The Promise vs the Reality
Five years ago, the pitch was irresistible.
Become a Payment Facilitator. Own the merchant experience. Control the economics. Capture revenue share. Build a payments moat around your platform.
Software platforms across every vertical bought in. The logic was sound: if your platform already controlled the merchant's workflow, why not control their payments too? The revenue was attractive — 10-30 basis points on every transaction, compounding as your merchants grew.
What the pitch left out was the operational reality. As The Financial Revolutionist put it: "The PayFac era is ending for software platforms." And Nuvei's analysis was blunter: "Everyone embraced the PayFac concept. Then the bubble burst."
The platforms that became PayFacs are now discovering what payment companies have known for decades: processing payments on behalf of other businesses is a regulated, capital-intensive, operationally complex undertaking that never stops demanding attention.
Many platforms now find themselves maintaining a complex operating model to achieve outcomes that no longer require it.
What Becoming a PayFac Actually Means
The PayFac model sounds simple in a pitch deck. In practice, it means your platform becomes the merchant of record — legally responsible for every payment processed by every merchant on your platform.
That responsibility comes with obligations:
Merchant Underwriting
Every merchant on your platform must be underwritten before they can process payments. You need to assess their business type, financial health, risk profile, and regulatory standing. This isn't a one-time check — ongoing monitoring is required. High-risk merchants need enhanced due diligence. Suspicious activity triggers investigation obligations.
Building an underwriting function requires compliance expertise, risk scoring models, and ongoing monitoring systems. Most platforms underestimate this: it's not a feature you build once. It's an operation you run permanently.
KYC/AML Compliance
Know Your Customer and Anti-Money Laundering regulations require identity verification, beneficial ownership identification, sanctions screening, and ongoing transaction monitoring. The regulatory landscape varies by country and changes frequently.
Non-compliance carries serious consequences: fines, enforcement actions, and potential loss of payment processing capability. Platforms that become PayFacs are directly responsible for KYC/AML compliance across their entire merchant base.
Fraud Monitoring
As the merchant of record, you're liable for fraud losses. Not just your platform's fraud — your merchants' fraud. If a merchant on your platform is running a scam, you bear the financial liability for chargebacks and the reputational consequences with card networks.
This requires real-time transaction monitoring, fraud scoring, velocity checks, and a fraud operations team that can investigate and act on alerts. It's a 24/7 operation.
Chargeback Liability
When a cardholder disputes a transaction processed through your platform, you're in the middle. As the PayFac, you manage the dispute process, provide evidence, and absorb losses when disputes are lost. Excessive chargeback rates (above 1% for Visa, 1.5% for Mastercard) trigger monitoring programmes with escalating consequences.
Regulatory Reporting
PayFacs must comply with reporting requirements to card networks, acquiring banks, and financial regulators. Transaction reporting, suspicious activity reporting, and compliance attestation are ongoing obligations that require dedicated staff and systems.
Capital Reserves
Card networks and acquiring banks require PayFacs to maintain reserve funds — capital set aside to cover potential losses from merchant fraud, chargebacks, and operational failures. These reserves tie up cash that could otherwise fund growth.
The Real Cost
The total cost of becoming a PayFac breaks down across three phases:
Phase 1: Setup (6-12 months)
Component | Cost Range |
|---|---|
PCI DSS Level 1 certification | £50,000-£500,000 |
Merchant management systems | £200,000-£500,000 |
Underwriting and onboarding platform | £100,000-£250,000 |
Legal and regulatory setup | £50,000-£150,000 |
Acquiring bank sponsorship | £50,000-£200,000 |
Total setup | £450,000-£1,600,000 |
Phase 2: Go-Live (ongoing)
Component | Annual Cost |
|---|---|
Compliance team (3-5 people minimum) | £250,000-£500,000 |
PCI DSS maintenance | £100,000-£200,000 |
Fraud monitoring and operations | £100,000-£250,000 |
Technology maintenance | £100,000-£200,000 |
Regulatory and legal | £50,000-£100,000 |
Annual operating cost | £600,000-£1,250,000 |
Phase 3: The Hidden Costs
These are the costs that don't appear in any budget:
**Opportunity cost.** Every engineer working on payment compliance, merchant underwriting, or chargeback management is an engineer NOT working on your core product. For platforms where payments are infrastructure rather than product, this is the most expensive cost of all.
Regulatory risk. Financial regulation changes. PCI standards evolve. Card network rules get updated. Each change potentially requires engineering work, process changes, and compliance re-validation. These changes arrive on the regulator's timeline, not yours.
Board-level distraction. When your platform is a PayFac, payment compliance becomes a board-level concern. Audit committee reviews, regulatory correspondence, and compliance attestations consume executive attention that should be focused on growth.
Why Platforms Did It
The PayFac model gained momentum for legitimate reasons:
Revenue capture. Processing payments generates 10-30 basis points on every transaction. At scale, that's meaningful revenue.
