Helping businesses make informed decisions
Skip to main content

The Acquirer-Processor-ISO-Agent Chain

Marc Ropelato Tech CEO & Software Developer | 20+ Years in Digital Media
9 min read
We may earn a fee or commission from partners on this site.
The Acquirer-Processor-ISO-Agent Chain

When a credit card sale runs through your business, four distinct entities sit between your customer's bank and yours. The acquirer holds your merchant account. The processor runs the technical rails that move the transaction. The ISO sold you the deal and underwrote your application. The agent is the person whose name is on the contract you signed. This four-layer merchant services distribution chain decides who answers your phone call, who can change your rates, and who keeps your money when something goes wrong. Most merchants signed paperwork without learning the difference. The contract names get blurred in marketing materials, and salespeople have a financial reason to keep it that way. The acquirer vs processor vs ISO question isn't academic. It determines your real legal counterparty, your actual rate floor, and your dispute escalation path. The Four Layers: Acquirer, Processor, ISO, and Agent Card network rules require every merchant who accepts Visa or Mastercard to have a sponsoring bank that's a member of the network. That sponsoring bank is the acquiring bank, also called the acquirer or member bank. The acquirer holds the merchant account in its own name with the network. Everything else in the chain operates under that bank's sponsorship and assumes risk back to it. Acquiring Bank The acquiring bank is the one entity in this chain with direct membership in Visa, Mastercard, and the other card networks. It's the legal holder of your merchant account. If your business processes a chargeback the cardholder wins, the acquirer is the entity that funds it. If the network fines your account for excessive fraud, that fine goes to the acquirer first. The bank then passes that liability down the chain to whoever it's contractually entitled to recover from, which is usually the processor or ISO, who then passes it to you. You typically don't talk to your acquirer. Most merchants couldn't name the acquiring bank behind their account without digging through fine print. That's by design. The acquirer wants to underwrite at scale and let downstream partners handle the customer relationship. Processor The processor is the technical engine of card acceptance. It connects the acquirer to the card networks, routes authorization requests, captures settled transactions, applies interchange fees, and handles the daily clearing and funding cycle. Some processors are owned by acquiring banks. Some operate independently and contract with multiple acquirers. A handful of large processors handle the bulk of U.S. card volume across thousands of merchant-facing brands. Your processor is the entity that actually moves your money. Settlement times, batch cutoffs, technical outages, and gateway integration issues all sit at the processor layer. When your terminal stops authorizing cards at 3 p.m. on a Friday, that's a processor problem regardless of whose logo is on the device. Your processor and your acquirer aren't always the same company. That answers a question most merchants ask. The two roles can be filled by different entities, and frequently are. In some arrangements they're the same parent company under different brand names. In others they're entirely separate firms with a sponsorship contract between them. ISO (Independent Sales Organization) An ISO is a reseller authorized by an acquirer or processor to underwrite, sign, and service merchants in the acquirer's name. The "independent" part of the name is misleading. An ISO isn't independent of the acquirer in any legal or financial sense. It's a contracted distribution channel that operates under the acquirer's sponsorship and shares in the residual revenue from the merchant accounts it brings on. Some ISOs have underwriting authority, meaning they can approve or decline applications themselves within parameters the acquirer sets. Others can only collect applications and pass them up the chain. The bigger the ISO and the longer its track record with a particular acquirer, the more autonomy it usually has. ISOs set their own pricing within minimums the acquirer enforces, choose their own customer service operations, and often contract with their own gateway providers. When a salesperson tells you they "work with" or "represent" a major processor, the legal relationship is almost always ISO-to-processor, not employee-to-processor. Agent The agent is the individual person who sold you the account. Some agents are W-2 employees of an ISO. Most are independent contractors paid on a residual split, meaning they earn a percentage of every transaction you process for as long as the account stays open. An agent generally has no legal authority over your account, no power to change rates without the ISO approving the request, and no balance sheet to absorb a chargeback. The agent's interest is in keeping you signed up. Once the residual flows, the agent gets paid passively. That's why agent turnover is high. A merchant who calls "their rep" two years later often discovers that person no longer exists in the system. Who Actually Holds Your Merchant Account The acquiring bank holds the merchant account. The ISO and the agent appear on your application as the source of the relationship, but the underwritten counterparty on the network side is the acquirer. Your statement will usually list the