What are the Risks of Becoming Your Own Payment Facilitator?

Offering payment acceptance and processing to clients is a great way to boost engagement and sales. However, payment facilitation brings a significant burden.

If you’re an ISV or SaaS platform, offering payment acceptance functionality to your clients is essential to boosting engagement. You’ll incentivize greater product adoption and boost sales by offering a complete product suite.

However, becoming a payment facilitator is a complicated process that might create more problems than it solves.

In this article, you’ll learn all about the risks inherent to becoming a payment facilitator, along with the following:

• What is a payment facilitator?

• The laws that apply to payment facilitators

• The 5 risks of becoming a payment facilitator

What is a payment facilitator?

A payment facilitator, also called a PayFac, simplifies payment acceptance by offering the infrastructure required to accept various forms of payment from customers. 

For instance, a SaaS platform that helps accountants manage their business can build or integrate a PayFac and offer payment acceptance options to its clients. The platform monitors transaction flow and conducts fraud checks through its PayFac module.

ISVs and SaaS platforms can become payment facilitators by applying and following payments-related laws. PayFacs typically oversee client onboarding, payment risk management, and underwriting. 

The payment facilitation model helps software platforms monetize payments and add a revenue stream. The service also improves customer experience and adds value to a product suite.

 

 

Which laws are relevant to payments?

Every payment facilitator must monitor platform transactions to comply with several laws. Payment laws worldwide tend to follow the model established in the United States. Given the electronic nature of payment acceptance, data privacy laws also apply, and these largely follow the European Union’s GDPR standards.

Here are a few examples of laws with which payment facilitators must comply:

• BSA/AML laws – These laws ensure client transactions do not involve money laundering or fund illegal activities. A PayFac must flag suspicious transactions and initiate corrective action. Failure to do so could leave PayFac liable for penalties.
• FCRA – Payment facilitators pull client credit reports during the underwriting process and are subject to credit reporting laws as defined by the FCRA. Even declined applications must be documented along with reasons for rejection.
• EFTA and ROSCA – Billing, payment, and subscription services must comply with these laws that protect consumer rights when charging for services. PayFacs that do not comply will face severe penalties.
• Card brand rules – Every card brand requires payment facilitators to comply with several standards. These cover chargeback management, dispute resolution, and many other activities.

In addition to these laws, data privacy laws such as GDPR, PCI-DSS, and CCPA apply to data storage and handling procedures. Non-compliance is taken seriously by the authorities, with heavy penalties enforced if you violate these laws. These laws cover a wide range of digital payment processing related standards.

Here is a quick summary of the actions that payment facilitators must avoid and monitor on their platforms:

• Enabling a client to defeat chargebacks
• Clearing funds for clients who obtained resources through illegal means
• Assisting (intentionally or not) clients in avoiding card brand rules and standards
• Failure to monitor clients placed in high-risk card brand lists
• Enabling clients to use a less-monitored or non-compliant payment method
• Failure to investigate consumer complaints
• Failure to monitor clients found guilty of breaching Federal or State laws
• Failure to enforce updated card brand or government laws related to payments and AML

5 risks of becoming your own payment facilitator

Legal and regulatory standards pose just some of the risks that payment facilitators face. Here are the most critical risks you must mitigate should you decide to become your own payment facilitator.

• Poor ROI on payment infrastructure
• Lengthy approval times
• Non-compliance risk
• Underwriting and fraud risks
• Mismatch between the acquirer and your goals

1. Poor ROI on payment infrastructure

A common mistake ISVs and SaaS platforms make when becoming a payment facilitator is underestimating infrastructure requirements. While technical infrastructure is complicated, that’s the easy bit. Building processes and compliance workflows are tough tasks.

Here is a rough list of the costs you’ll incur:

• Upfront engineering and maintenance costs – $500,000
• Ongoing costs – $100,000 per year
• Level 1 PCI Compliance and EMV Certification – $50,000 minimum
• Platform development costs – $500,000 minimum
• Card network costs – $150,000 each for four networks for a total of $600,000
• PCI compliance costs – $250,000 per year
• Data privacy processes and platforms – $300,000 per year
• Employee costs – $300,000 per year
• Customer support costs – $200,000 per year
• PayFac registration renewal – $10,000 per year
• Engineering, security, and maintenance – $150,000 per year

 In short, you must process large transaction volumes to make payment facilitation a worthwhile expense. Thus, before going down the payment facilitation route, ask yourself whether you’re prepared to invest such significant sums in non-core business areas.

2. Lengthy approval times

While financial ROI can be low when you decide to become a payment facilitator, lengthy approval times add an even more significant barrier that is tough to overcome. Software development typically takes four to six months, assuming you can seamlessly build and test all features.

However, you’ll still have to wait once your platform is built since other parts of the payment facilitation application process take even longer. Connecting to payment processors can take 18 to 24 months, depending on your development team’s skill.

Note that you can test certain features of your merchant dashboard only once you’ve connected to payment processors and begin receiving test data. These processes add more time. 

