The payment architecture for BeyondWallsPay was designed from the very beginning of this engagement with a clear understanding of how the correctional payment landscape works. The Stripe Treasury + Issuing structure, the agent-of-MSB compliance model, and the phased approach to facility relationships — all of this was built into the platform from Day 1 for specific reasons that this document now lays out in full detail.
As we have gone deeper into this build — across hundreds of hours of research, vendor analysis, regulatory review, and market mapping — we have found alternate paths that strengthen the original strategy and accelerate the timeline. The county-level aggregator approach, the AISCO citation dominance engine, and the preferred provider referral model are all evolutions that emerged from the depth of research this engagement has produced. None of them contradict the original architecture. They enhance it.
This document consolidates everything we know about the correctional payment vendor landscape into one place. Every vendor API partner in this space was researched. Every terms of service was reviewed. Every card network registry was checked. Every partner directory was verified. This was compiled across five frontier AI models utilizing Pulse, direct source verification against CFPB enforcement records, Visa and Mastercard card network rules, federal and state regulatory requirements, and investigative industry reporting — supported by nearly three decades of direct experience in the payments and software infrastructure industry.
The purpose is straightforward: to document exactly what is required to process payments in correctional facilities, which vendors control the market, what access they do and do not grant, and why the phased approach this platform follows is the correct path forward. There are no shortcuts in this market. But there are smarter paths — and the research has uncovered several that get BeyondWallsPay where it needs to go faster and with less risk than any alternative approach.
The payment architecture for this platform was discussed and decided at the very beginning of this engagement. We are aware that a conversation regarding a potential PayFac relationship with an outside party took place early on — prior to TFSF's involvement — and that this relationship may have resurfaced recently as a potential alternative path.
Before re-engaging with or committing resources to any outside payment facilitator, we would strongly recommend conducting standard due diligence on that entity. Specifically: verify whether they appear on the Visa Global Registry of Service Providers (visa.com/splisting), the Mastercard Registered Payment Facilitators list, and the PCI Security Standards Council validated entity listings. Confirm that their website displays a sponsoring acquiring bank, a Visa PFID, a Mastercard PayFac ID, and a current PCI DSS Attestation of Compliance with an audit date. These are not optional credentials — they are conditions of operation under current card network rules for any entity representing itself as a payment facilitator in 2026. A ten-minute check against these public registries will confirm whether the entity is what it claims to be.
That is a separate matter and not the focus of this document. What matters here is this: the original architecture was correct, the phased approach remains the right strategy, and the depth of research conducted since then has only reinforced that position while uncovering additional paths that accelerate the timeline. This document lays out the full vendor landscape, the regulatory requirements, and the methodology — so that every decision going forward is grounded in verified facts.
Even if a fully legitimate, registered, PCI-compliant, card-network-approved Payment Facilitator were engaged — a PayFac registration by itself does not grant the ability to process correctional facility payments. The missing piece is always the same: money transmitter licensing, government procurement contracts, and specialized compliance infrastructure that sit entirely outside the PayFac framework. A PayFac with its own MTLs in every state, a sponsor bank willing to underwrite the correctional vertical, and direct government contracts with individual facilities could theoretically operate in this space — but that entity would no longer be functioning as a standard PayFac. It would be a fully licensed correctional payment processor, which is a fundamentally different business requiring years of investment and tens of millions in capital. Here is why:
Moving funds into an inmate trust or commissary account is a money transmission activity under federal and state law. The companies that dominate this space — JPay (Securus/Aventiv), ViaPath (GTL), and Access Corrections — all hold money transmitter licenses in every state where they operate. A standard PayFac aggregates sub-merchants under merchant processing agreements. It does not hold MTLs. Without MTLs, a PayFac cannot legally transmit funds to inmate accounts. Period.
A PayFac onboards sub-merchants through standard merchant agreements. Correctional facilities — whether state DOCs, county jails, or federal BOP — procure services through government RFP/RFQ processes, formal procurement contracts, and inter-agency agreements. These are fundamentally different legal instruments than a PayFac sub-merchant agreement. Every major correctional payment provider enters into formal government contracts with each individual facility it serves.
A PayFac operates under a sponsoring acquiring bank that bears ultimate liability for the PayFac's entire sub-merchant portfolio. Correctional facility payments combine government contracting requirements, money transmission obligations, heightened BSA/AML risk, complex chargeback scenarios (inmate transfers, account closures, restitution holds), and significant reputational exposure. No standard acquiring bank sponsoring a PayFac for retail or home services would extend that sponsorship to correctional facility payment processing without a fundamentally different risk assessment, capitalization requirement, and compliance framework. The sponsor bank's own MTL obligations come into play — if the bank doesn't hold the corresponding MTLs for correctional money transmission, the PayFac can't operate in those states regardless of its own registration status.
Visa's Integrity Risk Program (VIRP) and Mastercard's compliance frameworks impose tiered scrutiny on high-risk and government-adjacent merchant categories. Government services, money transmission, and fund transfers to third-party accounts all trigger enhanced requirements. A PayFac's sponsoring bank would need to approve each correctional facility sub-merchant individually, requiring the PayFac to demonstrate compliance infrastructure for correctional-specific risks — including BSA/AML monitoring, OFAC screening, and restitution hold processing.
