How to Get Modular, Embedded Payments Without Going to Pieces

By Dale Laszig

Lego logs are the perfect analogy for today’s software solutions. Individually, Legos and binary digits are small, uniform and dormant. Together, they’re a miracle of modular energy that can be molded and shaped at will. Not surprisingly, coding can be a lot like building with Legos, so it makes sense for developers to envision the features they would want in a technology stack, then find the right partners to help deeply integrate those capabilities. 

Designing payment software can be like building with Lego logs, according to Andre Machicao, global head of product at Visa. You can follow an outline to get a serviceable product, he stated, or create from scratch. At the Electronic Transactions Association’s April 2023 conference, TRANSACT, he walked the big stage, describing how children who build without blueprints outperform others who follow clearly defined patterns. The payments industry is building without a blueprint, he told the audience, and free builders are outpacing legacy architects.

In today’s blog, we will explore modularity as a principle of modern software design, and how it is helping developers embed payments into highly flexible, configurable software applications.  

Principled Design at the Core

As Machicao noted, software designers frequently go off script and their bold experimentations are taking payments from simple hardware to ever more nuanced forms of digital commerce.  Payment facilitation (Payfac) is a case in point. The idea of supporting sub-merchant customers under a single merchant ID was revolutionary a decade ago, but merchant acquirers saw Payfac’s ability to onboard customers with blazing speed, and a movement was soon underway. 

Like other aspects of PayTech, Payfac evolved from fast onboarding of merchants to diverse capabilities, driven by APIs, and backed by strong partnerships and 24/7 support. A good Payfac partner absorbs the related risks of payment processing, enabling independent software vendors (ISVs) to focus on high-value priorities and more importantly, meet customers where they are, while delivering frictionless checkout experiences across all points of interaction, including mobile, virtual, in-store and online channels.  

Modularity Creates Flexibility

Modularity is a big want in today’s digital commerce ecosystem, especially among multinational enterprises that transact in numerous languages, currencies and regulatory environments. These organizations strive to meet customer expectations and payment preferences while protecting their privacy and personal data. Their approaches in the fragmented payments landscape have created a patchwork of workarounds, some more effective than others. 

Like their customers and partners, ISVs expect flexibility and choice in how to connect, collaborate and share data with other service providers, but integrating disparate technologies has never been easy. ISVs tend to be out-of-the-box thinkers, which is great for building a business but challenging when communicating with other innovators. It takes more than APIs to fully embed payments; a Payfac partner provides the essential connectivity that powers unified commerce. 

Bolt on or Embed?

The best collaborations between ISVs and Payfacs are those that unlock their limitless potential. Modularity holds the key. As we’ve seen with providers and enterprises around the world, there are all kinds of approaches to integrating payments, some more effective than others. 

Over the years, the payments industry’s concept of integration continues to evolve as technology becomes more responsive, intuitive and open-ended. Here are some examples:

Legacy: Standalone equipment and manual invoicing still exist but are less secure, efficient and agile than alternative digital commerce solutions. They function as appendages rather than integral components of your business and brand. 

Hand-off: Packet switching, transaction routing and payment gateways are all part of a transaction’s journey. It is crucial to tokenize and encrypt data at point of entry, in transit and at rest, because each hand-off creates a potential vulnerability that a hacker could exploit. 

Semi-integrated: Large POS systems can keep customer data out of scope by processing payments through adjacent processing devices. Large and small merchants have found it easy and cost-effective to keep these smaller peripheral devices compliant and up to date. 

Integrated: Integrated POS systems have evolved into cloud-hybrid and distributed models that can be managed remotely and continuously updated. Digital app marketplaces and business management capabilities in select models enable users to run their businesses from anywhere. 

Embedded: Ideally, with in-app payments, it’s impossible to see where one ends and the other begins. Commerce is deeply embedded within a brand. There’s no hand-off; customers are not redirected to a checkout lane or payment page. When there’s no daylight between an app and a transaction, that payment is agile, intelligent and secure.

Payfactory – Designed to Build and Scale

In the early days of application design, it was commonplace to use hardware terminology to describe software, because that’s what we knew. Today, we still think of digital commerce in physical terms because of how deeply it impacts our businesses and lives. Imagine physical and digital commerce coexisting in perfect harmony, then see it in action at Payfactory.  

Payfactory CEO Ruston Miles founded Bluefin in 2007, a recognized integrated payments leader in encryption and tokenization technologies that protect payments and sensitive data. Headquartered in Atlanta, with offices in Waterford, Ireland and Vienna, Austria, Bluefin was founded on the core belief that a brand’s value is tied to its ability to deliver a secure, yet frictionless, customer experience. 

In 2021, Ruston founded Payfactory to provide the benefits of agile Payfac that could seamlessly be built into any software system – or as they call it, free building. The company’s free builders understand hardware and software from the inside out and bring principled design and client-first focus to every project. Payfactory’s heritage of security is reflected in every module, from state-of-the-art tokenization and PCI-validated point-to-point encryption (P2PE) to its suite of restful APIs, facilitating choice, collaboration and discovery. 

Built by software innovators for software innovators, Payfactory is here for the long ride and will make that first small step of the embedded payments journey productive and rewarding. Contact Payfactory to learn more.

Dale S. Laszig is a payments industry journalist and guest columnist for Payfactory. Previous to her writing career, she managed business development for leading payments acquirers and POS manufacturers. Connect with her at [email protected], LinkedIn and Twitter.

Securing Embedded Payments: The Role of Encryption and Tokenization

Data breaches, data compromises, identity theft, hacked accounts. It’s not a matter of whether consumers or businesses will be targeted, but a matter of when.

According to IBM’s 2022 Cost of a Data Breach Report, ransomware attacks have skyrocketed (41% from 2021 to 2022), and the average U.S. cost of $9.44M for a breach is more than double the average global cost of $4.35M.

Ensuring that financial and sensitive information is protected from hackers is the responsibility of every party that receives, transmits and stores data – including the merchant, payment gateway, financial institution and third-party vendors.

In the ongoing fight to protect payment and sensitive data, two technologies – encryption and tokenization – have emerged as integral to a holistic security strategy. Each can serve a specific purpose based on acceptance channel or can serve multiple purposes depending on business use case and implementation.

