Becoming a Payment Service Provider

The purpose of this entry is to review the key elements which a business needs to consider to become a payment service provider.

Many ISOs and payment service providers after several years of operations realize that they can significantly reduce their costs and optimize their processing if they rely on their own payment management platform.

However, taking everything in-house may be a challenging process because of the complexity, associated with payment processing and PCI compliance.

In this article we are going to cover the essential components of the process and the challenges of getting your own payment gateway.

Payment gateway software selection

First of all, a business wanting to have its own payment gateway solution (white-labeled or exclusive) will need some payment gateway software.

The options might be to build some software in-house, to buy some connectors and integrate them into an existing customer management product, or to license an already existing payment gateway software. When it comes to existing payment gateway software, the two common options are: to license the software and self-host it or to use a hosted version. For more information, see articles on payment processing solutions and payment gateway solutions on our blog.

The next step in the process is to decide on PCI environment where the payment gateway software is going to reside.

Payment service provider hosting

To become an independent payment service provider, a business can either implement its own server infrastructure or use a PCI-compliant hosting (such as firehost or rackspace).

Self-hosted server infrastructure implies maintenance of a data center, availability of development personnel and annual PCI-audit. PCI-compliant hosting, on the other hand, works in the same way that a general VPS hosting (thus eliminating the need for data center and network engineers), except that the servers are located within an already PCI-compliant network.

Because of the additional PCI requirements, servers at PCI-compliant hosting are more expensive than an equivalent configuration in a non-PCI-compliant environment.

PCI compliance and card storage

An important consideration the business needs to take into account on the way to becoming a payment service provider is PCI compliance. The business will need to find the suitable PCI-auditor company, determine the scope of PCI-audit and request quotes from the preferred service provider (assessor). Examples of possible partners include security metrics and coalfire .

One of the challenges to overcome within the context of PCI-audit is the strategy for credit card storage. If you consider using some form of appliance-based tokenization, the cost of the appliance needs to be factored into the overall estimate. For additional information on tokenization (either through appliance of as service), check the respective article on our blog.

Selection of banks and processors

The final issue to be addressed is the selection of banks and\or processors which will be actually processing transactions.

In some cases becoming a payment service provider will require integration with other payment gateways, credit card processors and\or banks. In case you decide to license a payment gateway software from a third party, it is always a good idea to check what types of integrations they already have.

When evaluating the scope of potential integration efforts, consider these guidelines.

  • Integrations with payment gateways tend to be easy and usually do not require time-consuming certification process.
  • Integrations with banks are, generally, not complicated, and smaller in scope than credit card integrations, but some community banks may not have the technology, advanced enough to enable full automation of the processing.
  • Integrations with credit card processors can be rather complex, especially, if legacy platforms are involved, and even if the software that you license, already has such an integration, it will still have to be certified under your name and your PCI environment.

Here is an illustrative example of possible costs.

Example

Gateway software license $ 50 000 – 250 000
Tokenization appliance $ 50 000 – 100 000
Annual PCI audit $ 25 000
Monthly PCI hosting fee (average number of servers needed is 4 (2 of them for backup)) $ 2 500 – 3 500
Additional integration with new banks/processors (each) $ 5 000 – 15 000

These estimates provide the basis for calculating the approximate cost of a common payment solution that would be required by an average payment service provider.

Payment Gateway Solutions

In this article we are going to address several ways of implementation of payment gateway solutions available to merchants and payment service providers who process credit card and ACH transactions. As mentioned in the previous article, payment gateway solutions constitute one of the options a merchant can use for integration with a payment processor (payment service provider).

There are several specific payment gateway solutions available to merchants today.

Licensed payment gateway solution

A merchant licenses a gateway in binary form (nothing can be changed in the software code), or it licenses its source code (enhancements can be made if necessary). Licensed product is installed in the merchant’s own PCI-compliant environment.

Advantages:

  • full control of the whole payment gateway infrastructure
  • no per-transaction costs
  • out-of-the-box integrations with numerous payment processors and banks
  • licensed payment gateway environment is exclusively adapted to one merchant’s preferences

Disadvantages:

  • significant upfront licensing cost
  • need for PCI-compliant environment
  • ongoing hosting and maintenance costs

Generally, a licensed payment gateway solution is recommended for enterprise merchants and payment service providers that have an existing PCI-compliant environment as well as high transaction volumes, and require full control of their payment management process.

Hosted payment gateway solution

A merchant uses a gateway which is hosted by a third party.

Advantages:

  • no upfront license cost
  • no need for PCI-compliant environment
  • no ongoing maintenance and infrastructure costs

Disadvantages:

  • ongoing per-transaction per-merchant costs
  • low degree of control over the hosted environment in terms of downtime
  • shared environment might experience performance issues when multiple merchants are processing high transaction volumes simultaneously

While licensed option is a great solution for enterprise merchants, majority of merchants, especially smaller ones, tend to prefer the hosted payment gateway solution.

There are several common ways in which hosted payment gateway services are priced.

Hosted payment gateway pricing

Any hosted payment gateway solution involves various fees. If a merchant licenses a gateway, there is an upfront fee, but no subsequent fees, while hosted payment gateway solutions involves one of the two common pricing structures: volume-based pricing or subscription-based pricing.

