Don’t Lose the Key to Your Data Vault

For payments software platforms, control of transaction data is the key to a smooth M&A process.

Analysts and business leaders have spent the past year scrutinizing the impact of increasingly volatile revenue streams on critical organizational functions. Across industries, this includes variables like employee headcount and retention, physical office requirements, and sales strategies.

While decision-makers have tailored their resources toward addressing these high-profile factors, limited capital is surfacing a new and potentially unexpected consideration in 2024: a mergers and acquisitions (M&A) boom.

But as software-as-a-service (SaaS) organizations turn to M&A strategies for growth opportunities that would be difficult to achieve independently, owning their own data may be the missing piece to a proper valuation.

Why is data ownership so important to potential investors? In an increasingly data-driven world, it makes sense that ownership of organizational data can significantly impact the M&A process. For SaaS players, this means owning data related to payments processing as well as transactional data and other customer-relationship information.

While it may seem like a no-brainer that SaaS companies would own their data, this isn’t always the reality. For example, many organizations partner with a large payments processor (for example, Stripe or PayPal) to offload the bulk of their transactional responsibilities. This approach allows early-stage SaaS companies to focus on other mission-critical work.

But over time, the dynamic poses a threat to organizations that are ready to enter the next stage of business growth.

A Key Factor

Eventually, most SaaS payments companies want to break away from large payments processors. There are a couple of reasons for this. First, they want to maximize revenue earned from handling their own payments processing. Second, they want to increase the appeal of the SaaS side of their business.

However, the large payments processor they’ve historically outsourced to likely owns all card-on-file data, preventing the data’s portability and usefulness. Data portability is a key factor in an organization’s claim to ownership over payments-processing revenue. This means that a lack of data portability downgrades the company’s quality of revenue and its overall valuation.

By contrast, the inclusion of payments revenue would lead to a substantially higher valuation than could be achieved through SaaS revenue alone.

Imagine you’re an investor. You’re interested in acquiring a software company that provides services to gyms. When you inquire about key metrics and ask to review gym membership card-processing data for the past few months, the company’s officers inform you they lack access to this crucial information.

That’s a problem. In many scenarios, this lack of data ownership may ultimately disqualify the company from consideration as part of your acquisition portfolio.

And even if the company remains a part of your potential acquisition pool, you know the upcoming process of helping the gym software break away from its existing large payments processors will be a painful one, characterized by high transfer fees and time-consuming re-onboarding of merchants on your new processing platform.

This is how allowing third-party processors to retain ownership of data poses a significant risk to companies’ valuations. It simply doesn’t make sense to invest in a software company that is unable to access its operational and customer data—one of its most valuable assets.

Tokenization As Strategy

As the need to secure ownership of data increases, a key strategy is emerging to allow organizations to retain ownership of their data. This strategy is characterized by tokenization.

Tokenization is the process of replacing sensitive information found in a company’s systems with one-of-a-kind “tokens.” These tokens represent our personal data during transactions and other types of digital engagements, making this information easily accessible but much less vulnerable to hackers and system breaches.

Even if a bad actor acquires a customer’s token, the tokenization security measure leaves the token unreadable and the customer’s sensitive information untouched.

It’s important to recognize that tokenization is a familiar concept in the relationship between SaaS companies and the large payments processors they work with. Payments processors are often prepared to offer customers free tokenization, or to charge very little for the service.

But while this offering seems like an upfront value-add for customers, it’s also self-serving. Tokenization via a large payments processor can act as a mechanism to lock in companies by making it difficult for them to terminate partnerships.

Let’s revisit the example of our fictional gym-membership software company. If the company listened to your feedback as a potential investor, the leadership team may decide it’s time to cut ties with their payments processor and either switch to a new processor or take the work in-house.

But the choice is not that simple. The existing processor agreement may preclude this kind of change. Or the processor could charge a significant fee to convert token data off their platform, dragging out the process in terms of both time and money.

Either outcome negatively impacts the strategic value of acquiring the company and leaves you, the investor, more aware of the risks involved. You may pass on the transaction altogether in favor of a deal for a similar company that already owns its own data. Or you may attach a lower multiple to the payments revenue included in the valuation as a reflection of the risks posed to you as the investor.

Let’s be clear, though: Tokenization is the right idea. However, the key is to separate the tokenization process from these large payments processors.

Critical Access

While large payments companies could easily share tokens with their customers, many choose not to, instead using this critical financial information as a means to bind customers to their services. This unwillingness to share transactional data significantly raises the costs associated with switching to another provider and deters customers from leaving due to the high operational burden of doing so.

But the data at stake is too important to let go so freely. SaaS companies should start by demanding tokenization portability—and then, rather than rely on a large payments processor for tokenization, migrate to a third-party tokenization provider when the opportunity allows. A third-party partnership offers:

• The ability to easily detokenize data and quickly share access to transactional information;
• The opportunity to develop multiple payments- processing relationships at once and maximize the strategic options each vendor provides, uniquely routing transactions to the processor of choice;
• The synergy required to appeal to potential investors and/or acquirers, with reliable data portability showcasing
  greater value, flexibility, and strategic options;
• The control over components of tokens required for sharing, which reduces cross-partner and cross-organizational risks.

Some SaaS companies will reject the notion of controlling their own transactional data. They would rather avoid touching card data due to complex PCI compliance rules, security requirements, and other privacy regulations and concerns.

However, there’s a big difference between the ability to easily access card and merchant data when required, and having your system and teams touch this data on a regular basis.

This access factor is most critical in the M&A arena. With a leading third-party tokenization vendor, SaaS companies can be assured their card and merchant data remains protected and stored for them, without the need to access detokenized data until an opportunity demands it — whether it’s to migrate to another processor or to share business insights with a potential investor.

Stronger Options

Regardless of whether your organization is nearing an acquisition in 2024, don’t lower your company’s valuation by leaving a key asset — your data — off limits.

When it comes to any potential M&A, companies that own their own data are more attractive to investors, and independent tokenization is a critical step in ensuring a proper valuation.

In a sale scenario, the final price tag boils down to revenue times a multiplier. If your company lacks data portability, your revenue valuation decreases and you’re forced into discounted multiples.

Conversely, SaaS leaders that have architectured easy and reliable access to merchant and card data can tap into stronger investment options and avoid having their valuation lowered due to perceived risks—or, worse, losing the offer altogether.

—Ruston Miles is founder and strategic advisor at Bluefin.