The movement of funds through inmate accounts carries elevated money laundering risk. Correctional payment providers must maintain robust suspicious activity monitoring and SAR filing capabilities specifically calibrated to detect patterns of illicit fund movement through inmate accounts. This requires specialized compliance infrastructure, trained personnel, and direct relationships with facility security teams. Standard PayFacs do not build or maintain this capability.
Stripe's Prohibited and Restricted Businesses list includes "No-value-added services, including the sale or resale of a service without added benefit to the buyer and resale of government offerings without authorisation or added value." Stripe also specifically prohibits bail bond services. Any PayFac claiming to use Stripe as its payment processor would face Stripe's own restricted categories for correctional facility payment processing without explicit prior approval — approval that would require demonstrating licensing and compliance infrastructure that no standard PayFac maintains.
For reference, the following is what any company operating as a Payment Facilitator in the United States in 2026 must have under Visa, Mastercard, federal, and state requirements:
| # | Requirement | Needed for Correctional? |
|---|---|---|
| 1 | Sponsoring acquiring bank identified by name | YES — and bank must approve correctional use |
| 2 | Visa Payment Facilitator ID (PFID) — registered | YES |
| 3 | Mastercard Payment Facilitator ID — registered | YES |
| 4 | Listed on Visa Global Registry of Service Providers | YES |
| 5 | Listed on Mastercard Registered Payment Facilitators | YES |
| 6 | PCI DSS Level 1 Service Provider certification (annual QSA audit) | YES |
| 7 | PCI DSS Attestation of Compliance (AOC) | YES |
| 8 | KYC / AML compliance program documented | YES |
| 9 | State Money Transmitter Licenses (49+ states) | YES — critical for correctional |
| 10 | FinCEN Money Services Business (MSB) registration | YES |
| 11 | BSA/AML monitoring + SAR filing capability | YES — enhanced for correctional |
| 12 | OFAC sanctions screening | YES — mandatory for inmate accounts |
| 13 | Government procurement contract capability | YES — not a merchant agreement |
| 14 | Restitution hold and court-ordered deduction processing | YES — correctional-specific |
| 15 | Sponsor bank approval for correctional vertical specifically | YES — separate underwriting |
Becoming a registered PayFac typically requires $500,000–$5,000,000 in upfront capital, 12–18 months of preparation, Visa and Mastercard registration fees of approximately $75,000–$100,000 per network annually, a sponsoring acquiring bank relationship, and Level 1 PCI DSS certification. There are only approximately 248 registered PayFacs in all of North America on Mastercard's list. Adding correctional-specific capabilities (MTLs, government procurement, BSA/AML for inmate accounts, restitution processing) adds 12+ additional months and significant capital requirements on top of that.
There is no pathway by which a standard PayFac — even a fully legitimate one — can process payments for correctional facilities without money transmitter licenses in every applicable state, government procurement contracts with individual facilities, specialized BSA/AML compliance infrastructure, OFAC screening, restitution processing capability, and explicit approval from its sponsoring bank and the card networks.
The specialized companies that actually serve this market (JPay, ViaPath, Access Corrections) have invested years and tens of millions of dollars building the required licensing, compliance, and technology infrastructure. The suggestion that any company without this infrastructure could serve as payment processing for correctional facilities in 90 days would require a fundamentally different timeline, capital structure, and compliance framework than what has been represented. The regulatory requirements are well-documented and non-negotiable.
Any entity representing otherwise should be asked to provide documentation demonstrating the licensing, compliance infrastructure, and facility contracts required to support that claim.
Across the entire U.S. county jail market (~3,100 facilities per Bureau of Justice Statistics / American Jail Association), there are approximately 25–35 distinct vendors operating payment portals, commissary deposits, or related inmate financial services. The vast majority of contracts are held by 4–5 companies through bundled exclusive deals. A PayFac structure does not solve a single one of these vendor relationships — it only creates the ability to collect money from families, which Stripe already does.
These companies dominate because they bundle phone, tablets, video, messaging, money transfers, commissary, and banking into a single exclusive contract. Facilities sign one deal and get locked in for 5–10 years. Together, GTL/ViaPath and Securus/JPay control approximately 80% of the market and have been documented offering signing bonuses as large as $1.5 million for 7-year exclusive contracts.
| Company | Services Bundled | Est. Market Share | API Access |
|---|---|---|---|
| GTL / ViaPath / ConnectNetwork / TouchPay | Phone, video, tablets, messaging, payments (TouchPay), facility management | ~50% | CLOSED |
| Securus / JPay / Aventiv Technologies | Phone, video, tablets, messaging, payments (JPay), monitoring, music/entertainment | ~20–30% | CLOSED |
| ICSolutions (Keefe Group subsidiary) | Phone, payment services. Heavy in Texas and Southwest counties. | ~5% | CLOSED |
| Smart Communications | Tablets, messaging, payments. Growing player focused on newer tech. | ~3% | CLOSED |
| Tier 1 combined — bundled exclusive contracts | ~80–85% | 0 of 4 accessible | |
A PayFac does not unlock any of these. These companies own the facility relationship through multi-year exclusive contracts with signing bonuses. They will not grant API access to a third party because doing so would cannibalize their own payment revenue. A PayFac gives you the ability to collect money — it does NOT give you the ability to deposit it through any of these systems.
