocurrency can be a great way to meet customers where they already are - especially if you run an online business with a tech-savvy audience or you sell internationally.
But before you add a “Pay With Crypto” button at checkout, it’s worth doing a quick legal and operational check. Crypto payments touch a few areas at once: consumer law, privacy, tax, marketing, and (in some cases) anti-money laundering obligations.
This guide is updated to reflect the way NZ regulators and banks are currently looking at digital payments, and the kinds of legal issues we’re seeing for online businesses right now. Let’s break down what you need to know so you can accept crypto confidently - and protect your business from day one.
What Does It Mean To Accept Cryptocurrency In Your Online Business?
When people say “accept cryptocurrency”, they usually mean one of two things:
- You accept crypto directly (e.g. Bitcoin, Ethereum, stablecoins) into a wallet you control, and you keep it as crypto; or
- You accept crypto via a payment provider that converts it into NZD (or another fiat currency) and pays you out in cash.
They can feel similar to the customer (they pay in crypto either way), but they’re very different for you behind the scenes.
Option 1: Direct Wallet Payments (You Hold The Crypto)
This model usually involves showing a wallet address or QR code at checkout, or using a checkout plugin that routes payments into your wallet.
It can be cheaper and more “crypto-native”, but it’s also where you’re more exposed to:
- price volatility (crypto values can change quickly);
- transaction errors (e.g. customer sends the wrong amount or on the wrong network);
- operational risk (wallet security, key management, staff access); and
- dispute handling complexity (refunds and chargebacks don’t work the same way).
Option 2: Payment Processor (Crypto-In, NZD-Out)
Here, a third-party provider sits between you and the customer. They accept the crypto, handle the exchange, and settle you in NZD.
For many small businesses, this is the simplest way to start, because it can:
- reduce your exposure to volatility;
- make accounting and tax reporting easier; and
- reduce custody/security risk (you’re not holding the crypto yourself).
That said, you’ll still need to get your customer-facing terms and compliance settings right, because you’re the seller - and the customer will look to you if something goes wrong.
So Is Crypto A “Legal Payment Method” In NZ?
In New Zealand, crypto isn’t “legal tender” in the same way as NZD, but it can still be used as a payment method if both parties agree. In practice, it’s similar to accepting an alternative payment mechanism - but with extra wrinkles (especially around refunds, price displays, and identity/scam risk).
If you’re at the stage of deciding whether crypto suits your business model, this overview on accepting cryptocurrency is a helpful starting point for thinking through your setup.
How Do You Set Up Crypto Payments (Without Creating Legal Headaches)?
Setting up crypto payments is partly a tech decision, but your legal foundations matter just as much. The goal is to avoid a situation where customers are confused, payments are disputed, or your business ends up wearing losses because the rules weren’t clear.
1) Decide What You’re Actually Selling (And Where Your Customers Are)
Crypto payments make the most sense when:
- you sell digital products or online services;
- you sell to international customers (and want to reduce card fees/currency friction);
- your customers expect it (e.g. Web3 communities); or
- you’re building a brand that aligns with crypto innovation.
If you sell physical goods in NZ, crypto can still work - but you’ll want extra clarity around delivery, refunds, and customer support expectations.
2) Choose A Checkout Model That Matches Your Risk Appetite
As a general rule:
- If you want simplicity, consider a provider that converts to NZD on payment.
- If you want full control and are comfortable managing wallets, direct payments might suit - but you’ll need stronger processes.
Either way, don’t skip the “boring” parts: records, confirmations, and customer communication. That’s where most disputes start.
3) Build In Customer “Proof Of Payment” And Order Confirmation
Unlike card payments, crypto transactions can be:
- slow to confirm (depending on the network and congestion);
- irreversible; and
- harder for customers to understand when something goes wrong.
At checkout, make it clear:
- when an order is considered “paid” (e.g. after 1–3 confirmations);
- what happens if the customer underpays/overpays; and
- what information they must provide if there’s an issue (transaction hash, wallet address used, timestamp).
4) Make Sure Your Data Collection Still Makes Sense
If you’re collecting extra information to manage crypto payments (e.g. wallet addresses, transaction IDs, or identity details for risk checks), treat it like customer data - because it is.
That’s where your Privacy Policy and internal handling processes become important, especially if you’re storing payment-related information alongside names, emails, addresses, or order histories.
What Laws Apply When You Accept Crypto In NZ?
Accepting crypto doesn’t remove your existing legal obligations - it just changes how some of them play out in practice.
Here are the key NZ legal areas most online businesses should think about.
