How to become a payment services provider
Evolving technology and changes to how the payments sector operates have seen a boom in the number of companies entering the marketplace in recent years. These businesses – known as independent sales organisations (ISOs) or integrated systems vendors (ISVs) – encourage merchants to sign up and route their credit and debit card payments through the companies they partner with, earning commission along the way.
ISOs usually receive a percentage of the value of card sales they introduce. So, with the right offering, becoming an ISO can be a lucrative venture. However, the payments sector is highly competitive, with a raft of rival providers going head-to-head for new business. Standing out from the competition with realistic pricing and a service proposition that adds real value is the key to attracting and retaining new merchants.
Technology makes that possible and is a massive driver of change and innovation in the market.
Here, we take a closer look at how to operate as a more technology-driven payment services provider (PSP) and how better merchant onboarding can give your brand a competitive edge.
What is a payment services provider?
A PSP ensures merchants can take payment by card and get paid by partnering with acquiring banks and their payment processors. They typically use their payment gateway to allow businesses to accept a range of payment types from customers, from various acquirers and complementary service providers such as PayPal.
Many PSPs came into being in the early 2000s when they identified an opportunity to provide new e-commerce businesses with a simpler, more effective way to connect to acquirers. This allowed merchants to start taking payments quicker and reduce the costs associated with managing complex integration with acquirer processing platforms.
Once new PSPs had been designed and built, the service could be sold to merchants direct, or by partnering with third parties close to the payments value chain, such as software vendors, ecommerce developers, EPoS platforms, parking systems, booking systems, etc.
The PSP is typically made of two elements – the payment gateway and the management portal. The payment gateway is the software or technology that enables merchants to connect to acquirers’ processing platforms and then on to Visa, MasterCard and typically American Express. They can also connect the merchant to PayPal and potentially other non-card payment systems, such as national systems including Ideal in Holland and Giro Card in Germany.
The gateway establishes three-way connection and communication between the parties involved in a sale – the customer, the merchant, and the payment processor – to process the transaction as smoothly as possible. It ensures every transaction is secure and complies with stringent industry security standards known as PCI:DSS. In some instances, the gateway will trigger the process that results in the merchant receiving its payment from the acquirer, known as settlement.
The second element is the management portal, where the merchant can log in to view their transactions, process the occasional phone payment, see their payments history and manage some of the common settings such as refunds, recurring payments and user security settings.
However, building a working payment gateway and service portal doesn’t mean you can implement it onto a website or start selling it to merchants or payment intermediaries straight away. Before that can happen, you’ll need to go through a certification process and connect with at least one, but almost certainly a minimum of six acquirers (and that’s just for the UK). This is essential to ensure you cover a critical mass in the market and is hugely time-consuming, expensive and subject to changes in regulations and integration specifications during the prolonged build phase.
Steps to become a payment services provider
If you want to become a payment services provider, there are several essential things you’ll need to consider to make your idea a reality. These are explained below (in no particular order) and are just the bare essentials. To have a really compelling proposition, you’ll need to add further innovation.
Setting up your infrastructure
One of the big early decisions is how you will manage infrastructure. You can build your own datacentre, host it on a third-party server or with a cloud service provider such as Amazon Web Services (AWS). In each case, you’ll need to follow stringent PCI:DSS rules on data security and keeping your system safe from hackers and fraudsters.
This is fraught with risk and difficulty and would result in a multi-million pounds cost before you even integrate with any acquirers, gain the necessary certifications and start processing. It’s a huge investment with no guarantees on timescales and sensible commercial returns.
Finally, you’ll need to go through an initial PCI audit – an assessment you are likely to fail unless you have hired huge expertise in this area.
Integrating with a payment processor
Once your payment gateway is set up, you’ll need to integrate with at least one payment processor – typically an acquirer such as FIS WorldPay, Barclays, FISERV and Global Payments. If you want to be competitive in the market, you will probably need something in the region of ten such integrations, each one requiring complex APIs and rigorous (and expensive) testing and certification processes.