These companies have carved out county-by-county contracts in specific regions. They are the most fragmented part of the market and the most realistic targets for BWP's Phase 2 direct replacement strategy.
| Company | What They Do | Region / Notes | API Access |
|---|---|---|---|
| Access Corrections (Keefe Group) | Standalone money transfers, wide county reach | National — most widespread standalone deposit vendor | CLOSED |
| JailATM (Tech Friends Inc.) | Deposits, messaging, care packages | Arkansas-based, scattered county contracts | CLOSED |
| eXpressAccount / Canteen Services | Commissary + deposits | Midwest heavy | CLOSED |
| CorrectPay | Deposits, video visits, messaging | Regional, some state DOC contracts (Kentucky) | CLOSED |
| Tiger Commissary | Commissary sales + deposit processing | South / Midwest | CLOSED |
| CTC Commissary | Regional commissary + payments | Louisiana | CLOSED |
| City Tele Coin (Citi Tele Coin) | Phone + payments | Louisiana / South | CLOSED |
| Keefe Commissary Network | Commissary products + care packages | National — 650,000+ inmates served | CLOSED |
| Trinity Services Group | Commissary operations (also TKC Holdings) | National | CLOSED |
| NCIC | Phone + payment portal | Rural counties | CLOSED |
| Paytel | Smaller phone/payment operator | Regional | CLOSED |
| Correct Solutions Group / RegentPay | Regional operator | Scattered (Harris County TX) | CLOSED |
| AllPaid / GovPayNet | Government payment processing | Some jails use for deposits | CLOSED |
| Tier 2 combined — regional specialists | 0 of 13 accessible | ||
Thin deposit-only portals, care package vendors, and micro-regional players. Many serve only a handful of counties.
| Company | Type | API Access |
|---|---|---|
| Care A Cell | Niche | CLOSED |
| Cash Bond Online | Bond payment | CLOSED |
| CIDNET | Niche | CLOSED |
| CommissaryDeposit.com / Premier Services | Thin deposit-only portal | CLOSED |
| GettingOut | Video + deposits | CLOSED |
| Inmate Canteen / JailCanteen (Oasis) | Care packages | CLOSED |
| InmateSales | Commissary ordering | CLOSED |
| JailPayments.com | Deposit portal | CLOSED |
| Pigeonly | Phone + messaging | CLOSED |
| SmartDeposit | Deposit-only service | CLOSED |
| Walkenhorst's | Care packages | CLOSED |
| Union Supply Direct / Access Securepak | Care packages | CLOSED |
| Prodigy Sales / Reliance / Cypress Jail | Niche regional | CLOSED |
| Company | Type | API Access |
|---|---|---|
| Western Union (Send2Corrections) | Payment rail — supplemental, NOT primary portal at county level. Works "where the facility accepts it." Primary relationship is with Federal BOP. At county jails, WU is a walk-in / call-in option alongside the primary contracted vendor. | POSSIBLE (WU Gateway / EDGE) |
| MoneyGram | General money transfer. Used at some jails similar to WU — a rail, not a portal. | POSSIBLE (enterprise) |
Western Union and MoneyGram are money transfer rails, not correctional payment portals. They don't hold exclusive facility contracts. They operate supplementally — families can use them where accepted, but they are not the primary contracted vendor running the portal. WU's most structured relationship is with Federal BOP, not county jails.
Every closed-loop system in payments history has opened the door to partners who drive meaningful volume through their rails. Visa was closed. Mastercard was closed. PayPal was closed. They opened up when third parties proved they could deliver transactions at scale that the closed system couldn't acquire on its own.
The BWP play is the same. Phase 1 routes millions of family members to these vendor portals — TouchPay, JailATM, Access Corrections, JPay. BWP becomes the single largest source of new depositor traffic these vendors have ever seen. Every transaction that arrives through a BWP redirect is revenue the vendor would not have captured otherwise. That traffic is tracked and documented.
At that point, the conversation changes. BWP is no longer asking for API access as an unknown startup. BWP is walking in with data showing: "We sent you 50,000 transactions last quarter. Here's the revenue we generated for your platform. We'd like to formalize this relationship with an API integration so we can send you even more — faster, cleaner, with fewer drop-offs."
That's how every closed system opens. You don't beg for access before you have leverage. You become a force they can't ignore, and then they come to you. GTL didn't become the dominant player by asking permission — they drove volume and forced the relationship. BWP does the same thing from the other side of the table.
The timeline: Phase 1 (months 1–6) drives volume through public portal routing. Phase 2 (months 6–12) presents that volume data to vendors and negotiates formal API partnerships. Phase 3 (year 2+) processes directly through Stripe Treasury for facilities BWP has signed directly, while maintaining vendor partnerships for facilities that remain under vendor contracts. BWP doesn't need every vendor to open up — even one or two API partnerships covering the largest vendors dramatically reduces friction and increases conversion.
