The Estimate Is Always Wrong
Every platform's payment infrastructure journey starts with the same conversation:
Product: "We need to embed payments." Engineering: "We can build it. Two engineers, three months, we'll integrate Stripe." CTO: "Let's scope it."
Three months later, they have a basic Stripe integration. Then an enterprise customer requires Worldpay. Then another needs Adyen. Then the compliance team discovers they're handling card data and need PCI certification. Then the contact centre wants phone payments. Then the AI team needs payment capture in their voice agent.
The "three-month project" is now a permanent line item on the engineering roadmap.
This isn't hypothetical. It's the pattern we see repeatedly across platforms evaluating their payment infrastructure options. The initial build is straightforward. It's everything that comes after that breaks the model.
The True Cost of Building In-House
Year 1: The Build
What you think you're building:
A Stripe integration for embedded checkout
Basic merchant onboarding
Transaction reporting
What you actually need to build:
Component | Estimated Effort | Notes
PSP integration (first gateway) | 2-3 months | API integration, error handling, webhooks, testing
PCI DSS compliance | 6-12 months | If handling card data in any form
Merchant onboarding flows | 2-4 months | KYC, compliance checks, account provisioning
Transaction management | 1-2 months | Refunds, disputes, reporting
Reconciliation | 1-2 months | Matching transactions to settlements
Second PSP integration | 2-3 months | When the first enterprise customer demands it
Testing & certification | 1-2 months | End-to-end testing across PSPs
Year 1 cost estimate:
Cost | Amount | Notes
Engineering (3-4 FTEs, 12 months) | $600K-$1M | Salaries, benefits, opportunity cost
PCI DSS Level 1 certification | $500K-$2M | QSA audit, infrastructure, controls, remediation
Third-party tools & services | $50K-$100K | Tokenisation, fraud tools, monitoring
Legal & compliance | $50K-$100K | Regulatory review, contract negotiation with PSPs
Total Year 1 | $1.2M-$3.2M
Year 2+: The Maintenance
The build cost is a one-time expense. The ongoing cost is where it compounds.
Ongoing Cost | Annual Amount | Notes
PCI DSS annual audit & maintenance | $200K-$500K | Required annually for Level 1
PSP API updates & maintenance | $100K-$200K | PSPs change APIs, rules, and requirements regularly
Additional PSP integrations | $150K-$300K per PSP | Each enterprise customer demanding a new gateway
Fraud monitoring & management | $50K-$150K | Tools, tuning, dispute management
Engineering maintenance (2 FTEs) | $300K-$500K | Keeping the system running, fixing issues, on-call
Compliance updates | $50K-$100K | PCI DSS version updates, regulatory changes
Total Annual Ongoing | $850K-$1.75M
The Three-Year Total
Year 1 | Year 2 | Year 3 | Total
Build | $1.2M-$3.2M | — | — | $1.2M-$3.2M
Maintain | — | $850K-$1.75M | $850K-$1.75M | $1.7M-$3.5M
Cumulative | $1.2M-$3.2M | $2.05M-$4.95M | $2.9M-$6.7M
And this covers a single channel (online checkout) with 1-2 PSPs. Voice payments, payment links, AI agent payments, and additional gateways multiply these figures.
The Hidden Costs Nobody Budgets For
Opportunity Cost
The engineers building payment infrastructure aren't building your core product. For a 20-person engineering team, dedicating 3-4 engineers to payments means 15-20% of your capacity is consumed by infrastructure that isn't your competitive advantage.
Over 12 months, that's 15-20% of your product roadmap that doesn't ship. Features your competitors build while you're debugging PSP webhook handling.
The Second PSP
The first PSP integration is the easy one. It's the second that reveals the complexity.
Every PSP has a different API design, different error codes, different webhook formats, different settlement processes, different dispute handling, and different tokenisation approaches. Building a second integration isn't copy-paste — it's a parallel implementation that shares almost no code with the first.
And the second PSP is never the last. Enterprise customers mandate their gateway. Geographic expansion requires regional acquirers. Redundancy requires failover options.
PCI Scope Creep
PCI compliance isn't a certificate you hang on the wall. It's an operational discipline that affects how you architect systems, store data, manage access, monitor activity, and handle incidents.
Every system that touches card data is in scope. That includes your application servers, databases, network infrastructure, deployment pipelines, monitoring tools, and the laptops of anyone who accesses those systems.
Adding a new payment channel (voice, chat, links) expands your PCI scope unless the architecture isolates card data to a certified environment. Most in-house builds don't achieve this level of isolation.