But choosing the best security solution for your business – particularly in embedded payments – isn’t always easy. Today we boil down the mechanisms and uses of encryption and tokenization and considerations when choosing a solution for your business. 

Defining payment data and sensitive data

“Data breach” became a household term in 2013, when cybercriminals stole 40 million credit and debit card records and 70 million customer records from Target. This watershed breach was soon followed by a series of other attacks against major brands, including Home Depot, Michael’s, Neiman Marcus, Sally Beauty, PF Chang’s and more.

Retail and hospitality were prime hacker targets because the initial focus was payment card data, which could be quickly sold on the Dark Web. But as breaches became more commonplace and attack vectors evolved, hackers realized the enormous market for consumer data, including addresses, emails and social security numbers, and expanded their attack surface to include healthcare, higher education, insurance and more. 

Today’s fraudsters target everything and anything. Essentially, any piece of consumer information gained from a hack can be monetized. Payment data and sensitive data can encompass the following:

  • Credit /debit card and ACH account data – Credit / debit card numbers, expiration dates and CVV’s or ACH account data, including bank account information. Depending on what information is transmitted in a financial transaction, it can also include Personally Identifiable Information (PII).
  • Personally Identifiable Information (PII) – First and last name, home address, birthdate, social security number, driver’s license number, email address and more. This is information that is both publicly available via the web in a Google search and information that is private to the consumer. 
  • Protected Health Information (PHI) – Medical records, health conditions, prescriptions, appointments, clinical trials, insurance numbers. Depending on the item breached, PHI can also include debit / credit card data and PII.

Security solution: encryption

Encryption stretches all the way back to 1900 BC when the first evidence of cryptography, the underlying scheme for encryption, was found in an Egyptian tomb.

At its core, the goal of all encryption solutions is to scramble data so that its original makeup – whether letters or numbers – cannot be deciphered by a hacker. The only way to “unscramble” the data is with an encryption key held by one of the parties in the payment or data acceptance and transmission process.

In payment processing, encryption is most often used for card present transactions to secure payment data upon dip, tap or key entry in a payment terminal. There are two primary types of payment encryption offered for card present transactions:

  1. PCI-validated point-to-point encryption (P2PE). P2PE was introduced by the Payment Card Industry (PCI) Security Standards Council (SSC) in 2013 to provide a uniform method and process for payment terminal encryption. P2PE requires that payment card data be encrypted immediately upon entry into the payment terminal and cannot be decrypted until securely transported to, and processed by, the payment processor. 

    To provide P2PE, payment gateways, payment processors and other third-party vendors must receive PCI validation for their solution, with P2PE being considered by many to be the gold standard of point-of-sale (POS) payment encryption. P2PE brings numerous benefits, including cost savings on PCI compliance, reduced technical overhead and fewer questions to answer in the annual self-assessment questionnaire (SAQ).

  2. End-to-end encryption (E2EE). Solutions that have not achieved PCI validation are typically referred to as end-to-end encryption, or E2EE solutions. These solutions encrypt payment data but they have not been validated by the PCI SSC as adhering to the strict encryption, decryption and payment terminal chain of custody requirements of listed solutions. Encryption that is not validated will typically be included with most gateway and processor setups, whereas P2PE solutions can only be obtained through validated providers

Tip: Make sure when you are looking at a new processor or gateway that you ask about their encryption solution, how it works and whether it is PCI-validated. You can learn more about P2PE in the PCI DSS Guide.

Security solution: tokenization

Much like encryption, the goal of tokenization is to mask data so that it is unrecognizable. So, what’s the difference between tokenization and encryption? Encryption focuses on scrambling data that cannot be unscrambled – or decrypted – without a key. Tokenization focuses on replacing payment or sensitive data with a token that consists of letters, numbers and symbols, and which can then be used to represent any type of payment or sensitive data. 

Tokenization is applicable to numerous types of transactions but is most often used for data that needs to be “at rest” or stored. For example, when a consumer agrees to keep their payment card on file with a merchant, the processor or gateway should be storing the card details only as a token (masked) and never “in the clear.” 

Encryption and tokenization are considered the 1 – 2 punch in payment security (encryption for payment data in motion and tokenization for payment data at rest).

And like encryption, there are different types of tokenization to adapt to any business use case. Merchants can choose who tokenizes their data, whether their gateway or processor, a third-party token vendor or even Visa, Mastercard and American Express with their network tokenization service. It is also important to understand the tokenization technology, how it works and how it stores sensitive data and the corresponding tokens. There are two primary types of token storage:

  • Vaulted tokenization involves a secure database where the sensitive data and corresponding tokens are stored. When it comes time to detokenize data, a lookup of the original information must be performed. But as the database becomes larger, the processing time for detokenization increases, making vaulted tokenization less efficient than its counterpart, vaultless tokenization. 
  • Vaultless tokenization does not require a database or a token mapping table, rather it uses secure crytptographic devices for data storage. These devices use standard-based algorithms to convert sensitive data into non-sensitive data or to generate tokens. Vaultless tokenization reduces latency and also provides greater security because it does not maintain a database. 

Tokenization also extends beyond payment card data to sensitive consumer data. Thanks to regulations like the California Consumer Privacy Act (CCPA) and Europe’s General Data Protection Regulation (GDPR), more companies are turning to tokenization to mask PII and PHI entered into online forms or on websites.

Tip: Tokenization should always be offered as part of any gateway or processing arrangement. It will be important to understand what kind of tokenization your partner is using and what kind of data you want to tokenize – just payment data or also PII? Learn more about tokenization from TechTarget.

Payfactory puts security at the forefront

Payfactory’s CEO, Ruston Miles, has been a member of the PCI Security Standards Council Board of Advisors since 2019. He was at the forefront of developing North America’s first PCI-validated point-to-point encryption solution, introduced in 2014, and is a frequent speaker and expert panelist on encryption, tokenization and cybersecurity.

Founding Payfactory in 2021, he knew that payment facilitation would drive the future of payments with a seamless implementation and go-live experience for software platforms and merchants – but that security could not be compromised by increased speed and flexibility. 

