Chicagoland Area

Office Hours - 8am-5pm CT     |      Live Support 24/7 (847) 658-4800

Blog

How to Vet a Payment Processor Like You Vet an MSP — A 10-Point Due-Diligence Checklist

Payment Processor Vetting Checklist

Most small businesses spend weeks evaluating a managed IT provider. They ask about uptime SLAs, response times, security posture, and pricing models. They request references. They read the contract twice.

Then those same business owners sign a 36-month merchant services agreement after a 20-minute sales call with whoever happens to be standing in front of them when their old terminal dies.

The money at stake is comparable. The contract length is often longer. A bad payment processor can do more financial damage in a single quarter than a bad MSP will do in a year: hidden fees, frozen funds, chargeback exposure nobody warned you about.

Here’s the same vendor-evaluation rigor you already apply to IT, ported to the payments side of your business. Ten questions every SMB should ask before signing.

1. How is your pricing structured?

There are three pricing models in payments, and the one you’re being sold matters more than the rate that gets quoted.

Flat-rate (Stripe, Square, PayPal) charges one blended percentage plus a per-transaction fee. Simple to understand, easy to budget. As a rough heuristic, once monthly volume passes about $10,000–$15,000, flat-rate becomes the more expensive option for most card mixes, though the crossover depends on your average ticket size and your debit/rewards mix.

Tiered pricing sorts transactions into “qualified,” “mid-qualified,” and “non-qualified” buckets, each with its own rate. Looks competitive on the headline rate. The downgrades are where the margin lives. Most merchants who audit their merchant statement discover they’ve been paying meaningfully more than the headline rate implied.

Interchange-plus passes the actual interchange rate (the wholesale fee that Visa and Mastercard set for each transaction category) to you plus a fixed markup. Both networks publish their full rate schedules (Visa, Mastercard). Statements are more complex than flat-rate, but every penny is itemized, and at the SMB volume level it’s usually the lowest true cost.

If a sales rep can’t or won’t quote you interchange-plus, that’s the answer. Move on.

2. How long is the contract, and what does it cost to leave?

Three-year contracts with $300–$500 early termination fees are still common in the traditional ISO and processor channel. Newer fintech players like Stripe and Square mostly skip them. Some contracts are worse: autorenewing terms with 90-day cancellation windows that, if missed, lock you in for another full term.

Read the cancellation clause before you read the rate sheet. A processor confident in their service doesn’t write contracts that punish you for leaving. Month-to-month with no termination fee is the answer you want. A 1–2 year term with a flat, reasonable cancellation cost is acceptable. Anything longer or murkier is a hard pass.

3. Where does PCI compliance actually land?

PCI DSS compliance is mandatory for any business that accepts cards. The question isn’t whether you need it. It’s how much of the work you’re personally on the hook for.

The right merchant account reduces your PCI scope dramatically. Tokenization, point-to-point encryption, and hosted payment forms all shift the technical compliance burden away from your network and onto the processor’s. The result: a smaller annual self-assessment questionnaire, less audit overhead, and a smaller blast radius if something on your side ever does get compromised.

Ask directly: “What’s my PCI scope after we implement your solution? Which SAQ am I filling out: A, A-EP, or D?” If the rep doesn’t know what those letters mean, you’re talking to the wrong person.

4. When does my money arrive?

“Next-day funding” is the industry standard for marketing. The fine print rarely matches the headline.

Get specific:

  • Is funding next business day, or next calendar day?
  • What’s the cutoff time for batches to qualify?
  • Are weekends and holidays included or excluded?
  • Are there any volume thresholds that change the funding schedule?

And the bigger question hiding underneath: does your processor hold a rolling reserve? Reserves are most common in high-risk verticals (subscription, travel, supplements, CBD, debt-related services) and for newer merchants without a processing history. They can also be applied to standard merchants after a chargeback spike. A typical reserve might hold 5–10% of every transaction for 90 to 180 days as a buffer against future chargebacks. For a business doing $50,000 a month under a 10% / 180-day reserve, that’s $30,000 of working capital sitting in the processor’s account at steady state, not yours.

Reserves aren’t always unreasonable. The math behind them — protecting the processor from a chargeback wave they can’t claw back from a closed account — is real risk management.

What’s not reasonable is finding out about one after the fact. We frequently see merchants come to us blindsided by a reserve they were never told about during the sales process. The conversation almost always opens the same way: “They’re holding how much of my money?”

Ask the question before you sign. If the answer is “we don’t typically apply reserves to merchants in your category,” get that in writing. The cost of asking is zero. The cost of not asking is months of working capital you didn’t budget for sitting in someone else’s account.

