How to Choose a Payment Processor: A Framework from a Senior Payments PM
Why Choosing a Payment Processor Is a Product Decision
Most guides on choosing a payment processor treat it as a procurement exercise: compare pricing, check feature lists, pick the cheapest option that covers your needs. That framing misses the most important dimension.
Your payment processor affects your authorization rate, your fraud exposure, your compliance posture, your customer experience, and ultimately your revenue. The wrong processor at the wrong stage of your business is not just expensive — it actively suppresses growth.
This guide covers the criteria that actually matter, in the order they actually matter, based on 20 years of working with processors across retail, eCommerce, SaaS, and fintech.
Step 1: Define What You Actually Need
Before evaluating any processor, get clear on three things.
Your transaction profile. What card types will you process? What is your average transaction size? What is your expected monthly volume? Is this one-time purchases, recurring subscriptions, or both? Are customers initiating payments, or are you charging stored credentials? Each of these affects which processors are right for you and what pricing model makes sense.
Your geographic footprint. Processing domestic US transactions is straightforward — most processors handle it well. Processing cross-border or needing strong local acquiring in specific international markets narrows your options significantly. Local acquiring (having an in-country acquiring relationship) typically adds 1-3 percentage points of authorization rate in international markets.
Your integration capacity. How much engineering resource can you dedicate to the integration? A lean team moving fast has different needs than an enterprise payments engineering team. More powerful processors typically require more complex integrations.
Step 2: Understand the Pricing Models
There are three main pricing models. Understanding which applies to a given processor tells you a lot about who it is designed for.
Flat-rate pricing (e.g. Stripe, Square): a fixed percentage plus per-transaction fee on every transaction, regardless of card type. Simple to model, easy to start, expensive at scale. Good for low-volume merchants who value simplicity.
Interchange-plus pricing (e.g. Adyen, Braintree, many ISO relationships): you pay the actual interchange cost set by the card networks, plus a fixed processor markup. More complex to model but significantly cheaper at high volume. The processor markup is where negotiation happens.
Tiered pricing (many legacy processors and ISOs): transactions are bucketed into “qualified,” “mid-qualified,” and “non-qualified” tiers with different rates. This model systematically obscures your actual costs and almost always works against the merchant. Avoid if possible.
At low volume (under $100K/month), flat-rate is usually fine. Above $500K/month, interchange-plus almost always wins on cost. The transition point varies based on your card mix.
Step 3: Evaluate Authorization Rate Capability
This is the most underweighted criterion in most processor evaluations and the one with the biggest impact on revenue.
A 1 percentage point improvement in authorization rate on $10M/month in processing volume is $100,000 in recovered monthly revenue. Annualized, that is $1.2M — from no new customers and no marketing spend.
The factors that determine a processor’s authorization rate performance are direct issuer connections (processors with direct connections outperform those routing through intermediaries), network tokenization support (critical for stored credentials and recurring billing), intelligent retry logic, and RevenueOptimization tooling.
Ask every processor you evaluate: what is your average authorization rate for merchants in my segment? What tools do you provide for authorization rate optimization? Do you support network tokenization via Visa Token Service and Mastercard Digital Enablement Service?
Step 4: Check Fraud and Risk Management Tooling
Every processor offers some form of fraud screening. The meaningful differences are in how configurable it is, how accurate it is for your transaction type, and how false positives are handled.
False positives — legitimate transactions declined as fraud — are a silent revenue killer. Some fraud tools are tuned aggressively and generate high false positive rates. This reduces fraud losses but also declines real customers. The right balance depends on your fraud exposure and customer lifetime value.
Key questions: Can you configure the fraud rules yourself, or is it a black box? What is the false positive rate for your card-not-present transaction type? Can you whitelist specific customers or BIN ranges? Does the tool provide chargeback automation, or just fraud detection?
Step 5: Assess Integration Quality
The quality of a processor’s API and documentation matters enormously for ongoing operations, not just initial integration. A processor you cannot debug, cannot monitor, and cannot extend as your needs evolve creates ongoing engineering debt.
Evaluate: the quality of sandbox/test environments, the clarity of error codes and decline reason data, webhook reliability, and the SDK support for your stack. Check the developer community — Stack Overflow questions, GitHub issues, and developer forums tell you a lot about integration pain points that won’t appear in a sales demo.
Step 6: Evaluate Recurring Billing Support
If any part of your business involves recurring charges — subscriptions, installments, autoship, annual renewals — the processor’s recurring billing capability is critical.
Specifically: does the processor support MIT/CIT transaction flagging and stored credential framework compliance? Do they support Account Updater or Real-Time Account Updates for expired card management? Do they have a dunning and retry management layer, or do you build it yourself?
Processors that handle these correctly improve authorization rates on recurring transactions. Processors that do not will generate unnecessary declines every time a customer’s card is reissued.
Step 7: Check Compliance and PCI Scope
PCI DSS compliance scope is a meaningful operational consideration. Processors that offer hosted payment pages or iframes reduce your PCI scope significantly — you never touch raw card data. Processors that require you to handle card data directly increase your compliance burden.
For most merchants, reducing PCI scope is worth some flexibility tradeoff. The exceptions are merchants with specific UX requirements or high-volume businesses where the compliance cost is manageable and the control is worth it.
Also check whether the processor has relevant certifications for your industry — healthcare (HIPAA), government, or heavily regulated sectors have specific requirements.
The Processor Landscape by Segment
Early-stage / startup: Stripe is the default for good reason. Fast integration, excellent documentation, no minimums, flat-rate pricing that is easy to model, and Stripe Billing for subscriptions. Start here and optimize later.
Mid-market eCommerce ($1-10M/month): Stripe remains viable. Start evaluating Adyen or Braintree as volume grows, particularly if authorization rate data suggests you are leaving revenue on the table.
Enterprise ($10M+/month): Adyen for primary acquiring, particularly with international volume. Consider payment orchestration to maintain Stripe for specific use cases alongside Adyen.
Marketplace / platform: Stripe Connect or Adyen for Platforms. Both have specific products designed for marketplace payouts and split payments. Stripe Connect is easier to integrate; Adyen for Platforms is more powerful for complex fee structures.
Subscription SaaS: Stripe Billing is the strongest out-of-the-box subscription management layer. Paddle is worth evaluating for international SaaS (it acts as Merchant of Record, handling VAT and local tax). Chargebee or Recurly as billing middleware over Stripe or Adyen for complex billing logic.
Red Flags in Processor Evaluation
Tiered pricing with no ability to negotiate interchange-plus. Long contract terms with early termination fees — reputable processors do not require this. Vague answers about authorization rate performance or false positive rates. No sandbox environment or poor documentation. Ownership of your customer card data that makes switching painful.
The Most Important Question to Ask
After all the evaluation criteria above, the single most important question is: what does your decline data tell you?
If you are evaluating processors because your current authorization rate is unacceptably low, you need to understand whether the problem is your processor’s routing and issuer relationships, your own transaction labeling and data quality, or your fraud configuration. A new processor fixes the first problem. It does not fix the second or third. Do the diagnostic work before you switch.