Section B · Technical core

Deep Dive — Partner Orchestration & Vendor Management

The second pillar interviewers probe — PSPs, acquirers, banking partners. How you select them, structure SLAs, route between them, and de-platform when needed.

The partner taxonomy

"Vendor" is a sloppy word in payments. Be specific. Different partner classes do different jobs and have different risk profiles.

Class	What they do	Examples	Switching cost
PSP / Gateway	API layer, tokenization, light orchestration	Stripe, Adyen, Checkout.com	Medium — months
Acquirer	License to accept card volume; settles with networks	Adyen, Worldpay, Stone, EBANX	High — quarters
Banking partner	Holds your fiat float; runs SEPA/FPS/wires	Local correspondent banks, neobanks	Very high — year+
Local rail partner	Licensed connector to UPI/PIX/M-Pesa	Local PSPs (Razorpay, Onepay, Cellulant, Yellow Card adjacent flows)	High — regulator-touched
Card issuer	If you issue cards (e.g. Krak debit), an issuer-processor	Marqeta, Galileo, local equivalents	Very high
Vault provider	PCI-scope reduction; tokenization	VGS, Basis Theory, scheme network tokens	Medium-high
Fraud / risk	Fraud scoring, device intel, KYC checks	Sift, Sardine, Forter, Unit21	Low-medium
Reconciliation / treasury	Automated recon, treasury ops, FX	Trovata, custom internal	Medium

Senior interview habit: when asked about a partner, ask back which class. Different answers, different tradeoffs.

Vendor selection — the RFP

Selecting a partner — especially an acquirer or banking partner — is a structured process. The interview-grade outline:

Define scope — geos, methods, volume forecast, latency targets, integration shape.
Long-list (8-15) → short-list (3-5) based on coverage, scale, reputation, references.
RFP issued — structured questionnaire. Sections: technical, commercial, risk/compliance, operational, references.
Scoring matrix — weighted criteria (coverage 30%, cost 25%, reliability 20%, integration speed 15%, partnership cadence 10% — example).
Live technical due diligence — sandbox testing, security review, SOC 2 / ISO 27001 evidence.
Commercial term sheet — pricing tiers, MSF (merchant service fee) breakdown, settlement terms, MGFs (minimum guarantees).
Compliance/legal review — sanctions exposure, data-processing agreement, DPA, sub-processor list.
Award + integrate.

The senior move

Frame RFPs as "managed multi-partner" not "pick one winner." You'll almost always want at least two viable partners per critical geo for fail-over.

KYB and partner risk profile

You are KYBing your partners as much as they are KYBing you. Diligence on:

Licensing — does the partner actually hold the license they claim? (EMI, MTL, banking license, money services).
Sanctions exposure — beneficial owners, jurisdictional footprint.
Financial soundness — for banking partners, deposit-insurance posture; for PSPs, runway and parentage.
Sub-processors — your partner's downstream chain becomes your data-residency surface.
Incident history — references, public-record outages, fines.
Concentration risk — are they themselves over-dependent on one acquirer or one bank?

The cost stack — interchange, scheme, acquirer, FX

Every successful card txn has a stack of fees. Know each component:

Layer	What it is	Who keeps it
Interchange	Fee from acquirer to issuer; largest single component	Issuer
Scheme fees	Network fee — Visa/MC/Amex	Network
Cross-border fee	Issuer or scheme markup when issuer country ≠ acquirer country	Issuer / network
DCC / FX markup	Currency conversion spread	Whoever runs the conversion (acquirer, scheme, processor)
Acquirer markup	Your acquirer's margin	Acquirer
PSP / gateway fee	Fixed + variable per txn	PSP
Risk / fraud fee	If using a separate fraud vendor	Risk vendor
Chargeback fee	Per-dispute fixed fee	Acquirer / scheme

For a US-issued card paying a UK merchant in USD on Visa, the stack might be ~2-3% all-in. For UPI / PIX the stack is dramatically lower — sub-50bps, sometimes free. Cost-stack literacy is a tell of seriousness.