processor's brand or a DBA the ISO uses. The acquiring bank's name is sometimes printed in small text near the bottom of the statement, often phrased as "[Bank Name], member FDIC, sponsoring bank." This matters in three concrete situations. If your account gets terminated and placed on the MATCH list, that termination is reported by the acquirer and follows you across providers. If a regulator or court sends a subpoena, it goes to the acquirer. If the ISO you signed with goes out of business or sells its book to a different sales group, your account stays where it is because the acquirer never changed. Where Liability Sits at Each Layer Liability flows downhill. The card networks hold the acquirer responsible. The acquirer holds the processor and ISO responsible through their contracts. The ISO holds the merchant responsible through the merchant agreement you signed. In practice, a chargeback you lose comes out of your settlement before the funds reach you, and the acquirer never has to write a check. A network fine for excessive fraud or an integrity program assessment usually passes through to the merchant via a fee on the next statement. If your business closes with an outstanding chargeback liability, the acquirer's recourse runs through the personal guarantee on your application. That's why almost every merchant agreement requires one. The agent has no liability exposure. The ISO has limited liability, capped by the reserves and bonds it posts with the acquirer. The processor's liability is mostly operational, covering outages, mis-routings, and settlement errors. Read your contract for the indemnification clauses. They almost always run one direction. You indemnify them. Who Sets Your Rates and Who Can Change Them Interchange is set by the card networks and changes twice a year, in April and October. Neither the acquirer nor the processor nor the ISO controls interchange. What they control is the markup added on top of interchange. The ISO sets the markup within floors the acquirer and processor enforce. An aggressive ISO can offer lower margins than a conservative one because the ISO chooses how thin to run its own residual. The agent has no authority to set rates, but a good agent can request a rate review from the ISO. Whether that review gets approved depends on your processing volume, your chargeback history, and whether the ISO thinks you'll leave if denied. Your contract spells out which party can adjust rates and under what conditions. Many merchant agreements include a clause allowing the ISO or processor to raise rates at any time with written notice, where continued use of the service counts as acceptance. That isn't a quirk. That's the industry norm. Read the change-in-terms section before you sign. Who Do I Actually Sign With When you sign a merchant application, you're entering a contract with the ISO, with the acquirer's bank named as the sponsoring institution. The agent's name appears on the paperwork as the originating salesperson, but the agent isn't a counterparty. If you ever need to enforce a contract term, your remedy runs against the ISO and, by extension, the acquirer. The processor is a vendor to the acquirer in this arrangement, not a direct party to your contract, even though its brand may appear most prominently on your equipment and statements. How Aggregators Collapse the Stack A payment aggregator, sometimes called a payment facilitator or PayFac, operates differently. The aggregator holds one master merchant account with the acquirer and runs all of its merchants as sub-merchants underneath that account. You don't have your own merchant account. You have a sub-merchant ID inside the aggregator's account. This compresses the chain. The aggregator is functionally your processor and your ISO at the same time. There's no agent in the traditional sense, only a self-service signup flow. The aggregator absorbs underwriting risk for sub-merchants below a certain volume threshold, which is how same-day signup is possible. The trade-off is account stability. Because you're a sub-merchant rather than a directly underwritten merchant, the aggregator can suspend or terminate your account on much shorter notice and with less recourse than a traditional merchant agreement would allow. Funds can be held during a review, with timing rules that vary by aggregator. For a small business with low volume and low risk, the aggregator model is faster and simpler. For a business with higher volume, custom needs, or a chargeback profile that needs explanation, a directly underwritten account through a traditional acquirer-ISO chain typically offers more stability and better effective rates. What to Check Before You Sign Pull up any merchant agreement and look for three things. First, the name of the acquiring bank, usually in the disclosures or the legal entities section. Second, the cancellation and rate-change clauses, which tell you whether you're signing a month-to-month account or a multi-year deal with an early termination fee. Third, the personal guarantee and reserve language, which tell you what the ISO and acquirer can take from you if something goes wrong. The salesperson in front of you isn't the company you're signing with. The brand on the application isn't always the company that holds your account. Knowing which entity does what at each layer of the chain is how you stop being the merchant who finds out the answer at the worst possible moment. For a closer look at specific providers operating across these layers, see the providers in this market on the credit card processing ranking page.