INTEGRATED PAYMENTS 101
Common business models for managing payments
Payments in our industry refer to payment processing — the ability for businesses to accept direct debit, BPAY, credit and debit card payments from their customers.
Here are some of the most popular models for a software company that wants to embed payments:
Integrated Solutions — control and full support
Just as the name suggests, integrated solutions work with your existing software, simplifying the payment process by allowing you to accept payments quickly and securely from your customers via BPAY, Visa, Mastercard, American Express, Direct Debit and more.
Fully integrated API-first platforms like Payrix seamlessly blend with your existing site offering control with full support.
- Customisable portals, customer onboarding, and underwriting
- Comprehensive portfolio management
- Faster onboarding with full control of customer experience
- Full-suite of payment capabilities
- Instant account-servicing solution for you and your customers
- Fully managed customer underwriting and risk assessment
- Billing and funding protection for you and your partners
Payfac as a Service — fast, simple, smart choice
In the same way that cloud computing services democratized the ability to launch software products, integrated payment solutions are making it possible for SaaS companies to become payfacs, without taking on the huge capital expenditure. The result? Lower overall costs for better payment economics.
With payfac as a service, companies can:
- Increase revenue per user by 2 to 5x* versus a standalone software subscription
- Unlock new verticals where previously the total addressable market (TAM) for software was too small and/or the cost of acquiring customers was too high
- Improve margins and makes the product stickier
- Payments and software operate as a single platform
- Integrated software vendor (ISV) owns the customer portfolio
- Dual party agreement between PF and sub-merchant
- Faster onboarding with full control of customer experience
- Control customer acquisition and pricing strategy
- Full transparency into pricing; no hidden fees
- Payment facilitator manages funding to sub-merchants
- Better support experience as ISV manages complete support for software and payments
- Best for companies that can justify the set-up cost, usually processing $10M to $50M in annual sales
- Potential revenue: 2-5x versus a standalone software subscription
Payment Facilitator — high risk, high return
Payment facilitators — or payfacs — take a more active role in processing payments and can capture 0.75-1.25% in revenue of the transaction volume in exchange for taking on the risks and operations associated with collecting payments, including customer underwriting and onboarding, compliance, and reporting.
Although the benefit of becoming a payfac is greater control and higher profit margins, the initial and ongoing investment is steep, including:
Here’s the good news: today there are providers like Payrix who offer the payment infrastructure as a service technology for companies to become a payfac.Product Roadmap
- Hiring a full-time payments team – business, legal, engineering, and customer service.
- Set up — acquiring processor/bank sponsorship, gateway integrations, Level 1 PCI DSS certification, building customer dashboard and payout systems, hiring consultants/advisors.
Time: 6-12+ months
- Customer onboarding and compliance — develop customer underwriting and onboarding including ID verification, risk scoring systems, compliance with PCI DSS, AML, and AFSL and card network requirements, data retention, and privacy.
Time: 6-18 months
Cost: Approx $1 – $1.5M
- Ongoing management capability — account onboarding and monitoring, risk monitoring, fraud prevention, chargeback process handling (including evidence submissions, reporting, and annual compliance validation.)
- Additional costs — expansion into international markets, plus ongoing technical and procedural compliance due to new regulations.
The entryway to easier payments
What is payment software?
A third-party application that works with your existing software, a payment gateway is designed to simplify the payment process. It integrates with your current site, allowing you to accept secure real-time and recurring payments from your customers via BPAY, Visa, Mastercard, American Express, Direct Debit and more.
Your API documentation
When setting up a payment gateway within your software, you will need the API documentation from your chosen provider. Payrix’s API is built on REST and our documentation can be accessed here.
When comparing different vendors, it’s important to explore and trial different API documentation in a sandbox environment to ensure the quality and customizability of the integration. Your trial will also help you evaluate the pros and cons of an out-of-the-box integration versus a personalised solution.
Please note that different credentials will be required for production (live) accounts, which will be available only after your development is complete and certified.
Check Out Our REST API Developer Guide
Maximising your ROI
While it’s true that becoming a payment facilitator can generate more profit per transaction than partnering with an integrated payments provider, there is a lot of overhead involved that can chip away at profits. Small to medium-sized companies tasked with building a payment gateway, hiring an internal payments team, and managing risk and compliance can quickly see their resources drain. While a referral partner, whose pre-built software integrates directly into your site, is a cheaper option upfront for smaller businesses, their high penalties and dishonor fees, transactional fees, and limited capabilities can add up.
More advanced payment integration solutions such as Payrix Integrated offer the same benefits of an ISO, but with lower transaction and penalty fees, and more customisability.
To determine whether partnering with Payrix Integrated is right for your business, use our calculator to estimate your expected ROI and see whether the benefits outweigh the costs.
