Demystifying payfacs

A guide to payment facilitation for platforms and marketplaces

  1. Introducción
  2. What is a payment facilitator?
    1. History of payfacs
  3. How to bring payments in-house
  4. Traditional payfac solutions
  5. Getting started
    1. Set up payment systems
    2. Set up merchant onboarding and compliance systems
    3. Manage ongoing processes and systems
    4. Global expansion
    5. Adapt to changing landscapes
  6. Stripe’s payfac solution
  7. A comparison

Technology has fundamentally changed how businesses, acquiring banks, and card networks work together. The rise of software platforms and online marketplaces has accelerated the change: increasingly, these businesses are connecting buyers and sellers in new ways, adding payments and financial services functionality, and creating new purchase experiences.

In this guide, we’ll explore what a payment facilitator (often abbreviated as payfac or PF) is, examine the considerations and costs of different types of payfac solutions, and identify the best ways to add payments to a platform or marketplace.

If you have any questions or would like to review your specific business model with Stripe, just get in touch—we’d be happy to help.

What is a payment facilitator?

Today, many platforms and marketplaces help merchants accept payments by providing online services for companies of all sizes. Payments functionality has become integral for these platforms to differentiate their product and create stickiness, and merchants using the platform no longer need to establish direct relationships with acquiring banks or payment gateways.

Below are some of the most common types of platforms and marketplaces:

  • E-commerce: Platforms, such as Shopify and Squarespace, which help businesses or individuals sell physical goods online.
  • Invoicing: Platforms, such as Xero and FreshBooks, which help businesses invoice their clients.
  • Fundraising: Platforms, such as Kindrid, which help nonprofits and charities raise money or collect donations.
  • Booking: Platforms, like Mindbody and FareHarbor, which facilitate the scheduling of appointments.
  • Travel and ticketing: Marketplaces, like Airbnb, which help connect individuals with accommodations and experiences.
  • Retail: Marketplaces, such as Tradesy, which help individuals sell to each other.
  • On-demand services: A range of services falls into this category, including ride-sharing (e.g., Lyft, Uber), restaurant delivery (e.g., Deliveroo, DoorDash), and professional services (e.g., Handy).
  • Other: We’re constantly seeing platforms emerge that are either hybrids or something entirely new, supporting services like online health, pharmacy delivery, and even pet rentals.

While each type of platform or marketplace is different, many have made payments a core part of the customer experience. Increasingly, they’re using payments capabilities to differentiate their offering and brand, strengthen their relationships with their customers, and monetize the transactions on their platforms.

Below, we’ll discuss two models for bringing payments in-house:

  1. Traditional payfac solutions, which enable platforms to embed card payments into their software.
  2. The Stripe payfac solution, which enables platforms to move faster to embed and monetize payments and whitelabel other financial services such as issuing cards and loans.

History of payfacs

Traditional payfac solutions were popularized in the late 1990s as a way to help small- and medium-sized businesses accept online payments more easily. Historically, a bank’s onboarding requirements catered to larger businesses that could manage the complex, costly, and time-consuming legacy setup processes. Essentially, these companies had to become experts in payments while also building their core business and product.

The payfac model emerged to give companies that specialized in payments the ability to reduce the complexity of getting started with online payments and offer services to a broader array of businesses, allowing them to focus on their core competencies.

The payfac takes on setting up and managing multiple relationships and systems—the ones the merchant would otherwise need to establish and maintain with each individual party.

How to bring payments in-house

There are two types of payfac solutions. The first type is a traditional payfac solution that involves partnering with an acquiring bank (or an acquirer and payfac vendor) and building out systems for processing, onboarding, risk, and more. This will typically need to be done on a country-by-country basis and will enable your platform to offer online card payments to your sub-merchants.

The second type is a more modern, technology-first payfac solution from a commerce provider like Stripe. Stripe provides a way for you to whitelabel and embed payments and financial services in your software. You own the payment experience and are responsible for building out your sub-merchant’s experience.

You should ask the following questions before deciding how to bring payments in-house:

  1. What is my goal for bringing payments in-house? Do I want to improve the customer experience or deepen relationships with customers (adding value to my software), introduce new lines of revenue and increase my valuation, or enable faster expansion to new segments or geographies?
  2. What does my ideal payments solution look like? Does it include online card payments, in-person point-of-sale payments, international payments (e.g., iDEAL, Alipay, BECS Direct Debit, and more), or non-card payments like ACH or Apple Pay? Do I also want to add financial services for my customers, like lending, fraud prevention services, and card programs?
  3. What is my timeline and what is my willingness to invest in payments vs. my core business? To what extent do I want to dedicate the resources of my developers, legal team, and operations teams? Am I ready to build new teams to manage payment and payout systems, merchant onboarding processes, and compliance systems?
  4. Where does my business operate? Where do I want to offer payments and other financial services today? Where do I plan to expand in the future?

