Payment Facilitators: Why Your Internal Controls Must Be Air-Tight

March 25, 2021

30-Second Summary:

  • The Main Takeaway: Though there are many advantages to becoming a payment facilitator over using the traditional payment model, the rewards bring additional risks.
  • Impact on Your Business: Payment facilitators must establish strong internal control systems and processes to address external risks and protect their operations and customers.
  • Next Steps: There are three basic risks you should address in your internal controls, which we outline in detail below.

Need a professional to help you reduce risk? Let Aprio design and implement solid internal controls to protect your business.

The full story:

Payment facilitators (also known as “PayFacs”) are all the rage these days. Why?

PayFacs have many advantages over the traditional payment model, giving rise to a trend that is transforming the payment industry.

However, rewards bring additional risks. Here are some of the most prominent risks PayFacs face, and why you should be laser-focused on addressing them to protect your operations and customers.

Removing the bullseye from your back

The number-one asset fraudsters target is money. Though stealing precious metals may be glamorized in movies, in reality, most fraud involves currency.

It’s important to have some background knowledge: one of the biggest advantages to using PayFacs is that they have relationships with acquirers, while merchants have sub-merchant accounts through PayFacs. In the traditional payment model, the acquirer is responsible for directing funds from banks to individual merchants; in the PayFac model, the PayFac is responsible for directing funds from its master merchant account.

Since PayFacs are responsible for funding merchants — via direct payments or by directing the acquirer — any disruption in the payment stream could lead to massive losses in a very short time period. Disruptions can take many forms, from system hacking to simple typographical errors.

It’s essential for PayFacs to have a strong system of internal controls with redundancy built in. Your internal controls system should include regular reconciliation of bank accounts, preferably daily as a best practice. You should put multiple levels of approval in place to send out funds, including a different preparer and approver. Finally, you should create detective controls to make sure that any errors are identified quickly. These detective controls should include both logical and system controls.

Ensure proper staffing and controls for chargebacks

In the traditional system, acquirers are responsible for chargebacks; they charge merchants for any chargebacks that occur in their account. However, in the PayFac model, the PayFac has the relationship with the acquirer, which means it is responsible for chargebacks, which it then passes on to merchants.

PayFacs need to put proper staffing and controls in place to identify chargebacks, match them up to merchants and collect them to avoid incurring responsibility for the added cost, which could be high if a bad actor signs up as a merchant.

Develop a know-your-customer process

Know your customer (KYC) is one of the most important internal controls processes for PayFacs. Since PayFacs are underwriting the payment process, they are taking on the risk of fraud from bad actors who may be setting up merchant accounts. Though establishing an arduous KYC process would defeat the purpose of using a PayFac rather than a traditional acquirer, PayFacs must be innovative in how they onboard customers. PayFacs have the flexibility to leverage new and changing technology that traditional acquirers would take years to utilize. It is vital to put a system in place to verify that customers are legitimate and not nefarious.

The bottom line

By establishing the appropriate processes and systems from the outset, PayFacs can feel confident that they are mitigating the appropriate risks and protecting customers and stakeholders from threats.

Related Resources:

If you’re seeking professional assistance to help you navigate this process, reach out to our team at Aprio. We can help you design and implement internal controls systems that allow you to do business with ease. Contact us today.


Investment advisory services are offered by Aprio Wealth Management, LLC, a Securities and Exchange Commission Registered Investment Advisor.  Opinions expressed are as of the current date (March 25, 2021) and subject to change without notice. Aprio Wealth Management, LLC shall not be responsible for any trading decisions, damages, or other losses resulting from, or related to, the information, data, analyses or opinions contained herein or their use, which do not constitute investment advice, are provided as of the date written, are provided solely for informational purposes and therefore are not an offer to buy or sell a security. This commentary is for informational purposes only and has not been tailored to suit any individual. References to specific securities or investment options should not be considered an offer to purchase or sell that specific investment.This commentary contains certain forward-looking statements. Forward-looking statements involve known and unknown risks, uncertainties and other factors which may cause the actual results to differ materially and/or substantially from any future results, performance or achievements expressed or implied by those projected in the forward-looking statements for any reason.No graph, chart, or formula in this presentation can be used in and of itself to determine which securities to buy or sell, when to buy or sell securities, whether to invest using this investment strategy, or whether to engage Aprio Wealth Management, LLC’s investment advisory services.Investments in securities are subject to investment risk, including possible loss of principal. Prices of securities may fluctuate from time to time and may even become valueless. Any securities mentioned in this commentary are not FDIC-insured, may lose value, and are not guaranteed by a bank or other financial institution. Before making any investment decision, investors should read and consider all the relevant investment product information. Investors should seriously consider if the investment is suitable for them by referencing their own financial position, investment objectives, and risk profile before making any investment decision. There can be no assurance that any financial strategy will be successful.Securities offered through Purshe Kaplan Sterling Investments. Member FINRA/SIPC. Investment Advisory Services offered through Aprio Wealth Management, LLC, a registered investment advisor. Aprio Wealth Management, LLC and the Aprio Group of Companies are not affiliated with Purshe Kaplan Sterling Investments.