Consumer Law Still Applies (Even If You’re Paid In Crypto)
If you sell goods or services to consumers in NZ, you’ll still need to comply with:
- Fair Trading Act 1986 (misleading claims, pricing, representations); and
- Consumer Guarantees Act 1993 (guarantees around acceptable quality, fitness for purpose, and remedies).
This matters because some businesses mistakenly think “crypto payments are final” means “no refunds”. That’s not how consumer law works. If a product is faulty or you misrepresented it, the customer may still have legal rights - regardless of the payment method.
Pricing And Advertising: Be Careful With What You Promise
Crypto marketing can become risky when businesses:
- display prices in a way that’s confusing (e.g. “0.01 BTC” without explaining what happens if BTC moves before settlement);
- suggest customers will “save money” without a clear basis; or
- make overconfident statements like “guaranteed anonymous” or “no refunds ever”.
As a simple approach, many businesses show prices in NZD and let the checkout calculate the crypto equivalent at the time of payment, with a short time window. Whatever approach you choose, make sure the customer understands the price and the process before they pay.
Tax And Accounting: Treat Crypto Like A Real Payment (Because IRD Will)
Crypto is not “off the books”. You’ll need to keep proper business records just like you would for card payments.
Common tax and accounting questions include:
- Income recognition: when do you treat a crypto payment as received (at transaction time, at confirmation, at conversion)?
- GST: whether GST applies depends on what you’re supplying and who you’re supplying it to (not the payment method).
- Exchange rate: if you accept crypto and keep it, there may be gains/losses when you later convert or use it.
It’s worth speaking with your accountant early so your invoicing, reporting, and inventory systems line up with the way you’re taking payment. If you later get audited, clean records are your best friend.
Under the Privacy Act 2020, “personal information” is broadly defined - and in many contexts, a wallet address can be linked to an identifiable person (especially when combined with order details, emails, shipping addresses, or analytics).
If you operate online, you should think about:
- what customer information you collect during checkout;
- where you store it (and for how long);
- who you share it with (e.g. payment providers, fulfilment partners); and
- what you do if there’s a privacy incident.
Most online businesses also need to consider cookies and tracking, particularly if you’re using marketing pixels or behaviour analytics - a Cookie Policy can help you set expectations clearly.
Anti-Money Laundering (AML/CFT): It Depends On Your Business Model
Many online retailers who simply accept crypto as payment for ordinary goods/services will not automatically become “reporting entities” under New Zealand’s AML/CFT regime.
However, AML/CFT risk can become relevant if your business model starts to look like:
- operating an exchange or brokerage;
- holding or transferring crypto on behalf of customers (custody-like services);
- issuing or facilitating certain stored value/payment products; or
- high-value transactions with unusual patterns.
This is one of those areas where the details really matter. If you’re doing anything beyond straightforward “customer buys your product, pays in crypto”, it’s smart to get tailored legal advice before you launch.
What Should Your Website Terms, Refunds And Customer Communications Say?
This is where you can save yourself a lot of time, stress, and customer complaints later. The more clearly you explain how crypto payments work, the less likely you’ll end up in a messy dispute.
For most online businesses, your legal “must-haves” include:
- website terms / online store terms;
- refund and returns settings (and how they interact with crypto);
- privacy disclosures; and
- marketing compliance (especially email/SMS).
Putting proper eCommerce Terms and Conditions in place is a straightforward way to cover the practical issues customers will ask about at checkout.
Crypto-Specific Clauses To Consider
Every business is different, but you’ll often want your terms to address:
- Exchange rates and timing: how the crypto amount is calculated, and how long the quoted amount is valid for.
- Network fees: who pays transaction fees, and what happens if fees mean you receive less than the invoice total.
- Payment confirmation: when you treat the order as paid and when you dispatch/deliver.
- Incorrect payments: what happens if the customer sends the wrong token, to the wrong address, or on the wrong network.
- Refund method: whether refunds are paid in NZD, the same cryptocurrency, or another agreed approach (and how the refund value is calculated).
- Fraud screening: your right to cancel/refund if you suspect fraud or unlawful activity (used carefully and fairly).
One practical tip: if you say “refunds are in NZD”, make sure the customer sees that before they pay. This is where clarity helps prevent complaints like “I paid in BTC and you refunded less”.
Returns And Refunds: Don’t Overpromise (And Don’t Assume “No Refunds”)
Some online businesses try to solve crypto complexity by stating “all crypto payments are final”. That approach can create legal risk if it conflicts with consumer guarantees or if it’s misleading in context.
A better approach is usually:
- be clear about your standard change-of-mind policy (if any);
- separately explain what happens for faulty goods/services (where consumer remedies may apply); and
- explain the mechanics of refunds for crypto payments (currency, timing, fees, proof of wallet ownership).