5. What happens when a customer disputes a charge?

Chargebacks are inevitable. The question is whether your processor is a partner when they happen or a passive bystander who collects a $25 fee and forwards the paperwork.

A good processor will:

  • Notify you immediately when a dispute is filed
  • Provide a clear interface for submitting evidence
  • Help you understand the reason code and what evidence wins
  • Track your chargeback ratio and warn you before you hit Visa’s or Mastercard’s published monitoring thresholds

A bad processor will email you a PDF, charge you the fee whether you win or lose, and disappear when you have questions. Ask for a walkthrough of their dispute response interface before you sign. If they hesitate, you have your answer.

6. What’s the actual uptime over the last 12 months?

This is the question MSP buyers ask reflexively about every IT vendor. Almost no SMB asks it about their payment processor.

Payment outages happen, and when they do, you can’t take cards. For a busy restaurant in a peak dinner hour or a retailer on Black Friday, even a brief outage can run into the thousands or tens of thousands in lost transactions, depending on volume. For any merchant, the question is how prepared you are when one hits.

Ask for:

  • Published uptime over the last 12 months (not their target, their actual)
  • Whether they support a backup gateway or alternate processor for failover
  • Their incident communication policy (how do you find out something is wrong?)

If they can’t produce a number, they don’t measure it. That tells you what you need to know.

7. Will it integrate with what I already use?

Your payment processor doesn’t operate in isolation. It needs to talk to your POS, your accounting software, your CRM, your e-commerce platform, and probably your inventory system.

Bring a list of the systems you actually use to the sales conversation. For each one, ask: native integration, third-party connector, or custom development required? “We integrate with everything” is not an answer. Make them name names.

The cost of a missing integration isn’t just the integration fee. It’s the staff hours your team will spend manually reconciling between systems, every week, forever.

8. Who owns the hardware?

Card terminals come three ways: leased, rented, or purchased outright.

Leases are usually the worst deal in the entire payments industry. Four-year non-cancelable terminal leases at $50/month for a $300 device were the standard in the ISO sales channel for years and still appear in the field, most often through third-party leasing companies that the processor partners with rather than the processor itself. It’s common for us to see merchants two and three years into one of these agreements who didn’t realize the lease wasn’t actually with their processor and couldn’t be canceled when they switched.

That structure is what makes leases dangerous. The lease typically survives the cancellation of your processing agreement, because the lease is a separate contract with a separate company. The FTC has brought enforcement actions against marketers using these tactics (see the FTC’s 2014 settlement), but the model hasn’t disappeared.

Buy your terminals outright when you can. If you must lease or rent, get the term in writing and confirm what happens to the lease if you switch processors. Never sign a separate lease document presented as “just paperwork for the terminal.” Those are almost always non-cancelable third-party financing agreements.

9. What does support look like in practice?

When something breaks at 7pm on a Saturday (your terminal won’t connect, your funding didn’t land, a recurring charge failed), who picks up the phone?

The right questions:

  • 24/7 support, or business hours only?
  • Do I get a dedicated account manager, or am I in a general queue?
  • What’s the average response time for a tier-2 issue (something a frontline rep can’t resolve)?
  • Is support based domestically, offshore, or mixed?

“Submit a ticket through the portal” is not a real support model for payments. Things break in real time. Support has to be reachable in real time, the same way you’d expect from any IT vendor running production infrastructure.

10. What does it cost (and what does it take) to leave?

The exit conversation is the one nobody wants to have during a sales pitch. Have it anyway.

  • How do I export my transaction history if I cancel?
  • Do I retain access to historical data after cancellation, or does it disappear?
  • How are recurring billing customers handled during a switch?
  • Is there a final settlement period, and how long does it take to receive my last batch of funds?
  • Are there any post-cancellation obligations I should know about?

A processor that makes leaving hard is telling you what their retention strategy actually is. The ones that make it easy don’t usually need one.

How this fits into your broader vendor evaluation

If you’ve already built a vendor-evaluation framework for choosing an MSP, a cybersecurity provider, or a disaster recovery partner, you have most of the muscle for this already. Payments is just another infrastructure category: long-term, mission-critical, with security and continuity implications that touch everything else in your business.

The mistake most SMBs make isn’t choosing the wrong processor. It’s not running a process at all. They accept whatever’s in front of them when the old solution stops working, then live with the consequences for three years.

Run the same playbook you’d run for any other vendor of this size. Get the answers in writing. Compare two or three options. The cheapest headline rate almost never produces the lowest total cost. The processors worth signing with are the ones who can answer all ten of these without hesitating — same criteria you’d use for any vendor running mission-critical infrastructure.

Kaleb Dickhaut is the founder of ClickWerxs, a payments firm helping SMBs cut processing costs and choose merchant infrastructure that holds up over time.