On the business side, you’ll have to develop a relationship with an acquiring bank and receive approvals. This process can take anywhere from three to six months. You’ll have to submit a mountain of paperwork since the bank will have to run risk checks on your processes.

Before applying for an account with an acquiring bank, you must install underwriting processes and document onboarding plans. It’s safe to say becoming a payment facilitator is a highly complex and resource-intensive process.

3. Non-compliance risk

Compliance lies at the heart of payment facilitation. While your technical resources matter, none of them can function if they’re non-compliant. Setting up a compliance department is a tough task. You must first educate yourself regarding the latest laws and build systems that comply with them.

This means hiring compliance experts and building workflows that ensure you aren’t unintentionally aiding money laundering or the other payments-related laws you learned in the previous section.

The penalties for non-compliance are high. However, the loss of brand reputation is far more fatal in these cases. You’ll find it hard to attract clients to your platform if found guilty of violating any data privacy or financial crime laws.

4. Underwriting and fraud risks

Payment facilitation combines money and technology. The presence of hackers and fraudulent activity that seek to undermine trust in the system should be unsurprising. Payment facilitators are routinely the target of unscrupulous actors looking to steal funds.

Fraud occurs in various forms. One of the most common forms of fraud is falsifying applications. A client might enter false information and use your platform to conduct chargeback fraud. In this case, you are just as liable as the client if your compliance systems did not reveal suspicious charge patterns.

There are other risks as well. For instance, you could be hit with a data breach, like BlueSnap back in 2016. In that incident, a hacker posted partial credit card and CVV numbers of 324,000 people on Twitter. 

These days, such incidents carry hefty penalties that can cripple your business. Thanks to GDPR and CCPA laws, you cannot brush aside such incidents and carry on as normal.

5. Mismatch between the acquirer and your goals

There is no shortage of acquiring banks to whom you can apply to become a payment facilitator. However, the processes at each bank can be very different from each other. Some banks have multiple products for fund settlement.

Other acquirers might require exclusivity and offer prices based on prior relationships. Some acquirers offer to take on traditional payment facilitation responsibilities such as 1099-K filings and escheat reporting in the case of unclaimed funds.

You must also consider your acquirer’s experience in your sector since this affects terms such as payment frequency, seasonality, etc. There are several other issues where acquiring bank processes differ. For instance, ACH deposit processes vary between banks. In some cases, banks might withhold fees from settlement and deposit them into your account.

Conclusion

There are many risks to becoming your own payment facilitator. If you anticipate processing a large volume of transactions and have the resources to support a complex payments infrastructure, this option might be right for you.

Alternatively, you can use payment-facilitation-as-a-service solutions to help you offer payment acceptance instantly to your customers.

Curious about how you can monetize payments and reap the benefits of payment facilitation without the high costs or lengthy approval times? Get in touch with us.

FAQs

1. What are the risks of becoming your own payment facilitator?

There are five primary risks of becoming your own payment facilitator. They are:

1. Poor ROI on payment infrastructure
2. Lengthy application and approval times leading to wasted resources
3. Non-compliance penalties
4. Underwriting and fraud risk
5. A mismatch between the acquirer and your goals

These risks lead to potential brand reputation loss and a drain on your resources.

2. What are some of the compliance-related laws PayFacs must follow?

Payment facilitators must follow several laws. Here are a few with which they must comply:

• BSA/AML laws
• Fair Credit Reporting Act laws
• EFTA and ROSCA – For billing, payment, and subscription services 
• Card brand rules
• GDPR and CCPA – data privacy
• PCI-DSS – Card industry data compliance laws

In addition, PayFacs must comply with a range of state-level laws such as money transmission licensing and the Gramm-Leach-Bliley Act.

3. How long does it take to become a payment facilitator?

It takes 18 to 24 months to install payment facilitation infrastructure and offer your customers solutions. The bulk of this time is spent negotiating with acquirer banks, developing merchant payment platforms, and fulfilling compliance requirements.

4. What are submerchant risks in payment facilitation?

Submerchants or clients can execute fraud, go bankrupt, or suffer from fraud, leaving payment facilitators on the hook for funds. Failure to monitor transactions in such cases will expose the PayFac to additional penalties.

5. How much does it cost to become a payment facilitator?

The exact cost depends on the features you choose to develop in your merchant system. However, here’s an estimate of the costs you’ll have to bear, at a minimum:

• Upfront engineering and maintenance costs – $500,000
• Ongoing costs – $100,000 per year
• Level 1 PCI Compliance and EMV Certification – $50,000 minimum
• Platform development costs – $500,000 minimum
• Card network costs – $150,000 each for four networks for a total of $600,000
• PCI compliance costs – $250,000 per year
• Data privacy processes and platforms – $300,000 per year
• Employee costs – $300,000 per year
• Customer support costs – $200,000 per year
• PayFac registration renewal – $10,000 per year
• Engineering, security, and maintenance – $150,000 per year

For more information on Payment Facilitator, check out these resources: Payment Facilitator vs Payment Aggregator,  Payment Facilitator vs Payment Processor & What to know about Payment Facilitators