An ETA Payment Sales & Strategy Committee White Paper
By Naomi Mastera, Business Development Manager-ISV, NMI • George Smith, Head of Sales, Clerkie • Pat Ward, Head of ISV Partnerships, DishOut

Integrated software vendors (ISVs) are service providers whose technology delivers both business management tools and payment processing as an “integrated” feature.

ISVs are undoubtedly changing the landscape of merchant acquiring. A recent survey from the global management consulting firm McKinsey & Company found that 50 percent of small businesses now use ISVs as payment providers, and 15 percent are in the process of transitioning to an ISV provider.

While some may consider the advent of ISVs an existential threat to traditional merchant service providers, the reality is, this is simply another chapter in the ongoing evolution of the acquiring industry. Core merchant services, from acquiring, funding, settlement, and more, are not going anywhere anytime soon, and industry veterans liken the rise of the ISV model to a myriad of other change-inducing inflection points. All that is required to thrive in this new reality is a well-defined strategy.

The purpose of this paper is to provide a high-level overview and understanding of the world of ISVs, define the approaches and considerations for incorporating (or enhancing) ISVs into your current go-to-market strategy.

THE MARKET LANDSCAPE
Increasingly, payment processing is becoming inextricably linked to value-added software that not only manages payments, but also provides tools, features, and functionality to optimize other core business functions. Before thinking about your target segment or the opportunities inherent in your portfolio, consider first what these tools represent to your business today: Do you use a customer relationship management (CRM)? What are the systems or tools you rely upon to run your business? Think about the ways in which payments connect into or supplement those tools. Understanding the way software helps you run your business is an important mechanism for conceiving of your broader ISV strategy.

STRATEGIC CONSIDERATIONS
Define your objectives. Every strategy has to start with clearly articulated goals. Generic objectives, such as increasing market share, expanding into new verticals, or increasing the stickiness of your services are all relevant to developing an ISV strategy, but they require specification. The more you understand about your target vertical, the TAM, and the value propositions of the leading players, the better positioned you will be to execute your strategy.

MARKET ANALYSIS
The best starting point for developing or enhancing your ISV strategy requires an awareness and understanding of your key vertical market(s). What is your core market today? Where are you adding the most value for your merchant base? As you look into this (or these) market segments, identify the software as a service (SaaS) providers that are enabling the merchants in that market to run their businesses. “Vertical SaaS” platforms are designed and deployed into a specific business market (Salesforce and Hubspot, conversely, are “horizontal SaaS” tools in the sense that they are leveraged by business operators in many different and distinct vertical markets). Identifying the vertical SaaS platforms that are most applicable in your target markets is the first step in considering how to develop your ISV strategy.

THE PAYMENTS ANGLE
Of the software tools inherent in your market, conduct research to identify which are marketing payments as part of their tech stack. Develop an understanding of how payments operate in conjunction with those software tools, and ask the age-old question of how to compete with these systems: Should you build, buy, or partner with the vertical SaaS platforms in your key target market(s)?

PARTNERSHIP CRITERION
Let’s start with the process of partnership, as building or buying into a software solution can be both cost-prohibitive and a departure from core strength and value. After conducting a cursory review of the SaaS platforms in your target vertical, how many are marketing payments as a part of their tech stack? How many are offering payments through partnership compared to a more proprietary or engrained solution?

ISVs with existing payment solutions:

• Pro: They understand payments systems and rev-share models, and may be looking for additional managed service provider (MSP) partners.
• Con: Already working with others or may have an existing or preferred financial institution relationship.

ISVs without existing payment solutions:

• Pro: Potential for exclusivity; Opportunity to convert their users to your processing/funding/settlement/gateway services etc.
• Con: Business operators do not understand payments systems or models.