Compliance Drift
PCI DSS 4.0 introduced significant new requirements. Card network rules change quarterly. PSPs update their terms, APIs, and certification requirements on their own schedules.
Keeping up with these changes requires dedicated compliance attention — not a side project for your engineering team, but a continuous function.
What "Buy" Actually Looks Like
Using a payment layer instead of building:
Build In-House | Payment Layer
Time to first transaction | 6-12 months | Weeks
Engineering required | 3-4 FTEs dedicated | Single integration, one developer
Year 1 cost | $1.2M-$3.2M | Transaction fees only
Annual ongoing cost | $850K-$1.75M | Transaction fees only
PCI compliance | You carry it | Provider carries it
PSP coverage | 1-2 (each takes months) | 40+ through single integration
Adding a new PSP | Months of engineering | Configuration change
Channel coverage | Checkout only | Checkout, voice, links, chat, AI
Adding a new channel | New build project | Already available
Merchant onboarding | You build it | Pre-built, white-label
Revenue potential | Full margin (if you can scale) | Revenue share
The trade-off is margin. Building in-house gives you full margin on transactions (minus PSP fees). Using a payment layer means sharing revenue with the provider. But you avoid millions in build and maintenance costs, ship 12+ months faster, and keep your engineering team focused on your core product.
The Decision Framework
Build in-house when:
Payments ARE your product. You're building a payments company, and the payment infrastructure is your competitive advantage.
You have the scale. Processing billions annually with margins that justify $1M+ in annual infrastructure costs.
You have the team. Dedicated payment engineers, compliance staff, and the organisational willingness to maintain payment infrastructure permanently.
You only need one PSP. If all your merchants will use the same gateway and you're confident that won't change.
You have 12+ months. No enterprise deals waiting on payment capabilities.
Use a payment layer when:
Payments support your product. You're a software platform that needs payment capabilities, not a payments company.
Enterprise customers demand PSP choice. You can't predict which gateways your merchants will require.
You need to go live fast. Deals are waiting. The market won't pause for your 12-month build.
You need multi-channel. Voice, links, or AI agent payments are on your roadmap.
Your engineering team should be building your core product. Every sprint spent on payments is a sprint not spent on what makes you different.
The honest middle ground
Some platforms start with a single PSP integration (Stripe or Adyen) and plan to build more later. This works for the first 6-12 months. The inflection point is predictable: the first enterprise customer who demands a different PSP, or the first request for a channel beyond online checkout.
At that point, the choice is clear: start the multi-month project of adding another PSP and another channel to your in-house build, or switch to a payment layer and get both in weeks.
The platforms that switch earlier waste less money. The ones that switch later have more sunk cost to absorb. But the outcome is usually the same.
FAQ
Can I start with one PSP and add a payment layer later? Yes. This is a common path. Many platforms begin with a direct Stripe integration and move to a payment layer when they need multi-PSP support or additional channels. The transition is straightforward — the payment layer connects to your existing PSP plus any new ones your merchants require.
What about PayFac-as-a-Service (Payrix, Finix)? PFaaS reduces the build time compared to full PayFac, but still carries compliance obligations and typically locks you into a single PSP. It's a middle ground that works for platforms focused on payment revenue maximisation. For platforms that need PSP flexibility or multi-channel coverage, a payment layer is more flexible.
How do I calculate the ROI of buy vs build? Start with the enterprise deals you're losing or delaying because of payment limitations. Add the engineering cost of building and maintaining each PSP integration. Factor in PCI compliance costs. Compare to the transaction fees of a payment layer. For most platforms, buy wins on year-one cost alone — before factoring in speed and opportunity cost.
What if we've already built payment infrastructure? Sunk cost is real. But ongoing cost is the decision driver. If you're spending $500K+ annually maintaining payment infrastructure and still can't support enterprise PSP mandates or additional channels, switching to a payment layer eliminates the ongoing cost and expands your capabilities. The ROI calculation is: ongoing maintenance cost saved minus payment layer fees.
Is this just a "buy our product" argument? Partly. But the cost data is real — $2M+ for PCI compliance, 12+ months build time, and $360K+ in annual maintenance are industry figures that apply regardless of which payment layer you evaluate. The question isn't whether to buy — it's which provider gives you the PSP coverage, channel support, and integration experience your platform needs.
[CTA section]
Done building payment infrastructure? See how platforms use Shuttle to go live with 40+ PSPs in weeks — with embedded checkout, voice payments, payment links, and PCI DSS Level 1 compliance included. No build project. No compliance burden.
[Calculate Your Savings] | [Book a Demo]