Traditional payfac solutions

Platforms using a traditional payfac solution open a merchant bank account and receive a merchant ID (MID) to acquire and aggregate payments for a group of smaller merchants, typically called sub-merchants. Traditional payfacs have embedded payment systems and register their master MID with an acquiring bank. Sub-merchants, on the other hand, are not required to register their unique MIDs; instead, transactions are aggregated under the payfac’s master MID. This is meant to reduce the complexity that sub-merchants would face when setting up online payments on their own since it eliminates the need for them to establish and maintain relationships with an acquiring bank, payment gateway, and other service providers.

The platform is responsible for the following:

  • Controlling who is on the platform: Setting up the right onboarding processes and building trust in those processes.
  • Meeting KYC, AML, and OFAC compliance requirements: Ensuring sub-merchants are screened and verified to meet Know Your Customer (KYC) requirements and the US Office of Foreign Asset Control (OFAC) requirements. Monitoring sub-merchant activity to screen for money laundering and terrorist financing. If operating outside the US, there are many other regulations and compliance requirements to consider.
  • Auditing account activity on the platform: Putting controls in place to track and mitigate high-risk financial activity on an ongoing basis.
  • Maintaining PCI compliance: Ensuring the platform is Payment Card Industry (PCI) compliant and all sub-merchants are accepting payments from customers in a compliant way. To learn more, review our guide to PCI compliance.

Though these four categories are clear, it’s difficult to find a consistent description of a payfac’s granular responsibilities. Each acquiring bank has different rules for registered payfacs, which form a complex web of requirements between card networks and banks. Combined, think of a registered payment facilitator as an entity that handles the relationships with card networks, sub-merchant onboarding, and payment services for merchants. The payfac directly handles paying out funds to sub-merchants.

Most of the requirements for payfacs are enforced by the card networks and acquiring banks. However, regional differences influence how stringently card networks and banks enforce these requirements in the Americas, Europe, and Asia. For example, Visa and Visa Europe are two different entities and have different rules.

Under card network rules, a registered payment facilitator must:

  • Conduct due diligence on each sub-merchant. Sign a merchant acceptance agreement on behalf of an acquirer.
  • Monitor all sub-merchant activity to ensure compliance with network standards.
  • Maintain PCI compliance.
  • Only use settlement funds to pay sub-merchants.

If a sub-merchant exceeds a certain threshold of transaction volume, the sub-merchant is required to enter into a direct merchant agreement with the acquiring bank.

Getting started

Traditional payfac solutions require building and investing in multiple systems for payment processing, sub-merchant onboarding, compliance, risk management, payouts, and more. Platforms also have ongoing requirements to maintain their good standing and credit requirements with acquiring banks and card networks.

The Electronic Transactions Association (an advisory organization with members from banks, card networks, and payment processors, also referred to as ETA) strongly recommends engaging industry experts and legal counsel to ensure adherence to laws and guidance that span card networks, acquiring banks, state and federal governments, and global regulatory organizations (e.g., OFAC).

Set up payment systems

  • Find an acquiring bank: Platforms must approach acquirers with a business plan in order to establish a partnership and get sponsored to facilitate payments for sub-merchants.
  • Integrate payment gateways: Payment gateways provide functionality for sub-merchants to process online payments.
  • Obtain Level 1 PCI DSS certification: To ensure the security of sensitive data, the platform is required to be Payment Card Industry Data Security Standard (known as PCI DSS) certified, which may also include Europay, Mastercard, and Visa (EMV or chip) certification if the platform supports in-person transactions.
  • Build merchant management: This includes merchant dashboards, payout systems, and dispute management systems to handle chargebacks.

Set up merchant onboarding and compliance systems

Create underwriting policies and systems to ensure only lawful businesses that comply with card network and acquirer rules are onboarded. The platform’s system and employees will need to do the following:

  • Verify identities of sub-merchants, including KYC, ownership structure, and business details.
  • Check OFAC and MATCH lists for sub-merchants before onboarding; Mastercard manages the Member Alert to Control High-Risk Merchants (MATCH) list.
  • Assess sub-merchant’s financial health and risk, including fraud, credit, financial, compliance, regulatory, or reputational risk.

To manage and mitigate risk, build systems and internal policies to conduct due diligence. The platform’s system and employees will need to do the following:

  • Comply with AML laws by encoding rules and requirements from card networks and regulatory organizations.
  • Identify suspicious activities (including indicators of terrorist financing).
  • File Suspicious Activity Reports (known as SARs) with the Financial Crimes Enforcement Network (FinCEN) or acquirer, as required.