Each vendor's website was reviewed for any public-facing API documentation, developer program, partner directory, integration marketplace, or third-party payment access of any kind. The results confirm what the industry structure predicts: these companies do not share their payment rails with anyone.
| Vendor | Developer Portal / API Docs | Partner Directory | Payment API Partners Listed | Third-Party Payment Integrations |
|---|---|---|---|---|
| ViaPath / GTL / TouchPay | None found on viapath.com | None. Partnerships listed are education/reentry only (Honest Jobs, Promising People VR, ZenovaCare, Edovo). Zero payment partners. | 0 | None |
| Securus / JPay / Aventiv | None found on securustech.net or jpay.com | None. "Securus One" platform offers staff tool integrations only (Workbay, Edovo) via deep-link — NOT payment integrations. CBInsights lists "Known Partners: blank" for JPay. | 0 | None — staff tools only |
| Keefe / Access Corrections | None found on keefegroup.com or accesscorrections.com | None. Corporate site explicitly states: "We write and support all of our own software and provide our own, live 24/7 technical support." Zero external developer or partner presence. | 0 | None — all in-house |
| ICSolutions | None | None. Keefe Group subsidiary. | 0 | None |
| Smart Communications | None found | None found | 0 | None |
| JailATM / Tech Friends Inc. | None found on jailatm.com | None. Single-company operation out of Arkansas. | 0 | None |
| CorrectPay | None found | None found | 0 | None |
| Tiger Commissary | None found | None found | 0 | None |
| NCIC | None found | None found | 0 | None |
| Paytel | None found | None found | 0 | None |
| City Tele Coin | None found | None found | 0 | None |
| Correct Solutions / RegentPay | None found | None found | 0 | None |
| AllPaid / GovPayNet | None found | None found | 0 | None |
| Western Union | WU Gateway / EDGE platform exists (enterprise) | General WU agent network. No corrections-specific partner program. | Enterprise only | Possible — enterprise sales |
| Total vendors with any public payment API or partner program | 0 of 13 | Western Union only (enterprise) | ||
Thirteen correctional payment vendors were audited. Zero have a public API. Zero have a developer program. Zero have a payment partner directory. Zero offer any form of third-party payment integration. The only vendor with any API infrastructure at all is Western Union, and that is an enterprise-level business development conversation — not a self-serve integration. Every other vendor in this market builds, owns, and operates their entire technology stack in-house with zero external access by design.
This is not an oversight. This is the business model. These companies pay millions for exclusive facility contracts specifically so they can control the entire payment experience. Opening an API would let competitors access the revenue stream they paid to monopolize. This access is not granted through standard business development channels. The only way in is to either drive enough volume through their public portals that a partnership becomes attractive to them — or bypass them entirely by signing facilities directly.
Research conducted June 2026 across five frontier AI models utilizing Pulse, with direct verification against each vendor's corporate website, App Store/Play Store listings, CBInsights profiles, press releases, and public documentation. ViaPath partnerships verified against viapath.com/media-center press releases. Securus One capabilities verified against Aventiv ACA Conference announcement (Aug 2025). Keefe in-house development statement sourced from keefegroup.com/companies/keefe-commissary-network.
The following profiles document the three companies that control the vast majority of correctional payment processing in the United States. Each includes corporate structure, regulatory history, contact information, and — critically — the reality of third-party API access.
| Detail | Information |
|---|---|
| Subsidiaries | TouchPay Holdings LLC (d/b/a GTL Financial Services), Telmate LLC |
| Services | Inmate phone, video visitation, tablets, messaging, money transfers (TouchPay), facility management systems |
| Market position | #1 or #2 in every category. Monopoly contracts at thousands of facilities nationwide. |
| Payment portal | touchpayonline.com / connectnetwork.com |
| Customer service | (866) 204-1603 (TouchPay) / (877) 650-4249 (ConnectNetwork) |
| Money transmitter licenses | TouchPay is a licensed money transmitter — holds MTLs in every required state |
| CFPB enforcement (Nov 2024) | Ordered to pay $3M — $2M restitution + $1M penalty. Found to have engaged in unfair practices: blocking accounts on chargebacks, no-refund policies, seizing funds from 500,000+ accounts. |
| API / third-party access | NONE. No public API. No developer program. No partner integration path. Enterprise government procurement only. Would view any third-party platform as competitive threat. |
| Estimated cost to get API access | Not available at any price. GTL/ViaPath does not sell API access to third parties. Their business model depends on owning the full customer relationship end-to-end. Granting API access would cannibalize their own revenue. |
Sources: CFPB Consent Order 2024-CFPB-0015 (Nov 14, 2024), Prison Legal News (Jun 2025), Wikipedia, ViaPath corporate site, American Securities portfolio listing.