Merchant experience. Platforms wanted to control the full merchant journey — onboarding, checkout, settlement — rather than handing merchants off to a third-party PSP.
Competitive differentiation. In 2018-2022, offering embedded payments was a differentiator. Platforms without payments lost deals to platforms with payments.
Stripe Connect's influence. Stripe Connect made it possible for platforms to embed payments with relatively low initial investment, creating the impression that PayFac-like capabilities were accessible. Many platforms started with Connect and then pursued full PayFac status for better economics or more control.
Why the Calculus Changed
Three shifts have undermined the PayFac value proposition:
1. Processors Modernised Distribution
PSPs have dramatically improved their platform and marketplace offerings. The capabilities that once required PayFac status — white-label checkout, merchant onboarding, split payments, custom settlement — are now available through managed models that don't require the platform to become a regulated entity.
The technology gap that justified becoming a PayFac in 2019 has largely closed.
2. Managed Models Match the Economics
The revenue premium for being a PayFac has narrowed. Managed PayFac services, PayFac-as-a-Service providers, and PSP-neutral payment layers offer revenue share models that approach full PayFac economics — without the compliance burden, operational overhead, or capital requirements.
When the revenue difference between "own it" and "use a managed model" narrows to a few basis points, the operational cost of owning it no longer pencils out.
3. Compliance Costs Increased
PCI DSS 4.0 raised the compliance bar. KYC/AML requirements have tightened across jurisdictions. Card network rules have become more stringent. The cost of maintaining PayFac status has increased materially since 2020, while the revenue premium has decreased.
Signs of PayFac Regret
These patterns signal that a platform's PayFac status has become a liability rather than an asset:
Your compliance team is growing faster than your product team. When headcount in compliance, risk, and payment operations outpaces hiring in product and engineering, your organisational priorities have shifted away from your core business.
Regulatory changes require board-level attention. If PCI DSS updates, card network rule changes, or KYC regulation shifts are consuming executive and board bandwidth, you're operating a financial services function — not a software platform.
Merchant onboarding is your biggest bottleneck. If the time to onboard a new merchant is measured in weeks (due to underwriting, compliance checks, and risk review) rather than minutes, your PayFac infrastructure is slowing your growth rather than enabling it.
Engineering is spending more time on payment compliance than product features. Track the ratio. If payment-related work — compliance updates, audit preparation, fraud system maintenance — exceeds 20% of engineering capacity, the opportunity cost is severe.
You're carrying risk you didn't sign up for. A merchant fraud event, a compliance breach, or a card network fine can cost hundreds of thousands of pounds and months of management attention. If these risks keep you up at night, you're in the wrong business.
The Alternatives
Platforms unwinding PayFac status — or choosing not to pursue it in the first place — have three primary alternatives:
Managed PayFac
A sponsor bank or payment processor handles the regulated functions (underwriting, compliance, settlement) while the platform maintains a white-label experience. The platform earns revenue share without bearing regulatory burden.
Pros: Reduced compliance burden, faster merchant onboarding. Cons: Less economic control, dependency on the managed PayFac provider.
PayFac-as-a-Service
Third-party platforms provide the infrastructure for PayFac-like capabilities without requiring the platform to obtain its own registration. The service provider handles the regulated layer; the platform handles the merchant experience.
Pros: PayFac economics without PayFac regulation. Cons: Still typically limited to a single payment provider.
PSP-Neutral Payment Layer
A payment layer sits between the platform and multiple PSPs, providing white-label checkout, merchant management, and multi-PSP routing without requiring the platform to handle card data or maintain PayFac registration.
Pros: Multi-PSP flexibility, zero PCI scope, no compliance burden, revenue share. Cons: Platform doesn't own the payment flow at the infrastructure level.
Shuttle provides the third option. Platforms integrate once and access 40+ PSPs through a single layer. Merchant onboarding is white-label. PCI compliance is handled at the layer. The platform monetises payments through revenue share — without underwriting merchants, managing chargebacks, maintaining PCI certification, or hiring a compliance team.
The result is the outcome platforms originally wanted from PayFac — payment revenue, merchant control, embedded experience — without the operating model they didn't.
The Trend Is Clear
The PayFac model made sense when it was the only path to embedded payment economics. It isn't anymore.
Platforms that became PayFacs in 2019-2022 are reassessing the cost-benefit as compliance costs rise and managed alternatives improve. New platforms are increasingly choosing not to pursue PayFac status at all, opting for managed models that deliver comparable economics with a fraction of the operational burden.
The question for platform leaders isn't "should we become a PayFac?" It's "do we want to be a payment company?" For platforms whose core product is software — not payments — the answer is almost always no.
And for those that already made the PayFac decision and are feeling the weight of it: unwinding is possible. The alternatives exist. The economics work. And your engineering team will thank you.