That’s why he designed Payfactory’s payment facilitation platform to include tokenization, E2EE or P2PE – as well as customer authentication with 3D Secure (3DS) and additional fraud tools – as standard offerings through Payfactory and our partner gateways. Learn more about our platform or contact us to set up a consultation. 

How 2023 Payment Trends are Shaking Out

The halfway mark of 2023 is almost here. New reports and consumer surveys are solidifying some of the top payment trends of 2023 and reinforcing many 2022 predictions – from increased digital payment adoption to embedded payment and lending integration – while others, like payment sustainability, are emerging as new topics.

Today we look at how 2023 trends are shaking out and what to watch for in the second half of the year. 

Digital payment adoption in B2B and B2C rise

Cash and checks are going by the wayside, which may not be surprising in the B2C market but more B2B companies are now embracing digital payments.

A new report by Citizens Bank surveyed 205 treasury executives at middle-market businesses in February and March 2023. Citizens found that more B2B businesses are now providing online payments, and 80% of B2B transactions are expected to be digital by 2025. Corporate treasury departments are embracing social tokens, real-time payments and virtual cards. But the report also found that B2B has not abandoned checks, automated clearing house (ACH) and physical credit cards just yet.

This differs from the B2C market, where Juniper Research estimates that by 2026, 5.2 billion people will use digital wallets to make payments, up from 3.4 billion in 2022. The research also identified QR code payments as the most popular digital wallet transaction type in 2026, reaching 380 billion transactions globally, and accounting for over 40% of all transactions by volume.

This adoption of digital can be attributed in part to the pandemic, which accelerated interconnected commerce and brought the brick-and-mortar shopping and payment experience online. Consumers are now accustomed to paying digitally and want improved, and expanded, digital channels.

A new report by Salucro demonstrates this trend in healthcare. The company surveyed 1,348 U.S. healthcare consumers this spring and found that 62% of respondents favor patient portals for paying medical bills. This digitalization expands beyond just payments, with Salucro finding that patients’ interest in receiving text message notifications about their medical bills rose by more than 30% in 2023 from 2022, with an additional 51% of respondents saying that a text message reminder would prompt them to pay their bill faster.

Learn more about the different types of digital payments available in our blog, Demystifying Digital Payments for your ISV and SaaS Platform

Businesses get behind real-time payments

Real-time payments (RTP) are about moving money faster than checks and more securely than cash worldwide. According to ACI Worldwide’s March 2023 report, more than 70 countries on six continents support real-time payments, with $195 billion in transaction volume in 2022.

These payments are made between bank accounts that are initiated, cleared and settled within seconds, regardless of day of the week or holidays. Not only does this help consumers manage their money better but real-time payments speed aid in crises. Take the pandemic and issuance of stimulus checks, where the rollout was slow and it took weeks, sometimes months, for consumers to get aid. Payment speed is also key in disaster relief.

Venmo, Zelle and other peer-to-peer (P2P) payment methods are accelerating the adoption of real-time payments, since consumers get instantaneous fund transfer and payment and are now expecting this from their everyday payment methods. According to PYMNTS’ Real-Time Payments Tracker® released in March:

  • Four in five Americans are interested in faster payment options when paying businesses for goods and services
  • 61% of millennials and 59% of bridge millennials say they are highly interested in real-time payments.
  • 23% of consumers interested in using real-time payments find them convenient and easy to use
  • 22% appreciate the instant availability of funds
  • 14% believe real-time payments could help them better track their financial situations.

Lending options become a standard in the payment mix

There is a new industry term to familiarize yourself with – embedded lending. This allows consumers to get lending tools through non-financial services or products.

The most mainstream and popular form of embedded lending is Buy Now Pay Later (BNPL). The increasing popularity of online shopping and demand for quick checkout is propelling the BNPL market to a 26% CAGR from 2023 to 2030, currently standing at $6.13 billion in 2022. 

BNPL brings consumers flexibility with instant credit, interest-free payment terms, shopping via apps and a simple checkout experience. While there is still concern over uncertain economic conditions and consumers’ ability to pay back purchases, regulatory oversight is ensuring that BNPL systems are robust, making them a payment method that is here to stay. In fact, more industries like healthcare, grocery, retail, legal services and grocery are adopting BNPL, making it a mainstream and accepted purchasing method. 

SaaS payments are the new normal

Given the evolution of digital payments and one-touch commerce, it should come as no surprise that consumers expect to pay for goods and services in their software applications, whether that is a gym app, a healthcare portal or when booking a massage or haircut online.

Thousands of software companies around the world have either adopted embedded payments or are considering adoption. These payments are “invisible” to the consumer and baked into the SaaS experience. According to Bain & Company, embedded payments (along with embedded lending) will continue to be the fastest-growing categories of embedded financial services.

Embedded payments bring numerous benefits to both consumers and software platforms. On the consumer side, they satisfy the desire for seamless and quick payments in their app or portal. On the ISV and SaaS platform side, embedded payments make companies more competitive and increase revenue by sharing payment profits with the acquirer or processor.

Payfactory specializes in embedded payment facilitation for ISVs and SaaS platforms. Learn more about the growing need for embedded payments in our blog, Integrated Payments and Embedded Payments: A Trillion-dollar Opportunity

The growing interest in sustainability

The 2023 Merchant Payments Ecosystem (MPE) conference had a panel dedicated just to sustainability in payments – and we are poised to see more of these discussions. 

The payments industry processes trillions of dollars in transactions every year and there is a growing awareness, both from the business and the consumer side, of the effect these payments may have on climate change and our carbon footprint. A great example is the continued use of paper receipts and what that means for the environment – another factor that is putting digital front and center.

The Paypers reports that MPE panelists who joined the session on sustainable payments in March discussed that informing customers about the sustainability of a payment method is an important first step in promoting sustainable payment practices. 

Visa reports that recommerce – resale, returning and redistribution of goods – is also gaining popularity, with 69% of participants in a recent survey saying they would choose retailers based on recommerce activities. A card reward system or loyalty program for choosing sustainable payment options are some of the ideas being floated by processors and merchants.