| Detail | Information |
|---|---|
| Subsidiaries | JPay Inc. (acquired 2015), Securus Monitoring, Aventiv parent |
| Services | Inmate phone, video, tablets, messaging, money transfers (JPay), electronic monitoring, e-messaging, music/entertainment |
| Market position | #2 nationally. JPay serves 33 state DOC systems and 1.6M+ inmates. Securus has 900+ partnerships across North America. |
| Payment portal | jpay.com / securustechnologies.com |
| Customer service | (800) 574-5729 (JPay) / (972) 734-1111 (Securus corporate) |
| Money transmitter licenses | JPay is a fully licensed money transmitter in every required state (founded 2002 as payments company) |
| Regulatory history | Fined $6M for improper release-card practices. Class action lawsuit alleging "quid pro quo kickback scheme" with Michigan county jails (banned in-person visits to maximize video call revenue). FCC called their pricing "unchecked monopolist" behavior. |
| API / third-party access | NONE for payments. Securus One platform (launched Aug 2025) offers "third-party integration through deep-link technology" — but only for correctional STAFF tools (Workbay, Edovo), NOT for external payment platforms. Consumer payment rails are completely closed. |
| Estimated cost to get API access | Not available at any price for payment processing. JPay's entire value proposition to facilities is that THEY control the payment relationship. Allowing third-party access would undermine every contract they hold. "In many states, JPay transfers are the ONLY way for family members to deposit money." They will not give that up. |
Sources: Aventiv Technologies corporate site, Securus ACA Conference announcement (Aug 2025), Prison Legal News, Slate (Dec 2023), ThinkProgress investigation, CBInsights, San Quentin News.
| Detail | Information |
|---|---|
| Subsidiaries | Keefe Commissary Network (KCN), Access Corrections, Access Securepak, ICSolutions, KeepTrak |
| Services | Commissary management, money deposits (Access Corrections), care packages (Securepak), inmate banking (KeepTrak), investigative surveillance (Data Detective), phone services (ICSolutions) |
| Market position | #3 in payments but #1 in commissary. KCN serves 650,000+ inmates. Exclusive no-bid contracts at hundreds of facilities. "Nation's leading provider of automated commissary management." |
| Payment portal | accesscorrections.com / keefegroup.com |
| Customer service | (866) 345-1884 (Access Corrections) / (314) 427-0020 (Keefe Group corporate) |
| Surveillance tool | "Data Detective" — investigative software that analyzes ALL deposit, payment, mail, and photo activities. Photographs every in-person depositor at lobby kiosks. Tracks multi-account depositors. Sold to facilities as a law enforcement tool. |
| Vendor failure (Feb 2026) | Wisconsin DOC Access Corrections system went down — prisoners could not buy food or other commissary items. Keefe Group did not respond to requests for comment. System-wide dependency with zero redundancy. |
| API / third-party access | NONE. "We write and support all of our own software." Keefe develops everything in-house, provides their own 24/7 tech support, and has zero external developer or partner integration program. |
| Estimated cost to get API access | Not available. Keefe's competitive advantage IS the closed ecosystem. Commissary + deposits + banking + surveillance under one roof. Granting API access to a third party would fragment the value proposition they sell to facilities. |
Sources: Keefe Group corporate site, Access Corrections App Store listing (developer: Keefe Group LLC), Prison Legal News, Wisconsin Watch (Feb 2026), Truth About Jail investigation, Prison Policy Initiative (Nov 2021).
| Detail | Information |
|---|---|
| Payment portal | deposits.jailatm.com |
| Customer service | (877) 810-0914 |
| Market position | Minor player. Holds "a couple of contracts" per Prison Policy Initiative survey. Also minor player in electronic messaging. |
| API / third-party access | NONE. Tiny company. No developer program. No partner integration. Support email only. |
| Detail | Information |
|---|---|
| Payment portal | send2corrections.com / westernunion.com/send-money-to-inmate.html |
| Customer service | (800) 225-5227 (general) / (800) 634-3422 (corrections deposits) |
| Market position | Available at federal BOP facilities (primary method). Available at some state and county facilities. Not exclusive — operates alongside other vendors. Accepted at "correctional facilities that accept Western Union Quick Collect®" |
| App | Send2Corrections app (iOS + Android, launched 2022). Credit/debit card payments. 1-click resend. Save card info. |
| API / third-party access | POSSIBLE — WU Gateway / EDGE platform. Western Union has a business API program for B2B money transfer integration. This is the ONLY vendor with a potentially accessible API. However, it's an enterprise sales conversation, not self-serve. Requires business development team engagement. |
| Business partnerships | (800) 325-6000 (agent locator) / Corporate partnerships through westernunion.com |
Western Union is the only vendor in this landscape that operates as an open payment rail rather than a closed facility monopoly. WU doesn't hold exclusive facility contracts — they operate alongside whatever primary vendor the jail uses. This makes WU the only potential API integration partner, but corrections is a small slice of WU's overall business and not a strategic priority for their partnerships team.
| Detail | Information |
|---|---|
| Payment portal | regentpay.com |
| Customer service | (877) 618-3516 |
| Market position | Very small. Scattered contracts including Harris County TX. Niche. |
| API / third-party access | NONE. Too small to have a developer program. |
| Detail | Information |
|---|---|
| Market position | Regional. Some state DOC contracts (Kentucky). Costs appear at checkout, fee amounts vary by facility. |
| API / third-party access | NONE. |
"We can set up a PayFac structure in 90 days and you'll be able to process payments for jail deposits."
Here is what that statement ignores:
A PayFac (Payment Facilitator) structure lets you collect money from families. But that was never the hard part — Stripe already does that. The hard part is getting money INTO the inmate's commissary account through the facility's contracted vendor. A PayFac registration does absolutely nothing to open AccessCorrections, JPay, or TouchPay. Those are closed systems with exclusive facility contracts. You still can't deposit. You still can't connect. The PayFac solves the wrong side of the equation.