The processors are, in turn, connected to the card schemes – Visa and Mastercard. They may also connect you to American Express and other providers such as PayPal, but it is more normal for gateways to connect to these services direct (more cost and compliance risk).
Tokenisation is a crucial area of functionality if you wish to process e-commerce or recurring payments such as subscriptions. This technique uses sophisticated encryption techniques to allow merchants to initiate payments without having to ask the customer for their card information repeatedly – and without needing the data security structures needed to store raw card information.
If you want to process only one-off payments or those made via a Chip & PIN machine, you could ignore tokenisation, but it will make it incredibly difficult to find partners or merchants willing to work with you.
Getting 3DS certification
3-D Secure (3DS) certification is used for online transactions to make sure the person claiming to be the cardholder is who they say they are. It complements the more common CVV/CV2 mechanisms consumers are more used to.
3DS has recently undergone a significant overhaul, introducing strong (two-factor) authentication. You may have experienced this when you make an online payment, and your card issuer sends a security code via email or text message.
And this does not mean you can forget about other security mechanisms including Address Verification Service (AVS), velocity checks and geo-location identification.
Applying for PCI:DSS
The PCI:DSS standard is designed to keep card information secure and sets twelve obligatory rules for the software used to process card transactions. It’s a mandatory requirement for any business wanting to deal with card payments. To become PCI:DSS compliant, you’ll need to undergo an initial PCI audit, which will be a costly and time-consuming endeavour. And the risks and cost of failure is huge.
Getting certified is just the beginning as you will be subjected to an audit (at least annually) which you must pass – and the standard is constantly changing, forcing an ongoing investment in enhancing security to remain compliant.
Where does merchant onboarding fit in?
Merchant onboarding is the process that connects a merchant to your gateway/PSP platform and the payment processor/acquirer. It involves the merchant submitting information about its business – often via an intermediary – to the acquiring bank to review and decide if they’re happy the merchant and its owners and directors comply with legislation on Know Your Customer (KYC) and anti-money laundering. Acquirers will also be careful to not expose themselves to potential risks associated with large levels of deposits or goods that result in cardholder chargebacks, so risk profiling is also needed.
Building and maintaining these onboarding systems will also touch on regulatory frameworks and, ultimately, is a hugely expensive and complex endeavour.
Yet, despite the complexity, processing card payments is widely perceived as a commodity service, and merchants still need a good reason to switch. However, the traditional merchant onboarding process is manual, paper-based, time-consuming, and full of inefficiencies.
This creates challenges for businesses looking to sell card payments services, including PSPs. Merchants are becoming intolerant of application and onboarding processes that take weeks and involve manual application processes. If switching service providers is going to be a hassle, they won’t want to know – or sign up with a more convenient, but more expensive service such as Stripe or SumUp.
If, however, they can be up and running within minutes, with a better deal, that’s a different story.
That’s where Datam comes in. We’ve pioneered a new approach to merchant onboarding that covers the entire merchant journey from initial lead to live payments account. The process can take as little as five minutes – we call it ‘Lead to Live in Five’.
Datam’s approach results in significant increases in sales conversion ratios (as much as 40%), a circa 40% reduction in admin costs and, crucially, 100% compliance driven into the entire merchant journey.
Where does that leave you?
If you want to become a PSP with fast, effective merchant on boarding, you have three choices – build one, buy one or partner. Building will take years and millions of pounds, requiring specialist skills and knowledge.
Buying one is also likely to be expensive (especially if you intend to buy the company) and time- consuming. So, consider partnering with an existing payment gateway. Companies such as Monek (one of our integrated service partners) offer you a white label proposition that allows you to offer PSP and gateway services, without the extensive cost, risk and time needed to build your own.
Datam also offers our leading merchant journey management and onboarding solutions as a white label, giving you the ability to give your payments customers a frictionless, excellent first experience as a customer.
Whether you are an ISO, ISV or even payment facilitor or acquirer, Datam and its partners offer you a much more effective partnership approach to sitting at the heart of payments services. If you’d like to find out more, get in touch today to arrange a demo.