Be sure your organization is getting the whole picture when it comes to the “small print,” when shopping for a company to process credit cards for your association,
UNDERSTAND THE ROLE EACH COMPONENT PLAYS:
The payment gateway is provided by a 3rd party that authenticates and authorizes credit card transactions. Its role is to protect the identity and sensitive data and is used for e-commerce or “card not present” transactions. The payment gateway gathers and encrypts information and then sends it to the payment processor. The gateway is generally not necessary for member transactions where the physical card is present.
A separate service that communicates transaction information between the merchant, the issuing bank, and the acquiring bank. For certain types of association member transactions, such as online payments, the payment processor must receive information from a gateway. When a member presents a physical card for payment it typically doesn’t require a payment gateway because the card doesn’t need to be authenticated.
UNDERSTAND THE HARD AND SOFT COSTS:
Fees related to things like:
- Cancellations, fund withdrawals, and batch processing
- Early contract termination
- Exceeding or missing monthly quotas
- PCI compliance/noncompliance fees
- Statement fees
- Extra fees based on card/transaction type (e.g., rewards cards, business cards, and manually entering the card)
Costs related to things like:
- Switching providers (e.g., training and set-up, buying out your contract)
- Equipment lease
- Refunds and chargebacks
- Cost to transfer funds
Tip: Check on the timeframe for accessing your funds and if there’s a cost to transfer funds.
UNDERSTAND THE OPTIONS:
- Qualified rate: the lowest rate. Generally, applies to a very limited selection of cards and applies when they are physically swiped (often the rate that is advertised).
- Non-qualified rate: generally online and rewards cards (think airline miles, cash bonuses, etc.).
- Interchange-plus pricing: the non-negotiable rate that is charged by Mastercard or Visa plus the merchant account provider’s mark-up.
SECURITY AND RISK MANAGEMENT:
Partner with a processor that:
- Is PCI compliant: meets the payment card industry data security standard. (aka PCI DSS)
- Uses tokenization: substitutes customer primary account number (PAN) with a token. This renders information useless to hackers and you aren’t storing association members’ sensitive information.
- Has P2PE (point-to-point-encryption): encrypts card data from swipe, through transit, to authorization so your system doesn’t see or touch PAN data.
- Utilizes fraud detection and management tools.
Tip: Make sure your provider will guide and assist you in completing the annual SAQ compliance verification packet (and if they charge for this service). The SAQ (Self Assessment Questionnaire) is a validation tool for merchants and service providers to self-evaluate their PCI compliance.
DO YOUR RESEARCH:
Save yourself time and headaches with a single interface. Use an all-in-one gateway provider AND processor which integrates with your AMS. Using an interface that includes a payment gateway and payment processor AND integrates with your association management software reduces errors, eliminates double-entry, allows the association to track transactions from inception to settlement, simplify reconciliation, and save money.
Editor’s note: This article was originally posted December 12, 2020. It was updated in April 2022.