Skip to content
Epitychia
Insights Field Note · Procurement

Picking a payment gateway: a buyer's framework for ISVs and marketplaces

Most gateway selections are made on rate sheet and integration time. The decisions that matter are the ones nobody puts in the RFP. Here are the seven we ask first.

· 10 min read · By Timmy Bare

The payment gateway you choose at $1M a month becomes the gateway you regret at $10M, lock yourself into at $30M, and migrate from in pain at $80M. The selection deserves more rigor than it usually gets — and not the rigor of a 200-line RFP. The rigor of asking the seven questions that actually predict regret.

The seven questions

1. Whose merchant of record is the cardholder paying?

Many “gateways” are actually managed merchants of record. Others are gateway-only. Hybrids exist. The MOR question determines who holds the merchant account, who bears chargeback risk, who the customer disputes against, and who the regulators look to.

This is not a technical question. It is a product question, a tax question, and a regulatory question. Get it wrong early and you will rebuild your entire payments stack to fix it later.

2. How does the contract terminate?

Read the termination clause. Specifically: what is the term, what are the exit ramps, who owns the cardholder data on exit, and what is the data export format?

Gateways with hostile termination clauses (long terms, exclusivity, opaque data export) compound risk every month you grow on them. The right time to negotiate exit is at signing — when you have leverage. The wrong time is when you’ve decided to leave.

3. What is their settlement reliability under load?

Sandbox testing tells you nothing about production. The test is: what happens at peak volume on a Cyber Monday, when a downstream issuer’s network is degraded, when a regional outage rolls through?

Reference calls help. Talking to current customers in your volume range and asking specifically about settlement reliability — not “are they good?” but “have you ever had a settlement file delayed by more than 24 hours, and how did they handle it?” — surfaces what the sales process won’t.

4. What does the API surface look like at the layers you don’t yet need?

Most gateways are evaluated on the layers a buyer needs today: authorization, capture, refund. The expensive surprises live elsewhere — chargeback API, dispute representment, network tokenization, partial captures, multi-party split payments, 3DS orchestration, account updater participation, recurring scheduling.

If your roadmap will require any of these in the next 24 months, read the docs for those endpoints carefully now. Coverage gaps become migrations.

5. What does pricing look like at 10x your current volume?

Most gateway pricing is structured as a base rate plus per-transaction fee, with volume discounts that are vague at signing and disputed in renewal. Ask for a forecast: at 5x volume, 10x volume, what is the all-in rate?

Many gateways will not commit. That is itself information. The ones that will commit — and document the commitment — are the ones that have built sustainable economics.

6. Where does the data live and who can pull it?

Card data and transaction metadata should be portable. PCI scope considerations aside, the strategic question is: if you change gateways, can you walk out the door with your customer card-on-file vault, your dispute history, your reconciliation logs, your customer payment-method preferences?

Some gateways make this trivial. Some make it impossible. Some make it expensive. Find out before you sign.

7. Who owns the relationship with the schemes?

Visa and Mastercard have rules. The rules change. Some gateways act as your interpreter and advocate to the schemes. Others abstract you away and silently absorb scheme changes — until one of those changes affects your business.

The right gateway tells you proactively when a scheme bulletin will affect your category, your geography, or your authentication posture. The wrong gateway leaves you to discover it on your settlement file.

What we ask in addition

Beyond the seven, our standard diligence includes:

  • A current customer reference call in your volume range (we lead).
  • A direct read of the master service agreement and processor agreement (we annotate).
  • A sandbox build covering the core flows plus three flows you don’t yet need (we run with your engineering team).
  • A scheme-fee unbundling on the proposed pricing (we model).
  • A documented exit plan, written before signing (we author).

It is more rigorous than most procurement processes. It is also why our clients don’t migrate gateways every two years.

A short word on the categories

The early-stage developer-experience providers are excellent for fast launches; expensive at scale and limited on commercial-card support. The enterprise-scale providers are battle-tested but typically outdated on API surface. The mid-market specialists sit between. The big-brand consumer wallets are acceptable for most use cases and a discount option for none.

There is no universally right answer in the abstract. The right answer depends on what you’re building, where you operate, how patient you are, and whether you want to outgrow your processor every two years or settle into a partnership that scales with you. We are increasingly the answer for operators who choose the second path.

The seven questions are a starting point. Real selection is engagement-by-engagement. For diligence on a specific shortlist, schedule a strategy call.

Tags gateway merchant services procurement
All insights
Engagement

Schedule a strategy call.

Tell us about your stack. We'll show you where the margin is — at no cost, and with no obligation.

Book the call
30 minutes · No deck · No filler