THE POWER AND PERIL OF MUTUAL REFERRALS
While it may seem that many ISVs are selling payment processing as a core part of their service offering, it is also true that payment processors are selling integrated services (through ISV partners) to their existing and prospective merchant base. This represents both an opportunity to open/expand new revenue streams, but it can also serve as a threat to business in the form of a distraction or detraction from what the business has done to date to differentiate in the market.

One area in which MSPs are distinct from ISVs is reach: Many MSPs leverage ISO/Agent models to expand their footprint and open new channels for growth. This model represents an opportunity for processors and MSPs to extend that advantage to ISVs as a new and distinct sales channel. MSPs and ISOs can leverage this strategy to recruit new ISV partners (e.g., ‘we have xx merchants in our portfolio whom we feel would benefit from your SaaS product; let’s structure an ISV partnership and go to market together…’).

Like all things in business and entrepreneurship, new strategies involve risk: From partner selection to market analysis to execution, the more intentional an ISO/MSP is in thinking about each stage of the strategic process, the more likely the chance of success in launching or enhancing an ISV strategy.

THE STRATEGIC ADVANTAGE OF MONETIZING PAYMENTS FOR ISVs
In today’s competitive software landscape, Independent Software Vendors (ISVs) are increasingly recognizing the value of integrating and monetizing payment solutions within their platforms. The shift toward a seamless checkout experience is more than a trend—it’s a necessity. According to recent studies, *83% of buyers* cite a smooth payment process as a top priority, with many abandoning their purchases if the experience is subpar. This presents a critical opportunity for ISVs to differentiate themselves by offering an optimized and frictionless payment journey.

EMBEDDED PAYMENTS: BEYOND INTEGRATION
Embedded payments are not created equal. ISVs must carefully evaluate their payment solutions, considering factors such as ease of integration, user experience, scalability, and perhaps most importantly, **monetization potential**. While many software vendors have yet to fully capitalize on this opportunity, those that do can unlock significant new revenue streams. By turning payments into a profit center, ISVs not only enhance their service offering but also build a more sustainable business model.

SCALABILITY AND BUSINESS GROWTH
The complexity of building a payment solution varies, but the rewards are clear. A well-executed payment integration allows ISVs to offer diverse payment methods, catering to the varying needs of their customer base. Moreover, ISVs can scale their operations and potentially monetize transactions beyond their immediate customer base, tapping into the payments of their customers’ customers, depending on their business model.

INFRASTRUCTURE AND ENTERPRISE READINESS
For ISVs looking to partner with large enterprises, having a robust and modular payment infrastructure is non-negotiable. Enterprises often require sophisticated payment capabilities, and ISVs that can deliver these solutions are well-positioned to secure large contracts and expand their market reach.

SIMPLIFIED COMPLIANCE THROUGH STRATEGIC PARTNERSHIPS
Navigating the complexities of PCI compliance and industry-specific regulations can be a significant burden for ISVs. However, by partnering with the right payment providers, ISVs can offload much of this responsibility, ensuring that they remain compliant across different industries without diverting focus from their core business objectives.

CROSS-BORDER CAPABILITIES AND GLOBAL EXPANSION
As ISVs scale globally, having the right payment solution in place is crucial. Embedded payment solutions that offer multi-currency support, dynamic currency conversion, and robust fraud prevention are indispensable. A single point of integration can significantly streamline these processes, opening new opportunities for ISVs to expand their global footprint.

IMPACT ON VALUATION AND FUNDRAISING
The way an ISV monetizes payments can have a direct impact on its valuation, particularly during fundraising rounds. Investors and stakeholders are increasingly looking for companies that have clear, scalable revenue models. By effectively monetizing payments, ISVs can demonstrate long-term value, attracting more investment and driving higher valuations.

In conclusion, the monetization of payments is not just an operational consideration for ISVs—it’s a strategic imperative. By embracing this opportunity, ISVs can not only enhance their product offerings but also unlock new revenue streams, drive business growth, and significantly increase their market valuation.

