What's the most overlooked item when evaluating iGaming payment providers?

Player session ownership. Many hosted cashiers count the player session as the vendor's, which limits what the operator can build on top — A/B testing, custom fraud rules, advanced analytics. Operators discover this 6 months in when they want to layer something on. Always ask explicitly.

Should the evaluation include payment ops staffing requirements?

Yes. A pure orchestrator gives you maximum flexibility but assumes you have a payments analyst monitoring routing, decline patterns, and PSP performance. A hosted cashier hides this work but charges for it via lower flexibility. The right pick depends on whether you have, or plan to have, the staffing.

How long should an evaluation realistically take?

For a major switch (replacing the cashier or main gateway): 8-14 weeks from kickoff to signed contract. Includes 4 weeks of vendor demos, 2-4 weeks of reference calls and pilots, and 2-4 weeks of legal and procurement. Compressing this is how operators end up with a 3-year regret.

Can a single vendor cover all 47 checklist items?

No vendor scores 47/47. Strong candidates score 35-40+ and have an honest answer for every gap. Vendors who claim 47/47 without any context are mis-pitching, intentionally or not — and will be the same ones who renegotiate aggressively at year 2.

What if the existing provider scores well on the checklist?

Then either the evaluation has confirmed the existing provider is the right fit (don't switch for the sake of switching) or the checklist is missing the operator-specific reason the conversation started. Re-derive the reason — usually it's a single concrete failure (decline-rate plateau, slow PSP-add cycle, brand-control limitation) that the checklist needs to weight more heavily.

iGaming Payment Provider Evaluation: Operator Checklist

A 47-point checklist for licensed iGaming operators evaluating payment providers in 2026 — spanning licensing, conversion, integration, fraud, and commercials.

This is the checklist we’d run if we were operators evaluating payment providers for an iGaming brand in 2026 — so really, what we did run when we were operators ourselves. 47 items across six sections: licensing, conversion, integration, fraud + KYC, commercials, and operator experience.

Use it as an evaluation template, not a tick-box exercise. Some items are dealbreakers (license coverage, settlement timing); others are nice-to-haves where flexibility and partnership matter more than a hard yes.

How to use this

For each candidate vendor, score each item:

Pass — the vendor meets your requirement clearly.
Conditional — the vendor meets it with caveats; capture the caveats.
Fail — the vendor doesn’t meet it.
N/A — the item doesn’t apply to your context.

A strong fit is 35-40+ Passes with no critical Fails (items 1-4, 14, 30 are the typical critical ones for licensed operators). Below 30 means the vendor is likely a poor fit even if they’re showing well on the surface.

Section 1 — Licensing and compliance (items 1-8)

These are mostly hard requirements. Failures here are dealbreakers.

License coverage. Vendor explicitly serves operators with the licenses you hold (MGA, UKGC, AGCO, Curaçao, etc.).
Geographic coverage. Vendor processes in every geography your traffic comes from, or commits to a roadmap.
AML / KYC alignment. Vendor’s KYC standards are aligned to your jurisdictional requirements (FATF, 5AMLD, jurisdictional source-of-funds thresholds).
PCI DSS Level 1 certification. Required for any vendor processing card data on your behalf.
GDPR / data residency. Vendor stores player data in the region your license requires (most EU licenses require EEA residency).
Sanctioned-jurisdictions handling. Vendor blocks or flags transactions from OFAC, EU, and UK sanctions lists.
Regulatory change handling. Vendor commits to compliance with new rules within X weeks (e.g. UK affordability checks, Italian deposit limits).
Audit cooperation. Vendor will produce SOC 2 reports, PCI ROC, and license audit responses on reasonable request.

Section 2 — Player conversion (items 9-16)

The commercial heart of the evaluation. Items here directly affect revenue.

Average approval rate on your transaction profile, with historical benchmarks. Below ~80% on cards in iGaming is a yellow flag.
Decline-recovery delta — how much approval-rate lift the retry/smart-routing logic delivers vs no-retry. Typically 4-12%.
Apple Pay / Google Pay coverage — table stakes in 2026 for mobile-first operators.
Pay-by-bank coverage in your jurisdictions (Trustly, Volt, TrueLayer, Pix, etc.).
Localised payment-method ranking. Cashier shows the right payment methods first for each player based on geography and history.
Brand control of the cashier UI. Cashier renders inside the operator brand without iframe seams or vendor watermarks.
Mobile UX on iOS Safari — the highest-traffic-share browser in EU iGaming. Specifically: no scroll-jank, no autocomplete failures, no Apple Pay sheet bugs.
Personalised deposit defaults. Cashier remembers each player’s typical deposit amount, preferred method, and time-of-day pattern.

Section 3 — Integration and engineering (items 17-26)

Where weeks of project time live or die.

