Essential Payments Knowledge for the Here and Now

As business owners we can spend a lot of time worrying or ruminating about what the future will bring – particularly during these volatile times. There can be a tendency to second guess and speculate about the changes happening; how they will impact us individually and as an industry. Payments are one of these ‘future-concerns’ for many hospitality businesses. The payments landscape is fast evolving, and it can be hard to know how best to prepare for the changes that will undoubtedly lie ahead. However, whilst planning for the future is prudent business management, it can be helpful to take a step back, reflect and focus on the here and now, and to take small actions that will benefit us in the current moment.In this article we are going to review some of the crucial payments knowledge hospitality providers should harness right now and advise on practical steps you can take that will have an immediate positive impact - as well as build a good foundation for the future. PCI-DSS ComplianceThe most important thing is to focus on the essentials, particularly your obligations as a merchant. This includes PCI-DSS compliance.PCI-DSS is the Payment Card Industry Data Security Standard​, an information security standard for organisations that handle credit cards from the major card schemes. ​The PCI Standard is mandated by the card brands, but administered by the Payment Card Industry Security Standards Council. ​If you take card payments you must meet the 12 standard requirements stated within the PCI Data Security Standard (DSS)​.Things to know:

• There are implications for non-compliance, including fines. NB: if you are found to be continually non-compliant, your card payments can be turned off.
• If you aren’t confident whether you are compliant, or don’t understand the requirements, the easiest way is to check with your acquirer. They are responsible for their merchants’ compliance and so should have the resources to educate you and ensure you are compliant. Alternatively, review the PCI security standards website to learn more.
• Some acquirers use European licences and therefore don’t charge PCI DSS fees. Other acquirers charge you for managing your service. By finding out what fees you are being charged you have the opportunity to change acquirers and reduce your fee.
• Once you understand compliance, make sure staff are also informed and trained in this area.

ContactlessThe big news in October 2021 was the increase in the contactless payment limit to £100 - a significant leap from the previous limit of £45.Things to know:

• 60% of card transactions in the first seven months of 2021 were contactless[1]. With this huge shift in consumer payment behaviour, it may be worth investing in offering contactless payments if you have not already, as it does speed up service and has already become an expectation for a huge base of customers.
• Businesses need to consider whether they want to use the £100 contactless limit. It may present an issue with higher cost ‘walk-offs’ - where customers leave the store without realising their payment hasn’t gone through. This is especially a risk if receipts have been turned off on the card machine, as your staff will be less likely to notice.
• Train staff on this issue and make sure there are standard operating practices (SOP’s) in place to stop this happening, such as waiting for the transaction confirmation message on the card machine.
• Liability should now lie with the Card schemes or the acquirers for these payments, but a small number of acquirers will move the liability to the merchant. Check with your acquirer if you aren’t sure.

Pin on Glass & Pin on COTSPIN on Glass is where the PIN entry is done on the integrated touchscreen of a PCI-approved smart terminal. The touchscreen of the terminal displays the virtual PIN pad when needed, where the customer can enter their PIN code.​With PIN on COTS (Consumer-Off-The-Shelf Devices) a PCI-certified card reader is used to read the card, then if the PIN is required the app linked to the card reader on the synced smartphone or tablet will display a virtual PIN pad on the screen for customers to enter their pin.​Things to know:

• These products reduce costs and improve accessibility for smaller businesses to offer card and contactless payments. It removes the need for a separate card reader.
• Uptake is much slower than anticipated as banks want to protect their payment terminal revenue. ​
• True PIN on Glass is only available on Android applications/products in the short-term
• There may be some challenges from customers who feel uncomfortable with the security of these products. Older generations could – potentially - be unsure about the security of tapping someone’s phone with their card or entering their pin onto a device that looks different from the ones they have become accustomed to. It may be helpful to ensure you are confident in explaining the products and their security credentials simply to customers who have queries.

E-commerceCovid has massively changed online purchasing and payments, with digital wallets accounting for 32% of all online payments in the UK.​ Three-quarters of UK consumers also say they want a “click and collect” option[2].Things to know:

• There is huge potential here and small businesses now have a platform to sell directly to customers​.​
• You need to be careful that the cost and infrastructure of your e-commerce offering works for you. Check what your gateways and acquiring fees are and review/switch providers if it isn’t working for you. For instance, do you want a high click rate with low percentage payment (best for high-value transactions, such as hotel room bookings)?​ OR do you want a low click rate but higher percentage value (best for merchants with high numbers of low value transactions, such as coffee shops)? The two needs are very different.
• It can be worth spending some time to research what offering would be most suitable for your business - you may be surprised what you can save, and therefore get the most value from e-commerce.

3D Secure 2.03DS has been around for quite some time now. It’s an authorisation system designed to protect customers when shopping online using credit or debit cards. The updated version of 3DSecure, 3DSecure 2.0, is designed to be more seamless. The customer will enter into the framework of a third-party payment gateway and back to the webpage or app seamlessly. Things to know:

• Hospitality providers who take online payments should be aware that 3DS2 is coming. Whilst 3DS was not mandatory, and some switched it off because it did not provide a frictionless payment experience for the customer, 3D secure 2.0 WILL be mandated.
• Once a 3DS transaction has occurred the liability moves back to the acquirer and does not fall with you - the merchant. Without 3DS enabled you may be liable for fraudulent transactions made on your site.
• Take a moment to check whether 3DS2 will affect you - there are some exceptions, including, but not limited to:
• “low value transactions, for example those under £30​
• low risk transactions when the Payment Service Provider (PSP) has low fraud levels across all its platform​
• corporate payments (unless the corporate card is in the name of an individual)”[3]

Personalisation, digitalisation and dataAs more of our transactions move through digital platforms, payments and data offer the possibility to improve personalisation and customer service. It may not seem ‘essential’, and certainly security, costs and compliance are first and foremost, but it’s important to be aware of this shift and to react to it where possible in your business in order to meet customer expectations and demands. Things to know:

• Payment personalisation​ will be a huge area of change in the immediate future
• Particularly for younger generations (Gen Z and Alpha) there is less concern about the collection of personal data as long as it gives them a better, more seamless experience. Security is an expectation and they have an understanding that the system and merchant should/will protect them.
• Hospitality providers may need to think about how they will interact with customers and provide excellent service in a digital form, for example app-based loyalty schemes, e-wallets or QR code payments.

ConclusionIn the midst of all the day-to-day challenges of hospitality it can be beneficial to take some time to stop and review your knowledge, and assess how payments fit into your business. Checking a few simple things, or communicating with your payments acquirer can save you money and time, as well as improve security, compliance and customer service.

1. https://www.bbc.com/news/business-58898474
2. https://dontdisappoint.me.uk/resources/lifestyle/online-shopping-statistics-uk/
3. https://www.payments.service.gov.uk/3d-secure-2/