Before you can take the next steps towards becoming your own payment facilitator, you need to determine if your business is an ideal candidate. The businesses that are best-suited to become a Payfac are usually SaaS companies or ISVs that sell to small businesses and have payments integrated into their software.
Generally, it takes a lot of time, technology, and a large six-figure investment to become a payment facilitator. It also involves significant financial risk, since payment facilitators are liable for financial losses due to chargebacks and fraud involving your sub-merchants. Not to mention an investment in full-time employees to manage the Payfac infrastructure.
To help make your decision easier we’ve put together an overview of steps that a business such as yours would need to take before becoming a payment facilitator.
Get Registered By Card Associations
One of the first steps needed to become a Payment Facilitator is to get registered by card associations. This could become costly as most card networks such as Visa and Mastercard charge up to $5,000 a year for registration. Each card organization (Visa, MasterCard, Discover, American Express) assesses fees to merchants in connection with transactions outside of the bank’s control. These fees apply to all merchants based in the United States, regardless of bank, processor, or ISO affiliation.
You’ll also need to partner with an acquiring bank or acquiring partner that can help get you registered as a payment facilitator and provide processing and settlement functions through the card networks. The general route to registering with multiple card associations is to obtain a sponsor bank. The Sponsor bank/processor underwrites your business for their potential risk (fraud, negligence, etc). You and your business will be vetted to verify that everything is legitimate before moving forward. Once you’re officially approved, you can move on to integration/testing.
Related Content: What’s a Payment Facilitator?
Go Through Level 1 PCI Compliance
Once you’ve established a processing partnership, you’ll need to start thinking about compliance [PCI/KYC] options as well as ongoing risk mitigation. To become PCI compliant, you must meet the following 12 PCI compliance requirements that include security systems, organizational processes, testing, and policies that can help protect cardholder data.
- Maintain a firewall: This protects cardholder data inside the corporate network
- ALL Passwords need to be unique: Unique passwords need to be changed periodically. Do not use defaults
- Protect stored data: Implement physical and virtual measures to avoid data breaches
- Encrypt transmission of cardholder data across public networks: Data must be encrypted, and you should never store card validation data
- Use and regularly update anti-virus on all systems holding sensitive data
- Develop and maintain secure systems and applications by actively searching for vulnerabilities and remediate them
- Restrict access to cardholder data: To reduce vulnerability cardholder sensitive data should be accessible on a need-to-know basis
- Restrict access to system components: Systems holding sensitive data should be accessible only with authentication and clear user identification
- Restrict physical access to cardholder data
- Track and monitor access to network resources and cardholder data: to provide an audit trail and assist with breach investigations
- Regularly test security systems and processes: Identify weaknesses and remediate them
- Security policy: Maintain a clear policy that addresses information security for all personnel
Create Underwriting Policies and Compliance Systems
Creating underwriting policies and systems to ensure only lawful businesses that comply with card network rules are onboarded minimizes the opportunity for fraud and financial loss. First, you’ll need to verify the identities of your sub-merchants, including KYC, ownership structure, and business details.
Check Office of Foreign Assets Control (OFAC) and MasterCard Alert to Control High-risk Merchants (MATCH) lists for sub-merchants before onboarding. Assessing your sub-merchants financial health and potential risk, including fraud, financial, credit, compliance, reputational risk, and regulatory compliance is also necessary.
To manage and mitigate risks you’ll also need to set up internal policies not just for the payfac system but for employees as well. This includes encoding rules and requirements from card networks and regulatory organizations, quickly identifying suspicious activity, and filing suspicious activity reports.
Set Up a Payments System
To ensure that you have the internal capabilities and infrastructure required to manage settlement funds to your sub-merchants, you’ll need to build a payment system. Building automated customer dashboards, payout systems, and dispute management processes to handle chargebacks can demand a lot of time and thousands of dollars in financial backing before you’re able to begin authorizing payments as a Payfac.
There is a lot to consider when developing a seamless payment system. User interface plays a major role in success as a Payment Facilitator. The platform needs to be easy to install and to navigate through. Integrating cloud-based technology into your payments system makes it possible to process safe and speedy transactions. Additionally, it’s more important than ever to leverage reliable real-time data synchronization in today’s data-driven world. Data synchronization ensures accurate, secure, compliant data and a successful customer experience.
Speaking of the customer experience. Offering best-in-class customer support is also a vital part of the overall payments system experience. Once you’ve gotten your payments system off the ground you’ll need to continue to manage ongoing system maintenance.
How Stax Connect Can Help Your Business Become a Payment Facilitator
There are now solutions that can provide your business with the tools and technologies you need to become a payment facilitator without the looming price tag and added risk. For most business models, including platforms that want to help their users accept payments, becoming a payfac is not necessary.
Stax Connect is a product built specifically for platforms and businesses that want to stay outside the flow of funds while still providing customized experiences to sub-merchants for accepting payments. We assume the compliance and infrastructure costs, while you still retain many of the benefits of being a payment facilitator.
Stax Connect provides you with access to a full payments experience, including the latest in data optimizations, analytics and reporting, and modern-day payments technology.
With Stax Connect You’ll Have Access To:
- Access to the Stax Dashboard
- Award-winning 24/7 customer support
- No need for custom engineering resource requirements
- Save costs on implementation, with no additional fees
- Easy enrollment allowing you to onboard customers in 20 minutes
- Access to the lowest credit card processing fees, in addition to the ability to adjust customer pricing
- Revenue Sharing
Learn more about Stax Connect and find out more information on how you can quickly get started on monetizing payments today. We will be happy to answer any questions you have and help you leverage the best all-in-one software payment processing solution for your needs.