Never Accept Credit Card Payments Over The Phone Again
As we rapidly shift into the new normal that is 2020 and the decade ahead, there are many lingering inefficiencies in our operations that have been brought to light by the need for a leaner team and more purely digital workflows.
Namely, scrutinizing all financial figures for hotel properties and making many hard decisions in recent weeks has revealed numerous accounting practices that are still stuck in the distant past, foremost among them being the paper-based credit card authorization forms and dealing with any other kinds of card-not-present transactions.
The Pain Point
From surveys conducted with GMs, controllers and other senior executives before the COVID-19 crisis hit, a big pain point that hotels are still quite vulnerable to is the accepting of credit card information over the phone.
First off, this is a time-consuming activity as a reservationist or guest service agent must stay on the call with the guest the entire time. Then it's also prone to human error or, worse, card-not-present chargeback disputes for which the hotel usually bears the brunt of the costs. And finally, all those paper authorization forms still have to be physically posted to the correct ledger, all while avoiding security breaches from keeping customers' credit card information on file where multiple eyes can see.
In sitting down with the accounting department at an independent resort for which I am the asset manager, one of the key projects for this coming year, once operations return to normal, is to minimize manual payment processing and to move more of these activities to an integrated online system. The objectives therein are to decrease costs, increase security and enable more work-from-home options.
Researching solutions, what I've discovered is that there are now several platforms capable of layering a customized ecommerce webpage on top of a hotel's payment gateway provider so that your employees don't need to touch credit card data anymore. Payments are fed through the online portal to the gateway while simultaneously posting that data to the PMS onto the intended ledger - that is, guest or group folios, restaurant, spa, golf, miscellaneous and so on.
Understanding Tokenization
In looking to implement such software for at a hotel, one key data security term I've had to familiarize myself with is 'tokenization' to denote the encryption of sensitive information as it is handed from system to system, all so that a guest's credit card can be verified as legitimate and so all the banks are properly notified of the transaction.
To break it down further, tokenization means that the encrypted credit card information goes first from the point of sale (POS) at the merchant or hotel, then to hotel's acquiring bank or an acquiring processor on behalf of the merchant, then to credit card processor (Visa, Mastercard, American Express), then to the guest's bank for validation, and then all back along the chain in reverse. Throughout this entire process, the guest's tokenized personal data can only to be deciphered by a remote token service.
To dig a bit deeper, I spoke with Conner Erwin at b4, a hospitality payment solutions provider, who explained, "What this means is you can now give a guest a hyperlink or an email that opens to a private ecommerce webpage page, and all the credit card information they type in is never held by the hotel itself but simply passed through to the payment gateway as a token. It's totally PCI-compliant because it removes a hotel team's interaction with the credit card data prior to posting."
Lowering Costs
Getting bogged down by manual entry is a huge time sink, so obviously these new age ecommerce platforms that can also post to the PMS will help reduce costs. Moreover, as a result of the heightened degree of verification, an ecommerce merchant POS is afforded reduced interchange fees versus a regular lodging POS.
This brings us back to those pesky phone calls where guests are all but ready to verbally tell you everything you need to effectively complete a card-not-present transaction. Instead of typing in or writing down any credit card details, the only piece of information you now need is the person's email. From there, guests get an ecommerce portal to fill out on their own while the hotel gets a real-time notification of each successful payment or failed attempt.
Keep in mind, though, that we weren't eliminating the telephone interaction with guests altogether. With these technologies in place, we merely transferred the tedious, non-rapport-building part of that call - as in, the exchange of sensitive credit card information - to a webpage. And then all the other benefits were an easily comprehendible windfall.
The impetus for my recent endeavor into this territory was a result of a need for more productivity from a lean team as well as more flexibility for staff members required to work from home. And I don't see these new office policies reversing anytime in the near future.
