Navigating the Payment Industry Alphabet - I is for "ISO"
I is for Independent Sales Organization (ISO)!
An ISO is a third-party entity that resells payment processing services on behalf of Acquirers. ISOs play a key role in expanding the reach of payment services by onboarding merchants, providing customer support, and offering value-added services. They do not directly process transactions; instead, they act as intermediaries between merchants and the financial institutions that handle the actual payment processing.
Here are my definitions of the different types of ISOs:
Referral ISO - A business who sends leads to an Acquirer or a Retail ISO in exchange for a referral fee or share of processing revenue. An example would be a Referral ISO walks into a nail salon (not setting a joke 😀) with a business card and merchant application and offers merchant services to the business. When the merchant sets up the account, the Referral ISO will receive credit for the lead.
Retail ISO - A business who acts as an intermediary between the merchant and the payment processor. Retail ISOs primarily focus on merchant recruitment and support and usually do not assume financial risk. They act as sales agents for the services provided by Wholesale ISOs or payment processors. From my experience, the Acquirer will manage their oversight and relationship of the Retail ISO through a Wholesale ISO and may place all the merchants on a shared BIN/ICA.
Wholesale ISO - A business who takes on the financial risk of the merchant relationship, as they are responsible for underwriting and compliance with industry standards. They have a direct relationship with an Acquirer, who allows them to set their own pricing. From my experience, the Acquirer will directly manage their oversight and provide them a dedicated BIN/ICA.
From a compliance and risk standpoint, ISOs must:
* Be registered with the card networks under a Sponsoring Bank
* Follow strict underwriting and monitoring guidelines
* Ensure merchants adhere to PCI DSS and other regulatory standards
* Maintain transparency in fee structures and contract terms
Because ISOs operate under the obligations of an Acquirer, the bank is ultimately responsible for the ISO’s compliance. This means poor practices by an ISO can expose the bank—and the payment ecosystem—to reputational and regulatory risk.
🔍 Key takeaway: ISOs are essential players in merchant acquisition, but they operate under close oversight. Understanding their role helps clarify who’s accountable in the payment chain.