Volume-based pricing involves per-transaction or per-MID fees (or both), which are charged for each transaction processed or for each MID issued to a merchant. The advantage of this approach is that if a merchant doesn’t process any transactions, it, generally, doesn’t pay anything.

Subscription-based pricing involves a fixed license fee (which is paid monthly) and a certain transaction cap. There is usually an extra cost associated with transactions processed over pre-defined caps. While the fee has to be paid both when transactions are processed and when they are not, if there is a large volume that a merchant regularly processes, the cost of each transaction is much lower than the one under per-transaction pricing model. Consequently, the approach is recommended to merchants who have certain transaction volumes processed on a regular basis.

Beside the above-mentioned advantage, subscription-based pricing, usually, gives large-size merchants access to some additional services (such as customized software development), which can be either included in the license subscription, or paid as an additional subscription. This provides access to trained development personnel capable of implementing additional features for a merchant or a payment service provider within the gateway on demand.

Conclusion

If a merchant chooses payment gateway as a preferable integration option, it must consider all advantages and disadvantages of each available payment gateway solution, keeping in mind processing volumes, specific needs and potential implementation costs.

Payment Processing Solutions

In this article we are going to look at several ways to implement a payment processing solution available to merchants and payment service providers who process credit card and ACH transactions.

On the importance of payment processing solutions

At some point many companies that process credit cards face the question of how to implement their connectivity with a credit card processor. There are various options these companies can choose from. Each of the payment processing solutions (direct acquirer integration, connector or payment gateway) has its strengths and weaknesses, so merchants and payment service providers must consider their particular needs before choosing the most suitable integration option. The following sections cover each of the possible solutions.

Direct acquirer integration

Direct acquirer (or processor) integration envisions implementation of the processor’s specification. The integration software code is written as part of the merchant’s application going directly into the payment processor’s system.

The advantages of this payment processing solution are as follows:

  • the merchant is communicating directly with the processor, and no intermediaries are involved; consequently the number of potential intermediary points of failure is lower
  • no additional costs are incurred by the merchant since no middleware technology is used
  • direct acquirer integration tends to perform better even on high transaction volumes

The disadvantages of direct acquirer integration are as follows:

  • the solution is one of the most difficult ones to implement, as integration specifications for platforms used by many payment processors are complex (often due to legacy technology that they rely on) and, consequently, much effort is required to implement the format
  • certification queues tend to be long and the time to open a project and get a specialist assigned can be quite extensive
  • because of the complexity of the specification, certification process requires multiple iterations (certification test executions), and each of them tends to take considerable amount of time

While direct acquirer (processor) integration provides merchants with the greatest control and flexibility and lowest long-term per-transaction cost, it is one of the most time-consuming approaches, carrying significant upfront cost in comparison to other options because of complexity of specifications and legacy technologies used by payment processors.

Connectors

A connector represents a special software component that implements a payment processing specification and can be incorporated into a merchant’s application to simplify direct acquirer integrations.

While a merchant, using a connector component still has to go through certification with the payment processor, the implementation phase is significantly simplified.

Connectors can be of two types:

  • Software component – the component is integrated within the main application and is used to format messages.
  • Middleware – a piece of software installed separately from the merchant’s application. It receives incoming messages and converts them to the format of the underlying payment processor.

The advantages of connectors as a payment processing solution type are listed below:

  • connectors tend to reduce the development effort during the integration phase and can be used by wider range of software developers, not only by the most highly experienced ones
  • a connector eliminates the need for the integration code and subsequent maintenance
  • when new processing features become available, connector vendor takes care of support of these features

The disadvantages of connectors are as follows:

  • depending on the quality of the connector, performance problems might be experienced on high transaction volumes or in multi-threaded environment
  • it is difficult to introduce any types of tweaks or adjustments into connectors with no source code available, if necessary. Consequently, if something is wrong, no one but the vendor can fix the problem
  • upfront cost associated with licensing of the connector

For merchants that prefer upfront investment (as opposed to per-transaction gateway cost) and want to go with direct integration, eliminating intermediaries, connectors provide a good option to use, especially if their transaction volumes are not extremely high.

Payment gateway solution

A payment gateway is a solution similar to a middleware connector, incorporating various additional functions and supporting several different payment processors simultaneously. A payment gateway usually has an infrastructure to maintain merchant preferences and configuration settings associated with it.

The advantages of such payment processing solution as a payment gateway are as follows:

  • integration and certification processes are considerably simplified
  • additional features, such as host capture, are available
  • simplified PCI-compliance certification (payment gateways support pay-pages and other related solutions, thus, reducing merchant’s PCI scope); (more information on PCI compiance can be found here and here )
  • support of recurring payments

The disadvantages of payment gateways are listed below:

  • significant upfront fee / license cost or increased ongoing per-transaction cost
  • when hosted solution is used, a merchant has lower degree of control over the network environment of a payment gateway
  • merchant has low degree of control of the underlying logic of transaction processing

Despite the limitations of the payment gateway solution, it is the preferred choice of most merchants and payment service providers today.

Conclusion

Every merchant, processing credit cards, must make an informed choice from among payment processing solutions (integration options), depending on the merchant’s business size, overall transaction volume and specific business needs.

The next post will represent a detailed coverage of payment gateway solution types and payment gateway pricing structures.