Technology has fundamentally changed how businesses, acquiring banks, and card networks work together. The rise of software platforms and online marketplaces has accelerated the change: increasingly, these businesses are connecting buyers and sellers in new ways, adding payments and financial services functionality, and creating new purchase experiences.
In this guide, we’ll explore what a payment facilitator (often abbreviated as payfac or PF) is, examine the considerations and costs of different types of payfac solutions, and identify the best ways to add payments to a platform or marketplace.
If you have any questions or would like to review your specific business model with Stripe, just get in touch—we’d be happy to help.
What is a payment facilitator?
Today, many platforms and marketplaces help merchants accept payments by providing online services for companies of all sizes. Payments functionality has become integral for these platforms to differentiate their product and create stickiness, and merchants using the platform no longer need to establish direct relationships with acquiring banks or payment gateways.
Below are some of the most common types of platforms and marketplaces:
- E-commerce: Platforms, such as Shopify and Squarespace, which help businesses or individuals sell physical goods online.
- Invoicing: Platforms, such as Xero and FreshBooks, which help businesses invoice their clients.
- Fundraising: Platforms, such as Kindrid, which help nonprofits and charities raise money or collect donations.
- Booking: Platforms, like Mindbody and FareHarbor, which facilitate the scheduling of appointments.
- Travel and ticketing: Marketplaces, like Airbnb, which help connect individuals with accommodations and experiences.
- Retail: Marketplaces, such as Tradesy, which help individuals sell to each other.
- On-demand services: A range of services falls into this category, including ride-sharing (e.g., Lyft, Uber), restaurant delivery (e.g., Deliveroo, DoorDash), and professional services (e.g., Handy).
- Other: We’re constantly seeing platforms emerge that are either hybrids or something entirely new, supporting services like online health, pharmacy delivery, and even pet rentals.
While each type of platform or marketplace is different, many have made payments a core part of the customer experience. Increasingly, they’re using payments capabilities to differentiate their offering and brand, strengthen their relationships with their customers, and monetize the transactions on their platforms.
Below, we’ll discuss two models for bringing payments in-house:
- Traditional payfac solutions, which enable platforms to embed card payments into their software.
- The Stripe payfac solution, which enables platforms to move faster to embed and monetize payments and whitelabel other financial services such as issuing cards and loans.
History of payfacs
Traditional payfac solutions were popularized in the late 1990s as a way to help small- and medium-sized businesses accept online payments more easily. Historically, a bank’s onboarding requirements catered to larger businesses that could manage the complex, costly, and time-consuming legacy setup processes. Essentially, these companies had to become experts in payments while also building their core business and product.
The payfac model emerged to give companies that specialized in payments the ability to reduce the complexity of getting started with online payments and offer services to a broader array of businesses, allowing them to focus on their core competencies.
How to bring payments in-house
There are two types of payfac solutions. The first type is a traditional payfac solution that involves partnering with an acquiring bank (or an acquirer and payfac vendor) and building out systems for processing, onboarding, risk, and more. This will typically need to be done on a country-by-country basis and will enable your platform to offer online card payments to your sub-merchants.
The second type is a more modern, technology-first payfac solution from a commerce provider like Stripe. Stripe provides a way for you to whitelabel and embed payments and financial services in your software. You own the payment experience and are responsible for building out your sub-merchant’s experience.
You should ask the following questions before deciding how to bring payments in-house:
- What is my goal for bringing payments in-house? Do I want to improve the customer experience or deepen relationships with customers (adding value to my software), introduce new lines of revenue and increase my valuation, or enable faster expansion to new segments or geographies?
- What does my ideal payments solution look like? Does it include online card payments, in-person point-of-sale payments, international payments (e.g., iDEAL, Alipay, BECS Direct Debit, and more), or non-card payments like ACH or Apple Pay? Do I also want to add financial services for my customers, like lending, fraud prevention services, and card programs?
- What is my timeline and what is my willingness to invest in payments vs. my core business? To what extent do I want to dedicate the resources of my developers, legal team, and operations teams? Am I ready to build new teams to manage payment and payout systems, merchant onboarding processes, and compliance systems?
- Where does my business operate? Where do I want to offer payments and other financial services today? Where do I plan to expand in the future?
