PSP selection: criteria and risks
PSP selection: criteria and risks
1) iGaming context and "genre features"
High risk charges and regulatory requirements are → needed by PSP with experience in gambling (MCC/categorization, geo-blocking, RG features).
Wide geography (EU/USA/LATAM/MEA/Asia) → local APMs (Pix/UPI/SPEI/PSE/FPS/SEPA Instant, etc.).
Responsibility and control: KYC/AML/KYT, sanctions/PEP, limits and self-exclusion - should be maintained technically, not "paper."
Orchestration: one PSP almost never closes all markets - lay multi-PSP strategy.
2) Criteria map (what we evaluate)
2. 1 Legal and Compliance Perimeter
Regulatory suitability: does the PSP work in target jurisdictions with iGaming (on-us/off-us, white/grey-list country policy).
KYC/AML/Sanctions: data sources, refresh rate, false positives, KYT for payments/outputs.
PCI DSS: certification level, CDE zone, tokenization/network tokens, scope reduction.
Crypto/egre policy (if relevant): explicit stance, not "case by case."
Contractual restrictions: admission from self-excluded, minor-protection, advertising/affiliates.
2. 2 Product and coating
Input methods: cards (Visa/Mastercard/UnionPay), APM, open banking, e-wallets, vouchers/cash.
Payouts: OCT/RTP, instant SEPA/FPS/SPEI/PIX/UPI, card-to-card, wallets.
3DS/SCA: flexible policies (TRA, whitelisting, step-up risk), network tokens support.
Tokenization: vault, network tokens, lifecycle (PAN refresh), updating tokens when rebranding BIN.
Antifraud: rules + ML, device fingerprint, behavioral analytics, velocity, BIN/IP/UA lists.
2. 3 Economics and Finance
Tariffs: MDR/interchange, scheme fees, crossborder/FX, payout-fees, anti-fraud/3DS/chargeback-handling, refund/void.
Резервы: rolling reserve, holdback, delay settlement, collateral; conditions of release.
Settlement procedure: T + 0/T + 1/T + 3, clearing currency, split settlements, multi-wallet.
Chargeback policy: RDR/ODR/Order Insight/CAA, evidence, win-rate disputes.
Minimums/cap: minimal commission/transaction, monthly minimums.
2. 4 Technique, scale and quality
SLA/SLO: uptime, p95 latency, target Auth Rate by country/bank.
Routing: BIN-/issuer-based, rule engine, smart retry, backup MIDs.
Observability: metrics/logs/traces, status page, webhooks, real-time reason codes.
Integration: SDK/API, idempotency, idempotency keys, webhooks signed, versioning.
Reporting and reconciliations: T + 0/T + 1 reconciliation, payout reports, dispute feeds, tax registers.
2. 5 Operations and Risk Management
Onboarding: KYC deadlines, list of documents, work with UBO/funds.
Monitoring: alerting by failures/declines, circuit breaker rule, transit limits.
Support: 24/7 L2/L3 allocated to TAM, reaction/escalation time.
Exit-strategy: SLA for returning tokens, exporting data, switching to a new MID/PSP without loss.
3) RFP: what to request from PSP (template)
1. Yur. block: confirm in writing work with iGaming in the target countries; PCI-AOC copies, AML policies, sanction providers/refresh rate.
2. Coverage: list of I/O methods with geo and success rates by bank (last 3-6 months).
3. Economics: full commission map, sample calculator for 10 typical scenarios; reserve/settlement conditions.
4. Fraud/3DS: supported scripts, rule builder, ML signals, chargebacks reports.
5. Technique: API spec, rate limits, webhooks, list of reason codes, SLA/uptime history for 12 months.
6. Activities: onboarding dates, list of required documents, escalation process (RACI).
7. Data/output: export format, token return date, migration without re-entering PAN.
4) Risk matrix (example)
5) Hidden cost counter
FX surcharges and cross-border markup.
3DS-fee за challenge, network tokens fee.
Refund/void и payout fee (fixed + %).
Chargeback handling (per case) and "proofs."
Monthly minimums and paid webhooks/reports (occurs).
6) Scoring model - fast framework
Rate each PSP 1-5 points (weight in brackets):1. Legal/Compliance (20%): Licensability, AML/Sanctions, PCI, iGaming Policy.
2. Product/coating (20%): I/O methods, 3DS/tokens, anti-fraud.
3. Economy (20%): effective rate, reserves, settlement.
4. Technique/SLA (20%): uptime, latency, routing, reporting/reconciliation.
5. Operations (10%): onboarding, support, escalation, QBR.
6. Output/data (10%): token portability, export, migration.
Sum of points → shortlist and A/B pilots on part of the traffic.
7) Conversion check and pilot
A/B split by geo/method: at least 2-4 weeks, volume of ≥10k transactions/branch.
Metrics: Auth Rate, challenge rate, average latency, refund rate, chargeback rate (with lag), payout time.
Smart retry: record the reasons for failures, compare by PSP and by issuing banks.
8) SLA and KPI (what to sew into the contract)
Availability: ≥99. 95% admission; p95 auth API < 3 с; webhooks < 60 с.
Payment KPI: Auth Rate by key banks/methods with lower thresholds; share of instant payouts; chargeback investigation time.
Incidents: confirmation time (15 min), workarounds (fallback MID/APM), status page and RCA ≤ 5 days.
Data: format/frequency of reports, access to raw reason codes, return of tokens ≤ 10 days upon termination.
Finance: cap on fees/surcharges, reserve ladder, SLA break penalties
9) Integration and orchestration architecture
Payment Orchestrator with rule-engine (GEO/BIN/bank/risk/fee), idempotency, retries, circuit breaker.
Multiple MIDs/Acquirers for different GEO/check categories.
3DS policy: dynamic, with TRA/whitelisting and step-up on risk.
Data/reconciliations: single payment intent, Ledger↔PSP↔bank gluing.
Exit-friendly: abstraction over PSP, portability of tokens, feature "dual running" during migration.
10) Regional clues
EC/UK: PSD2/SCA - look for strong 3DS analytics and open banking; SEPA Instant/FPS support is important.
USA: cards + ACH, priority of instant payments; a strong chargeback ecosystem.
LATHAM: Pix/SPEI/PSE/TEF; APM-heavy; local banks/aggregators are important.
Turkey/CA/MEA: local APM, bank transfers, high share of AML/sanctions.
India/Asia: UPI/e-wallets, fine-cut limits, real-time risk.
11) Checklists
Due Diligence
- iGaming acceptance letter in target countries.
- PCI AOC, AML/KYT description, sanction providers.
- Uptime for 12 months, incident log, metrics by banks.
- Full rate card (incl. hidden).
- Reserve/holdback/settlement conditions.
- Token Return Procedure/Data Export.
Engineering and Reporting
- API stability, versioning, webhooks.
- Reason codes, fraud signals, dispute feeds.
- Reconciliation T + 0/T + 1, payout reports, tax uploads.
- Observability: dashboard, alerts, SIEM integration.
Operations and exit
- RACI/escalation 24/7, TAM.
- Dual run, freeze periods, rollback.
- Contractual KPIs/penalties, QBR rhythm.
12) Final Memo
More than one PSP: Plan your portfolio.
Consider "effective rate," not just MDR.
Data and output are equivalent to price: portability of tokens and export.
Locale decides: connect local rails and optimize bank 3DS/anti-fraud.
SLAs and reserves are subject to tough arrangements and regular QBRs.
It is necessary - I will prepare an RFP template, a PSP comparison table and an effective rate calculation formula for your target GEO/methods.