How to become a Payment Facilitator

I’ve assisted many companies in transitioning to Payment Facilitators. I’ve written this post to help explain how to become a Payment Facilitator in 8 steps.

Note: This article was last updated April 21, 2023.

Disclosure
Full disclosure, I am an active employee of Finix. Finix can help offload processes and development needed to be a Payment Facilitator. You can start on our Flex product and eventually graduate to a full Payment Facilitator.

What is a Payment Facilitator?

A Payment Facilitator (PayFac) is a service provider for merchants who want to accept payments online or physically. A Payment Facilitator provides merchant accounts relatively quickly to businesses or individuals.  Payment Facilitators are onboarded as sub-merchants of the Payment Facilitator, not as merchants of the Payment Processor.

Payment Facilitators operate differently than the traditional ISO model. In the traditional ISO model, an ISV, SaaS company, or marketplace redirects merchants to another processor to signup for a payment account. The ISO and the payment processor share the generated revenue, or there is a fee charged on top of the payments processed.

In the Payment Facilitation model, the Payment Facilitator interacts with the merchants and controls the user experience. The Payment Facilitator can earn more revenue in this model and be more in-control of the customer experience. However, the Payment Facilitator shares risk profile and compliance obligations vs a traditional ISO.

There are many reasons why someone would want to become a Payment Facilitator. I tackle some of these here.

Steps needed to become a Payment Facilitator

To become a Payment Facilitator, you must fulfill a set of legal, technical, and operational changes.

Here is a summary of the steps below:

1. Negotiate a Payment Facilitation agreement with a Payment Processor
2. Construct a sub-merchant agreement for all your sub-merchants to review and sign
3. Achieve PCI-DSS Level 1 or 2 status with a certified QSA
4. Integrate into a Payment Processor
5. Establish an underwriting and onboarding process
6. Onboard and underwrite net-new merchants
7. Migrate over your existing customer base
8. Create organizational changes and allocate internal resources to handle your new responsibilities as a Payment Facilitator

1. Payment Facilitation agreement with an Acquiring Bank and Processor

To become a Payment Facilitator, you must have an Acquiring Bank and Payment Processor agreement explicitly permitting you to be a registered Payment Facilitator.

You can expect to provide business and compliance-related items such as financial statements, customer information, and other KYC (Know Your Customer) information. This is a part of the payment processor and acquiring bank’s due diligence and underwriting process.

You can also expect to apply for a set of MCC codes, so a thorough analysis should be done. Any sub-merchants requiring a different MCC other than the MCC established in the Payment Facilitation Agreement will not be underwritten. If they aren't underwritten, they cannot be boarded.

Note: Each Acquiring Payment Processor and Bank have rules and conditions outside this article's scope.

2. Sub-merchant agreements

As a Payment Facilitator, you take on most of the risk for your sub-merchants. You must create a sub-merchant agreement that merchants will sign as a part of the onboarding process.

You should create a sub-merchant agreement that covers your business use cases and is robust enough to handle the worst possible scenarios, such as chargebacks, ACH returns, and fraud events. You will also need to ensure that your sub-merchant agreement complies with the standards required by your Acquiring Bank and Processor.

3. Achieve PCI-DSS Level 1 or 2 status with a certified QSA

All Payment Facilitators are required to be compliant with PCI-DSS (Payment Card Industry Data Security Standards) as either a Level 1 (processing more than 300,000 transactions annually) or Level 2 (processing less than 300,000 transactions annually) Service Provider.

The Payment Facilitator’s Acquiring bank and processor will set the specific requirements.

Note: Most Acquiring Banks and Processors will hesitate to take a Payment Facilitator live without a Level 1 compliance assessment by a third-party QSA (Qualified Security Assessor). Level 2 Service Providers will sometimes validate as Level 1 to be on Visa’s Global Registry of Approved Service Providers.

4. Integrate into a payment processor

To become a Payment Facilitator, you must be integrated directly into a Payment Processor. You can view a diagram of the Layer Cake below to visualize how a Payment Facilitator is connected to the Processor + Bank.

Even with a seasoned payments engineering team, integrating into a legacy Payment Processor could take 12-18 months and possibly longer.