Traditional payfac solutions
Platforms using a traditional payfac solution open a merchant bank account and receive a merchant ID (MID) to acquire and aggregate payments for a group of smaller merchants, typically called sub-merchants. Traditional payfacs have embedded payment systems and register their master MID with an acquiring bank. Sub-merchants, on the other hand, are not required to register their unique MIDs; instead, transactions are aggregated under the payfac’s master MID. This is meant to reduce the complexity that sub-merchants would face when setting up online payments on their own since it eliminates the need for them to establish and maintain relationships with an acquiring bank, payment gateway, and other service providers.
The platform is responsible for the following:
- Controlling who is on the platform: Setting up the right onboarding processes and building trust in those processes.
- Meeting KYC, AML, and OFAC compliance requirements: Ensuring sub-merchants are screened and verified to meet Know Your Customer (KYC) requirements and the US Office of Foreign Asset Control (OFAC) requirements. Monitoring sub-merchant activity to screen for money laundering and terrorist financing. If operating outside the US, there are many other regulations and compliance requirements to consider.
- Auditing account activity on the platform: Putting controls in place to track and mitigate high-risk financial activity on an ongoing basis.
- Maintaining PCI compliance: Ensuring the platform is Payment Card Industry (PCI) compliant and all sub-merchants are accepting payments from customers in a compliant way. To learn more, review our guide to PCI compliance.
Though these four categories are clear, it’s difficult to find a consistent description of a payfac’s granular responsibilities. Each acquiring bank has different rules for registered payfacs, which form a complex web of requirements between card networks and banks. Combined, think of a registered payment facilitator as an entity that handles the relationships with card networks, sub-merchant onboarding, and payment services for merchants. The payfac directly handles paying out funds to sub-merchants.
Most of the requirements for payfacs are enforced by the card networks and acquiring banks. However, regional differences influence how stringently card networks and banks enforce these requirements in the Americas, Europe, and Asia. For example, Visa and Visa Europe are two different entities and have different rules.
Under card network rules, a registered payment facilitator must:
- Conduct due diligence on each sub-merchant.
Sign a merchant acceptance agreement on behalf of an acquirer.
- Monitor all sub-merchant activity to ensure compliance with network standards.
- Maintain PCI compliance.
- Only use settlement funds to pay sub-merchants.
If a sub-merchant exceeds a certain threshold of transaction volume, the sub-merchant is required to enter into a direct merchant agreement with the acquiring bank.
Traditional payfac solutions require building and investing in multiple systems for payment processing, sub-merchant onboarding, compliance, risk management, payouts, and more. Platforms also have ongoing requirements to maintain their good standing and credit requirements with acquiring banks and card networks.
The Electronic Transactions Association (an advisory organization with members from banks, card networks, and payment processors, also referred to as ETA) strongly recommends engaging industry experts and legal counsel to ensure adherence to laws and guidance that span card networks, acquiring banks, state and federal governments, and global regulatory organizations (e.g., OFAC).
Set up payment systems
- Find an acquiring bank: Platforms must approach acquirers with a business plan in order to establish a partnership and get sponsored to facilitate payments for sub-merchants.
- Integrate payment gateways: Payment gateways provide functionality for sub-merchants to process online payments.
- Obtain Level 1 PCI DSS certification: To ensure the security of sensitive data, the platform is required to be Payment Card Industry Data Security Standard (known as PCI DSS) certified, which may also include Europay, Mastercard, and Visa (EMV or chip) certification if the platform supports in-person transactions.
- Build merchant management: This includes merchant dashboards, payout systems, and dispute management systems to handle chargebacks.
Set up merchant onboarding and compliance systems
Create underwriting policies and systems to ensure only lawful businesses that comply with card network and acquirer rules are onboarded. The platform’s system and employees will need to do the following:
- Verify identities of sub-merchants, including KYC, ownership structure, and business details.
- Check OFAC and MATCH lists for sub-merchants before onboarding; Mastercard manages the Member Alert to Control High-Risk Merchants (MATCH) list.
- Assess sub-merchant’s financial health and risk, including fraud, credit, financial, compliance, regulatory, or reputational risk.
