A discussion on rules and compliance is likely to conjure two reactions in people – the anticipation of getting a root canal mixed with the frustration from the hassle of meeting the requirements. Most people don’t appreciate being told how to run their businesses but when you are handling credit/debit cards there are requirements for processing payments. The payment industry has evolved significantly from both a technological perspective (fraud and security breaches with card-present retail processing, chip-based solutions on cards themselves to prevent fraud) as well as a business perspective (Visa and MasterCard becoming publicly-traded entities and the financial regulation changes happening right now). This has expanded the requirements that all merchants that accept credit/debit cards must examine to insure proper card acceptance. In the apartment/multifamily industry, there are two areas that property management firms need to understand to not risk penalties or exposure to fines: PCI compliance and convenience fee regulations (when applicable).
PCI compliance defines the specific security standards to protect card information during and after a tr
ansaction. It is a rigorous yearly audit that any entity that processes, transmits, or stores cardholder information must complete each year at a cost of up to $50,000 annually. Many multifamily firms are using either a 3rd party processor, virtual terminal, or accounting software to collect and store cardholder data (since rent is a monthly transaction the property wants to have the renter’s card available for subsequent processing after the first transaction). The 3rd party processor and virtual terminal provider ALWAYS needs to have completed a PCI audit in order to be in good standing with the card associations. Software companies are required to also have completed a PCI audit if the user is keying the card data directly in the property management software then the software company must be PCI compliant as well. When considering a payment processing partner, it is critical that the company is current with PCI compliance (if their name is not on the list on Visa’s official website of PCI-complaint providers then they are NOT PCI compliant) – here is the link:
http://usa.visa.com/download/merchants/cisp-list-of-pcidss-compliant-service-providers.pdf
Convenience fee regulations are specific rules for how a fee can be assessed to a cardholder for accepting payments in an alternative channel (like online or by phone). In most industries, merchant acceptance does not involve convenience fees being charged to the cardholder since the merchant would lose sales if they charged a fee to consumers paying by debit/credit card (not to mention that it is not allowed in a card-present/face-to-face environment). The multifamily industry is moving away from convenience fees being charged to the renter as card acceptance that is fee-free to the renter is becoming a great way to close new leases, boost on-time payments, and be an amenity that renters actually want. For those property management firms that still have a convenience fee component, it is critical to understand card-specific requirements like:
- Convenience fee must be a flat amount (like $9.95) and not a percentage-based fee (Visa card requirement)
- All payment options in that channel must have the same convenience fee (Visa and MasterCard requirement)
- Convenience fees are not permitted on recurring rent transactions (AutoPay Payments) (Visa requirement)
There are payment industry vendors that fly under the radar by not completing the PCI audit (they do not appear on the Visa PCI compliance list) and by violating fundamental convenience fee regulations. Whether you collect thousands or millions of dollars in rent, it is imperative that you verify that your payment vendor is PCI complaint and meets the convenience fee regulations listed above. It is simply not worth the obvious risk and financial loss when it is discovered and reported to the card companies.
Matt Golis – CEO and Founder, RentPayment (a YapStone company)