Additionally, Payfactory believes that consumers will begin demanding real-time refunds – the ability for instantaneous funding of refunds to a consumer card or bank account by pushing funds to their credit card or through their debit card to their bank account. This would allow for 24/7, 365 real-time refunds, fixing a service issue in seconds that normally takes days on the traditional payment refund rails, conserving time and energy.

What’s next in 2023

Consumer demand and preference will continue to drive payment trends. Integrating, embedding and changing the way we process transactions takes time to implement across the payments value chain. But the continued drive toward digital, one-touch commerce and an invisible, convenient payment experience is underway across industries, with more to come from standards including PCI DSS 4.0 and ISO 20022, all of which will make transactions more secure and seamless.

Our CEO, Ruston Miles, a 23-year payments industry veteran, believes that payment facilitation is the future of merchant acquiring and in-line with industry trends for faster, more secure and seamless payments. The result is Payfactory’s payment platform that is plug and play for ISV and SaaS providers, enabling companies to swiftly embed payment processing into their software with minimal work while benefiting from an attractive revenue sharing model. Learn more about how you can start processing payments today with Payfactory.

Considering Payfac? A 4-Step Guide to Choosing Your Solution

According to Bain & Company, ISVs have the potential to address $35 trillion in payments, or 15% of the worldwide total, by integrating payments into their platforms. The digitalization of payments combined with consumer demand for one-touch commerce is driving software vendors in every industry to adopt payment processing within their platforms.

Payment facilitation, or Payfac, is a specialization of payment processing characterized by faster onboarding, faster funding and greater flexibility than traditional payment processing. Not every solution provider offers Payfac as part of their processing package – the reasons for this are varied and we delve deeper into the differences between traditional payment processing and Payfac in our blog, Payment Facilitators Versus Payment Processors – What are the Differences?

But more ISVs and SaaS companies are considering Payfac options when embedding payments into their platform to provide a seamless payment experience, satisfy customers and in many cases, gain a new revenue stream. And there are many options, from owning the Payfac experience to Payfac through direct providers to Payfac as a Service – and, in the case of Payfactory, real-time Payfac that involves minimal development effort.

Step 1: Evaluate Your Business

The first thing to know is “how” digital payments can be used. The three primary methods are at the point-of-sale (typically a brick-and-mortar store or restaurant), online or over the phone. Note that online purchases can be made through a computer, tablet or laptop (Ecommerce) or through a mobile phone (mCommerce).

  • POS: Point-of-sale (POS) typically refers to the customer paying for a purchase in a physical location via a payment terminal (and can also be called card-present payments). Payment terminals should be equipped with chip card acceptance for credit and debit cards and near-field communication (NFC) technology for contactless credit and debit card payments (also called tap-to-pay) and mobile wallet payments.
  • Online (Ecommerce and mCommerce): These are typically payments initiated via a computer or a mobile phone. These two pieces of hardware act as the “virtual” point-of-sale but because you are not purchasing goods in a physical location, they are card-not-present transactions. Credit and debit cards can both be used online, as well as mobile wallets, mobile apps, bank transfers (also called Automated Clearing House transactions or ACH) and alternative credit solutions, such as buy now, pay later (BNPL).
  • MOTO (mail order / telephone order): These are typically payments initiated by the cardholder over the phone with a call center attendant or via physical mail. While the card is still not present with MOTO transactions, the difference here is that the merchant is keying in the data themselves and the cardholder is only speaking the number over the phone or writing it down on paper and mailing it in.

Step 2: Do the Research

It’s easy to get overwhelmed when starting out in payments research, but there are two primary integrated payment options – traditional merchant acquiring offered by a payment processor versus payment facilitation offered by a Payment Facilitator (Payfac).

Traditional payment processors (also called merchant acquirers) provide the systems and technology that processes the payment transactions, routing them to the card networks and the banks, receiving authorization and declines, and settling funds. Payfacs offer payment processing to companies, known as sub-merchants, through their own links with payment processors. Payfacs serve as an intermediary, gathering sub-merchant transactions and passing them to a payment processor for completion. You can learn more about both models in our blog.

It also helps to familiarize yourself with common industry terms, such as:

  • Payment gateway
  • Merchant onboarding
  • Sponsor bank
  • Sub-merchant
  • Convenience fees, surcharge, service fees and platform fees

Get answers to commonly asked processing questions and definitions for payment processing terms on Payfactory’s FAQ page.

Step 3: Define an Ideal Integrated Payments Partner

Within traditional payment processing and Payfac, there are different models for ISVs to consider. What model is chosen depends on a number of questions that are helpful to define once the ISV has become familiar with payment processing. These can include:

  • What is my desired revenue share from a partnership?
  • What level of payment security compliance do I want from my partner?
  • What kind of customer relationship management and support will I, and my merchants, receive from my partner?
  • How involved do I want to be in the sales process?
  • How quickly do I want to board merchants for payment processing? 

Check out our blog, 6 Factors for ISVs to Consider When Choosing a Payment Processor, to learn more about other factors to consider, including transaction type, payment processing pricing, payment terminals, point-of-sale hardware, deposit timing and payment security.

Step 4: Choose a Payfac Model

There are many reasons why more ISVs and SaaS companies are turning to Payfac for their processing needs. The Payfac model simplifies the merchant account enrollment process and provides increased levels of control to ISVs. Seamless and paperless underwriting is at the heart of this model, accelerating standup times for merchants.

Once you have completed steps 1-3, you should have a good idea of how you want to process payments and what type of integrated partner is best for your business. Payfac comes in different models:

  • Software Platform as the Payfac: Many ISVs are moving towards the value of Payfac by actually becoming Payfacs themselves. However, this is the most aggressive model typically only adopted by the largest ISVs because the time to become a Payfac can range from 12-18 months, the cost can reach into the millions, the ISV assumes 100% of the risk and liability for their sub-merchants and payment experience is required.
  • Payfac Direct Providers: There are some larger providers that now provide payment facilitation as a direct service to sub-merchants that ISVs can integrate to. Here, the ISV can integrate to the payment platform and provide the platform’s Payfac services to their merchants directly. However, this is considered more of a “pay to play” model where the ISV is leveraging their processing only and there is no revenue share.
  • Payfac as a Service: Payfac as a Service is the newest entrant on the Payfac scene. In this hybrid payment facilitation model, the Payfac payment service provider becomes a Payfac with Sponsor Banks; they act as a master merchant account and can set up sub-accounts for merchants same-day. The provider offers revenue share while taking on risk and liability.
  • Real-time Payfac: Offered by Payfactory, real-time Payfac provides all the benefits of Payfac as a Service but with minimal development effort – in most cases, ISVs can be up and running with payments in less than one week. This is because Payfactory is gateway-friendly, meaning that we have integrations to over 100 gateways.

