How Stripe Payment Killed the Merchant Account

Stripe eliminated the individual merchant account requirement by operating as a Payment Facilitator (PayFac), aggregating its customers as sub-merchants under a master Merchant Identification Number held with acquiring banks like Wells Fargo. Founded by Patrick and John Collison in 2010, initially as /dev/payments, the platform compressed weeks of bank underwriting into a single developer API integration. By fiscal year 2025, Stripe processed $1.9 trillion in total payment volume, representing approximately 1.6% of global GDP, according to Stripe's 2025 annual letter.

Table of Contents

1. Key Takeaways
2. Introduction
3. Before Stripe
4. The PayFac Model
5. Stripe Checkout's Three Architectural Phases
6. By the Numbers
7. Honest Tradeoffs
8. FAQ

---

Key Takeaways

• Before Stripe, card acceptance required three separately contracted infrastructure layers, and the story of why that broke down explains much of what drove the modern developer-tool economy that followed.
• Stripe's Payment Facilitator model absorbed the compliance burden that used to block founders from shipping, but that same aggregator architecture embeds structural risks most onboarding flows do not mention upfront.
• Stripe's December 2025 Metronome acquisition and the co-development of the Agentic Commerce Protocol with OpenAI reveal where payment infrastructure is heading next, and why usage-based billing is now the platform's largest architectural bet.

---

Introduction

Getting paid online, before 2011, was a project in itself. Solo founders and small development teams faced a three-layer compliance stack: a payment gateway, a payment processor, and an acquiring bank, each contracted separately, each requiring its own underwriting process. Manual compliance audits, merchant category code classifications, and XML APIs that read like they were drafted by a banking committee made the whole exercise feel like applying for a loan to be allowed to accept a loan.

Stripe compressed that timeline to a single afternoon. But understanding why the stripe payment shift happened, and what it actually costs beyond the transaction fee, requires tracing what the platform replaced, how its checkout architecture evolved through three structurally distinct phases, and where the risks in its aggregator model concentrate when things go wrong. This article covers all of it, from the first $40 test charge in 2009 through the agentic commerce protocols that shipped in late 2025.

---

Before Stripe: What Accepting Online Payments Actually Required

Before Stripe, accepting card payments online meant assembling three separately contracted layers: a payment gateway, a payment processor, and an acquiring bank, each with its own underwriting, compliance requirements, and setup fees before a single transaction could clear.

The gateway, dominated at the time by Authorize.Net, handled encrypted data transmission between the merchant's server and the card networks. But a gateway alone authorized nothing. Every merchant also needed an individual Merchant Identification Number (MID), a 15-digit identifier issued by an acquiring bank that told the card networks where to route captured funds. Obtaining a MID meant manual underwriting: financial disclosures, merchant category code assignments, signed multi-year contracts, and setup fees that could run several hundred dollars before a product ever shipped.

The ISO model sat in the middle of all of this. Independent Sales Organizations acted as brokers between businesses and acquiring banks, and they sold long-term contracts to non-technical procurement officers based on marginal fee negotiations. Engineering teams were handed poorly documented SOAP or XML APIs after the contract was signed and told to make it work.

The cost structure reflected the complexity:

• $25.00 monthly gateway fee (Authorize.Net base rate)
• Approximately $0.10 per-transaction gateway charge
• Variable interchange rate set by Visa or Mastercard
• Custom processor markup negotiated separately with the acquiring bank
• A $0.10 daily batch settlement fee per batch closed

For a solo founder shipping a first product, the problem was not purely financial. It was structural. A developer who could build a functional web application over a weekend could not clear the banking underwriting stack in under a month. The entire commercial layer of the internet was gated behind an institutional process designed for brick-and-mortar merchants with physical storefronts.

---

The PayFac Model: How Stripe Rewired the Transaction Stack

What Stripe changed was not the underlying card network infrastructure but who bears the compliance burden. By registering as a Payment Facilitator with acquiring banks, taking on master merchant liability, and onboarding its users as sub-merchants under its own MID, Stripe made itself legally responsible for what had previously been the merchant's problem.

Patrick and John Collison, who had previously built Shuppa (an eBay inventory management tool that received initial Y Combinator backing), founded /dev/payments in 2009 after experiencing the merchant account wall firsthand. Their minimum viable product processed its first charge, a $40.00 transaction executed by Ross Boucher of 280 North, within two weeks of launch, according to company historical accounts. A corporate registry conflict prevented the leading slash in the name, and the entity was renamed Stripe.

The funding arc was tight and fast: a $20,000 seed from Y Combinator, followed by a $2 million round in 2011 from Peter Thiel and Y Combinator. Stripe achieved unicorn status in 2014 after a $70 million Series C valued the company at $1.75 billion. The early acquiring partnership with Wells Fargo provided the master MID that made the PayFac model legally functional from day one.