By Douglas Buan, Chief Information Security Officer, Wind River Payments • Jim Bibles, SVP Risk and Compliance, Aperia
ETA Industry Affairs PCI/Cybersecurity Committee

The payments industry has been a target for thieves since inception. For this reason, security has been built into payments at all levels and with all participants. We’ll first discuss industry compliance in terms of any industry participants that store, process, or transmit payments data. We’ll then turn to elements of product and solution security. Lastly, we’ll discuss regulation and consumer protection.

The payments industry recognized that it could only succeed in protecting the payments infrastructure through a collaborative effort, so it created the Payment Card Industry Security Standards Council (PCI SSC). This organization brings all stakeholders within the payments ecosystem to create a secure environment for the transmitting, processing, and storing of cardholder data.

While there are many moving parts to this puzzle it can be broken down into the following activities:

Payment Software and Hardware Certification
Payment software providers and device manufacturers must comply with strict standards, ensuring all software payment and devices like point-of-sale terminals and ATMs are secure and resistant to fraud. These devices are certified by the PCI SSC to meet strict security standards, ensuring encrypted data transmission and protection against tampering. Regular updates and patches keep devices secure as threats evolve.

Merchant Compliance with a Robust Security Standard
All merchants that accept credit cards must be compliant with PCI Data Security Standard (PCI DSS) requirements. These requirements include only using secure hardware and software for the processing and transmitting of cardholder data, ensuring that data at rest is encrypted, controlling access to sensitive information, regularly testing their networks and websites to ensure they are not vulnerable to malicious attacks, and having a program in place to respond should the incur a service disruption or data security event.

Service Provider and Processor Validation and Registration
To ensure there are no gaps in the security of the payment’s ecosystem payment processors and service providers are required to validate their compliance with the PCI DSS and register with the card brands for the services they provide. Merchants are responsible for understanding how these services impact their compliance and ensuring these providers remain PCI-compliant.

Collaborative Enforcement
Card brands, acquiring banks, and payment processors enforce PCI DSS compliance, with penalties for non-compliance. The PCI SSC provides ongoing training and resources, ensuring that all participants in the payment’s ecosystem understand and implement the necessary security practices.

As we turn to product security, it’s clear that protecting payments data is a priority. Point-to-point encryption (P2PE) is a highly effective security solution that encrypts and devalues payment data from the very point of entry to an upstream entity that has the decryption key to process the data. This means that even if a merchant experiences a data compromise, the payment data is still safe because the attackers cannot unlock the data.

A solution like tokenization is used to replace the storage of payment data with a reference token while still allowing convenient features like recurring transactions. It negates the risk for merchants of storing payment data as tokens are useless to attackers.

Aside from merchant storage, solutions like digital wallets (ApplePay, GooglePay, SamsungPay) also use tokenization at the point of sale for card present or online transactions without the need for the real card number to enter the payment process because the card number is replaced with a token to be the payment instrument even for initial transactions.

Even with sophisticated primary account number replacing solutions like this, card issuers and merchant acquirers use fraud detection systems designed to identify and stop fraud in real-time. As we discuss artificial intelligence and machine learning with these solutions, it’s possible to identify fraud more quickly and recognize anomalous patterns before neural networks and humans do so. Although we’re early on in use of these technologies, we expect them to only get better at helping us mitigate fraud.

Lastly, and as probably the backstop to protect consumers, we discuss regulation and consumer protection. Federal regulation protects consumers from fraud when using various payment types including payment cards. The process behind this in the payment card industry is the chargeback and dispute process. It allows consumers to dispute transactions for various reasons including the product not being as expected or faulty, product never received, services that are not rendered, fraud, or other various reasons. It’s a formalized and fairly complex process that mediates the interaction between the consumer and the merchant when there is disagreement.

The items we’ve discussed today are to point out that fraud mitigation exists at every level within the payments industry. It permeates the payment system from payment product manufacturing and solutions design through overarching industry compliance and regulatory protections. In knowing this, consumers and business should feel comfortable participating the payments system.