Submit registrations and apply for any additional required licenses:

  • Register as a payfac with each card network in each country.
  • Apply for money transmitter licenses (MTLs) in each state the payfac operates in, if required to support certain fund flows.
  • Apply for regional licenses if required. (Brazil, Malaysia, and the EU—to name a few—require separate licenses.)

Manage ongoing processes and systems

  • Onboard and underwrite each sub-merchant: Verify the identity, business model, and owner information for each sub-merchant. Set up payment processing for sub-merchants.
  • Monitor risk and update risk systems: Perform due diligence, monitor sub-merchant activity on an ongoing basis, and mitigate risk as needed (e.g., apply processing caps, delayed funding, or reserves).
  • Prevent and block fraud: Proactively prevent fraud on the platform and block or review suspicious transactions. Best practices include using adaptive machine learning for fraud detection. Submit evidence to card networks when needed for chargebacks on behalf of sub-merchants.
  • Pay out funds to sub-merchants: Ensure sub-merchants are paid their earnings on time.
  • Reporting and reconciliation: Generate and distribute 1099s or other tax forms as needed annually.
  • Maintain PCI DSS compliance: Ensure the platform remains compliant even as data flows and customer experiences evolve. Note that some card networks may require payfacs to submit quarterly or annual reports or complete an annual on-site assessment to validate ongoing compliance.
  • Renew payfac registration and licenses: Re-register as a payfac with card networks annually, and update or renew MTLs on the required cadence.

Global expansion

If your platform needs to operate internationally and support sub-merchants in other regions, partnerships with local acquirers, gateways, and other service providers may be necessary. In general, platforms build local systems from scratch in order to adapt to local requirements or support multiple regions.

Governments and regulators may also have different requirements based on geography. The European payments law, known as the second Payment Services Directive or PSD2, introduced major changes that significantly impact multisided platforms, or marketplace businesses, in Europe. Many of these businesses can no longer rely on an exemption from licensing that they availed of previously. Platforms that control the flow of funds need to acquire an e-money license, which can take months and millions of euros to obtain.

Adapt to changing landscapes

The definition of a payment facilitator is still evolving—so is its role. For example, the ETA published a 73-page report with new guidelines in September 2018. Any investments made now will need updates over time to meet changing regulations and requirements.

The technology landscape is evolving as well: Consider that different providers and vendors may be required to offer solutions for local payment methods (like SEPA, Alipay, or iDEAL), multiple currencies, mobile payments, in-person transactions, billing systems for invoicing or subscription payments, and much more.

Cronogramas y costes

Configurar sistemas de pago

Descripción
Tiempo mínimo necesario (en meses)
Coste mínimo aproximado
Patrocinar adquirentes

Poner en marcha un plan de negocio sólido y, posiblemente, contratar a un consultor para que ayude

Contratar un abogado especializado en pagos

3-6 Varía según el adquirente
Pasarelas de pago Negociar, contratar e integrar pasarelas de pago 1-4 Varía según la pasarela, pero, normalmente, es una combinación de comisiones fijas y por transacción
Cumplimiento de la normativa del sector de pagos con tarjeta (y certificación EMV, si es necesaria) Validar el cumplimiento de la normativa PCI DSS de nivel 1 (incluye la visita en persona del auditor) 3-5 USD50,000–USD500,000
Sistema de gestión de comerciantes

Crear los Dashboards de los comerciantes

Crear sistemas de transferencia a los comerciantes

Crear sistemas de gestión de disputas para diferentes redes de tarjetas

6-12+ Desde USD600,000 (mínimo 4 FTE por USD150,000 al año)

Configuración de sistemas de conformidad y onboarding de comerciantes

Descripción
Tiempo mínimo necesario (en meses)
Coste mínimo aproximado
Programa de cumplimiento de la normativa

Codificar los requisitos de las redes de tarjetas

Crear sistemas para la privacidad y retención de datos

2-8 Desde USD300,000 (mínimo 2 FTE por USD150,000 al año)
Políticas de evaluación de riesgos

Integración con proveedores de verificación de la identidad

Crear sistemas de clasificación de riesgos

3-12 Desde USD500,000
Proveedoras de servicios externos (opcional) Seleccionar, contratar e integrar sistemas de proveedores de servicios externos 3-6 USD50,000–USD500,000

Registros y obtención de licencias

Descripción
Tiempo mínimo necesario (en meses)
Coste mínimo aproximado
Tasas de licencias y registros normativos

Comisiones iniciales para Visa (USD5,000) y Mastercard (USD5,000)

Las MTL exigidas cuando el facilitador de pago controla los flujos de fondos (USD150,000/año durante aproximadamente 3 años para 50 estados = mínimo de USD450,000)