Calculate Your ROI
INTEGRATE, TRansform, Grow
Take your vertical software platform to new heights
According to venture capital firm Andreessen Horowitz, by adding financial services like payments alongside a software company’s core software product, vertical SaaS businesses can increase revenue per customer by 2-5x*. Adding payments also helps grow revenue per customer, and makes your product stickier. The result? Lower cost of customer acquisition, while increasing the lifetime value (LTV).
In fact, the potential for payments to increase LTV means that companies like yourself can offer your SaaS product for less — or even for free — to attract customers who may be reluctant to go online, and even introduce additional fintech products for greater monetization.
*Source: Fintech Scales Vertical SaaS
Source: Credit Suisse
- Subscription revenue
- Online payments
- Subscription revenue
- Online payments
- Point of sales payments
- Instant payouts
- Software (e.g. billing)
Setting the standard for security
An important part of becoming a payfac, becoming compliant protects your business, your sub-merchants and their customers from a variety of financial risks including money laundering, terrorist financing, fraud, and more. Failure to comply can not only leave you unnecessarily vulnerable, but can result in fines, higher transaction fees, and contract elimination. As compliance experts, Payrix is here to guide you through the process. Here are a few of the regulations you’ll be responsible for as a payfac:
The Payment Card Industry (PCI) Council is the authority on storing and sharing credit card information between banks, processors, gateways, and other businesses. Their Payment Card Industry Data Security Standard (PCI DSS) compliance is mandated globally to protect cardholder data and fight off security breaches.
By ensuring businesses comply with the PCI DSS and its requirements, the aim is to protect everyone from the cardholder down to the processor, bank and merchant. Businesses who are non-compliant can be held responsible for any losses through fraud and can face considerable fines.
There are four levels of PCI DSS compliance, depending on how many transactions you process in a year. Payrix has Level 1, which is the highest possible, to ensure that we keep our customers’ financial data safe
An Australian financial services licence (AFSL) is required for all financial services providers and authorises them to provide financial advice, create and market financial products, operate registered schemes and provide custodial, depository and traditional trustee company services. When partnering with a payment facilitator, your business can generally operate under the licence of your payments partner rather than obtaining your own AFSL.
Anti-money laundering rules (AML/CTF — Anti-Money Laundering and Counter-Terrorism Financing) is required for all financial services and is designed to detect and report any suspicious activity, such as money laundering, terrorist financing, securities fraud, and market manipulation.
Know your customer (KYC) is how companies verify the identity of their clients before working with them. A common global practice, KYC helps companies protect themselves by ensuring that they are doing business legally and with legitimate entities.
Many financial institutions simply require an electronic identity verification that includes personal information — such as a passport, drivers license, or birth certificate — which is data matched within your local state or territory to help determine whether or not an individual has been involved in a financial crime.
Some payment providers are licensed to do identity verification, allowing you to streamline another stage of your setup process.
A closer look at onboarding merchants as a payfac
In order to stay competitive and scale, most vertical SaaS companies eventually want to move towards becoming a payfac. In doing so, they can offer a seamless payment experience that delivers better customer service and greater revenue potential. To begin offering payments, your clients need to be onboarded as a sub-merchant. Here are a few of the steps needed to get the process started:
- To be able to accept sub-merchants, you must first become a master merchant with an acquirer
- As banks have strict policies that govern who they can accept as a master merchant, this is a significant list
- Performing KYC (Know Your Customer) for each new merchant
- Checking for suspicious activity, including money laundering, fraud, and tax evasion, and if on OFAC, PEP’s or terrorist lists
- Identifying and eliminating any sub-merchants with counterfeit sales
- Controlling how to receive, store, and report sub-merchant information in a PCI DSS environment
- Potentially registering with AUSTRAC as a remittance service provider in the states that you do business
- Submitting digital transaction reports to the ATO annually for all sub-merchants
- Integrating payment gateways into the payment platform that connect sub-merchants’ checkout pages to the processing network
- Building a settlement and reconciliation engine that quickly and efficiently pays out what is due to sub-merchants
- Building a compliance infrastructure to identify and manage risk, including systems for due diligence and internal employee policies
- Building a system for identifying and managing chargebacks and disputed payments
- Building and servicing a sub-merchant dashboard that documents and reports on all payments activity
There are rules and requirements involved in maintaining compliance with the various bodies that govern and administer payment processing services. ASIC (Australian Security Investment Commission), Card Schemes like Visa and MasterCard, ATO (Australian Tax Office), AUSTRAC (Australian Transaction Reports and Analysis Centre), Acquirers, and PCI all make up a compliance framework that involves reporting, monitoring, and criteria that need to be matched and validated.
For international companies or companies with plans for international expansion, the list grows even longer, with requirements existing within each country that form a separate registration and approval process to the ones listed above.
Payment card security
To ensure you meet the Payment Card Industry Data Security Standard (PCI DSS) and protect your sub-merchants, you’ll need to register annually as a payfac with Visa, Mastercard, and American Express.