Home/Knowledge Hub/What a Payment Provider Tells You About How a Business Makes Money
← Back to Knowledge Hub

What a Payment Provider Tells You About How a Business Makes Money

DNS & Network·June 5, 2026·6 min read

Learn how Stripe, PayPal, Paddle, and other payment providers work, how TechSpy detects them, and what they reveal about a company's revenue strategy and …

What Is a Payment Provider?

You’re clicking around a new SaaS tool's website, sizing it up as a potential vendor. You hover over the "Start free trial" button, and a tiny PayPal logo catches your eye. Instantly, you think: they’re probably using PayPal to process payments. But what does that actually tell you about their business? More than you might expect.

A payment provider is the behind‑the‑scenes infrastructure that moves money from a customer’s bank or card to your business’s bank account. Companies like Stripe, PayPal, Braintree, Paddle, and Chargebee handle the messy, regulated parts of taking payments online—so a 3‑person startup can accept credit cards without building a bank connection from scratch.

These providers do more than just charge cards. They manage recurring subscriptions, handle global sales tax, support dozens of currencies, and keep sensitive credit card numbers away from your servers. In short, they're the cash register for any website that sells something.

Real-World Analogy

Think of a payment provider like the payment terminal at a grocery store. The terminal doesn’t own the card network, approve the purchase, or set the prices; it’s just the secure link between the shopper’s bank and the store’s account. A Stripe or Paddle does exactly that job for online checkouts—you plug it in, and it handles the money plumbing.

How Payment Providers Work

Layer 1 – In Plain English

When a customer types their credit card number on your site, that number never touches your server. A tiny piece of code (a client‑side SDK) sends the card details straight to the payment provider’s ultra‑secure servers. The provider talks to the card network and the customer’s bank, gets an approval, and returns a meaningless token—something like —to your site. Your server uses that token to charge the customer, but it never saw, stored, or even came close to the actual card number.

This keeps your business out of the incredibly complex world of handling raw payment data, which would require expensive security certifications and audits. The provider also handles refunds, payment disputes, and recurring billing schedules, all through a set of simple commands your server sends over the internet.

Layer 2 – Technical Detail

Technical Details
The client‑side SDK is loaded from a known domain—js.stripe.com, paypal.com/sdk/js, paddle.com/sdk.js, or api.braintreegateway.com/js/braintree.js. TechSpy scans each page’s source code for these scripts to identify the provider.
Domain verification uses DNS TXT records. For example, stripe-verification=xxxxxxxx proves you own the domain and unlocks live payments. PayPal and Braintree use similar verification via TXT or HTML files.
Hosted checkout pages often use CNAME records, like checkout.yourdomain.com pointing to pay.braintree-api.com. TechSpy detects these DNS entries as a strong signal that the business is using that provider.
Transactional emails (receipts, payment confirmations) are sent by the provider, so SPF and DKIM records for domains like stripe.com or notifications.paypal.com appear in your DNS. TechSpy uses these as secondary hints.
Webhook endpoints on your server (, ) listen for payment status updates, so the integration stays in sync without polling.

Why It Matters for Your Business

When a payment provider is set up correctly, your checkout flows are smooth and trustworthy. Customers see familiar brands (PayPal, Stripe checkout) and feel safe handing over payment details. Your sales team gets reliable revenue reports, and you automatically comply with global tax rules—Paddle acts as the Merchant of Record, meaning it handles VAT, GST, and local regulations on your behalf.

But the real insight comes from what a payment provider reveals about a company’s revenue strategy. If TechSpy detects Stripe and a pricing page with tiered plans, the business likely runs on recurring subscriptions with flexible billing. Detection of Paddle strongly suggests they sell digital products (software, ebooks, courses) and have customers in many countries, because Paddle handles cross‑border tax complications automatically. Chargebee often appears when a business manages complex subscription lifecycles on top of another gateway like Stripe—think annual upgrades, prorations, and dunning management for failed payments.

For your own business, a misconfigured provider can cost real money. A missing DNS verification record can lead your provider to throttle or disable your account. An outdated script might break on modern browsers, turning your checkout page into a blank box. And without proper email authentication (SPF/DKIM), payment receipts from Stripe or PayPal may land in spam—right when a new customer is most anxious to see confirmation.

Common Issues and Warning Signs

Even established companies end up with broken payment setups, often because "it was working fine a year ago." A TechSpy scan can surface the technical clues before they turn into revenue leaks. Here’s what to look for:

Common Issues

Missing domain verification DNS record – If TechSpy shows no TXT record (and you’re using Stripe), your account may be restricted to test mode. Live charges could begin failing silently.
Using an outdated payment SDK – The scan flags script versions that are deprecated (e.g., an old from Stripe). This can cause the payment form to not load on up‑to‑date browsers.
No HTTPS on your domain – Payment providers refuse to load their secure JavaScript on pages served over plain HTTP. The symptom: a completely blank checkout section.
Conflicting payment scripts – Detecting both Stripe and Braintree scripts on the same page (when only one is actively used) slows your site down and can confuse customers if double charges or errors occur.
Missing SPF/DKIM for receipt emails – If your domain doesn’t list the payment provider’s sending IPs in its SPF record, receipts from may end up in spam. Customers assume the payment didn’t go through.

How to Fix or Improve Payment Provider Setup

Fixing most of these issues takes a few minutes if you have DNS access—or a quick Slack message to your IT person. Each step targets one of the warning signs above.

Run a fresh TechSpy scan on your domain—not just to see which payment providers are present, but to make sure every signal is in the right place.

<!-- self-check: layer1_readable=true | fix_doable=true | no_padding=true | jargon_expanded=true -->

1Verify your domain – Log into your payment provider’s dashboard, find the domain verification section, and copy the provided DNS record (usually a TXT record). Add it via your domain’s DNS control panel. Run another TechSpy scan to confirm it’s published.
2Update the SDK – Check the provider’s developer documentation for the current JavaScript snippet. Replace the old script tag in your site’s code. If you’re using a CMS or a plugin, look for updates that include the latest SDK.
3Enable HTTPS – If your site doesn’t have an SSL certificate, contact your hosting provider or use Let’s Encrypt (free). Most hosts offer a one‑click SSL install. The payment form won’t work until every page is served over HTTPS.
4Authenticate payment emails – Add the SPF and DKIM records the provider recommends (they’ll be in their setup guide). This stops receipts from being marked as spam and also improves your email deliverability overall.
5If someone else manages your DNS or website – Forward the TechSpy scan results to them with a note: “Can you check if our domain is verified with [Stripe/PayPal/Paddle] and that we’re using the latest payment script?”

See how your domain's configuration stacks up.

Get a free scan — no sign-up, no credit card.

Scan Your Domain Free →