Mobile payments may be the new “big thing” in the payment industry, but because it is still a relatively new concept, it is extremely important that your mobile payment options are both safe and secure.  Due to the relatively recent adoption of mobile payments, there are currently no PCI Security Counsel standards for the mobile payment industry.  Although the payment industry has no official guidelines that enforce security and privacy of mobile payment users, the core PCI security standards in general, should be followed.  It is crucial to select a mobile payment processor that not only adapts these standards, but also goes a step further by implementing additional security features.  Fortunately for anyone that uses our mobile payment options, like our RentPayment mobile iPhone app, we have created a mobile payment solution which is both simple and secure, through the utilization of a critical security feature known as, tokenization.

Tokenization is a technique that must be applied to the mobile payment industry to ensure that a consumer’s credit card information is secure. It is a “best practice technology,” that in the multi-family housing industry alleviates the responsibility of the individual property from storing their renters’ credit card information.  Credit card information is stored through RentPayment rather than through the property management company, via an alphanumeric “token” that can only be used at RentPayment and serves as a substitute for the actual card data.  No token can be used twice; every time a new payment is made the information is stored under a new token, which is useless to anyone that tries to access it. At no time does a renter’s credit card information leave RentPayment’s secure system nor is the information ever stored locally on the user’s phone. 

Every time a renter wishes to make a payment, we access their information with the “token,” the payment is made, and their credit card information is stored with a new “token” or “key.” Not only does this process make mobile payments extremely secure, it also allows for a user friendly experience, since residents do not need to type in their information every time they wish to make a payment. 

 Some of our other mobile payment security features include:

1. Username and password login: Your renters create their own username and password to ensure no one besides them, can access their payment information.

2. Secure Channels: RentPayment uses digital certificates that encrypt data over a secure connection called a SSL (Secure Socket Layer) channel, preventing someone from listening in when the iPhone app is communicating with our servers.

3. Credit card and bank account validation: RentPayment always makes sure account numbers are valid and users’ account information matches with the issuing bank.

 Therefore, whether your residents like to pay their rent online, by phone, or by mobile application, you can always give them the guarantee that their payment is safe and sound with RentPayment. 

Want to learn more about tokenization? Check out this great visual explanation by one of our Software Architects, Xuyen On.

For more information about RentPayment’s mobile payment options, please click here.

With the vast amount of transactions RentPayment processes, it is imperative to uphold the premium level of security and service we offer our customers. In today’s global economy, organizations need to have adequate controls and safeguards when hosting or processing financial transactions. Payment processors who do not meet guidelines may expose property management companies and their renters to risk and fraud. To maintain superior data protection and control, RentPayment completes regular audits and certifications to ensure we are providing the most secure service to you and your renters.

PCI Compliance

The Payment Card Industry Data Security Standard (PCI DSS) is a worldwide information security standard. In order to attain PCI compliant status, RentPayment is required to pass a multitude of tests and security provisions. This annual audit ensures that RentPayment meets ever increasing data security controls to help prevent fraud and risk with card holder information. The core requirements to PCI compliance include: building a secure network, cardholder data protection, maintaining a security management program, access control measures, and regular testing of the network. RentPayment has just passed it’s most recent PCI audit, along with numerous audits in the past, attesting to how seriously we take security when it comes to our customers’ information.

SAS 70 Type II (Statement on Auditing Standards No. 70: Service Organizations)
SAS 70 is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). Passing this in-depth audit establishes that RentPayment has developed control objectives for significant areas of internal control concerning engineering, operations, information technology and payment processing. The control objectives in the 2010 report addressed the following areas: Control Operations, Information Security, Application Change Control, Data Communications, Client Setup & Maintenance, and Payment Processing & Gateways.

White Paper
Educating and familiarizing yourself with industry standards is important to ensure your payment processor is providing a secure service and mitigating risk. RentPayment has produced a white paper to help inform our customers and partners about these significant data security regulations. After reading this paper you will have a better understanding of PCI compliance, SAS 70 audit standards, SSL data encryption, and the major rules set forth by Visa and MasterCard.

Feel free to share this white paper with your industry associates.
Click Here to Read White Paper

A discussion on rules and compliance is likely to conjure two reactions in people – the anticipation of getting a root canal mixed with the frustration from the hassle of meeting the requirements.  Most people don’t appreciate being told how to run their businesses but when you are handling credit/debit cards there are requirements for processing payments.  The payment industry has evolved significantly from both a technological perspective (fraud and security breaches with card-present retail processing, chip-based solutions on cards themselves to prevent fraud) as well as a business perspective (Visa and MasterCard becoming publicly-traded entities and the financial regulation changes happening right now).  This has expanded the requirements that all merchants that accept credit/debit cards must examine to insure proper card acceptance.  In the apartment/multifamily industry, there are two areas that property management firms need to understand to not risk penalties or exposure to fines: PCI compliance and convenience fee regulations (when applicable).

