Credit Cards in your Community

Justifying the Need.

Most of our client communities do not presently accept credit cards in their retail operations although some will accept them in their business office for payment of monthly bills, and even this number has been shrinking. As Loyalty programs grew and seniors discovered they could amass copious points simply by paying off their monthly bill, Community operators realized they were forking over huge dollars to their bank in processing fees. This payment practice was quickly curbed to become more the exception than the rule.

What does it cost?

On average, credit card fees to you, the merchant will be about 2% of your total processed amounts. Fees are typically composed of two components:

  1. A transaction fee (commonly called a card swipe fee) ranging from 15 to 25 cents, and

  2. A percentage fee, ranging from 1.3% to 2% of the value of the transaction.

 If your business does a lot of small value transactions, the transaction fee can be a high cost item . If you settle a lot of high value transactions (like monthly resident bills), the percentage fees become quite significant.

Why Would We Consider Credit Cards?

Credit cards are perfect when you have lots of customers that you do not know and want to ensure you get paid. But, when the bulk of your customers live on the campus and already have monthly accounts, collection becomes more or less a non-issue. That said, there has been a growing trend with our clients who are either expanding their facilities or building new communities to offer 4 and 5 star restaurants on campus that are open to the public. Many that are in small towns are the only fine dining option in the region, opening up the door to some lucrative outside revenue streams. Once you are open to the public, there is a much stronger case (if not compulsory these days) to accept credit cards. Case-in-point, CARDWATCH customer Maple Knoll Community in Cincinnati Ohio has a very popular public fine dining restaurant where the lion’s share of transactions are paid with credit cards.

If your operation does not generate significant business from outside your community and the public at large, you should weigh out the pro’s and con’s of accepting credit cards carefully. Offering pre-paid Gift Cards from the front desk or Gift Shop has been a popular option with CARDWATCH clients, allowing guests to use them throughout the community for anything and anywhere a Resident would use their own in-house accounts. Best of all, that 2% of sales stays right where it belongs… in the community.

If you do decide that accepting credit cards is the best approach for your business, letting your bank handle credit card processing may seem convenient–but that convenience can come at a price. Often, using one of the hundreds of third-party service providers–such as such as Payment Processing Inc (PPI)–is a less costly way to go.

As noted in this Forbes article, fees aren’t the only consideration when choosing the right processor. Service and speed matter, too. Terms are negotiable (these guys want business), so knowledge is your best weapon. Read the Forbes article for some helpful tips..



PCI Standards Compliance

PCI stands for Payment Card Industry. The official name is the PCI Security Standards Council (or PCI SSC but most people just usually just say PCI or PCI Council). It is an organization that was founded by the five major credit card companies, (American Express, Discover, JCB, MasterCard, and Visa) in order to create a uniform set of security standards for companies to follow when processing credit card transactions. Until the PCI Council was organized, each of these companies had their own standards that were similar to each other but not uniform, which created a lot of problems.

As a Merchant who accepts Credit Cards, you must comply with PCI standards to mitigate the risk of a breach in either your IT network or your business practices (ie how customer credit card information is stored, handled and processed). Many merchants think of computer based breaches because these are the ones that make the news but employee fraud and poor handling of customer credit card information internally can be even a bigger risk in a smaller operation since you may not have best practices in place like a larger business. While the vast majority of CARDWATCH customers fall into the “Level 4” category for PCI compliance (less that 20,000 transactions per year), the onus of certification and annual compliance measures still fall upon them.

PCI DSS stands for Payment Card Industry Data Security Standards which are the official security standards created by the Council to reduce payment card fraud. These standards are part of your merchant agreement that you sign when you decide to accept payment cards (credit, debit, etc.) and whether you’re aware of it or not, you are ultimately financially responsible if someone steals your customer’s credit cards and you’re found not in compliance. Unfortunately, all of the other parties that are involved in the process of helping you process credit cards have the ability to kindly pass the painful, exorbitant non-compliance fines and penalties on to you, the merchant. (Isn’t that nice of them?)

In a nutshell, the purpose of PCI DSS is to create as secure of an environment as possible for you to process credit cards, so the doomsday scenario above doesn’t happen. The PCI council actually has 12 main security requirements that all merchants are supposed to strive for in order to be truly PCI DSS Compliant. However, the extent to which the 12 requirements need to be met depend on the number of transactions that a company processes in a year, which are separated into 4 levels. I break down the levels and PCI DSS Compliance requirements for each level below, but if you want to risk your brain exploding, you can find the full PCI DSS documentation here.

PA DSS stands for Payment Application Data Security Standards, (which is a completely separate but related set of standards from PCI DSS above) which apply specifically to companies that develop or operate Payment Applications that merchants (like yourself) use to process transactions. The PA DSS are in place so that your payment application software processes your client’s credit cards using the proper security specifications, to protect against vulnerabilities.