Understanding issuer processors in the payments ecosystem
The relationship between issuers, issuer processors, and card schemes
Feb 15, 2023
Mohammed Oueida
Mohammed Oueida
CEO

Introduction: The technology that powers issuers

Issuers partner with several other entities in the payments ecosystem to be able to issue payment instruments, such as cards. One example of a partner is an issuer processor.

In this article, we’ll dive into the technology and systems required for issuers to be able to process card transactions — handled by issuer processors . We’ll also take you through the relationship between issuers and issuer processors , and how companies that outsource their transaction processing can successfully do so to deploy more resources into product development.

The relationship between issuers, card schemes, and issuer processors

For context, issuers need a license in the countries where they market and distribute payment instruments, granted by the respective financial regulator of that jurisdiction. Effectively, issuers can range in entity type, from full-fledged banking institutions or licensed non-banking financial institutions (such as payment companies or lending institutions) that carry out the issuance of payment instruments. Regulators often grant different types of licenses to entities to conduct various financial activities — and therefore, a financial institution looking to become an issuer must ensure that their license includes the relevant activities to issue payment cards specifically. It’s worth noting that the licensing requirements and process differ amongst regulators, across markets.

In addition to ensuring the appropriate regulatory licensing is in place, to be able to operate as an issuer , an issuing entity needs to become a principal member with the card schemes (such as mada , Visa, or Mastercard) it intends to issue cards on. These schemes each have their own criteria for allowing issuers to become principal members on their network; which may also differ from country to country, depending on the financial regulator in that jurisdiction. Nevertheless, this is essential for the issuer to receive a Bank Identifier Number (BIN) from the schemes. Without having a BIN , an issuer can not issue cards. It is from dedicated BINs that an issuer can can start to create cards for its consumers. It is possible for institutions that have a BIN to sponsor others that don’t have one to facilitate issuing cards as their “BIN Sponsor.

Note: A BIN is the way that schemes identify issuers. For issuers of payment cards, this comes in the form of the initial digitals of the card.

Issuing cards requires technical infrastructure on which these payment instruments need to be operationally issued and managed thereafter. In addition, every time there is a transaction using a payment instrument by its authorized user, this transaction would need to be facilitated through the digital world and processed for the funds to move physically too.

Issuers can set up their own tech stack (by building one of their own or buying licensed software) that communicates with card schemes. Alternatively, they can work with a third party issuer processor (such as Stitch) who can provide this technology infrastructure along with certain payment operations as a service.

The relationship between issuers, card schemes, and issuer processors

Why would an issuer want to work with an issuer processor?

When issuers embark on setting up their own transaction processing infrastructure, part of the journey requires building their tech stack. This often calls for the need to purchase third-party software that is able to do the payment processing that they require.

In addition to purchasing the software and appropriate licensing, these issuers would often also need to hire consultants associated with the software vendors to manage the software after it’s been implemented.

Further, the off-the-shelf software that is purchased would require additional hardware infrastructure to be purchased so that they can be hosted. Not to mention, local regulations would need to be taken into account as to where this data is hosted, given they hold sensitive information (such as identifiable consumer information). For example, in Saudi Arabia, services that handle transaction processing are required to be hosted locally due to data sovereignty requirements.

In the case of banks as issuers, though they would already have servers with appropriate server management in place to host their core banking systems, they would still need to consider expanding on their current infrastructure to accommodate the payment processing activities.

The above goes without mentioning that even after the appropriate tech stack is physically in place, it would need to integrate with card schemes (such as mada or Visa) to facilitate transaction processing activities successfully plus need to frequently be updated according to the scheme’s typical bi-annual mandates that are released.

Due to the complexities described, in many instances, issuers may want to consider working with issuer processors to provide them with the service of processing payments made on the payment instruments they issue.

At Stitch, we’ve built our own issuer processor tech stack and manage our own infrastructure that is in compliance with the local regulators across the MEA region. We give issuers access to our APIs so that they can easily plug into our tech stack and from there start building payment products without having to build their own issuer processor systems or navigate regulatory implications on the technology stack themselves.

Can non-regulated institutions issue payment cards and other instruments?

As we explained earlier, issuers need to be licensed by a financial regulator to issue financial instruments, whether they are banks or specialized payment companies.

However, it is not uncommon these days for a non-regulated institution to be in the business of issuing payment instruments. This is made possible through partnering with an entity that is regulated and can act as a BIN sponsor for the non-regulated institution.

Examples of non-regulated entities that would want to issue payment instruments but whose core business is not to be a “bank” per se are corporations and Fintech companies.

How non-regulated institutions can issue payment cards and other instruments

It is worth noting that institutions that issue payment instruments have licenses that explicitly allow them to do so under the oversight of a financial regulator (e.g. SAMA ).

Stitch — your issuer processor partner in Saudi Arabia

Historically, issuers across Saudi Arabia have been doing their own issuing processing in-house. Stitch is the first modern third-party issuer processor in the Kingdom — which means that issuers can work with us as a service provider to do their issuing processing.

Stitch — your issuer processor partner in Saudi Arabia

As an issuer partner, we cater to innovators. Our comprehensive and innovative API-driven platform is seamlessly integrated into the global and local payments ecosystem. This enables corporates and Fintechs aiming to develop payments solutions to concentrate on their core strengths — crafting exceptional products and acquiring customers.

We also work with Fintechs and corporates that are not licensed by a financial regulator to issue payment devices independently. Instead, they work with us as their issuer processor and utilize our technological infrastructure. This becomes the foundation for building their payment products. In such instances, we connect the non-licensed entities to our network of banks that can serve as their BIN sponsor .

If you are building a payment product in Saudi Arabia or the wider Middle East, reach out to us to explore how we can help you focus on managing your back-end infrastructure so that you can focus on what really matters — innovating and enhancing your customer experience.