A PayFac's sponsor bank runs deep background checks on every control person — officers, directors, beneficial owners, anyone with authority over the money flow. The underwriting requirements are extensive and non-negotiable. For any company where the control group presents complexity in standard financial services background screening, the PayFac path presents significant underwriting challenges that may not be resolvable within the timelines typically quoted by outside parties. These are questions that should be addressed before any commitment of time or resources.
Even if a PayFac were established, you would still need to connect to each vendor's payment system individually. Based on our research:
| Vendor | API Access | Estimated Cost | Timeline |
|---|---|---|---|
| ViaPath / TouchPay | Not available at any price | N/A | N/A — will not grant access |
| Securus / JPay | Not available for payments | N/A | N/A — payments are closed |
| Keefe / Access Corrections | Not available — all software in-house | N/A | N/A — closed ecosystem |
| JailATM | Not available | N/A | N/A — too small for partner program |
| Western Union | Possible via WU Gateway/EDGE | Enterprise pricing (negotiated) | 3–6 months enterprise sales cycle |
| CorrectPay | Not available | N/A | N/A |
| Total vendors with accessible API | 1 of 7 | Western Union only | |
This industry has been controlled by the same companies for decades. ViaPath (GTL) has been operating since 1989 — 37 years. Keefe Group since 1975 — 50 years. Securus since 1986 — 40 years. These companies have multi-year exclusive contracts with every facility they serve. They pay commissions to facilities to maintain those contracts. They bundle services (phone + tablets + deposits + commissary + surveillance) to make switching costly. They are backed by private equity firms (American Securities, Platinum Equity, H.I.G. Capital) that invest specifically because the monopoly structure guarantees revenue.
Access to this market is earned through years of compliance investment, facility relationships, and licensing — not through a 90-day onboarding process.
The CFPB fined ViaPath/GTL $3M in November 2024 for unfair practices. JPay was fined $6M for release-card abuses. These companies are under active federal regulatory scrutiny. Any company that ties itself to their payment infrastructure inherits that regulatory risk. A PayFac sitting on top of vendors already under CFPB enforcement orders is adding compliance exposure, not reducing it.
After conducting this research across five frontier AI models, direct source verification, and extensive industry analysis through our Pulse infrastructure, the architecture was designed around one principle: do not enter the payments stack until you have the leverage to bypass the vendors entirely.
BWP connects to 349 county jails across 11 states, expanding to 3,100+ nationally by December 2026. For each facility, BWP identifies the active payment vendor, captures the facility code, deposit URL, and accepted methods, and routes the family directly to that vendor's public portal with the inmate's booking information pre-filled.
BWP does not hold funds. BWP does not touch the vendor's system. BWP is the front door — the system families use to find their loved one, see how to send money, find a bail bondsman, and get status alerts. A nominal entry fee provides access to gated features including payment routing, status alerts, bail bond matching, and attorney referrals — while the payment transaction itself is completed directly on the vendor's platform. Zero PCI. Zero MTL. Zero PayFac. Zero compliance surface area. The pricing model is flexible — what is not flexible is the revenue architecture underneath it.
It is technically possible to send automated agents into these vendor portals and execute transactions programmatically. We are aware that this capability may have been demonstrated or discussed as a viable path forward. We have the technical capability to do exactly that — and we will not do it.
Automating against a vendor's payment portal without authorization violates their Terms of Service and, more importantly, potentially constitutes a criminal felony under the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030. This is not a civil matter alone. Unauthorized automated access to protected computer systems used in financial transactions carries criminal penalties including substantial fines and imprisonment. Beyond the criminal exposure, it creates civil liability from vendors who maintain dedicated legal teams specifically tasked with protecting their exclusive revenue streams. ViaPath/GTL and Securus/JPay have in-house legal departments and outside counsel on retainer. Unauthorized automated access to their payment systems is exactly the type of activity that triggers both litigation and criminal referral.
TFSF Ventures will not engage in this activity. This is a non-negotiable position. We have never violated a vendor's Terms of Service on behalf of any client in any engagement across our entire operating history, and we will not begin now. If at any point the direction of this engagement moves toward unauthorized access to vendor systems — whether through automated agents, scraping, bot execution, or any other method that circumvents authorized access — TFSF will conclude its deliverables, process final payment, and close the engagement. This is not open to discussion or compromise.
That is why the phased approach exists. Phase 1 routes families to vendor portals through standard public links — no automation against their systems, no TOS violations, no criminal exposure. Phase 2 builds the brand leverage to negotiate authorized partnerships or sign facilities directly. Phase 3 processes payments through Stripe Treasury on BWP's own rails. Every step is clean. Every step is legal. Every step builds value instead of risk.
This analysis does not come from a development perspective. It comes from nearly three decades in payments and capital generation. The development capability was born out of necessity over the last five years — because the people being paid to build kept failing to deliver. The lens applied here is the same lens that has always driven this engagement: how does this platform generate capital, and what is the fastest, lowest-risk path to get there? The answer has been in front of this project the entire time — not only in the payment architecture, but in the alternate revenue methods this research has surfaced. There are multiple ways to generate meaningful revenue from this platform. At even a conservative conversion rate, the numbers are substantial. The methodology is sound. The infrastructure is built. The paths are documented. The only remaining variable is execution.