To manage and mitigate risk, build systems and internal policies to conduct due diligence. The platform’s system and employees will need to do the following:
- Comply with AML laws by encoding rules and requirements from card networks and regulatory organizations.
- Identify suspicious activities (including indicators of terrorist financing).
- File Suspicious Activity Reports (known as SARs) with the Financial Crimes Enforcement Network (FinCEN) or acquirer, as required.
Submit registrations and apply for any additional required licenses:
- Register as a payfac with each card network in each country.
- Apply for money transmitter licenses (MTLs) in each state the payfac operates in, if required to support certain fund flows.
- Apply for regional licenses if required. (Brazil, Malaysia, and the EU—to name a few—require separate licenses.)
Manage ongoing processes and systems
- Onboard and underwrite each sub-merchant: Verify the identity, business model, and owner information for each sub-merchant. Set up payment processing for sub-merchants.
- Monitor risk and update risk systems: Perform due diligence, monitor sub-merchant activity on an ongoing basis, and mitigate risk as needed (e.g., apply processing caps, delayed funding, or reserves).
- Prevent and block fraud: Proactively prevent fraud on the platform and block or review suspicious transactions. Best practices include using adaptive machine learning for fraud detection. Submit evidence to card networks when needed for chargebacks on behalf of sub-merchants.
- Pay out funds to sub-merchants: Ensure sub-merchants are paid their earnings on time.
- Reporting and reconciliation: Generate and distribute 1099s or other tax forms as needed annually.
- Maintain PCI DSS compliance: Ensure the platform remains compliant even as data flows and customer experiences evolve. Note that some card networks may require payfacs to submit quarterly or annual reports or complete an annual on-site assessment to validate ongoing compliance.
- Renew payfac registration and licenses: Re-register as a payfac with card networks annually, and update or renew MTLs on the required cadence.
If your platform needs to operate internationally and support sub-merchants in other regions, partnerships with local acquirers, gateways, and other service providers may be necessary. In general, platforms build local systems from scratch in order to adapt to local requirements or support multiple regions.
Governments and regulators may also have different requirements based on geography. The European payments law, known as the second Payment Services Directive or PSD2, introduced major changes that significantly impact multisided platforms, or marketplace businesses, in Europe. Many of these businesses can no longer rely on an exemption from licensing that they availed of previously. Platforms that control the flow of funds need to acquire an e-money license, which can take months and millions of euros to obtain.
Adapt to changing landscapes
The definition of a payment facilitator is still evolving—so is its role. For example, the ETA published a 73-page report with new guidelines in September 2018. Any investments made now will need updates over time to meet changing regulations and requirements.
The technology landscape is evolving as well: Consider that different providers and vendors may be required to offer solutions for local payment methods (like SEPA, Alipay, or iDEAL), multiple currencies, mobile payments, in-person transactions, billing systems for invoicing or subscription payments, and much more.
Timelines and costs
Payment systems setup
Minimum time required in months
Approximate minimum cost
Put a strong business plan in place and potentially hire a consultant to assist
Hire a payments attorney
|3-6||Varies by acquirer|
|Payment gateways||Negotiate, contract with, and integrate payment gateways||1-4||Varies by gateway, but typically a combination of fixed and per transaction fees|
|PCI compliance (and EMV certification, if needed)||Validate Level 1 PCI DSS compliance (includes on-site auditor visit)||3-5||50 000 US$–500 000 US$|
|Merchant management system||
Build merchant dashboards
Build merchant payout systems
Build dispute management systems for different card networks
|6-12+||600 000 US$+ (minimum 4 FTEs at 150 000 US$ per year)|
Merchant onboarding and compliance systems setup
Minimum time required in months
Approximate minimum cost
Encode card network requirements
Build data retention and privacy systems
|2-8||300 000 US$+ (minimum 2 FTEs at 150 000 US$ per year)|
Integrate with ID verification providers
Build risk-scoring systems
|3-12||500 000 US$+|
|Third-party vendor (optional)||Select, contract with, and integrate third-party vendor systems||3-6||50 000 US$–500 000 US$|
Registrations and obtaining licenses
Minimum time required in months
Approximate minimum cost
|License fees and regulatory registrations||