Scale Payment Processing with Payfactory

Payfactory was founded in 2021 by CEO, Ruston Miles, a 23-year payments industry veteran that believes payment facilitation is the future of merchant acquiring and in-line with industry trends for faster, more secure and seamless payments. He wanted to create a payment platform that was plug and play for ISV and SaaS providers, enabling these companies to swiftly implement payment processing into their software with minimal work while benefiting from an attractive revenue sharing model. 

Today, Payfactory serves software vendors across healthcare, government & utility, retail, higher education and more with our gateway friendly, real-time Payfac service that encompasses 3 core pillars:

  • Agility: A simple, fast payments integration for all software platforms.
  • Seamlessness: A frictionless, fast merchant account go-live process.
  • Integrity: No sacrificing of human service and support for the sake of speed and flexibility.

 Contact us to get payment facilitation for your platform today. 

Demystifying Digital Payments for your ISV and SaaS Platform

Payment methods today look a lot different than 20 years ago when cash and hard-copy checks were still king. Digital payments (also called electronic payments), such as credit and debit cards and eCheck / ACH, eventually unseated cash and checks. Today, digital payment solutions have grown to include digital wallets, mCommerce and BNPL.

Not surprisingly, COVID was a huge catalyst for the surge in digital payment adoption globally. McKinsey’s 2021 Digital Payments Consumer Survey found that more than four in five Americans used some form of digital payment in 2021, while Visa saw its tap-to-pay transactions grow over 30% year-over-year.

In low and middle-income economies (excluding China) globally, the World Bank found that over 40% of adults who made an in-store or online payment using a credit card, mobile phone or the internet did so for the first time during the pandemic. The high proliferation of smartphones enabling mobile commerce, internet penetration and an increase in paying online are driving the increase in digital payments.  

If you are an ISV that serves many customers, you need to understand the types of digital payments available to you, their pros and cons and which is best for your business. Today we review some of the most popular forms of digital payments and considerations for adoption.

Primary Payment Methods

The first thing to know is “how” digital payments can be used. The three primary methods are at the point-of-sale (typically a brick-and-mortar store or restaurant), online or over the phone. Online purchases can be made through a computer, tablet or laptop (Ecommerce) or through a mobile phone (mCommerce).

  • POS: Point-of-sale (POS) typically refers to the customer paying for a purchase in a physical location via a payment terminal (and can also be called card-present payments). Payment terminals should be equipped with chip card acceptance for credit and debit cards and near-field communication (NFC) technology for contactless credit and debit card payments (also called tap-to-pay) and mobile wallet payments.
  • Online (Ecommerce and mCommerce): These are typically payments initiated via a computer or a mobile phone. These two pieces of hardware act as the “virtual” point-of-sale but because you are not purchasing goods in a physical location, they are card-not-present transactions. Credit and debit cards can both be used online, as well as mobile wallets, mobile apps, bank transfers (also called Automated Clearing House transactions or ACH) and alternative credit solutions, such as buy now, pay later (BNPL).
  • MOTO (mail order / telephone order): These are payments initiated by the cardholder over the phone with a call center attendant or via physical mail. While the card is still not present with MOTO transactions, the difference here is that the merchant is keying in the data themselves and the cardholder is only speaking the number over the phone or writing it down on paper and mailing it in.

The Different Types of Digital Payments

The payment industry has no shortage of offerings for ISVs to provide their merchants. But adding too many digital payment options can be confusing for customers. It’s important to consider your vertical (government would be different than retail), your average transaction size, the frequency of transactions (whether they are one-time, recurring or a mix) and your demographics (millennials love mobile payments). 

Credit and Debit Cards

Credit and debit cards can be used both online and at the POS and remain one of the top forms of digital payment. Credit cards are issued by Visa, MasterCard, Discover and American Express, while debit cards are issued by banks. Credit cards extend credit to the consumer whereas debit cards deduct purchases directly from the consumer’s bank account.

What has changed with credit and debit cards is how they can be used at the POS and online. Customers can now use contactless payments at the POS so they don’t need to touch the payment terminal, and credit and debit cards can also be loaded into a consumer’s mobile wallet, which can work both at the POS and online.

Mobile (Digital) Wallets

Mobile payments are one of the most popular forms of digital payment. Consumers can load more payment methods (credit, debit, ACH, payment apps, etc.) into their mobile wallet without having to carry physical cards. These wallets can also manage rewards cards, memberships and even IDs. This flexibility in payment and document types is a prime motivator driving digital wallet usage. 

The most popular mobile wallets include PayPal, Apple Pay, Google Pay and Samsung Pay, and all can be used both at the POS and online. However, for ISVs to accept mobile payments at the POS, a payment terminal with NFC capabilities is required and the ISV’s processor must also be able to transact mobile payments. For online usage, the onus is on the processor to be set up to accept digital wallet payments.

ACH Payments

ACH payments are an important part of the digital payment mix in many industries such as government, utilities, higher education and healthcare. ACH payments are directly debited from a consumer’s checking or savings account for things like electric or water bills, tuition payments and large healthcare payments. ACH can also be used in B2B commerce for very large transfers between vendors and payers. Almost all processors today offer ACH payments but typically at an additional cost outside of standard merchant account fees.

Buy Now, Pay Later Solutions (BNPL)

Buy now, pay later (BNPL) solutions provide a type of short-term financing that allows consumers to make purchases and pay for them over time, usually with no interest. 