Integration model — REST API, web component, SDK, or hosted iframe. Web component / SDK is the modern default.
Time to first deposit in a non-production environment, on a clean stack. Realistic answer: 2-4 weeks for a competent team.
CSS variable inheritance — does the cashier inherit your design tokens, or hardcode its own?
Event hooks for analytics, A/B testing, error monitoring (Datadog, Sentry, Segment, Mixpanel, GA4).
Sandbox quality — does the vendor’s test environment behave like production, including edge cases (3DS challenges, retries, partial failures)?
Documentation quality. Code samples, error catalogue, runtime invariants, breaking-change history.
Versioning policy. SemVer, deprecation windows, support for older versions during migration.
Multi-region deployment. Cashier hosted in your geo, low TTFB, edge cache friendly.
Web Component or vanilla JS distribution. Avoid vendors who require a specific framework (Angular, Vue) — that’s a 5-year commitment.
Open-source visibility. Either OSS or comprehensive published changelogs. Black-box products are higher risk.

Section 4 — Fraud, KYC, and risk (items 27-33)

iGaming-specific risk signals.

Device fingerprinting — coverage across iOS, Android, desktop, including Safari ITP-resistant.
Velocity controls — configurable rules for transactions/hour, deposits/day, max-per-card.
Multi-account detection — detection of one player operating multiple accounts.
In-flow KYC — KYC steps surfaced inside the cashier, not redirected out. Critical for European compliance UX.
Affordability checks — UK / EU regulators expect operators to assess affordability at deposit time. Vendor supports this hook.
Chargeback management workflow — tooling to respond, evidence, and dispute.
Third-party fraud-tool integrations — Sift, Featurespace, Forter, Riskified, Sardine.

Section 5 — Commercials (items 34-40)

The terms of the deal beyond the price tag.

Pricing model — fixed-fee per cashier-rendered session, % of volume, or hybrid. Volume-based aligns vendor incentives with yours.
Tier breakpoints — at least three volume tiers documented up-front.
Implementation fee — zero or refundable on launch is the right answer.
Termination clause — 60-day notice on a 12-month contract is standard. Anything longer needs justification.
Auto-renewal terms — month-to-month after initial term, not 12-month auto-renewals.
Liability cap — cap should be at least 12× monthly fees, ideally with carve-outs for vendor breach of data-protection obligations.
MFN / pricing fairness clause — vendor commits not to charge you more than reference-class operators of similar size.

Section 6 — Operator experience (items 41-47)

Long-term partnership criteria. Often the deciding factor between two vendors who score similarly on items 1-40.

Named technical contact — a specific engineer or solutions architect, not a faceless support inbox.
Roadmap influence — operator can submit feature requests with realistic chance of being prioritised.
Quarterly business reviews — vendor proactively reviews your conversion, decline patterns, and roadmap fit.
Status page and incident transparency — public status page, post-mortem culture, no surprise outages.
Migration support — vendor will help you onboard from your current provider, not just go-live.
Off-boarding support — vendor will help you migrate off if it ever comes to that. This is a culture signal, not a contract signal.
Operator references at your size and geography — at least three references the vendor will hand over without filtering.

Common red flags during the evaluation

Beyond individual checklist items, these patterns signal a vendor unlikely to last past year 2:

The same person owns sales, technical demos, and contract negotiation. Suggests a small team with no separation of concerns.
Demo scripts can’t deviate from the canned flow when you ask “what happens if X?”
Reference customers are all under 12 months old. Suggests retention is weak past the first year.
Roadmap items the vendor promised in pre-sales don’t appear on the contract or SOW.
Sales team can’t articulate the trade-off in their product. A vendor who says “we have no trade-offs” is either lying or doesn’t understand what they sell.

What to do with the checklist output

Compile the per-vendor scoring into a single summary table for the buying committee. Then do these three things:

Share the methodology with the vendors. Don’t share the scores. Tell them the dimensions you’re evaluating on so they can clarify any item where the answer is “yes but only with a caveat”.
Cross-check with two reference customers per shortlisted vendor. Specifically validate items 14, 18, 30, 41, and 46 — these are the ones vendors are most likely to over-claim.
Walk through the top 2 with your engineering and payment-ops leads. They’ll catch operator-impact issues that pure procurement scoring misses.

And then the boring step that catches most regrets

After signing, document the original evaluation. We’ve seen operators sign a vendor based on a strong scorecard, then 18 months later forget what was promised vs delivered. The evaluation document is what you bring to the year-2 renewal conversation.

For the longer-form decision-making frameworks, see our payment orchestration RFP template and our iGaming Payment Solutions Comparison. And if your evaluation is mid-process and you’d like an outside view, we’d love to talk — we’re operators ourselves, so we tend to spot the gaps that pure-vendor sales conversations smooth over.