The Number Nobody Tracks
The OpenView and Paddle 2023 SaaS Benchmarks Report surveyed 3,500+ private SaaS companies across seven years. One finding stood out:
A quarter of SaaS companies spend 5-9% of annual revenue on payments, billing, tax, and compliance infrastructure.
And 27% of respondents said they don't track these costs at all.
That second number is the more revealing one. If you don't know what payments cost you, you can't make rational build-vs-buy decisions. You can't compare the cost of your current Stripe integration against the cost of adding multi-PSP support. You can't evaluate whether becoming a PayFac makes financial sense.
Most SaaS founders assume payments is "2.9% + 30¢ per transaction." That's the processing fee. It's not the infrastructure cost.
Where the Money Actually Goes
Engineering Headcount
At $2M ARR with a basic Stripe or PayPal setup, Notion Capital's portfolio analysis found companies typically allocate:
1-2 full-time developers maintaining payments infrastructure
1 FTE in Finance for manual processing and reconciliation
1 FTE for tax-related work
That's 3-4 people before you hire a single payments specialist. At a fully-loaded cost of £80-120K per head, that's £240-480K per year — on a £2M revenue base.
As the business grows, so does the payment team. By £35M ARR, companies typically need 2 additional FTEs just for billing support load.
The PayFac Path
When a platform decides to own more of the payment stack — becoming a Payment Facilitator — the costs escalate:
Component | Cost |
|---|---|
Visa + Mastercard registration | £20,000-£50,000 upfront |
Annual card network renewal | £10,000-£25,000/year |
PCI Level 1 certification | £50,000-£200,000 |
Engineering build (gateway + onboarding + settlement) | £400,000-£2,000,000+ |
Annual payments engineering team (4+ specialists at £150K) | £600,000-£1,000,000/year |
Insurance | £10,000-£30,000/year |
Timeline to go live | 12-24 months |
Bain & Company's analysis found that a full PayFac model requires 10+ full-time employees across product, engineering, operations, support, and risk — with annual costs of £1-3M.
The threshold to make PayFac economics work? Multiple independent analyses — from Stax, Fiska, Nexio, and Bain — all converge on the same number: £50M+ in annual processing volume. Below that, the fixed costs outweigh the revenue.
PCI Compliance
PCI DSS compliance is a recurring cost that scales with your payment architecture:
Level 3-4 (under 1M transactions/year): £1,000-£20,000 for self-assessment
Level 2 (1-6M transactions): £10,000-£50,000 for validated assessment
Level 1 (6M+ transactions, or any PayFac): £50,000-£200,000 for on-site QSA audit
On top of the certification:
Compliance automation platform (Vanta, Drata, Secureframe): £10,000-£80,000/year
Quarterly vulnerability scans: £400-£800/year
Annual penetration testing: £5,000-£30,000
Engineering time to maintain controls and gather evidence: £5,000-£20,000/year equivalent
And the stick: PCI non-compliance penalties start at £5,000-£10,000 per month and escalate to £100,000/month. The average data breach costs £4.88M (IBM/Ponemon 2024).
The Full Picture
Unipaas published a detailed build analysis for full in-house payment infrastructure:
Component | Build Cost |
|---|---|
Onboarding system | £500,000 |
Underwriting policies | £250,000 |
AML/compliance monitoring | £250,000 |
PCI/compliance licensing | £900,000 |
Acquirer sponsorship | £500,000 |
Payment gateway integration | £100,000 |
Merchant management + reporting | £800,000 |
Total upfront | Up to £8,000,000 |
Annual maintenance | £3,000,000/year |
Even Stripe's own estimate for building a basic payment gateway MVP is £150,000-£250,000 — and that's initial development only, with no ongoing maintenance, no compliance, and no staffing.
The Opportunity Cost Is Worse Than the Cash Cost
The cash numbers are striking. But the opportunity cost is what kills platform companies.
Every engineer maintaining a Worldpay webhook handler is an engineer not building the feature that would close your next enterprise deal. Every sprint spent on PCI remediation is a sprint not spent on your AI capabilities, your analytics dashboard, or your marketplace matching algorithm.
Stripe itself employs approximately 3,400 engineers to build and maintain payment infrastructure. When a SaaS company with 30 engineers allocates 4 of them to payments, that's 13% of engineering capacity — roughly equivalent to what Stripe allocates as a percentage of its total workforce. Except Stripe is a payments company. You're not.