BNPL is popular in retail and industries where high-ticket consumer goods are sold, such as jewelry, electronics and furniture. Additionally, millennials and Gen Z make up the highest proportion of BNPL users – a demographic most interested in alternative and mobile payments (and least interested in traditional credit cards).

Mobile Payment Apps

Mobile payment apps can often be defined to include mobile wallets but also include a segment of mobile payment “cash” apps that facilitate the transfer of money between a provider and a customer, or for P2P (peer to peer) payments. There are a variety of mobile cash apps including PayPayl, Venmo, Zelle, Cash App and more. Transactions are conducted using a mobile or smart device (a phone, a tablet or a watch). Whether you want the ability to take cash app transactions will largely depend on your industry, your demographics and whether your processor offers cash app acceptance at the POS or online checkout.

Ensure the Right Digital Payment Mix

The key takeaways for choosing the right payment mix for your POS or Ecommerce checkout are evaluating your products, considering your industry, understanding your customer – as well as their buying habits – and ensuring that you have the right integrated payment processor for your business.

At Payfactory, we offer a variety of digital payment methods through our payment facilitation platform. Integrated directly into ISV and SaaS software, our platform provides fast onboarding and funding for your merchants, with white-glove customer service and a flexible revenue sharing program for all of our partners. Learn more about our platform or contact us directly for a free payment consultation.  

6 Factors for ISVs to Consider When Choosing a Payment Processor

Whether your software platform services accountants, doctors, retailers, or gyms, your organization will need to process consumer payments. There are a variety of ways to pay for goods and services, but some of the most popular include credit cards, debit cards, ACH (Automated Clearing House) and mobile / digital wallet payments. 

When it comes to choosing a payment processor for embedded payments, ISVs should consider several factors. These will include what kind of payment options you will ofer (in-person and/or Ecommerce), what types of customers you are serving, your business size and more. Today we look at how each of these help determine the type of payment processing model to choose. 

Payment Transaction Type

As a first step, it’s important to consider what types of payment transactions your merchants will accept. Transaction types can include in-person payments, online payments (also called Ecommerce payments), keyed payments, contactless payments and payments made with a mobile phone (whether tapped or in-app).

A mobile payment solution might be necessary if you want to accept payments outside of your storefront – for example, at an event or a festival. If you’re launching an Ecommerce page, look for a payment processing solution that offers secure online transactions and accepts all major credit cards, as well as ACH, particularly if you are in the utility or government space. Also evaluate whether they support recurring billing for subscriptions and card-on-file payments.

More consumers than ever are adopting electronic / digital wallets, so it’s important that your potential payment processor supports GooglePay and ApplePay for in-person tap and both in-app and web-browser. These e-wallets make payments a snap for the cardholder since they can easily select which card they want to pay with, and they don’t have to key in their card each time they want to make a payment.

Payment Processing Pricing

Some payment processors may be very transparent on transaction pricing for smaller merchants, but in other situations, such as enterprise, government, and higher education, pricing may be quite complex. What’s worse is that some processors will force the go-to-market (GTM) price on the ISV, making them uncompetitive with other options in their marketplace. Setting the GTM price for your customer should be a cooperative process with your payment processor, since ultimately neither party wins if the merchant chooses a competitor’s software because their embedded payment option costs less.

The total cost of payment processing is made up of a number of fees, including interchange fees, transaction fees, monthly fees, chargeback fees, and less obvious costs such as membership fees, setup fees and Payment Card Industry (PCI) compliance fees. You should consider the one-time fee and the monthly costs when comparing services, since most modern embedded payment acceptance offerings do not charge monthly fees or PCI non-compliance fees.

Transaction fees can vary depending on what types of cards your merchants are accepting (debit vs. credit cards, consumer vs. commercial cards, etc.), where the transaction is taking place, whether the transaction is made in-person, over the phone, or online, and more, but the typical cost is between 2-4% per transaction and is highly dependent on the vertical. Your payment processor should provide you pricing unique to your vertical, since the major card brands offer many programs that have lower back-end costs for certain verticals such as charity, government, higher education, insurance and services.

Pro Tip: With Payfactory, you get credit card processing services at different price points and risk levels to fit your organization’s budget and business needs.

Payment Terminals

A payment terminal, also called a payment device, and associated applications are necessary if you will be processing in-person credit card payments. The terminal should accept magnetic stripe cards, EMV chip cards and contactless payments – and could also be countertop, mobile or a combination of the two.

If considering a mobile payment terminal, ensure that you can use it across iOS and Android devices, while also accommodating mobile card readers with the option to enter payment data on the fly manually. 

For both countertop and mobile payments, ensure that the payment processors you are evaluating support your preferred technology and card acceptance method. Otherwise, you might have to pay extra fees or settle for less functionality than expected. We strongly recommend choosing a processor that offers your merchants fully PCI-validated P2PE (point-to-point encryption) to protect the cardholder and mitigate breach risk. For many larger entities like government, education and healthcare, PCI-validated P2PE has become a requirement on their RFPs.

Point-of-Sale Hardware

While some processors offer payment processing and point-of-sale (POS) systems, the two do not have to work together. A POS system is excellent for processing card transactions, but it can also track and store cash payments, track inventory, generate sales reports, integrate with accounting software and much more.

If you want to combine credit card processing and POS options, evaluate the equipment required and the cost. You may also be able to keep an existing POS system with your new payment processor if it is compatible with the processor’s current integrations. 

Deposit Timing

Merchants expect the funds processed from a card to be deposited into their bank account as fast as possible. But in the traditional payment processing model, the soonest you might get your funds is by the end of the next day. And most of the newer, trendy processors take a minimum of two business days to deposit funds. You should choose a processor that can offer true next-day funding or even next-morning funding like Payfactory does for certain verticals.

Pro Tip: Payfactory offers fast payouts and deposits. For example, transactions closed in the evening can be deposited the next morning for approved industries.

Payment Security

No discussion about payment processing would be complete without considering security for your customers’ transactions. Any business that processes payment transactions must be PCI compliant, but security goes beyond PCI and should include technologies such as encryption and tokenization for payment card data.

