From ISO to Payment Facilitator


Recently the term “payment facilitator” has gained popularity. The role of payment facilitators at the merchant services market has grown significantly. The concept of a payment facilitator is actively promoted in the merchant services industry. Consequently, more and more companies consider the idea of assuming the role of payment facilitators.


A business, selling merchant accounts, is currently functioning as ISO, but wants to become a payment facilitator.


An ISO, generally, relies on other entities in many aspects of its activity. If a business needs to get a merchant account (purchase it from an ISO), the ISO needs to address some other entity (usually, the payment processor) to handle this issue.
Traditionally, the model functioned as follows. ISOs and software companies, which performed the role of ISOs for their clients, referred their clients to the processors and helped sell the accounts, relying on external gateway. Underwriting and funding was handled by the processors. With time, as the number of clients increased, they realized that the model was not very effective. As a result, payment card associations suggested the concept of payment facilitators, which provided these new entities with greater control over the processes of MID issuing, merchant funding etc.
ISOs have various reasons for becoming payment facilitators.
As we’ve mentioned in one of our articles, a payment facilitator actively participates in sub-merchant funding, and each of its sub-merchants is funded under a separate MID. In view of these functions, to become a payment facilitator, an entity needs to perform several important steps and answer some critical questions.


Finding a processing partner

If you are an ISO, you already have a certain number of merchant accounts to support.

  • Are you going to become a payment facilitator with your current payment processor, or find a new processing partner? In either case, as mentioned in the respective article, you will have to sign a separate agreement with your processing partner, and go through the payment facilitator underwriting process.
  • If you are switching to a new payment processor, what is the plan for migration of your merchants? Will all the existing merchants from your portfolio be able to go through underwriting process with the new payment processor? If not, what is the “plan B” for those merchants, which are unable to do that? Some tips on migration to a new processor can be found here.

Pricing strategy and underwriting

If you are going to change our processing partner, you need to carefully study the following two issues:

  • What are the underwriting requirements of the given processor? Which documents and guarantees are required? What are the requirements for merchant services reserves? Remember, that before being able to underwrite your sub-merchants, you need to go through underwriting procedure with the payment processor yourself.
  • What transaction pricing model is offered by your potential processing partner? More information on transaction pricing models can be found in our previous articles, such as this one.

Technical aspects

You need to address several technical aspects. Mostly, these concern the peculiarities of new integration(s).

  • What types of payment cards and transactions do you need to support?
  • How will the new merchants be set up? How will the new MIDs be issued? What is the merchant underwriting mechanism you are going to use? If merchant information changes over time, how will those changes be delivered? In other words, what is the strategy for merchant on-boarding and provisioning?
  • Who will implement KYC (know your customer) logic, verification procedures? Is it going to be the processor or your own development team?
  • How will sub-merchant funding, remittance, statement generation, and reporting be organized?
  • Do you need card-present solutions (which, naturally, call for usage of physical payment terminals)? Which terminals are you going to use? Which processor(s) is(are) going to support particular solutions (card-present and card-not-present, or some others)? If several processors are going to be involved, then merchant on-boarding, funding, and chargeback handling procedures have to be worked out for each of the processors. If you need to process only card-not-present transactions, do you need to handle recurring payments and batch transaction processing? How are you going to handle these tasks? What is your solution for merchant information updating (account updater functionality)?
  • Are you going to handle most of the abovementioned processes manually? If yes, you need to develop training materials for your personnel. Otherwise (if the processes are going to be automated), you need to launch the respective development projects in order to implement the necessary logic.

PCI compliance and fraud protection

What is your status in terms of PCI compliance? What fraud protection mechanisms are available? In order to ensure the security of all the processes, you need to go through appropriate PCI audit as a prospective payment facilitator, and implement the best fraud protection tools you can find.


Becoming a payment facilitator, you are getting more control of merchant funding and underwriting processes, but you are also assuming greater risks and responsibilities. Your transition strategy must include all the aspects, needed to ensure smooth handling of the whole life-cycle of your sub-merchants.

Implementation of EMV Payment Terminal Solution


Many companies at the modern merchant services market are looking for an optimal card-present solution to implement. Some of these companies are expanding or re-organizing their activities (a step, which often leads to the need to choose and implement a payment terminal solution). Others are newcomers, which want to accept both card-present and card-not-present payments.


A company is looking for a universal card-present solution to implement. Either it can be a new solution, which is to replace an old one, or it can be the first card-present solution to be implemented by the company.


The problem is relevant for several categories of businesses:

  • existing companies which already have a card-present solution in place, but want to replace it with a better one (possibly, in response to EMV liability shift)
  • existing companies, which previously dealt only with card-not-present transactions
  • startups that require card-present solutions
  • Strategy

    In order to implement a card present solution in the most reasonable and adequate way, your company needs to take the following important aspects into account.

    What hardware should be used in the new payment terminal solution? Which payment terminals are to be used? What functions should they be capable of performing?

    In order to answer these questions, you should analyze your business situation, the needs of the merchants you are going to service, as well as the price these merchants are willing to pay for the new terminals.

    For example, you might need the cheapest monochrome screen terminals or high-end 7-inch touch-screen ones with the most advanced functionality for your particular case.

    Keep in mind, that payment terminal market is an oligopoly, i.e., it includes only few large vendors, so your choice may be limited. Beside that, most companies’ offers may be quite similar.