-- Cost per successful txn, by rail, last 30 days
SELECT
  rail,
  geo,
  COUNT(*) FILTER (WHERE status='approved') AS approved,
  SUM(fee_interchange + fee_scheme + fee_xborder + fee_fx + fee_acquirer + fee_psp)
    FILTER (WHERE status='approved') AS total_cost_cents,
  ROUND(
    SUM(fee_interchange + fee_scheme + fee_xborder + fee_fx + fee_acquirer + fee_psp)
      FILTER (WHERE status='approved') / NULLIF(COUNT(*) FILTER (WHERE status='approved'), 0),
    2
  ) AS cost_per_success_cents
FROM payments
WHERE created_at >= NOW() - INTERVAL '30 days'
GROUP BY rail, geo
ORDER BY rail, geo;

Orchestration patterns — what "payment orchestration" means

Payment orchestration is the abstraction layer above your PSPs. It owns: routing, retries, vaulting, normalization, observability. There are three patterns:

Pattern	What	When it's right
Single PSP	One vendor, one integration	Pre-scale, one geo, time-pressured
Build your own orchestration	Internal layer; you integrate each PSP directly	Scale + control matter; team capacity to maintain
Buy orchestration	Spreedly, Primer, IXOPAY, etc.	Need multi-PSP fast; don't want to own the layer

For a company the company's size, build-your-own is the default, with buy on the margins for specific regions. Be ready to defend either side.

Smart routing & cascading

The two patterns interviewers reach for:

Smart routing

Route each txn to the PSP / acquirer most likely to approve at lowest cost, before first attempt. Inputs:

BIN → guess issuer behaviour and acquirer affinity.
MCC → some acquirers handle quasi-cash better.
Country pair → cross-border vs domestic preference.
Currency / amount → some PSPs have caps.
Historical AAR for this BIN × PSP × hour.

Cascading (fail-over)

On soft decline or system failure, retry the same txn on a different PSP. Rules:

Never cascade on hard decline (scheme violation).
Cap retries (typically 1-2 alternates).
Use the original issuer authentication if you have it (network token avoids re-step-up).
Log every cascade for vendor SLA reporting.

PM nuance

Cascading lifts AAR but raises cost — second attempts have full fees. The right answer is per-segment: cascade aggressively on high-value deposits, less so on small.

SLAs and partner cadence

An SLA matters only if it's measurable and you reference it. Typical PSP SLAs:

Uptime — 99.95% monthly, with credits if missed. Define at API endpoint level, not statuspage.
Latency — p99 auth response in <800ms.
Settlement — funds in your account within T+N.
Support — P1 incident response in <30 minutes, 24/7.
Roadmap commitment — quarterly business review with deliverable list.

Run monthly business reviews. Bring data: AAR by issuer, cost reconciliation deltas, incident report. Treat the partner as an extension of the team.

Multi-PSP architecture in one diagram (words)

Walk this through in a whiteboard round:

Client app → Payments API (your service).
API normalizes request → calls Routing service.
Routing returns ordered PSP list given BIN, MCC, geo, amount, recent history.
API invokes PSP adapter for the chosen PSP (translates internal model → PSP-specific).
PSP responds; adapter normalizes response into shared schema.
On soft decline / timeout, Cascade controller picks next PSP, invokes adapter again.
Successful auth → Vault service stores network token; Event bus publishes payment.authorized.
Settlement service reconciles incoming PSP reports against the auth events daily.
Observability layer tracks AAR per route, latency, cost, attribution.

Off-boarding a partner — when and how

When the partner is the right call:

Material persistent AAR underperformance vs alternatives (corrected for mix).
Repeated SLA misses without remediation.
Compliance/sanctions exposure rising.
Roadmap divergence — they won't ship what your portfolio needs.
Cost no longer competitive after re-RFP.

The how is slow: parallel-run the replacement, shift traffic by % over weeks, retain the outgoing partner as cold fail-over for a quarter, then settle the contract. The senior payments PM is the person who runs this without a customer noticing.