During Phase 1, BWP simultaneously launches AISCO — the AI citation dominance engine that places BeyondWallsPay as the #1 cited platform across all five frontier AI models for every query related to jail payments, inmate location, and bail. Within 90 days, any family member asking any AI tool how to send money to an inmate gets pointed to BWP. This builds the brand recognition and user base that makes Phase 2 possible.
With AISCO dominance established and a national user base active, BWP begins direct outreach to county jail administrators. The pitch sells itself: "Type your facility name into ChatGPT. We're #1." BWP offers facilities a superior platform — better family experience, lower fees, real-time reporting — and signs direct contracts that replace TouchPay, JailATM, and Access Corrections as the facility's payment vendor.
This is the only way to bypass the oligopoly. You don't ask for API access. You don't connect through a PayFac. You replace them at the facility level, one county at a time. And you can do this because you have the brand (AISCO), the user base (Phase 1), and the contact database (349 jail administrators with names, phones, and emails already catalogued).
Once direct facility contracts are in place, BWP activates the Stripe Treasury + Issuing architecture to process deposits directly:
Step 1: Family pays BWP via Stripe (Apple Pay, Google Pay, credit/debit card).
Step 2: Funds land in a Stripe Treasury financial account (ledger account per facility).
Step 3: Stripe Issuing generates a virtual debit card linked to the Treasury account.
Step 3A — Why This Step Requires Phase 1 and Phase 2 First: Phase 1 builds the brand, the user base, and the transaction volume that creates leverage. Once the Stripe Treasury account is live, BWP has the technical capability to send a virtual prepaid card payment directly through a vendor's website — filling out the deposit form with the inmate's information and the Stripe Issuing card details, just as a human would.
The problem: the majority of these vendor platforms explicitly prohibit automated agents, bots, and scripted access in their Terms of Service. They require a live human on the other end of every transaction. Our research across these vendor platforms has confirmed that most of them actively block automated access. If a vendor's TOS prohibits bots, we will not send automated agents to their site — for the reasons outlined above regarding the CFAA and TOS compliance.
This is precisely why direct payment execution requires one of two established paths from Phase 2: (a) a formal vendor partnership or API integration — negotiated after BWP has demonstrated meaningful transaction volume through that vendor's platform during Phase 1, giving BWP authorized access that bypasses the bot restriction — or (b) a direct facility integration with the low-hanging-fruit counties. These are the jails operating on static PDF rosters or basic county-built websites with no existing payment vendor and no restrictive TOS — where BWP connects its payment system directly onto their infrastructure with minimal friction, no vendor displacement, and no terms of service conflict. Both paths are documented, and the target facilities for direct integration have already been identified in prior deliverables.
Step 4: For authorized vendor partnerships with API access, or for directly-contracted facilities, BWP executes the deposit through the facility's system using the virtual card — or credits the inmate's commissary account via the facility's own banking integration.
Step 5: Family receives confirmation via push, SMS, and email.
Why this works and PayFac doesn't:
| Factor | PayFac Approach | BWP / Stripe Treasury Approach |
|---|---|---|
| Money transmitter licenses | Required in every state — $500K–$1M, 12–18 months | Not required — BWP operates as agent on Stripe's rails |
| Vendor API access | Required from each vendor — closed, $50K+ each, no guarantee | Bypassed through direct facility contracts or negotiated after Phase 1 volume |
| Underwriting / background checks | Deep background check on all control persons by sponsor bank | Standard Stripe merchant onboarding only |
| PCI compliance | Level 1 PCI-DSS required as PayFac | Stripe handles PCI — BWP never sees card data |
| Float risk | Money sits between collection and deposit — regulatory nightmare | Zero float — Treasury account settles in real time |
| Vendor dependency | 100% dependent on vendor cooperation | Reduced — direct facility contracts and Phase 1 volume leverage eliminate vendor gatekeeping |
| Time to market | 12–18 months minimum (PayFac + MTL + vendor negotiations) | Phase 1 live in 3 weeks, Phase 3 payments in 12 months |
| Vendor | Public API | Partner Program | Third-Party Payment Access | Can BWP Connect? |
|---|---|---|---|---|
| ViaPath / GTL / TouchPay | No | No | No | No |
| Securus / JPay / Aventiv | No (staff tools only) | No (for payments) | No | No |
| Keefe / Access Corrections | No (all in-house) | No | No | No |
| JailATM / Tech Friends | No | No | No | No |
| Western Union | Yes (WU Gateway) | Yes (enterprise) | Possible | Possible (only one) |
| CorrectPay | No | No | No | No |
| RegentPay / Correct Solutions | No | No | No | No |
| Vendors accessible via API or partnership | 1 of 7 | |||
This research was not conducted casually. Five frontier AI models were deployed in parallel alongside our Pulse research infrastructure to verify every claim, cross-reference every source, and pressure-test every assumption. The CFPB enforcement orders are public record. The exclusive contract structures are documented in federal court filings and investigative journalism. The vendor websites explicitly describe their closed-ecosystem models. The App Store listings identify the developers. The private equity ownership is on record.