    Do you need mobile solutions?

    Some companies offer solutions for both payment terminals and mobile POS systems. Maybe, it might be advantageous for you to deal with such a universal vendor, rather than to involve different vendors for different kinds of solutions.

    Which payment types do you need to handle?

    Do you need EMV contact and EMV contactless payments or are you going to deal only with encrypted swipe payments?

    Do you need standalone or integrated payment terminal solutions?

    Remember, that a payment terminal is just a hardware unit and different kinds of software can be installed on it. While terminal manufacturers (such as Ingenico and VeriFone) offer their own terminal applications, alternative payment terminal solutions are also available from third parties. Such third-party software products may be more suitable for your particular situation, than the software, developed by the terminal vendors themselves (for which you need to pay separately anyway).

    Depending on the type of payment terminal solution that you need (standalone or integrated), you need to evaluate the available software options according to the following three criteria:

    • Quality of user interface. I.e. how the software looks, works, and performs its intended functions inside the terminal (button sizes and colors, supported languages etc.).
    • Ability of the terminal application to communicate with the payment gateway. Some vendors offer terminal applications which are “strategically tied” only to their partner gateways. The question is, thus, whether the terminal application, that you are going to use, is already (or can be) connected to the payment system you need to interact with. You should also avoid situations when in order to deal with different processors you have to use different types of payment terminals and terminal applications, as the process may become too complicated to manage. In other words, your terminal application must be able to smoothly communicate with all back-end payment systems you need.
    • Ease of integration of a payment terminal with the POS system. Many companies still offer legacy integration strategies, which require either installation of DLL libraries or Windows service on the workstation. Both these solutions present deployment challenges, especially, for web-based applications. Beside legacy strategies there are other available options, such as cloud solutions (offered, for instance, by UniPay Gateway).

    As you can see, your choice of a particular terminal solution will not depend so much on the physical hardware and its price, as on the availability of your preferred terminal application on particular terminal models, or on support of a particular payment gateway by the terminal application you want to choose. For example, if your bank or payment gateway tells you that you can only use Ingenico, it makes no difference if you find Verifone more suitable for your business.

    Fulfillment strategies

    One of the most important aspects to consider is payment terminal fulfillment. I.e., who will be loading the new terminals and shipping them to your merchants. There are several options possible.

    You can buy a batch of (say, a 1000) terminals from a vendor or manufacturer, and then use an internal team to inject the respective keys and terminal applications into them as they are shipped to merchants (in smaller quantities). This process requires a whole infrastructure. Although this option is plausible for some companies, most businesses choose to delegate terminal fulfillment to special entities. Consequently, you can partner with a fulfillment center that will install software applications on the terminals, service the terminals, and handle terminal replacement.

    When choosing a fulfillment center, you should consider the following issues:

    • what it costs to buy a new terminal or replace an existing one; what the shipping rates are
    • which software applications (custom software packages) can be loaded
    • which terminal models it supports
    • with which processors it has agreements for PIN key injection (as it needs to be able to inject respective encryption keys), and in which countries
    • if you need some particular terminal application to be installed on your terminals, you should check with the fulfillment center, if it is able to install this application for you.

    When you find a fulfillment center, which is suitable for you in terms of pricing and servicing conditions, and a terminal application, which supports the payment gateway you are (or are going to be) partnering with, your choice of payment terminal solutions may become very limited.


    You have done a market research and realized that your options include Ingenico iSC 250/480 or VeriFone MX 915/925. However, in order for your terminals to be able to interact with your payment gateway, you need a special terminal application. Only two fulfillment centers are able to install this particular application, and only one of them deals with the three processors, whose keys you need to inject. This fulfillment center supports only Ingenico terminals. In this situation there is no point in some in-depth analysis of specifications and price offerings of VeriFone, as Ingenico turns out to be your only choice.

    EMV certification (if necessary)

    If you need to support EMV standard and keep using your own payment platform, you will need to integrate your terminal solution into an existing payment ecosystem (i.e. integrate your terminals with an existing gateway). This means that you need to go through EMV certification process.

    Remember, that each EMV kernel, installed on devices, which you are using within your solution, must be separately EMV-certified. Consequently, in order to simplify EMV certification process, you need to minimize the number of EMV-kernels on your devices (including EMV-kernels provided by one and the same manufacturer/vendor).


    A company wants to work with a certain number of models of terminals and mobile devices. Some mobile devices are using the EMV kernel which is used by payment terminals, while other mobile devices are using a different EMV kernel. (For instance, Ingenico uses both its own mobile solutions and solutions, developed by ROAMpay before its acquisition by Ingenico). In this case the company has to certify two EMV kernels, i.e. go through two certifications.

    In order to minimize the number of EMV kernels and, thus, reduce time and cost of EMV certification process, you need to verify, whether all the devices you are going to use, are made by the same manufacturer, and whether one and the same EMV kernel is installed on all the models of these devices.


    Many newcomers in the merchant services industry erroneously think that selection of a card present solution starts with the analysis of available hardware options. Selection of hardware, in fact, may be the last phase of the process. You should, definitely, know the names of the key hardware brands. However, a decision, based only on hardware specifications, may result in a costly error. The key factors to be considered first and foremost often include terminal application compatibility, support of the necessary gateway integrations, number of necessary EMV certifications (if they are needed), and preferable fulfillment strategies