PCI compliance defines the specific security standards to protect card information during and after a transaction.  It is a rigorous yearly audit that any entity that processes, transmits, or stores cardholder information must complete each year at a cost of up to $50,000 annually.   Many multifamily firms are using either a 3^rd party processor, virtual terminal, or accounting software to collect and store cardholder data (since rent is a monthly transaction the property wants to have the renter’s card available for subsequent processing after the first transaction).  The 3^rd party processor and virtual terminal provider ALWAYS needs to have completed a PCI audit in order to be in good standing with the card associations.  Software companies are required to also have completed a PCI audit if the user is keying the card data directly in the property management software then the software company must be PCI compliant as well.  When considering a payment processing partner, it is critical that the company is current with PCI compliance (if their name is not on the list on Visa’s official website of PCI-complaint providers then they are NOT PCI compliant) – here is the link:

http://usa.visa.com/download/merchants/cisp-list-of-pcidss-compliant-service-providers.pdf

Convenience fee regulations are specific rules for how a fee can be assessed to a cardholder for accepting payments in an alternative channel (like online or by phone).   In most industries, merchant acceptance does not involve convenience fees being charged to the cardholder since the merchant would lose sales if they charged a fee to consumers paying by debit/credit card (not to mention that it is not allowed in a card-present/face-to-face environment).  The multifamily industry is moving away from convenience fees being charged to the renter as card acceptance that is fee-free to the renter is becoming a great way to close new leases, boost on-time payments, and be an amenity that renters actually want.  For those property management firms that still have a convenience fee component, it is critical to understand card-specific requirements like:

• Convenience fee must be a flat amount (like $9.95) and not a percentage-based fee (Visa card requirement)
• All payment options in that channel must have the same convenience fee (Visa and MasterCard requirement)
• Convenience fees are not permitted on recurring rent transactions (AutoPay Payments) (Visa requirement)

There are payment industry vendors that fly under the radar by not completing the PCI audit (they do not appear on the Visa PCI compliance list) and by violating fundamental convenience fee regulations.  Whether you collect thousands or millions of dollars in rent, it is imperative that you verify that your payment vendor is PCI complaint and meets the convenience fee regulations listed above.  It is simply not worth the obvious risk and financial loss when it is discovered and reported to the card companies.

Matt Golis – CEO and Founder, RentPayment (a YapStone company)

To many, the thought of paying your rent or bills online may include hesitation and concerns about security. Since the Internet has become so pervasive and fast, it can be hard to know which online services to trust with your money.

However, RentPayment makes the transition to ePayments easy and comfortable.  With the quality services RentPayment offers, you can relax knowing your money is always transferred securely and on time.

Some may think paper checks and billing are still the safest way to go.  However, there are huge risks associated with paper payments compared to online payment. According to American Banker Magazine, more than 1.2 million fraudulent checks are written each day. That equals more than 13 per second! By utilizing e-Payments, the chance of lost, misplaced or stolen checks is no longer a concern.

The truth is, problems with electronic payments are extremely rare.  Due to accelerated processing times and instant return notification to the payee, the electronic check conversion process has proven effective in fewer returns, earlier fraud detection, and fewer errors.

Paying your rent and bills online can actually be safer than taking them to a bank or writing checks. According to NACHA (The Electronic Payments Association), almost 85 percent of identity theft occurs with offline transactions. In addition, RentPayment’s ePayment platform has received the highest level of security the federal government can award to a business processing ePayments, including PCI compliance and SAS 70 certifications.  Personal data remains safe and secure on a private network that is only accessible by RentPayment security-screened employees.  Furthermore, payer information is never released to third parties or banks.

With RentPayment, safety is guaranteed and convenience is promised. With our services, you’ll never forget to pay your bills again thanks to the email and text alert applications that remind you when money is due and/or withdrawn.  To add to the list of conveniences, our electronic payments typically clear your account in about two business days, whereas paper payments can take weeks. Recurring direct debit payments can also be set up using AutoPay, eliminating late fees and penalties.  In addition, keeping record of your payments and direct deposit details has never been easier thanks to our payments archive, which keeps track of your payments in an online database that you can easily access from anywhere.  Now you don’t have to worry about endless amounts of paper and books to keep track of.

It’s time for a more convenient and lower risk solution – ask your property management company today if you can pay your rent using RentPayment!