By Emily Baxter, Consultant, RPY Innovations
ETA Industry Affairs PCI/Cybersecurity Committee

As the financial landscape becomes increasingly digital, the need for strong cybersecurity measures must stay at the center. Cyber-defense importance has grown so much that major card brands Visa and Mastercard are proactively strengthening their cybersecurity measures by acquiring cybersecurity companies, a reassuring sign of the industry’s commitment to security.

The COVID-19 pandemic accelerated the adoption of digital payments and e-commerce and the penetration of Buy-Now-pay later in the American market. With all these shifts in payments, cybersecurity defrauders have also accelerated ways in which they can commit fraud, access critical information, and jeopardize even physical security.

In 2024, cybersecurity is not only about protecting digital transactions is about protecting information. As you may know, the payments landscape is somewhat complicated as it involves various parties, including issuing banks, PayFacs, acquirees, and the major card networks, to mention a few. They all have something in common: Data Centers.

Protecting data centers is the key to keeping information and digital assets away from hackers, as not only do they contain information, but data centers are also used by all parties involved in payments. The infrastructure for processing payments must be protected because payment systems handle sensitive financial information. Cyber and physical breaches can lead to fraud, data theft, or operational disruptions.

Here are the best cybersecurity practices and equally important physical security practices from ETA’s PCI/Cybersecurity committee chair, Emily Baxter, Consultant at RPY Innovations for 2024.

CYBERSECURITY

• Data Encryption
  Data encryption is fundamental to protecting sensitive information in the banking and fintech sectors. As companies manage massive amounts of personal and financial data, ensuring this information is encrypted in transit (as it moves across networks) and at rest (when stored) is critical.
• Zero Trust Architecture
  In an era where remote work is more common, and cyberattacks are becoming increasingly sophisticated, a Zero Trust architecture has emerged as one of the most effective strategies for protecting sensitive information. Unlike traditional security models, which assume that internal users are trustworthy, Zero Trust operates on the principle of “never trust, always verify.”
• Red Teaming: Testing Security Through Realistic Cyber Attacks
  Red teams mimic potential attackers’ tactics, techniques, and procedures, providing valuable insights into how prepared an organization is to respond to an actual cyberattack. They help test the effectiveness of defenses such as firewalls, intrusion detection systems, and access controls. Red teaming also prepares incident response teams by giving them practice in detecting and mitigating breaches in real-time.

PHYSICAL SECURITY
Physical security refers to the measures taken to protect hardware and infrastructure from unauthorized access, theft, card skimmers & manipulation by bad actors. Be cautious about placing cameras near ATMs, safes, or computers, even security cameras can compromise data.

Recommended physical security measures to reduce vulnerabilities in the payment’s security framework:

• Secure Access Control — Use keycards, biometric scanners, and surveillance systems to limit physical access to payment terminals, servers, and data centers.
• Secure Devices — Ensure payment terminals and ATMs have detection features that trigger alerts when unauthorized changes or modifications are attempted.
• Surveillance and Monitoring — Use cameras, alarms, and monitoring systems to detect and deter unauthorized access to payment infrastructure. Only use approved, secure cameras in these locations, as hackers can exploit footage to capture sensitive information such as PINs, safe codes, or login credentials.

THE USE OF AI TO PROTECT PAYMENTS
AI continues to be a hot topic in 2024, and many of us feel that AI is here to assist in our daily duties and to make our lives easier. AI is not as novel in payments as in other industries, as we have used it for at least a decade. Who do you think operated your Bank chatbot?

AI-driven threat intelligence tools have been widely used to analyze massive amounts of data quickly, identifying trends and anomalies that might indicate an imminent attack. These tools can predict and prevent attacks before they occur, giving banks and fintech companies a head start on securing their systems.

