Never accept credit card payments by phone again
Never accept credit card payments by phone again
27 MAY 2020 1:00 PM

Ecommerce platforms for accepting guest credit card information should be considered as both a data security and productivity solution.

As we rapidly shift into the new normal that is 2020 and the decade ahead, many lingering inefficiencies in our operations have been brought to light by the need for a leaner team and more purely digital workflows.

Scrutinizing all financial figures for hotel properties and making many hard decisions in recent weeks has revealed numerous accounting practices that are still stuck in the distant past, foremost among them being the paper-based credit card authorization forms and dealing with any other kinds of card-not-present transactions.

The pain point
Surveys of GMs, controllers and other senior executives before the COVID-19 crisis hit reveal that hotels are still quite vulnerable due to the practice of accepting credit card information over the phone.

First off, this is a time-consuming activity as a reservationist or guest service agent must stay on the call with the guest the entire time. It’s also prone to human error or, worse, card-not-present chargeback disputes for which the hotel usually bears the brunt of the costs. Finally, all those paper authorization forms still have to be physically posted to the correct ledger, all while avoiding risks of security breaches due to keeping customers’ credit card information on file where multiple eyes can see.

One of the key projects for this coming year at an independent resort for which I am the asset manager is to minimize manual payment processing and move more of these activities to an integrated online system. The objectives are to decrease costs, increase security and enable more work-from-home options.

Researching solutions, what I’ve discovered is that there are now several platforms capable of layering a customized ecommerce webpage on top of a hotel’s payment gateway provider so that your employees don’t need to touch credit card data anymore. Payments are fed through the online portal to the gateway while simultaneously posting that data to the PMS onto the intended ledger – guest or group folios, restaurant, spa, golf, miscellaneous and so on.

Understanding tokenization
In looking to implement such software at a hotel, one key data security term I’ve had to familiarize myself with is “tokenization” to denote the encryption of sensitive information as it is handed from system to system, all so that a guest’s credit card can be verified as legitimate and so all the banks are properly notified of the transaction.

To break it down further, tokenization means that the encrypted credit card information goes first from the point of sale (POS) at the merchant or hotel, to hotel’s acquiring bank or an acquiring processor on behalf of the merchant, to credit card processor (Visa, Mastercard, American Express), to the guest’s bank for validation, and then all back along the chain in reverse. Throughout this entire process, the guest’s tokenized personal data can only to be deciphered by a remote token service.

Lowering costs
Getting bogged down by manual entry is a huge time sink, so obviously these ecommerce platforms that can also post to the PMS will help reduce costs. Moreover, as a result of the heightened degree of verification, an ecommerce merchant POS is afforded reduced interchange fees versus a regular lodging POS.

This brings us back to those pesky phone calls where guests are all but ready to verbally tell you everything you need to effectively complete a card-not-present transaction. Instead of typing in or writing down any credit card details, the only piece of information you now need is the person’s email. From there, guests get an ecommerce portal to fill out on their own while the hotel gets a real-time notification of each successful payment or failed attempt.

Keep in mind, though, that we aren’t eliminating the telephone interaction with guests altogether. With these technologies in place, we merely transferred the tedious, non-rapport-building part of that call – the exchange of sensitive credit card information – to a webpage. All the other benefits were an easily comprehendible windfall.

The impetus for my recent endeavor into this territory was a result of a need for more productivity from a lean team as well as more flexibility for staff members required to work from home. I don’t see these new office policies reversing anytime in the near future.

One of the world’s most published writers in hospitality, Larry Mogelonsky is the principal of Hotel Mogel Consulting Limited, a Toronto-based consulting practice. His experience encompasses hotel properties around the world, both branded and independent, and ranging from luxury and boutique to select-service. Larry is also on several boards for companies focused on hotel technology. His work includes five books “Are You an Ostrich or a Llama?” (2012), “Llamas Rule” (2013), “Hotel Llama” (2015), “The Llama is Inn” (2017) and “The Hotel Mogel” (2018). You can reach Larry at to discuss hotel business challenges or to book speaking engagements.

The opinions expressed in this column do not necessarily reflect the opinions of Hotel News Now or its parent company, STR and its affiliated companies. Bloggers published on this site are given the freedom to express views that may be controversial, but our goal is to provoke thought and constructive discussion within our reader community. Please feel free to comment or contact an editor with any questions or concerns.

No Comments

Comments that include blatant advertisements or links to products or company websites will be removed to avoid instances of spam. Also, comments that include profanity, lewdness, personal attacks, solicitations or advertising, or other similarly inappropriate or offensive comments or material will be removed from the site. You are fully responsible for the content you post. The opinions expressed in comments do not necessarily reflect the opinions of Hotel News Now or its parent company, STR and its affiliated companies. Please report any violations to our editorial staff.