Information on Payment Gateways and PCI Compliance.

Overview

A payment gateway is an eCommerce application provided by merchant services to authorize and process credit card payments in a PCI-compliant manner. Security provisions surrounding the processing of information and handling of credit cards are mandated by all credit card brands and administered by the Payment Card Industry Security Standards Council.

Payment Card Industry Data Security Standard (PCI DSS), also known as PCI Compliance, is a proprietary information security standard for organizations working with major branded credit cards, including Visa, MasterCard, American Express, and JCB.

Payment Gateways

Configuring a payment gateway account in RMS provides secure credit card storage, payment processing, and refunds directly from any account in RMS, with the added ability to accept online payments through the RMS Internet Booking Engine and the Guest Portal when connected to a payment gateway. Credit card information is encrypted, stored, and processed externally of the RMS database. 

A Credit Card Token becomes available to use in RMS to manage payments and refunds to the connected card without exposing sensitive information. Many payment gateways also include EFTPOS terminals to enable management of card-present transactions. 

Available Payment Gateways

RMS integrates with a large number of payment gateways, including the native all-in-one solution, RMS Pay. RMS Pay enables centralized management of credit card transactions, pre-authorizations, and chargebacks without navigating externally from the Property Management System, with both EFTPOS and eCommerce capabilities. 

• Additional features available with RMS Pay include manual release of pre-authorizations and the ability to send a secure Pay By Link by email or SMS to request payment. The Pay By Link enables the recipient to complete payment on a 3DS secure payment page that records and processes the payment in RMS using RMS Pay.

Each payment gateway's features and limitations vary, with some offering EFTPOS only or eCommerce only, and others offering a combination of both. Accepting payments on the RMS Booking Engine and Guest Portal, as well as the ability to tokenize credit cards and securely process transactions without a connected device, requires eCommerce capabilities.

Other Payment Gateways available for connection in RMS include: BridgePay, CommWeb, Elavon, Evo, GK Solutions, OpenEdge, Red Dot, Opayo, Stripe, Tyro, Till Payment, and Windcave.

Frequently Asked Questions

What are the benefits of using a payment gateway?

A payment gateway is the only PCI-compliant method for securely storing and processing credit card transactions in RMS. In addition to being PCI compliant, a payment gateway minimizes the manual processes involved in credit card transactions.

eCommerce payment gateways add further benefit by enabling online payment processing on the RMS Booking Engine and in the Guest Portal.

A payment gateway offers simplified payment processing while minimising exposure and the handling of sensitive card information, providing peace of mind to the guest and reducing liability from unpaid charges.

Deposits and account payments, including charges for incidentals or damages after the guest has checked out, can also be completed without pursuing the guest by using the existing Credit Card Token.

What happens if we don't use a payment gateway?

A payment gateway is the only PCI-compliant method for securely storing and processing credit card transactions in RMS. Not using a payment gateway limits capabilities to the use of an external EFTPOS device and manual recording of transactions on accounts in RMS.

Online payment capabilities through the RMS Booking Engine can be processed on behalf of the property by RMS and may include fees, with payouts of any payments taken processed on a monthly basis.

Payments using the Guest Portal, Gift Cards, or the Passes Portal will not be available. 

Credit card information received from third-party connected Online Travel Agents will be stored as a PCI-compliant virtual credit card, and payment must be processed and recorded manually. 

Can we use our existing merchant facility?

The existing merchant facility must be enabled for e-commerce and connected to a payment gateway in RMS. For more information, please contact the merchant services department at the property's bank.

Can we perform a pre-authorization on a guest's credit card using a payment gateway?

RMS Pay offers the flexibility to place, consume, or release a pre-authorization, whilst other eCommerce payment gateways may only enable placing a pre-authorization.

The ability to perform a pre-authorization with the option to manually release or consume the held funds is determined by the selected payment gateway provider. Specific features available for each payment gateway can be viewed on the associated 'Payment Gateway Functions' article.

What transaction fees are associated with using a payment gateway?

Transaction fees are determined by the payment gateway provider and vary between providers.

eCommerce transactions and processes, including creating a Credit Card Token or Pre-Authorization Token as well as payment processing and refunds, may incur fees from the selected payment gateway provider.

Credit card transactions processed using the EFTPOS terminal will incur the standard transaction fees determined by the merchant bank.

What is the difference between EFTPOS and eCommerce?

EFTPOS is a transaction processed with the credit card present using a connected device at the point of sale.

eCommerce is a credit card transaction processed electronically via the Internet, where the card is not physically presented at the point of sale.

What commitment has RMS made to PCI Compliance?

RMS has now been certified as being compliant with the most recent version of the Payment Card Industry Data Security Standard (PCI DSS) v.4.0.1. The PCI DSS certificate of compliance is available to view in the RMS Trust Center.