Nevertheless, AI can also be used negatively. With AI advances, scammers can mimic voices convincingly, even using AI-generated audio to impersonate trusted individuals like bank officials or family members. Another everyday use of AI to commit fraud is deepfake technology, which allows cybercriminals to impersonate individuals in real-time video calls.

With more transactions happening digitally, banks and FinTechs must enhance their fraud detection systems by employing machine learning algorithms to detect suspicious transaction patterns in real-time.

COMMON CYBERSECURITY THREATS IN 2024
Cybercriminals are constantly evolving their tactics, making it essential for organizations to stay vigilant. Below are some of the most common cybersecurity threats, according to Statista, that are relevant to the payments industry in 2024.

1. Phone Scams: Social Engineering at Scale

• Phone scams, often called vishing (voice phishing), remain a common method fraudsters use to trick individuals into revealing sensitive information.

2. AI-Driven Video Call Impersonation: Deepfake Technology in Action

• Allowing cybercriminals to impersonate individuals in real-time video calls. See examples.

3. Card Fraud: Persistent and Evolving

• Despite implementing EMV chip technology and mobile payment security, card fraud remains a significant threat. Cybercriminals continue to find ways to steal card details through phishing, card skimming, and data breaches.

4. Distributed Denial-of-Service (DDoS) Attacks

• Where attackers flood a network with traffic to overwhelm its infrastructure—are becoming more frequent and potent in 2024. These attacks can disrupt online services, leading to downtime, reputational damage, and financial losses for fintech companies.
• To mitigate the risk of DDoS attacks, banks should deploy content delivery networks (CDNs) and DDoS protection services to absorb and reroute malicious traffic.

5. Zero-Day Vulnerabilities: Exploiting the Unknown

• Flaws in software that developers are unaware of and haven’t patched—remain a significant risk. Cybercriminals can exploit these weaknesses before developers release a fix, putting financial systems at risk.

6. Email Phishing

• Despite increased awareness, email phishing remains a significant threat, with attackers leveraging data from previous breaches to craft highly targeted emails.

ADAPTING TO THE CHANGING CYBERSECURITY LANDSCAPE
As cyber threats continue to evolve in 2024, it’s clear that banks and fintech companies must adopt a multifaceted approach to cybersecurity, from robust data encryption to the implementation of Zero Trust architecture and proactive red teaming. At the same time, they must remain vigilant against emerging threats like AI-driven impersonations and physical security to maintain trust in an increasingly digital world for the payments industry.

By the ETA Payment Sales & Strategy Committee
Gregg Aamoth, CEO, POPcodes • Ryan Aumann, ISV Rep, Boarding and Maintenance, Global Payments • Jennifer Reichenbacher, Chief Marketing Officer, Stax Payments

With an extensive point-of-sale (POS) network, app marketplaces not only create revenue opportunities for Software as a Service (SaaS) developers but also enhance merchant operations and drive efficiency by offering specialized solutions.

THE GROWTH OF APP MARKETPLACES
The launch of Apple’s App Store in 2008 set into motion the emergence of app marketplaces. Unlike generic app stores that offer a wide variety of consumer applications, payment-specific app marketplaces cater to the unique needs of merchants. App marketplaces leverage POS infrastructure to provide merchants with access to a range of applications designed to enhance business operations. By consolidating multiple apps in one place, POS companies empower merchants to streamline operations, saving time and resources. Until now, constraints such as time and budget have made it difficult for small and medium-sized businesses (SMBs) to implement value-added services that meet their unique needs. However, app marketplaces enable providers to cater to SMBs with specialized solutions [1].