If you run subscriptions or recurring services, also think carefully about cancellation and renewal terms - crypto can make it harder to “reverse” a mistaken renewal unless your processes are tight.
Email And SMS Marketing: Make Sure You Still Have Consent
Businesses that accept crypto often grow through community marketing, waitlists, and product drops - which usually means email and SMS campaigns.
Even if you’re targeting overseas customers, you should still take care with consent, unsubscribe mechanisms, and truthful messaging. It’s also important that “pay with crypto” messaging isn’t used in a way that misleads customers about pricing or savings.
Keeping your marketing compliant with email marketing laws is a simple way to reduce risk while you scale.
What Risks Should You Manage (Volatility, Scams, Chargebacks And Disputes)?
Crypto can be a competitive advantage - but it comes with risks that don’t exist (or don’t exist in the same way) for card payments.
The good news is most of these risks are manageable with clear processes and the right legal documents.
Volatility Risk (And How To Keep It From Eating Your Margin)
If you accept crypto and hold it, your revenue can move up and down after the sale. That can be fine if you’re comfortable with it - but it can also quietly wipe out your profit margin.
Common ways businesses manage this include:
- converting to NZD immediately through a provider;
- using stablecoins (still with its own risks and considerations); or
- setting short payment windows (e.g. “amount valid for 10 minutes”).
Whatever approach you choose, match your customer terms to your operational reality so you don’t end up in a dispute about which exchange rate applies.
Scams, Impersonation And Fake “Support Requests”
As soon as you accept crypto publicly, it’s common to see impersonation attempts - scammers pretending to be your staff, asking customers to send payments to a different address, or creating fake social accounts offering “discounts”.
To protect your brand and your customers:
- publish one official payment process (and stick to it);
- train staff never to send wallet addresses over DMs unless your process allows it;
- keep a clear customer support channel; and
- consider a short “how to pay safely” section on your checkout page.
This is also where having clear terms and a consistent paper trail helps, because you can quickly show what your official process is if a dispute arises.
Disputes And Chargebacks: Different Problem, Different Solution
Traditional card payments have chargebacks. Crypto generally doesn’t. That can reduce some fraud risk - but it also changes how customers react when something goes wrong.
Instead of a chargeback, you may see:
- public complaints (reviews, social media);
- payment disputes based on “I sent it but you didn’t deliver”; or
- confusion about refunds when exchange rates move.
Clear order confirmations, shipping notifications, and dispute processes matter even more when the payment itself can’t simply be reversed.
Privacy And Data Security
If you’re collecting wallet information alongside customer identifiers, treat it like sensitive operational data.
Practically, that means:
- only collecting what you need;
- restricting staff access;
- choosing reputable plugins/providers; and
- documenting how you’ll respond to data incidents.
If you’re not sure what your online business needs to publish, a good starting point is whether a privacy policy on your website is required based on what you collect and how you use it.
Cross-Border Sales And “Where Are My Customers?”
Online businesses often sell internationally, and crypto can make cross-border purchasing easier. But cross-border sales can also introduce:
- different consumer protection expectations in other countries;
- tax complexity (especially for digital services); and
- additional compliance requirements depending on how you target customers.
That doesn’t mean you can’t sell internationally - it just means you should be deliberate about your terms, delivery rules, and customer support expectations. It’s also worth stepping back and confirming your broader compliance plan for your business model, including what laws businesses have to follow in the first place.
Key Takeaways
- Accepting cryptocurrency usually means either taking crypto directly into your own wallet or using a provider that converts to NZD - and the legal/operational risks differ depending on which model you choose.
- NZ consumer law still applies even if a customer pays in crypto, so you should be careful about “no refund” claims and make sure your returns and remedy processes are clear.
- Your pricing, advertising, and checkout flow should clearly explain exchange rates, timing, fees, and when an order is treated as “paid”, so customers aren’t misled.
- Crypto payments can involve personal information (like wallet addresses when linked to orders), so you should align your data handling with the Privacy Act 2020 and publish a suitable Privacy Policy.
- Tax and accounting still apply - keep clean records, decide how you’ll value crypto receipts, and speak to your accountant early so your reporting matches your payment setup.
- The biggest practical risks are volatility, scams/impersonation, and disputes - strong processes and tailored website terms will help protect your business from day one.
If you would like help setting up the right legal foundations for accepting crypto in your online business - including tailored website terms, privacy wording, or a review of your payment model - you can reach us at 0800 002 184 or team@sprintlaw.co.nz for a free, no-obligations chat.