Finix can help you integrate into a payment processor
Finix’s robust processor integrations can speed up this integration. Rather than integrate with the legacy APIs of other payment processors, you can integrate with Finix’s REST APIs. These APIs are available both as a non-Payment Facilitator and when you are a Payment Facilitator. There is no need to re-work your implementation later.

5. Establish an onboarding and underwriting process

Payment Facilitators have a direct relationship with the sub-merchant. As a result, Payment Facilitators take on risks (on behalf of the acquiring bank) and are liable for merchant chargebacks, data breaches, fraud, misappropriated funds distribution, etc.

As a Payment Facilitator, you must conduct verification and compliance checks on your Merchants during the underwriting process. This often involves building an underwriting engine to conduct these checks.

These include:

1. Know Your Customer (KYC)
2. Know Your Business (KYB)
3. Global watchlist sanctions screening (OFAC)
4. Bank Account Verification
5. Credit checks (Optional but dependent on Acquiring Bank and Processor rules)

Verifying KYB and KYC

Payment Facilitators are required to identify and verify the business entity owner(s) per the United States Patriot Act, Bank Secrecy Act (BSA), AML (Anti-Money Laundering) laws, and FinCEN (Financial Crimes Enforcement Network) rules.

This includes verifying control owners and beneficial owners. FinCEN states that beneficial ownership includes those individuals with a 25% or greater stake in the business entity. However, Acquiring Banks and Processors may classify beneficial owners of high-risk merchants as individuals with a 10% or greater stake in the business entity.

Sanctions screening (OFAC)

OFAC, officially known as The Office of Foreign Assets Control (OFAC), is a financial intelligence and enforcement agency of the U.S. Treasury Department. It administers and enforces economic and trade sanctions to support U.S. national security and foreign policy objectives.

As part of your underwriting responsibilities, you must ensure that the sub-merchants you onboard are not on the OFAC list or any global sanctions/watch list. Watch list membership can include the sub-merchant itself (as a business) or individuals (beneficial business owners) who are added to the OFAC list. There are severe penalties for non-compliance, including fines, freezing of assets, and barring parties from operating in the United States.

EIN / TIN match

An Employer Identification Number (EIN) is a unique identification number assigned to a sub-merchant so that it can easily be identified by the Internal Revenue Service (IRS) and is also commonly used by sub-merchants to report taxes. The EIN is also known as a Federal Tax Identification Number (TIN) when it is used to identify a corporation for tax purposes.

Just as the Social Security Number (SSN) is used to identify individual residents of the United States, the EIN is issued to identify the business entities in the country. The EIN is a unique nine-digit number issued by the IRS. It includes information regarding the sub-merchant's corporate taxonomy, such as the city and state of its business registration. The digits of an EIN are formatted as follows: XX-XXXXXXX. The IRS uses the EIN to identify taxpayers required to file various business tax returns.

Bank Account Verification

The Payment Facilitator should verify bank account ownership to ensure that money is deposited into an actual bank account of legitimate record.

Finix Underwriting and Compliance Product can underwrite and onboard merchants.
As a Payment Facilitator, you can leverage Finix's underwriting product to underwrite and onboard merchants.

6. Begin underwriting net-new merchants

Once you have successfully become a registered Payment Facilitator and integrated into an Acquiring Payment Processor, you can start underwriting sub-merchants.

You should run a trial period with several sub-merchants to ensure you can scale up in volume. Once you have completed a trial period of sub-merchants, you can start aggressively onboarding and underwriting net-new merchants.

7. Migrate Existing Merchants

In an ideal world, you do not want to impact existing customers when you graduate as a Payment Facilitator. You can make this seamless transition through careful planning within your organization and mutual coordination.

The biggest hurdles of migrating a customer base are:

1. Migrating customer payment card and bank account data
2. Having customers execute a new Sub-Merchant Agreement that differs from their original one

8. Organizational changes

Becoming a Payment Facilitator may require changing your organizational structure to handle these new responsibilities.

As a Payment Facilitator, you must provide

1. Primary liability for the processing accounts of your underwritten sub-merchants
2. Transaction processing support
3. Transaction monitoring
4. Sub-merchant invoicing
5. Other non-processing business services or solutions

Effectively tackling these new responsibilities may require retraining colleagues, introducing new operational flows, and modifying your product.