THE SaaS OPPORTUNITY
Given the immense number of POS terminals across the world, there exists an incredible monetization opportunity for SaaS-based apps to cater to the needs of businesses. Omar Ebeid , CEO of Zeal, points out, “POS app stores catalyze an ecosystem where developers meet specific retail needs, driving operational efficiency and unveiling new revenue avenues for merchants.” SaaS developers create these cloud-based apps, generating recurring revenue through subscriptions. Unlike consumer smartphone apps monetized by ads, B2B apps in POS marketplaces focus on direct revenue generation by delivering tangible value to merchants. These apps provide automatic updates, improved data security, and scalable growth. However, app marketplaces also present some challenges. The huge selection of apps can overwhelm merchants, making it difficult to choose the right one. Ebeid says, “Being on a POS app store doesn’t mean instant compatibility with the POS payment application.” Integration hurdles may arise if acquirers have different payment apps running across regions.

CUSTOMIZED BUSINESS SOLUTIONS
These app marketplaces foster a collaborative environment where developers and merchants can unlock new business capabilities. The benefits for merchants extend beyond streamlined workflows and time savings. Various business sectors can benefit from integrating app marketplaces with their POS systems to enhance efficiency and growth. Popular POS systems like Clover, Ingenico, Shopify, and others represent this by offering built-in app stores with a wide variety of business apps tailored to different industries. For instance, restaurants can use apps for online ordering, loyalty programs, and workforce management, while retailers might implement apps for inventory tracking, customer analytics, and mobile payments. Service-oriented businesses, such as salons, can adopt apps for booking, point redemption, and payroll. This ability to mix and match specialized tools meets the unique operational needs of any business.

FINDING THE RIGHT APP(S)
Marketplaces are great for choice and flexibility, but, like our personal smartphone, most rely on the user, in this case, the merchant, to research, select, download, and set up each App. When looking at a POS marketplace for your business, we recommend reading reviews, asking peers, and doing your due diligence. How might certain Apps, like inventory, billing, and accounting, work together to drive incremental efficiency for your business? Do you need both an ordering and a loyalty app, or is there one that does both and would work for your business?

These apps are solutions that merchants can put to work for their business. Just make sure you’re selecting the right ones to solve existing pain points and needs. And that they are easy to set up and use. Get the most for your time and investment to drive savings and revenue in the future.

JOIN THE CONVERSATION
Meet with fellow payments enthusiasts, learn from your peers, and contribute to the payments community. Join an ETA committee today.

Citations
[1] Business Insider. (2018). The Point-of-Sale App Marketplaces Report. https://www.businessinsider.com/point-of-sale-app-marketplaces-report-2018-3

Insights from Treasury’s Acting Assistant Secretary of Financial Institutions, Laurie Schaffer

Why it matters: AI is reshaping financial services, offering significant advancements in efficiency and accessibility while introducing challenges related to fairness and privacy.

The big picture: Treasury is committed to harnessing AI’s potential while managing its risks, particularly in consumer finance and insurance sectors.

KEY POINTS
AI’s Promise: AI technologies have become integral to financial services, enhancing everything from fraud detection to customer service. Treasury’s Bureau of Fiscal Service implemented AI for fraud detection, recovering over $375 million since early 2023.

Emerging Risks: AI poses risks in three main areas:

• Design Risks: Poor data quality can lead to biased outcomes, perpetuating existing inequalities.
• Operational Risks: Increased reliance on third-party cloud services can obscure visibility into AI models, heightening cybersecurity vulnerabilities.
• Human Interaction Risks: Misuse of AI outputs can lead to harmful decisions, emphasizing the need for human oversight.

AI in Consumer Finance: The CFPB notes that around 45 million consumers lack traditional credit scores. AI-driven models can enhance access to credit for underserved populations but may also raise privacy concerns due to the extensive data they utilize

AI in Insurance: A survey revealed that 88% of auto insurers and 70% of homeowners insurers are exploring or using AI. While this can improve efficiency and reduce costs, it also risks perpetuating biases in underwriting and pricing

What’s Next: Treasury will continue monitoring AI’s role in financial services, focusing on responsible innovation and regulation that prioritizes consumer protection and equity.

Role of ETA: Schaffer acknowledged events like ETA’s annual Fintech Policy Forum are vital for fostering dialogue and understanding as we navigate the evolving landscape of AI

Our Thought Bubble: As AI technology evolves, ETA is at the forefront, representing the interests of the industry to ensure a fair and balanced environment that benefits the industry and the interests of the American public.