Encryption and tokenization replace actual payment card data with letters, numbers and symbols that would be meaningless to a fraudster. This ensures that if your system is hacked, no valuable information is found that can be resold on the Dark Web or used to commit fraud.

There are various types of encryption and tokenization solutions depending on how you are accepting payments, so make sure to ask potential processors about their internal security systems and the security vendors that they use. We also strongly suggest that you work with a provider that offers 3D Secure 2.x for your digital transactions (Ecommerce, mobile, etc.) in order to shift liability for chargebacks and disputes back to the card issuer for fraudulent purchases.

Pro Tip: Payfactory is one of the only payment facilitators to provide the option of PCI-validated point-to-point encryption (P2PE), the highest level of security for card-present transactions.

Get the Right Payment Infrastructure for Your Business

At Payfactory, we empower ISV platforms and their merchants with fast onboarding, payment acceptance and payouts through restful APIs. We offer competitive rates with no monthly fees, all backed by top-notch customer service, an easy application process and transparent pricing. Security is also at the core of our platform, with our CEO, Ruston Miles, serving on the PCI Board of Advisors and architecting leading encryption and tokenization solutions for payments and sensitive data.

Contact us today to get a free consultation on how Payfactory can take your payment processing to new levels. 

Payment Facilitators Versus Payment Processors – What Are the Differences?

The trend of ISVs and software platforms enabling payment acceptance through their SaaS (software-as-a-service) and installed software systems is exploding. In fact, McKinsey has found that 50% of small businesses now run payment processing through their ISVs, and 15% are in the process of transitioning their payment processing to an ISV provider. 

Embedded payments is a multi-trillion dollar opportunity for ISVs but choosing the right payment processing partner can be a challenge. With traditional payment processing options, the signup process can be time-consuming and frustrating, the merchant approval process can take up to 7 business days, and pricing is confusing and fraught with hidden and recurring fees. The problem for enterprises is that traditional merchant service offerings lack the dynamic funding and flexible billing options needed to access new markets while supporting existing business processes.

Software companies are in an optimal position to embed payments into their offerings to unlock new revenue and improve customer experience. We review the two primary integrated payment options – traditional merchant acquiring offered by a payment processor and payment facilitation offered by a payment facilitator (payfac).

Traditional Payment Processors (Merchant Acquirers)

ISVs want to provide a user experience that is simple, convenient, and consistent – making the most difficult of back-office processes non-evident to the point of invisibility. Businesses sign up for practice management software to simplify and manage their business processes, thereby rewarding the ISV with subscription revenue and loyalty. 

However, merchant acquiring – which can be considered the traditional payment processing model – requires significant time and effort to open an account and can be expensive. Payment processors provide the systems and technology that actually processes the payment transactions, routing them to the card networks and the banks, receiving authorization and declines, and settling funds. 

Because of the way traditional processing was built, it takes time, effort, and money by the payment processor to enable and support merchants. Considerations include:

  • Onboarding (Underwriting and Account Setup): Full merchant onboarding can take 3-7 business days for enrollment, which includes an application form, supplemental paperwork (merchant financials, voided checks, driver license, etc.), and human underwriters.

  • Flexibility of Funding: Payment processors will offer a variety of digital and payment types, but typically only the largest merchant acquirers can offer split payments, convenience fees, service fees, multi-account, fast funds, and dynamic funding. 

  • Monthly recurring fees: There are many parties in the payment processing flow – the payment processor (which can also be the payment gateway), the card associations, the acquiring bank, and more. A payment processing statement can contain upwards of 10 different fees charged to the merchant on a monthly basis, which can be difficult to decipher.

All this being said, in the merchant acquiring model, the processor almost always shares merchant revenue with the ISV. There are a host of factors that go into determining revenue share, from payment volume to transaction size to who is selling the account and providing first-level support. 

Payment Facilitators (Payfac)

Payfacs offer payment processing to companies, known as sub-merchants, through their own links with payment processors. Payfacs serve as an intermediary, gathering sub-merchant transactions and passing them to a payment processor for completion. Payment facilitators provide three primary services to their customers:

  • Onboarding (including instant signup and underwriting) services

  • Payment processing services

  • Back-office functions (including settlement and reconciliation)

The Payfac model simplifies the merchant account enrollment process and provides increased levels of control to ISVs. Seamless and paperless underwriting is at the heart of this model, accelerating standup times for merchants.

Payfacs wrap all these services into APIs that software companies can integrate to, automating the entire provisioning process into a seamless merchant enrollment experience that can be completed online by a merchant in minutes. This API-centric integration and automation is very different from the traditional payment processing enrollment experience.

There are additional considerations when choosing a payment model, including transaction types, pricing, hardware, and compliance and security. Check out 6 Factors to Consider When Choosing a Payment Processing Model to learn more about features and functionality across models.

The Different Payfac Models

Payfacs create a more dynamic user experience for ISVs. But like any payment option, there are different payfac models to choose from. 

Software Platform as the Payfac

Some ISVs have opted to become their own payfac to gain complete control of the payment process and all payments revenue. However, this is the most aggressive payfac model typically only adopted by the largest ISVs since:

  • The time to become a Payfac can range from 12-18 months.

  • The cost can reach into the millions due to software buildout, integrations, bank sponsorships, PCI compliance, AML compliance, financial reserves, registration fees, and more.

  • The ISV assumes 100% of the risk and liability for their sub-merchants.

  • Payment industry experience is required to run underwriting, transaction risk monitoring, and daily financial settlement. 

  • All merchant account sales and customer support must be provided by the ISV.

Without these pieces already in place, an ISV could risk becoming distracted from their core software business.

Payfac Direct Providers

Some larger providers now provide payment facilitation as a direct service to sub-merchants. Here, the ISV can integrate to the payment platform and provide the platform’s payfac services to their merchants directly. However, this is considered more of a “pay to play” model where the ISV is leveraging their processing only. Considerations can include:

  • Margins: Many direct payfac providers will not offer revenue sharing and impose a high buy rate, which can lead to limited margins for the ISV and more costly processing for the sub-merchant (the ISVs’ clients).

  • Merchant Ownership: In the direct model, it can be extremely difficult to support the portability of sub-merchants or transaction data to another provider, if the ISV decides to go with a new payfac or payment processor.