Initial fees paid to Visa (5 000 US$) and Mastercard (5 000 US$)
MTLs required when payfac controls fund flows (150 000 US$/year for approximately 3 years to set up 50 states = 450 000 US$ minimum)
International licenses (e.g., EU e-money license) if needed
Network fees: 10 000 US$
US and international licenses: 1 000 000 US$+
Approximate minimum cost
|Merchant onboarding and monitoring||
One-time fees include 1 US$–2 US$ for onboarding and initial risk review and 2 US$–3 US$ for ID verification
Ongoing monitoring system
|5 US$ per month per account|
|Risk monitoring and mitigation||
Due diligence and risk management to ensure all sub-merchants stay in compliance
Update risk systems on regular cadence
Maintain platform-level balances or reserves on sub-merchants to protect against credit risk
|250 000 US$+ per year (1 FTE at 150 000 US$ per year and 1 risk analyst at 100 000 US$ per year)|
|Fraud prevention||Operate or integrate with third-party systems to prevent and block fraud||0,04 US$–0,10 US$ per transaction|
|Chargeback management||Handle chargeback and evidence submission||15 US$ per dispute|
|Payouts and funds routing||Ensure merchants get paid out on the right schedule||0,25 US$ per transaction|
|Reporting and reconciliation||
Generate and distribute 1099s or other tax forms as required (1099s cost as little as 5 US$ per form to generate, but can incur up to 250 US$ in fees if filed incorrectly)
Run platform-level financial close processes and financial audits as needed
5 US$–255 US$ per form
100 000 US$ per year (1 finance FTE)
|Annual PCI validation||Validate Level 1 PCI DSS compliance every year and re-validate any time changes are made to payment flows throughout the year||200 000 US$+ per year|
|Renew payfac registration (and other licenses, if needed)||
Re-register as a payfac with Visa and Mastercard (5 000 US$ per year each)
Renew money transmission licenses every 2 years
|10 000 US$+ per year|
Stripe’s payfac solution
Traditional payfac solutions require significant time and financial investment and limit platforms’ revenue opportunities to online card payments.
The Stripe payfac solution is technology driven and designed to help platforms fully embed payments and additional financial services into their software. It helps platforms quickly enter the market, keep setup costs low, and grow their monetization potential.
Platforms like Lightspeed and Shopify use Stripe to fully whitelabel and embed payments, and they offer added value to customers like point-of-sale payments, card issuing programs, fraud solutions, subscriptions, and financing. Building on Stripe enables platforms to provide customized payments experiences for their customers and monetize a host of adjacent products and financial services.
Stripe’s API-first solution lets platforms design the best experience for their customers. Platforms get the ability to:
- Fully customize the user experience or leverage prebuilt UI components
- Set payout timing
- Set pricing and fees
- Manage complex money movement
- Integrate and unify financial reporting
- Scale the business globally without having to establish local bank accounts and company entities in each market
- Offer new services to customers like point-of-sale payments, invoicing, issuing payment cards, subscriptions, and lending
Think back to the questions you asked yourself about how you want to bring payments in-house.
- What are your goals for bringing payments in-house—added value for software, new lines of revenue, or faster expansion?
- What does your ideal solution look like—is it online payments only or does it include additional financial services and payment methods?
- What is your timeline and willingness to invest resources in payments vs. your core business?
- Where does your business operate today and in the future?
With your answers in mind, consider how Stripe’s payfac solution compares to the traditional payfac solution:
- Stripe allows platforms to start monetizing payments faster and on global volume, not just US volume. Traditional payfac solutions take months to get started and typically operate in the US only, so you’d need to invest in multiple solutions when expanding to new markets.
- Stripe’s payfac solution has lower setup costs and ongoing expenses than traditional payfac solutions.
- Stripe enables platforms to enrich their product and drive revenue from other financial services such as loans, issuing card programs, point-of-sale payments, and faster payouts. Embedding financial services can grow revenue per customer 2–5x higher than the traditional model. Traditional payfac solutions are limited to online card payments only.
There are a lot of benefits to adding payments and financial services to a platform or marketplace. Stripe’s payfac solution can help differentiate your platform in competitive markets, improve the experience for sub-merchants, and be a significant revenue driver for platforms.