How to Connect to a Credit Card Processor
By Bob Lowe Vice President of POS Intergrations, Heartland Payment Systems | May 21, 2017
Of course every hotel needs to accept credit cards as a payment method, and to do that you need a credit card processor. As you select a processor, you should look at what they can do for you and how you will connect to them, because not all are created equal, and the choice you make could have a far- reaching impact. First, will you connect directly to them or connect through a switch, gateway or other intermediary? You may be constrained by the choices your property management system (PMS) or even your hotel brand offers, but it's good to explore those choices and make the decision that works best for you.
Your processor handles the authorization and settlement requests a hotel forwards and importantly provides the funding each day for guests using a credit card. The processor then incurs a cost from the card networks for the services they provide. These costs are defined by each card brand in their interchange price table. Interchange varies based on the type of card and the merchant classification and increases if the transaction does not fully comply with card regulations. Processors deduct fees to cover these costs from the amount forwarded to the merchant based on their own fee schedule or – like Heartland – provides transparency by simply charging the interchange plus a small margin, usually expressed in some number of basis points (bps) – one-tenth of one percent of the value of the transaction.
This style of billing is referred to as "interchange plus" and will provide you, the merchant, with an easy-to-understand and cost-effective program. The processor also may have other programs such as gift card, loyalty programs, lending programs, point of sale (POS) and payroll services that allow you to get multiple services from a single vendor.
Traditionally, a hotel PMS has connected to a gateway that then connects to a processor. Why does the PMS not simply connect directly to the processor? In the early days of integrated payments, the integration tools that processors offered were complex, and developers of a POS/PMS had limited understanding of the payments space, so writing to a gateway was an easy choice. The POS/PMS developer could write one interface to a gateway and enable a collection of processors. Similarly, the processors didn't have the market reach, bandwidth or integration products that allowed them to integrate with a POS/PMS, when they may only have a few customers wanting an integrated solution. The PMS to gateway to processor model made a lot of sense for everyone. Today's market is different in many ways.
First, many processors have invested in tools that make direct integration from a POS/PMS a lot easier for the developer than it used to be. For example, Heartland not only provides an Application Programmers Interface (API) – a specification the developer can use to create an integration – but also provides a Software Development Kit (SDK) that contains ready-built software class libraries that developers can include in their code as ready-made solutions. Also, with the current trend toward EMV, Heartland has a range of EMV payment devices from PAX and Ingenico that simplify development using a semi-integrated approach where devices accept a business request for an authorization or sale, gather the card information from the customer and communicate directly with the processor. These semi-integrated solutions don't require intermediary software to be installed in the hotel.
Next, the way hotels operate is much different from other industries. Early PMSs existed on a private hotel network – because the internet didn't yet exist. If you had an electronic connection to a central reservation system, it was over a private line, credit cards were manually swiped with a knuckle buster, and breaches really didn't occur. Today, 15 years after Visa launched its Cardholder Information Security Program (CISP), which later evolved into the Payment Card Industry Data Security Standard (PCI DSS), hotels are still suffering from credit card breaches and attacks seem to be increasing. So what makes hotels so vulnerable to data breaches?