Operating as Payfacs (payment facilitators), give providers of SaaS (software-as-a-service) an opportunity for a lucrative revenue stream in the payment processing industry. Still, there are reasons the number of registered Payfacs is not as high as one might expect. Compliance standards for the industry are strict and somewhat onerous. This is critical for a payment aggregator to both establish trust for its sub-merchants and protect data as they facilitate payment processing.
Before a provider can operate as a Payfac, it must register through a bank with card networks. This allows the Payfac to process payments and operate in this space. It requires insurance and reserve minimums to protect all parties involved, as well as the establishment of compliance with industry standards. Before any Payfac can begin signing contracts with sub-merchants and provide payment facilitation services, it must go through the registration process.
Compliance for payment facilitators is established through the Payment Card Industry Data Security Standard. This includes standards for data security, encryption, access control, and system testing. In addition, the Payfac must have a data security policy in place that outlines measures taken to establish and maintain compliance, as well as a process that outlines what happens in the case of a breach.
Compliance for Payfacs is neither stationary nor a single event. It requires constant testing, monitoring, and updating to systems for security concerns. Hackers and data thieves evolve with the industry to identify and exploit system weaknesses. For a provider whose business is managing financial data to enable payments to go through, staying ahead of cybercriminals is the most important aspect of operations.
Most states have licensing requirements for payment facilitators to operate as payment transmitters. Each state has a different process and requirements, and some do not require the license. Any SaaS provider wishing to operate as a Payfac should look at the requirements and ensure any money transmitter licenses needed are in place and current.
Payment facilitators need to follow closely the requirements for their operations--not only at the time of registration but over time as they work for their clients and sub merchants. Any slip in their compliance standards can threaten the entire business.
Shannon is currently the SVP Sales and Business Development for GlobalOnePay, a division of Pivotal Payments Inc. His goal is to establish strategic partnerships with sales organizations that specialize in the eCommerce space globally. As commerce shifts online, there is exceptional growth potential that Shannon can help ISVs, SaaS, Marketplaces and platforms tap into, to drive payments into profits.