• ETA published AI fast facts to educate Capitol Hill on how the industry uses and does not use AI.
• ETA organized a fly-in for member executives to meet lawmakers in the Senate and Capitol Hill to speak about AI.

SOURCES
https://home.treasury.gov/news/press-releases/jy2620

In the latest episode of the ETA Transaction Trending podcast, host Scott Talbott, EVP at ETA, discusses the rapidly evolving landscape of generative AI in the payments sector with Russell Moore, the Director of Corporate Strategy & Development at Global Payments.

Moore highlights that while AI has been part of the payments industry for decades, the introduction of generative AI is revolutionizing customer interactions, particularly through chatbots. These AI-driven tools are now capable of handling billions of customer interactions, marking a significant shift in how businesses engage with their clients.

However, the integration of generative AI is not without its challenges. Moore emphasizes the importance of maintaining data security and service reliability, while also addressing issues like biases and the phenomenon of “hallucinations” in AI outputs.

Looking ahead, Moore predicts that the payments industry will see substantial advancements in the next 6-9 months, with generative AI facilitating more autonomous operations. This evolution will lead to smoother, more seamless transactions, often without the consumer needing to actively engage with the technology.

Additionally, Moore discusses the role of the ETA AI committee, which is focused on educating its members about generative AI and tackling specific issues such as fraud. As the committee progresses into 2024, it plans to delve deeper into these topics, inviting industry experts to share their insights and foster a better understanding of the implications of AI in the payments industry.

This episode showcases the exciting potential of generative AI while also acknowledging the critical challenges that must be addressed to ensure its safe and effective implementation in financial transactions.

Listen here.

Legal Disclaimer
The information provided in this post is for general informational purposes only and does not constitute legal advice. This content is based on a conversation with Russell Moore and reflects his professional opinions and interpretations as of the date of the interview. Viewers should not act or refrain from acting based on this information without seeking professional legal counsel. Neither the author, Russell Moore, Global Payments, nor any affiliated entities assume any liability for actions taken or not taken based on the contents of this post.

By the ETA Payment Sales & Strategy Committee
Travis Chrisman, President, Coastal Pay • Patrick Gallagher, CEO, Reliable Payments • Bart Kohler, Chief Sales Officer (CSO), Unity Fi Payment Solutions • Naomi Mastera, Business Development Manager – ISV, NMI • Greg Renfroe Payments Executive, PayiQ, a Division of Quisitive

Capital requirements for growing an ISO can vary significantly depending on several factors, such as the scale of operations, services offered, technology infrastructure, and desired sales channels.

If you are a standalone agent, the least expensive way to do this is to recruit 1099 sales reps. This is almost free, as the reps are only paid when residuals are paid. There are no upfront costs unless you decide to help with administrative and marketing costs such as, the cost of business cards and marketing materials. On the other hand, bringing on board W2 sales reps, most options consist of an uplift in salary or signing bonuses based on future expected earnings and a smaller portion of residuals as they are paid. While this is more capital intensive, you can “control” sales reps’ efforts regarding management, setting quotas and expectations, and target markets and verticals. You can also hold them accountable to standards you set to represent your brand as you see fit.

Considering these two options, 1099 reps allow you to add more reps faster, but you have less control over their sales processes and efforts. While W2 reps require more capital upfront, you can often set clear expectations to garner the success you are looking for.

The above paragraph only speaks to folks looking to start slowly and methodically. If you are looking to grow an ISO at a more significant, more rapid pace, most of the time, this will require taking on debt from some party, whether it is a bank, private investors, etc. This often comes with obstacles to prepare for. It would be best to have a clear, attainable business plan with metrics and KPIs that can be tracked and reported on. This option can have significant risk, as investors are eager to get their money back, and you are pressured to perform to expectations. The upside is that if you have the right investor, they can act as a partner, lending guidance as needed, as they are strongly tied to your success.

