Payment Gateways and PCI Compliance

A payment gateway is an eCommerce application provided by merchant services to authorize and process credit card payments in a PCI compliant manner. Security provisions surrounding the processing of information and handling of credit cards is mandated by all credit card brands and administered by the Payment Card Industry Security Standards Council.

Payment Card Industry Data Security Standard (PCI DSS) — also known as PCI Compliance — is a propriety information security standard for organizations working with major branded credit cards including Visa, MasterCard, American Express, and JCB.

PCI Security Standards Council

Please review the website for more information on the PCI Compliance Standard administered by the Payment Card Industry Security Standards Council.

 

Payment Gateways

Configuring a payment gateway account in RMS provides secure credit card storage, payment processing and refunds directly from any account in RMS with the added ability to accept online payments through the RMS Internet Booking Engine and the Guest Portal. When connected to a payment gateway, credit card information is encrypted, stored, and processed externally of the RMS database. 

A Credit Card Token becomes available to use in RMS to manage payments and refunds to the connected card without exposing sensitive information. Many payment gateways also include EFTPOS terminals to enable management of card present transactions. 

Important Information!

A payment gateway is the only PCI compliant method of managing credit card information in RMS.

 

Available Payment Gateways

RMS integrates with a large number of payment gateways including the native all-in-one solution, RMS Pay. RMS Pay enables centralized management of credit card transactions, pre-authorizations, and chargebacks without navigating externally from the Property Management System with both EFTPOS and eCommerce capabilities. 

  • Additional features available with RMS Pay include manual release of pre-authorizations and the ability to send a secure Pay By Link by email or SMS to request payment. The Pay By Link enables the recipient to complete payment on a 3DS secure payment page that records and processes the payment in RMS using RMS Pay.

Each payment gateway's features and limitations vary with some offering EFTPOS only or eCommerce only and others offering a combination of both. Accepting payments on the RMS Internet Booking Engine and Guest Portal, as well as the ability to tokenize credit cards and securely process transactions without a connected device requires eCommerce capabilities.

Other Payment Gateways available for connection in RMS include: BrainTree, BridgePay, CommWeb, Elavon, Evo, GK Solutions, NGenius, OpenEdge, Red Dot, Opayo, Stripe, Tyro, Till Payments, and Windcave.

Regional Availability

Gateway availability varies based on property location.

 

Frequently Asked Questions

What are the benefits of using a payment gateway?

  • A payment gateway is the only PCI compliant method for securely storing and processing credit card transactions in RMS. In addition to being PCI compliant, a payment gateway minimizes the manual processes involved in credit card transactions.
  • eCommerce payment gateways add further benefit by enabling online payment processing on the RMS Internet Booking Engine and in the Guest Portal.
  • A payment gateway offers simplified payment processing whilst minimizing exposure and the handling of sensitive card information, providing peace of mind to the guest and reducing liability from unpaid charges.
  • Deposits and account payments, including charges for incidentals or damages after the guest has checked out can also be completed without pursuing the guest by using the existing Credit Card Token.

Key Takeaways

Connecting a payment gateway streamlines credit card transactions, ensures PCI compliance and offers a wider range of payment options to guests.

 

What happens if we don't use a payment gateway?

  • A payment gateway is the only PCI compliant method for securely storing and processing credit card transactions in RMS. Not using a payment gateway limits capabilities to the use of an external EFTPOS device and manual recording of transactions on accounts in RMS.
  • Online payment capabilities through the RMS Internet Booking Engine can be processed on behalf of the property by RMS and may include fees with payouts of any payments taken processed on a monthly basis.
  • Payments using the Guest Portal, Gift Cards, or the Passes Portal will not be available. 
  • Credit card information received from third party connected Online Travel Agents will be stored as a PCI compliant virtual credit card and payment must be processed and recorded manually. 

Can we use our existing merchant facility?

  • The existing merchant facility must be enabled for eCommerce and connected to a payment gateway in RMS. For more information, please contact the merchant services department at the property's bank.

Can we perform a pre-authorization on a guest's credit card using a payment gateway?

  • RMS Pay offers the flexibility to place, consume or release a pre-authorization whilst other eCommerce payment gateways may only enable placing a pre-authorization.
  • The ability to perform a pre-authorization with the option to manually release or consume the held funds is determined by the selected payment gateway provider. Specific features available for each available payment gateway can be viewed on the associated 'Payment Gateway Functions' article.

What transaction fees are associated with using a payment gateway?

  • Transaction fees are determined by the payment gateway provider and vary between providers.
  • eCommerce transactions and processes including creating a Credit Card Token or Pre-Authorization Token as well as payment processing and refunds may incur fees from the selected payment gateway provider.
  • Credit card transactions processed using the EFTPOS terminal will incur the standard transaction fees determined by the merchant bank.
Please contact the merchant bank and payment gateway provider for more comprehensive information on the fee schedule.

 

What is the difference between EFTPOS and eCommerce?
  • EFTPOS is a transaction processed with the credit card present using a connected device at the point of sale.
  • eCommerce is a credit card transaction processed electronically via the Internet where the card is not physically presented at the point of sale.

What commitment has RMS made to PCI Compliance?

  • RMS has now been certified as being compliant to the most recent version of the Payment Card Industry Data Security Standard (PCIDSS) v.4.0.1. The PCIDSS certificate of compliance is available to view in the RMS Trust Center.

Warning!

Microsoft discontinued support and security updates for Windows 7 effective 14th January 2020. Continuing to operate RMS using Windows 7 could violate security requirements under PCI DSS (PCI Compliance).

Was this article helpful?
0 out of 0 found this helpful