  • Support: A complaint among merchants and ISVs with direct payfac providers is the lack of “human” support, with companies directing SMBs to chatbots or online forms for questions.

While ISV clients will enjoy the benefits of payfac with the direct model – fast onboarding, payment experience control, a variety of funding options – it could come at a higher price and lower margin for the ISV.

Payfac as a Service

Payfac as a Service is the newest entrant on the payfac scene. In this hybrid payment facilitation model, the payfac payment service provider becomes a payfac with Sponsor Banks; they act as a master merchant account and are able to set up sub-accounts for merchants same-day. Payfac as a Service providers differ from traditional payfacs in that they:

  • Offer aggressive revenue shares.

  • Allow portability of merchants and transactional data.

  • Assume all merchant risk and liability.

  • Provide flexible ISV and sub-merchant contracts to support specialized sub-merchant business models and state requirements.

  • Can provide human support to the ISVs and rapid merchant service support.

This model can be ideal for software providers that want to offer their clients same-day onboarding, provide fast funding, and control the sub-merchant experience, while making payments revenue and increasing margins.

Check out our Embedded Payfac FAQs to get frequently asked questions and answers on embedded payment facilitation, plus definitions of payment processing terms.

The Payfactory Solution for ISVs

Software companies increasingly view fully embedded payment functionalities as complementary to their platforms. A payment offering not only enables software companies to capture a larger portion of the economics of a given payments transaction, but also comes at nearly zero customer acquisition cost as it is a logical cross-sell to their existing customer base.

Payfactory specializes in embedded payfac services for ISVs and SaaS companies. Our gateway-friendly platform integrates with software systems to provide seamless payment facilitation with little to no development required, allowing our partners to minimize integration costs and quickly gain a new revenue stream. Founded by payment industry veterans, we believe that integrated
processing should be simple, frictionless and fast – while also maintaining the highest level of security, customer service and human
support.

Access our API documentation and sandbox to see why Payfactory is the easiest and fastest way to enable merchant payments and to start making revenue today. 

Integrated Payments and Embedded Payments: a Trillion-dollar Opportunity

Ten years ago, it was novel to have a SaaS, CRM or EHR platform that offered core business and operational functions while also allowing customers to pay for services within the platform itself. 

Shoot to 2023 when payments integrated or embedded within software systems are not only the new normal but are expected by consumers – regardless of industry. You prepay for an appointment with your doctor through their EHR system, you order an Uber or Lyft and pay within their mobile application, you visit your salon and tap to pay through their CRM. 

According to Bain & Company, Independent Software Vendors (ISVs) have the potential to address $35 trillion in payments, or 15% of the worldwide total, by integrating payments into their platforms. Not only do integrated payments meet consumer demand but they also offer ISVs and SaaS platforms a lucrative revenue stream while creating stickiness with clients.

But navigating the world of payments can be a challenge for software companies. Let’s look at exactly what integrated payments are, the benefits of integrated payment systems and considerations when choosing an integrated payments partner.

What are integrated payments?

Integrated payments – also called embedded payments – is payment acceptance built directly into the software systems that businesses use to conduct commerce. Virtually every company now uses one or more software platforms as part of their day-to-day operations. Many are consumer-facing, where individuals are directly interacting with the SaaS platform, whether in healthcare, higher education, retail or government. For consumers, paying within the platform is convenient, efficient and can enhance brand loyalty.

The terms “integrated payments” or “embedded payments” also encompass any kind of payment method – and there are many to choose from, including:

  1. Credit & debit cards

  2. Automated Clearing House (ACH) transfers

  3. Electronic checks

  4. Mobile wallets (Google Pay, Apple Pay, Samsung Pay)

  5. Buy Now, Pay Later (BNPL)

While accepting credit cards is standard for almost all ISVs, what additional payment methods are offered will depend on the size of your company, your vertical or industry, your customer profile and a host of other factors. A knowledgeable integrated payments partner will help you determine which options are best for your business. 

The benefits of integrated payments

While integrated payment and embedded payment solutions significantly benefit consumers, the benefits to ISVs and SaaS providers are numerous.

  • Additional source of revenue: The software platform will gain a portion of processing revenue with their integrated payments partner. Revenue share will vary by company size, payment processing model and transactional volume, but can reach millions of dollars per year for larger ISVs. 
  • Elimination of manual reconciliation: Integrated payments eliminates the process of manually entering and reconciling transaction data into the software system. Not only is manual accounting time consuming, but it is also prone to errors and is not scalable with your business.
  • Cost savings: Many small to medium-sized software platforms don’t have dedicated accounts receivable departments to review payment information. Integrated payments create operational efficiencies, leading to decreased overhead and cost savings.
  • Client stickiness: Let’s be honest – there is fierce competition in today’s ISV market. It can be difficult to win business but once won, keeping it is crucial. When clients enable integrated payments through your software, there is less likelihood of attri

Choosing an integrated payments partner

There are many factors to consider when choosing an integrated payments partner, which will vary by what you want out of the relationship. Questions to ask yourself can include:

  • What is my desired revenue share from a partnership?
  • What kind of payment methods do I want to accept?
  • What level of payment security compliance do I want from my partner?
  • What kind of customer relationship management and support will I, and my merchants, receive from my partner?
  • How involved do I want to be in the sales process?
  • How quickly do I want to board merchants for payment processing? 

Starting with these questions will help you determine the best integrated payments partner for your business – whether that is a traditional payment processor or a payment facilitator, also called a Payfac.

The Payfactory difference

Formed by payments industry veterans, Payfactory enables ISVs and SaaS vendors to effortlessly integrate or embed payment acceptance into their platform. A true Payfac-as-a-Service, Payfactory provides immediate onboarding, digital payment acceptance and is gateway-agnostic, meaning that you can quickly enable Payfactory on your current payment platform, or partner with Payfactory’s preferred payment gateway, Bluefin.

We believe that merchant processing for ISVs can be simplified without sacrificing support. Partnering with Payfactory means white-glove, human-centered service for our partners and their merchants. That’s the Payfactory difference. Learn more about our platform.