A 90-day PayFac timeline does not account for the structural realities of this market. The barrier is not technology — it is regulatory architecture, exclusive contracts, and decades of entrenched vendor relationships. The path forward is to build your own position of strength, bring 14.75 million family members to the platform through AISCO, and then approach county jails with more brand authority than any vendor in this document.
That is the BWP methodology. That is what is being built. And that is why Phase 1 (aggregator + AISCO dominance) comes before Phase 3 (direct payments). You earn the right to process payments by becoming the name every family in America knows first.
While the major vendors have their systems locked down, there are a significant number of county jails — particularly smaller and rural facilities — that are still operating on static PDF rosters with no real payment vendor at all. No TouchPay. No JailATM. No Access Corrections. These facilities accept money orders at the front desk or have a basic county-built website with no integrated payment system.
We have already identified and catalogued these facilities. They are documented in the county jail census and adapter analysis delivered earlier in this engagement. These jails represent the easiest direct-connect targets for BWP — facilities where you can integrate your payment system directly with minimal friction, no vendor displacement, and next to no cost. They have no exclusive contracts blocking the door because nobody is serving them. They are waiting for exactly what BWP offers.
This is one of many examples of why it is important to read the documents this engagement produces. Each one is built with purpose. Each one identifies what is possible, what is not possible, where you can go, why you can go there, and where you should not go. The research, the census data, the adapter classifications, the vendor analysis, the regulatory review — it is all interconnected. One document feeds the next. The answers to most questions are already written down.
That said — the door is always open to ask. If there is an idea, a potential path, a "what if" — bring it to us. That is what the majority of our clients do. They ask what is possible, and we find a way to make it possible. We have done this across dozens of engagements and nearly three decades of building infrastructure in regulated industries. If you can dream it, we can build it. We just have to build it within regulation and within the scope of the law. And within those boundaries, there is far more room than most people realize.
Each vendor's published Terms of Service was reviewed for language prohibiting automated agents, bots, headless browsers, scrapers, or any non-human interaction with their platforms. The results confirm that automated payment execution against these portals is explicitly prohibited by the vendors themselves — separate from and in addition to federal law.
| Vendor | TOS Source | Exact Prohibition Language | Enforcement Stance |
|---|---|---|---|
| ViaPath / GTL / TouchPay / ConnectNetwork | web.connectnetwork.com/terms-of-use (Updated Sep 2025) | "Engaging in any automated use of the Service, such as using scripts, web crawlers, bots/robots, or scrapers, or manual equivalents" is explicitly listed as prohibited activity. | Broad prohibition. Covers scripts, crawlers, bots, robots, scrapers, and even "manual equivalents" of automated behavior. |
| Securus / JPay / Aventiv | securustech.net/friends-and-family-terms-and-conditions (Updated Apr 2025) | "You agree not to use or attempt to use any software, tool, agent or other device or mechanism (including without limitation any type of spider, web crawler, or robot) to navigate, search, and/or extract information from our website." | Explicitly threatens criminal prosecution: "Violating the security and any terms applicable to our Products is prohibited and may result in criminal and civil liability. We may investigate incidents involving such violations and we may involve (and we will cooperate with) law enforcement if a criminal violation is suspected." |
| Keefe / Access Corrections | accesscorrections.com (TOS not publicly indexed as standalone page) | Specific TOS page not located via public search. However, Access Corrections processes SSNs, bank account data, and credit card information (per their Privacy Policy). Any platform processing financial PII of this nature operates under PCI DSS and card network rules that mandate protection against automated unauthorized access. Their "Data Detective" surveillance system actively monitors all transaction activity for anomalous patterns — automated bot transactions would be flagged. | Data Detective surveillance system actively analyzes all deposit activity. Automated transaction patterns would trigger investigation. |
| JailATM / Tech Friends Inc. | deposits.jailatm.com (TOS not publicly indexed) | Specific TOS page not located via public search. Standard financial services platform — automated access prohibited by industry practice and card network rules governing any platform processing card payments. | Small company with limited public documentation. |
| Western Union | westernunion.com/terms | Standard financial services TOS prohibiting automated access. WU's platform processes regulated money transfers — automated bot access would violate both their TOS and applicable money transmission regulations. | Global compliance infrastructure. Active fraud detection and monitoring on all transaction channels. |
The distinction matters. Reading a vendor's public-facing website to identify which payment portal a facility uses — and then routing a family member to that portal via a standard link — is normal web usage. No TOS is violated. No automation touches their system. The family member interacts with the vendor portal as a human, through a browser, exactly as intended.
Sending an automated agent, headless browser, or bot to fill out forms, submit payment information, and execute transactions on a vendor's platform without authorization is a different activity entirely. It is prohibited by every vendor's Terms of Service, it potentially violates the CFAA (18 U.S.C. § 1030), and at least one major vendor (Securus/JPay) explicitly states in writing that they will refer such violations to law enforcement for criminal investigation.
This is the line. Phase 1 stays on the right side of it. The phased approach was designed specifically so that BWP never needs to cross it.