Licencias internacionales (p. ej., licencia para dinero electrónico de la UE), si son necesarias

6-18

Comisiones de redes: USD10,000

Licencias de EE. UU e internacionales: desde USD1,000,000

Gastos corrientes

Descripción
Coste mínimo aproximado
Onboarding y supervisión de comerciantes

Las tarifas únicas incluyen USD1-USD2 para el onboarding y la revisión inicial de riesgos y USD2-USD3 para la verificación de la identidad

Sistema de supervisión constante

USD5 por mes y cuenta
Supervisión y mitigación de riesgos

Llevar a cabo las diligencias debidas y la gestión de riesgos para garantizar que todos los comerciantes cumplen la normativa

Actualizar periódicamente los sistemas de riesgo

Mantener saldos o reservas a nivel de plataforma para los comerciantes para protegerse del riesgo crediticio

Desde USD250,000 al año (1 FTE por USD150,000 al año y un 1 análisis de riesgo por USD100,000 al año)
Prevención de fraude Trabajar o integrarse con sistemas de terceros para prevenir y evitar fraudes USD0.04–USD0.10 por transacción
Gestionar contracargos Gestionar contracargos y envío de evidencias USD15 por disputa
Ruta de fondos y transferencias Garantizar que los comerciantes reciban los pagos en el momento adecuado USD0.25 por transacción
Elaboración de informes y conciliación

Generar y distribuir los formularios de declaración de impuestos 1099 y otros, según sea necesario, (la generación de los 1099 cuesta solo USD5 por cada formulario, pero se puede incurrir en unas comisiones de hasta USD250 si se presentan incorrectamente)

Realizar los procesos de cierre financiero a nivel de plataforma y las auditorías financieras que sean necesarias

USD5–USD255 por formulario

USD100,000 anuales (1 FTE de finanzas)

Validación anual de PCI Validar el cumplimiento de la normativa PCI DSS de nivel 1 cada año y volverlo a validar siempre que se realicen cambios en los flujos de pagos durante el año Desde USD200,000 anuales
Renovar el registro como facilitador de pagos (y otras licencias, si es necesario)

Volver a registrarse como facilitador de pagos con Visa y Mastercard (USD5,000 anuales por cada una)

Renovar las licencias de transferencias de dinero cada 2 años

Desde USD10,000 anuales

Stripe’s payfac solution

Traditional payfac solutions require significant time and financial investment and limit platforms’ revenue opportunities to online card payments.

The Stripe payfac solution is technology driven and designed to help platforms fully embed payments and additional financial services into their software. It helps platforms quickly enter the market, keep setup costs low, and grow their monetization potential.

Platforms like Lightspeed and Shopify use Stripe to fully whitelabel and embed payments, and they offer added value to customers like point-of-sale payments, card issuing programs, fraud solutions, subscriptions, and financing. Building on Stripe enables platforms to provide customized payments experiences for their customers and monetize a host of adjacent products and financial services.

Stripe’s API-first solution lets platforms design the best experience for their customers. Platforms get the ability to:

  • Fully customize the user experience or leverage prebuilt UI components
  • Set payout timing
  • Set pricing and fees
  • Manage complex money movement
  • Integrate and unify financial reporting
  • Scale the business globally without having to establish local bank accounts and company entities in each market
  • Offer new services to customers like point-of-sale payments, invoicing, issuing payment cards, subscriptions, and lending

A comparison

Think back to the questions you asked yourself about how you want to bring payments in-house.

  1. What are your goals for bringing payments in-house—added value for software, new lines of revenue, or faster expansion?
  2. What does your ideal solution look like—is it online payments only or does it include additional financial services and payment methods?
  3. What is your timeline and willingness to invest resources in payments vs. your core business?
  4. Where does your business operate today and in the future?

With your answers in mind, consider how Stripe’s payfac solution compares to the traditional payfac solution:

  • Stripe allows platforms to start monetizing payments faster and on global volume, not just US volume. Traditional payfac solutions take months to get started and typically operate in the US only, so you’d need to invest in multiple solutions when expanding to new markets.
  • Stripe’s payfac solution has lower setup costs and ongoing expenses than traditional payfac solutions.
  • Stripe enables platforms to enrich their product and drive revenue from other financial services such as loans, issuing card programs, point-of-sale payments, and faster payouts. Embedding financial services can grow revenue per customer 2–5x higher than the traditional model. Traditional payfac solutions are limited to online card payments only.

There are a lot of benefits to adding payments and financial services to a platform or marketplace. Stripe’s payfac solution can help differentiate your platform in competitive markets, improve the experience for sub-merchants, and be a significant revenue driver for platforms.

If you’d like to learn more about our solution, visit our website. If you’d like to talk to our team about your specific use case and brainstorm approaches, please get in touch.