The question isn't "can we afford to outsource payments?" It's "can we afford the engineering distraction of not outsourcing them?"
What the Alternative Looks Like
A payment layer replaces the entire build with a single integration:
Multi-PSP routing — 40+ payment gateways through one API. No per-PSP engineering projects.
**PCI compliance carried by the provider** — your PCI scope drops to the minimum level.
Merchant onboarding pre-built — white-label, self-service, no custom build required.
New channels without new projects — voice, links, embedded checkout, AI agent payments through the same integration.
Integration timeline: 2-4 weeks. Ongoing maintenance: zero dedicated payment engineers.
The platform pays per transaction (or revenue share). The math almost always works: even a modest per-transaction fee is less than the fully-loaded cost of 3-4 payment engineers plus PCI compliance plus PSP maintenance.
And the engineering capacity freed up? That goes back to building the product that actually differentiates your platform.
How to Calculate Your Real Payment Infrastructure Cost
Most SaaS companies have never done this exercise. Here's the framework:
Direct Costs
Processing fees — what you pay your PSP per transaction (the obvious number)
Payment engineering salaries — fully-loaded cost of every engineer who touches payment code, pro-rated by time allocation
PCI compliance — audit fees, tooling, engineering time for controls
PSP maintenance — time spent on API updates, webhook debugging, error handling, settlement reconciliation
Indirect Costs
Finance and ops — FTEs doing manual reconciliation, dispute management, merchant support
Tax compliance — if you handle it alongside payments
Legal — merchant agreements, compliance review, licensing
Opportunity Costs
Features not built — what would those payment engineers have built instead?
Deals not closed — enterprise prospects lost because you couldn't support their required PSP
Speed to market — how much faster would you ship if payments were solved?
Add up items 1-7 and divide by annual revenue. If the number surprises you, you're in the 27% who weren't tracking it.
FAQ
Is the 5-9% figure just processing fees?
No. Processing fees (the 2.9% + 30¢ you pay Stripe) are one component. The 5-9% figure from the OpenView/Paddle survey includes engineering, billing, tax, compliance, and operations — the full cost of making payments work inside your platform.
Does this apply to early-stage companies?
The percentage impact is often higher at early stage. When you have 20 engineers and 2 are on payments, that's 10% of your engineering capacity. The absolute cost is lower, but the proportional impact on product velocity is larger.
We're on Stripe Connect — is that enough?
Stripe Connect reduces the build burden compared to raw Stripe integration. But it locks you into Stripe as your only PSP, limits you to Stripe's channels and capabilities, and still requires engineering maintenance. Many platforms outgrow Stripe Connect as they scale — especially when enterprise customers mandate other PSPs.
What's the break-even for building in-house?
£50M+ in annual processing volume is the consensus threshold from Bain, Stax, Fiska, and Nexio. Below that, the fixed costs of PayFac infrastructure consistently exceed the revenue. Even above that threshold, the engineering opportunity cost often tips the balance toward outsourcing.
How do I justify this to my CFO?
Frame it as total cost of ownership. Your current payment infrastructure costs £X per year in direct costs (engineering salaries, PCI compliance, PSP maintenance) plus £Y in opportunity cost (features not built, deals not closed). A payment layer replaces this with per-transaction pricing — typically resulting in lower total cost and recovered engineering capacity. The savings compound as you scale.
Related Reading
How to Get Payments Off Your Product Roadmap — the full case for outsourcing payment infrastructure
Embedded Payments Without Becoming a PayFac — the middle path between Stripe Connect and full PayFac
How Platforms Monetise Payments Without PSP Lock-In — turning payment infrastructure from a cost into revenue
Gateway vs Orchestrator vs PayFac vs Payment Layer — the four categories of payment infrastructure
When Your SaaS Outgrows Stripe Connect — the migration path when Stripe Connect hits its limits
Shuttle vs Building In-House — the detailed build-vs-buy comparison
What Happens When Your Only Payment Processor Cuts You Off — the concentration risk of single-PSP dependency
Ready to stop spending engineering on payments?
Shuttle replaces your payment infrastructure build with a single integration — 40+ PSPs, voice payments, payment links, AI agent channels, and PCI DSS Level 1 compliance included. Your team ships product. We handle payments.
Calculate Your Savings | See How It Works