By Goran Bosankić
Field39
ISOs play a critical role in the payment processing industry by acting as intermediaries between merchants and payment processors. While many ISOs offer payment solutions to merchants, they often rely on third-party providers for these services.
This dependency on third-party payment infrastructure presents significant risks, including limited control over data, difficulties in introducing new features and service reliability issues. However, by developing their own payment infrastructure, ISOs can gain greater independence and provide more secure, reliable services to their merchants.
ISOs typically operate by reselling payment solutions provided by third-party vendors. According to research conducted by the Electronic Transactions Association, there are over 3,000 ISOs in the United States. A majority of them rely on third-party payment gateways and processors.
These third-party providers hold a substantial market share, offering ready-made, white-label solutions that are easy for ISOs to implement. However, this convenience comes with a tradeoff in terms of control and flexibility.
When ISOs use third-party payment infrastructure they have limited control over the data processed through these systems. Data security and privacy are significant concerns, as any breach or misuse of data can lead to severe consequences for both an ISO and its merchants. In 2019, for example, a third-party processing American Express transactions was breached, which exposed millions of records and caused substantial financial and reputational damage.
ISOs relying on third-party infrastructure providers are often at the mercy of these companies when it comes to introducing new features or adapting to market changes. This can hinder an ISO's ability to stay competitive. For instance, if a third-party provider delays the rollout of a critical feature, ISOs may lose merchants to competitors offering more advanced solutions.
Not being able to respond fast enough in the competitive payments market is almost the same as not being able to respond at all. Thus, it is crucial to be able to control the infrastructure and the solution that drives your business as an ISO.
Third-party service outages can impact merchant operations, leading to lost sales and dissatisfied customers. Downtime for third-party payment processors that is measured even in hours per year, translates to significant financial losses.
ISOs have little or no control over these outages, yet they bear the brunt of merchant frustration. Also, ISOs using third-party providers share the infrastructure with many other ISOs, including direct competitors, which can affect the speed of reaction, depending on the third-party's priorities.
Compliance with regulatory standards such as the PCI security standards is crucial for payment processing. When using third-party providers, ISOs must ensure that these partners adhere to all necessary regulations. Lapses can result in hefty fines and legal issues.
The complexity of managing compliance through a third-party provider adds another layer of risk but can be mitigated easily by introducing a PCI proxy service while still using a bespoke payments infrastructure.
Developing your own solution is not a simple task, but it is not the only way to become master of your destiny. Owning a payment gateway also allows ISOs to gain full control over their data, enhancing security and privacy measures.
With their own infrastructure, ISOs can introduce new features and customize services to better meet merchant needs. This autonomy also leads to improved reliability, as ISOs can directly manage and resolve technical issues, reducing downtime.
Owning or using in SaaS mode a payment gateway can require a substantial upfront investment compared to paying a white-label provider, including costs for technology, customized development and ongoing maintenance.
However, the potential return on investment and long-term savings from reduced dependency on third-party, white-label providers and increased competitiveness leading to increased revenue can offset these initial expenses quickly.
An additional aspect in favor of using third-party, white-label services is usually the burden of technical expertise and resources needed to build and maintain a payment infrastructure. This includes hiring skilled developers, ensuring robust cybersecurity measures and staying compliant with industry standards.
But this does not have to be the case. ISO can have their partner provide both technology and expertise, while keeping control and enjoying all the benefits of the in-house approach—without the costs and operational overhead.
ISOs can explore partnerships with technology companies to provide their infrastructure. Collaborations can provide the necessary technical expertise and resources while allowing ISOs to retain control over their payment solutions.
While relying on third-party payment provider solutions offers convenience, it comes with risks that can impact an ISO's ability to provide secure, reliable services. By investing in their own payment infrastructure, ISOs can gain greater control, enhance data security, introduce new features more flexibly and improve service reliability.
For ISOs looking to secure their future and offer better services to merchants, owning their payment infrastructure is a strategic move worth considering. 
Goran Bosankić is CRO and a board member of Field39, which aims to set new standards in payment processing by offering secure, robust technology and a user-centric platform that drives efficiency and growth for businesses of all sizes. Contact Goran at goran@field39.com. Visa and Mastercard landmark settlement
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
Prev Next