As you grow your ISO, other costs cannot be ignored; it is essential to be aware of them. It is always best to plan your budget with potential expenses in mind. Some of the possible costs are listed below.

• Licensing and Compliance: Merchant services companies must comply with financial regulations and may require licenses or registrations, which can involve fees and initial capital outlay.
• Technology Infrastructure: You’ll need a CRM, robust payment processing systems, card terminals, and possibly software development if you offer custom solutions.
• Marketing and Sales: To acquire merchants, you may need marketing expenses, sales commissions, and promotional materials.
• Operational Costs: This includes office space (if applicable), utilities, employee salaries, and initial equipment inventory.
• Risk Management: You might need to set aside funds for potential chargebacks and fraud prevention measures.
• Reserve Requirements: Some payment processors and banks may require you to maintain a reserve fund as security against potential liabilities.
• Insurance: Consider insurance policies such as liability and cyber insurance, which can add to initial costs.
• Partnerships and Agreements: If you partner with banks or other financial institutions, there may be partnership fees or revenue-sharing agreements.
• Scaling Costs: While you may start small, scaling up operations will require additional investment in technology, personnel, and infrastructure.

By Katie Hackney, Senior Trainer, Learning & Development and ETA CPP, North

Introduction

A successful corporate ETA Certified Payments Professional (CPP) program requires careful planning and ongoing support. These 8 best practices, compiled by Katie Hackney, Senior Trainer, Learning & Development and ETA CPP, at North, will help your organization create a robust framework for ETA CPP candidates, from initial orientation to recertification.

1. Host an Orientation

Make sure candidates know what’s expected of them and what the experience entails before they commit. Topics may include an overview of sponsorship requirements, how and when to apply, the application eligibility window, study resources and events, what to do if they pass vs. fail, etc. Include a few sample exam questions to give them a feel of the exam content.

2. Create and Maintain an ETA CPP Company Policy

This document should address sponsorship expectations and any other company-specific considerations. Obtain acknowledgment from candidates and their leaders before purchasing their application vouchers.

3. Emphasize Technology Requirements

Because the exam is only offered via live online proctoring, it’s imperative the candidate is properly equipped to take the exam. Candidates must use a PERSONAL computer! The exam proctor needs to be able to remote into their machine; third-party access is typically prohibited on company-issued computers as well as those in public locations, i.e., libraries. Several other restrictions and technical requirements apply. Make sure your candidates fully understand these requirements before they submit the application!

4. Encourage Study Groups

Candidates who participate in study groups not only have higher rates of success on the exam, but they also build their professional network. Large companies, especially those with a lot of M&A activity, benefit academically and socially from the connections they make with colleagues from different teams, entities, and geographic locations.

5. Host Practice Test Calls

Sample exam questions are available in multiple locations, including but not limited to the ETA CPP Study Guide, Candidate Handbook, Quizlet, etc. Explore online polling tools or trivia apps in conjunction with these resources to coordinate a fun, collaborative call with your candidate pool!

6. Form Chat Rooms

Create a space where candidates can ask and answer each other’s questions, share resources, solicit study group interest, announce upcoming calls, etc. Act as a moderator; generate conversation in addition to answering questions and posting reminders.

Chat rooms can also be created for ETA CPPs after they’ve passed the exam so they can keep each other in the loop of upcoming webinars and other experiences to earn continuing education credits.

7. Host an Annual Recertification Call

Invite all current/active ETA CPPs in your organization, and ask ETA to co-facilitate. Record the call and make the recording and other resources available. (Remember: It costs far less to renew than it does to re-test!)

8. Promote [email protected]

When candidates have questions, especially about portal access issues, scheduling concerns, or any ETA-owned materials, refer them to [email protected]. ETA’s Education Coordinator is committed to providing support in a timely manner!