The rewards of payment facilitation are well known at this point. That’s why it’s an attractive prospect for SaaS businesses in vertical industries that are looking to grow, build value, and gain more control over their customer experience.
All the upside does come at a cost though. The risks you take on as a payfac are complex and wide-ranging, from compliance, fraud, and PCI to card regulations and merchant due diligence. Basically, all the responsibilities that would traditionally fall under the purview of a merchant acquirer (bank or financial institution) are now in your court as a payfac to manage and mitigate.
Succeed and the rewards can be great. Fail and you could pay a heavy price. It’s a balancing act between how much risk you’re willing and able to take on and the rewards you want to attain. Once you find that balance, it can impact your decision to become a payfac as well as which business model you ultimately choose.
So, what are the major risks you face as a payfac? Let’s take a look.
-
Transactional Risks
These are inherent risks associated with the processing of transactions for your sub-merchants. As a payfac, you’re responsible for the transactions of every sub-merchant on your platform. To reduce risk and losses, you have to constantly monitor their transactions for all types of payment fraud and institute controls when necessary.
One type known as friendly fraud occurs when a real customer orders a product online and receives the goods or products, but claims they didn’t and proceeds to ask their bank for a chargeback rather than ask the merchant for a refund. If you provide processing, settlement of funds, and bill your merchants, you’re responsible for handling chargebacks.
Settlement of funds comes with risks as well, because payfacs will often settle transactions with a sub-merchant before goods are delivered. This means you’re extending them a line of credit in a sense. If you try to collect funds from a merchant for a chargeback you paid out and that merchant has gone out of business, you’re stuck with losses that can quickly add up as you grow.
-
Compliance Risks
These are risks related to non-compliance with all the governmental and card-brand regulations you’re subject to as a payfac. You’re responsible for who’s on your platform and must have processes and procedures in place that prove to your acquirer who your sub-merchants are.
Payfacs must ensure their sub-merchants are covered for money laundering, terrorist financing, and all other risks, including Know Your Customer (KYC), Anti-Money Laundering (AML), and Office of Foreign Asset Control (OFAC) requirements.
During the underwriting process, you’re also required to identify the business owner(s) of your sub-merchants, according to rules and regulations set by the U.S. Patriot Act, Bank Secrecy Act, AML laws, and the Financial Crimes Enforcement Network (FinCEN).
Card brands have their own set of rules and regulations that you must follow and ensure your sub-merchants are following. Arguably the most important is PCI compliance to protect customer data. All merchants must meet Payment Card Industry Data Security Standards (PCI DSS), but payfacs must also register as a Level 1 PCI DSS. Failure to meet these requirements can lead to fines, higher transaction fees, and contract termination.
-
Operational Risks
These are risks stemming from inadequate or failed internal processes, procedures, systems, or employees. Operational risks include:
- Old hardware failures or other disruptive threats to networks, malware, or employee errors can hinder payfac operations.
- The struggle to attract top talent can lead to less experienced staff moving into high-pressure roles, increasing the likelihood of errors.
- The organizational shake up when you become a payments business can lead to costly disruptions to your core business.
-
Reputational Risks
These are risks that can negatively affect your industry and public reputation. This happens all too often these days with data breaches, bad customer service reviews that go viral, executive scandals, and so on.
Since you’re required as a payfac to know your customer (see KYC above), you’re responsible for any illegal or illicit activity of your sub-merchants. The types of sub-merchants you board can also cause issues even if they’re not illegal, per se. Examples include massage parlors, vaping products, firearms, and drug trafficking, because they often get approved as legitimate merchants.
Getting on the wrong side of regulators, card brands, and acquirers can also create lasting damage to your reputation and could expose your company to substantial fines.
How to Protect Yourself
The least risky move you can make is to partner with a payment facilitation expert like Payrix, who can safely guide you through the process of becoming a payfac and set you up for long-term success. For example, Payrix Pro provides you with a payfac-like experience without the risks, while Payrix Premium offers all the tools you need to process payments and successfully manage risk.