What the "seven lines of code" marketing captured, even if technically simplified according to subsequent company disclosures, was something genuinely true about the experience: the stripe payment integration was faster than anything the payments industry had previously offered. Developers could stand up a working checkout on a Saturday, without a phone call to a bank or an ISO. That speed created a bottom-up adoption loop that completely bypassed procurement departments and eventually reached enterprise scale. The first ten years of Stripe's payments API document exactly how that simplicity was built into every layer of the developer interface.

The same dynamic was reshaping adjacent categories at the same moment. Shopify was doing it for e-commerce storefronts, Zapier was doing it for workflow automation, and Bubble was doing it for application development. In each case, institutional complexity was being abstracted into an API that a solo developer could evaluate on a free trial, without talking to a salesperson. The developer became the procurement officer, and the products that respected that reality won.

---

Stripe Checkout's Three Architectural Phases

Stripe Checkout evolved through three architecturally distinct phases between 2011 and 2025, each one forced by a different technical or regulatory constraint rather than a voluntary product redesign.

The shift to the hosted checkout phase is where most people underestimate how much the underlying mechanics changed. The September 14, 2019 PSD2 Strong Customer Authentication (SCA) regulations mandated multi-factor authentication, specifically 3D Secure 2, for European card transactions. Static, synchronous payment tokens, the foundation of the first two phases, became legally insufficient overnight for any merchant with European customers.

Stripe deprecated the Charges API and replaced it with the PaymentIntents API, a state machine that tracks a payment's full lifecycle from initialization through settlement. Unlike the old synchronous round-trip, a transaction can now pause mid-flow: the card issuer triggers a 3D Secure redirect, waits for the customer to authenticate via their banking app, and then resumes. Stripe's Radar fraud models score the transaction in parallel, and fulfillment is confirmed through a charge.succeeded webhook rather than a synchronous server response.

The modern stripe payment checkout sequence, as detailed in Stripe's checkout documentation, runs like this:

1. The merchant server creates a Checkout Session via POST to Stripe's API and receives a hosted URL
2. The customer is redirected to a Stripe-hosted payment page or custom subdomain
3. Stripe handles card capture, real-time Radar fraud scoring, and any 3D Secure redirects
4. The completed transaction fires a webhook to the merchant server to trigger order fulfillment

This shift is not purely cosmetic. Moving card capture onto Stripe's hosted infrastructure transferred the PCI-DSS compliance surface almost entirely onto Stripe's domain. That is genuinely valuable for a small team.

It is also one of the structural reasons migrating away from Stripe later is significantly harder than it looks: payment credentials stored inside Stripe's vault cannot be freely exported to a competing processor under PCI rules, which creates a meaningful switching cost that compounds as a customer base grows.

---

By the Numbers: Scale, Market Share, and Revenue

Stripe's payment infrastructure has scaled into genuinely global economic territory, processing volumes that position it alongside established card networks, with a private valuation and free cash flow profile that rivals publicly traded fintech peers.

According to Stripe's 2025 annual letter, the platform processed $1.4 trillion in total payment volume (TPV) in fiscal year 2024, representing 38% year-over-year growth. That figure grew a further 34% to $1.9 trillion in fiscal year 2025. Net revenue reached $5.1 billion in 2024 (a 28% year-over-year increase), and the company generated $2.2 billion in free cash flow. As of February 2025, Stripe held a private valuation of $91.5 billion, according to the same annual letter.

According to Chargebacks 911, Stripe processes transactions for approximately 1.35 million active live websites globally. According to the company's own data, 80% of the largest US software companies were using Stripe as of 2024. The platform supports over 135 currencies across 50 countries.

PayPal's revenue figure includes consumer financial services, currency conversion, and credit products, making it a materially different business than Stripe at the revenue line. The volume comparison is the more meaningful signal.

The most significant near-term strategic move is Stripe's December 2025 agreement to acquire Metronome, a usage-based billing engine that serves OpenAI, Anthropic, Databricks, and Nvidia, for a reported $1 billion, according to This Week in Fintech. The deal closed in January 2026. According to Lago's published analysis, Stripe's existing Billing product was architected for standard monthly subscriptions and lacked native support for high-throughput, event-first billing models such as API token consumption, GPU-seconds, or custom database read events. Metronome's Kafka and Redis-based streaming infrastructure resolves that architectural gap directly.

Alongside Metronome, Stripe co-developed the Agentic Commerce Protocol (ACP) with OpenAI and Meta, released in September 2025, creating a standardized schema that allows AI agents to execute checkouts on behalf of users using Shared Payment Tokens, without exposing raw card credentials to the merchant. Salesforce announced native integration with ACP through its Agentforce Commerce platform in late 2025.

---

Honest Tradeoffs: What the Stripe Story Skips Over

The aggregator model's structural risks concentrate around three areas: automated account termination, non-refundable processing fees on refunds, and flat-rate pricing that erodes margins at high transaction volumes.

The account stability issue is the most consequential for founders building payment-dependent businesses. Because Stripe holds the master MID and bears liability to Visa and Mastercard for every sub-merchant on its platform, it uses automated risk-scoring to protect its clearing relationships, with internal chargeback thresholds set at approximately 0.75%, below Visa's 0.9% or Mastercard's 1.5% published limits. A sudden transaction volume spike, including one caused by a viral product launch, can trigger an automated account hold with no human review and no advance notice. Funds are typically held for 90 to 120 days, and occasionally up to 180 days for higher-risk categories, according to SecureGlobalPay.

The downstream consequence of a termination is severe and underappreciated. If Stripe closes a merchant account for suspected fraud or card brand rule violations, regulatory compliance requires Stripe to file a report with Mastercard's MATCH database (formerly the Terminated Merchant File). The MATCH list is the payments industry's permanent record: there is no appeals process, no early dismissal, just five years of being told no by every processor you approach. Records can only be removed by the processor that filed the entry, typically only in documented cases of clerical error.

The refund fee policy is a quieter cost center. Since September 14, 2017 for new accounts, and September 1, 2020 for legacy accounts (a rollout delayed during the COVID-19 pandemic), Stripe retains its processing fee when a merchant issues a customer refund. A $100 refund costs the merchant the full $100 return to the customer, plus the original $2.90 processing fee that Stripe keeps. For e-commerce businesses with return rates above 15%, that cost compounds fast: a $1,000 return results in a $29.30 loss for the merchant under the current model, according to Chargeblast.

The flat-rate pricing structure is the third limitation, and it's the one most founders rationalize away too early. Stripe's 2.9% + $0.30 per domestic transaction is competitive and predictable at lower volumes. At roughly $10 million in annual transaction volume, interchange-plus pricing through a direct merchant account typically yields lower effective rates. Enterprises large enough to qualify for direct acquirer relationships with Adyen can achieve significant savings by exiting the aggregator model entirely, at the cost of meaningful engineering effort.

I find the tradeoff worth naming plainly: the stripe payment infrastructure is the right default for most early-stage software teams. The product ecosystem, documentation quality, and setup speed are class-leading. What changes is whether the choice is still right at $5 million in annual volume, at $20 million, and at $50 million. For founders thinking seriously about which no-code and API-first tools to build on long-term, and how browser-based infrastructure shapes those decisions, the lock-in question is the same across categories: the tool that gets you started fastest is not always the tool that serves you best when volume arrives.

Start exploring launch-ready no-code templates here!

---

FAQ

What is a Payment Facilitator and how is Stripe different from a traditional merchant account?

A Payment Facilitator aggregates customers as sub-merchants under its own master merchant account, absorbing underwriting and compliance duties on their behalf. A traditional merchant account gives each business a direct banking relationship and its own dedicated MID. Stripe's model eliminates months of onboarding but trades account portability for risk thresholds the merchant does not control.

How does Stripe Checkout handle 3D Secure authentication for European transactions?

When a card issuer or PSD2 Strong Customer Authentication mandate requires multi-factor verification, Stripe's PaymentIntents API pauses the transaction and redirects the customer to their banking app for identity confirmation. Once authentication resolves, Stripe routes the authorization to the card network and confirms the result via a charge.succeeded webhook, rather than a synchronous server response.

Is Stripe suitable for high-risk business categories?

Generally no. Stripe's automated risk-scoring applies internal chargeback thresholds below those published by Visa or Mastercard, making it poorly suited to adult entertainment, travel, gaming, and crypto-adjacent businesses. These categories face an elevated probability of automated holds or termination and are better served by processors purpose-built for high-risk verticals.

How does Stripe's flat-rate pricing compare to Authorize.Net for high-volume retailers?

At lower volumes, Stripe's 2.9% + $0.30 per transaction is more predictable than Authorize.Net's $25 monthly fee plus variable interchange-plus rates and processor markup. Above roughly $10 million in annual volume, interchange-plus pricing through a direct merchant account typically produces a lower effective rate, making Stripe's flat-rate model comparatively expensive for high-volume, low-margin retail.

What happens when Stripe freezes or terminates a merchant account?

Stripe's automated risk systems can freeze payouts without notice, typically holding funds for 90 to 120 days while chargeback exposure clears. A formal termination triggers a mandatory MATCH database filing, an industry-wide blacklist retained for five years that blocks most alternative processor applications and can only be removed by the filing processor in documented cases of clerical error.