Buyer beware: online payment solutions explained.On the surface, file online collection of rent and related service payments is a win-win situation for property managers and their residents. Lurking just below the surface. however, are several significant issues that can drown the best intentioned of initiatives.
Online rent payment is popular with residents who like the convenience of recurring payments and participation in credit card reward programs every time they pay their rent. Managers benefit from assured, next-day funds availability, integrated data reporting and the streamlining of key administrative tasks.
This sounds great in theory. In practice, the uninitiated un·in·i·ti·at·ed
Not knowledgeable or skilled; inexperienced.
An uninformed, unskilled, or inexperienced person or group of people. can quickly and catastrophically run aground Verb 1. run aground - bring to the ground; "the storm grounded the ship"
land - bring ashore; "The drug smugglers landed the heroin on the beach of the island"
2. . Online payment solutions that do not comply with local real estate laws, credit card association rules and common sense business practices can be risky and counter-productive. In a heavily regulated industry such as real estate, companies should never seek solutions that will put their businesses in jeopardy.
The Real World Dangers
Non-compliant payment solutions may expose property managers to risks, fraud and malicious network attacks, termination of merchant processing agreements and penalties imposed by state and federal regulators. Residents are also unwittingly placed into a situation where their privacy, credit ratings and quiet enjoyment A Covenant that promises that the grantee or tenant of an estate in real property will be able to possess the premises in peace, without disturbance by hostile claimants. of rental properties may be impacted as a result of the failings of non-compliant payment systems, especially when funds paid by residents are never received by owners or managers.
These scenarios are no exaggerations. Credit card association rules, state and local real estate laws and federal legislation covering fair housing, fair credit reporting and accounting practices have been agreed to and implemented by regulators with the intention to protect consumers and investors, defend the integrity of national infrastructure and systems and ensure that acceptable business standards are maintained.
To help prevent those kinds of situations from recurring, regulators are taking a strong proactive stance in defining the rules and processes that constitute compliance. In some cases this has resulted in third-party online payment services losing their ability to process credit cards, such as Visa and American Express American Express (NYSE: AXP), sometimes known as "AmEx" or "Amex", is a diversified global financial services company, headquartered in New York City. The company is best known for its credit card, charge card and traveler's cheque businesses. . In other cases, departments of real estate in states, including California, have ruled that only licensed brokers or owners of a property, and not third-party payment aggregators, may receive funds paid by residents in terms of a lease agreement.
The message is clear. Property managers and owners need to take compliance seriously and to select their partners wisely. The following collection of issues highlights the top-level compliancy com·pli·an·cy
Noun 1. compliancy - a disposition or tendency to yield to the will of others
complaisance, obligingness, compliance, deference considerations for any property manager considering the online collection of rent and related service payments.
Aggregation of Multiple Merchants
Some third-party service providers process credit card and check payments for property managers on an aggregate basis, through a single account controlled by the service provider. Once the funds have cleared and are deposited in the service provider's account, the service provider will transfer funds to the manager's trust account.
Is It Compliant? This service model is not compliant with Visa rules. Any merchant seeking to accept payment by credit card is required to enter into an agreement with an authorized member bank. This approach protects merchants from third-party providers who aggressively hold and have liability for merchant funds. It also protects consumers who are unaware that they are not paying a merchant directly.
Control of Funds
Certain third-party aggregators have sole control over funds paid in favor of property managers and manage a disbursement DISBURSEMENT. Literally, to take money out of a purse. Figuratively, to pay out money; to expend money; and sometimes it signifies to advance money.
2. process that is outside of the standard merchant account system. The processors control the funds at all times prior to disbursement to the manager.
Is It Compliant? This service model is not compliant with real estate laws in many jurisdictions because the managers do not control the processing accounts, and loss of control is considered to be a breach of trust in account compliance. Additionally, all trust-related accounts must be clearly described as such in banking records.
Before accepting Visa and MasterCard payments, a manager is required to establish a merchant account with an authorized acquiring bank This article or section deals primarily with the English-speaking world and does not represent a worldwide view of the subject.
Please [ improve this article] or discuss the issue on the talk page. or a registered Independent Sales Organization This article or section deals primarily with the English-speaking world and does not represent a worldwide view of the subject.
Please [ improve this article] or discuss the issue on the talk page. (ISO (1) See ISO speed.
(2) (International Organization for Standardization, Geneva, Switzerland, www.iso.ch) An organization that sets international standards, founded in 1946. The U.S. member body is ANSI. ) or Member Service Provider (MSP (1) (Management Service Provider or Managed Service Provider) An organization that manages a customer's computer systems and networks which are either located on the customer's premises or at a third-party datacenter. ) of the bank. American Express and Discover require direct contracts with merchants. Only authorized merchants may accept payment by credit card.
Is It Compliant? Only representatives of an acquiring bank or a registered ISO or MSP can present merchants with a processing offer and merchant account agreement. Unless an owner contracts directly with the bank through official sales channels, the solution may not establish a binding relationship between the business and the acquiring bank. As a result, owners and residents will not have any banking industry protections.
Commingling Combining things into one body.
The term commingling is most often applied to funds or assets. When a fiduciary, a person entrusted with the management of funds other than his or her own in trust, mixes trust money with that of others, the fiduciary is commingling of Funds
Commingling of funds occurs when funds belonging to several entities are mixed in a single account. Certain lenders and housing assistance organizations enforce strict covenants that preclude the commingling of any rental income Noun 1. rental income - income received from rental properties
income - the financial gain (earned or unearned) accruing over a given period of time paid by residents of a property with other funds. Additionally, states that regulate trust accounting practices have ruled that commingling constitutes a breach of fiduciary duties of the trustee.
Is It Compliant? Compliance is achieved by maintaining separate merchant accounts for each community under management and ensuring that clear disbursement instructions are implemented when these are established. Never settle unrelated funds from multiple properties in a single merchant account.
In an attempt to offset the costs of processing online transactions, certain managers seek to charge residents convenience fees. Unfortunately, these fees are often applied arbitrarily and inconsistently. Credit card associations--Visa and MasterCard--as well as issuers of non-bank cards, enforce a wide range of regulations on card-accepting merchants through member banks that offer credit card processing services. Failure to comply with association rules can result in fines and the termination of processing privileges.
Is It Compliant? Convenience fees are only compliant with association rules when the fee is imposed on all like transactions regardless of the form of payment used and when the fee is a flat or fixed amount regardless of the value of payment due. Charging variable percentage-based fees and failing to ensure that the same fee is applied to all transactions in the alternative payments channel is prohibited.
Sarbanes-Oxley Act See SOX.
Section 404 of the Sarbanes-Oxley Act requires that publicly traded companies publicly traded company
A company whose shares of common stock are held by the public and are available for purchase by investors. The shares of publicly traded firms are bought and sold on the organized exchanges or in the over-the-counter market. must establish, document and maintain internal controls and procedures for financial reporting. It also requires companies to check the effectiveness of internal controls and procedures for financial reporting. Companies must document existing controls and procedures that relate to financial reporting, test their effectiveness and report on any gaps or poorly documented areas.
Is It Compliant? Compliance is achieved by recording and reporting transaction data at each stage of a transaction from initial authorization through to settlement and ultimate funds disbursement. Additionally, it is important to be able to disburse dis·burse
tr.v. dis·bursed, dis·burs·ing, dis·burs·es
To pay out, as from a fund; expend. See Synonyms at spend.
[Obsolete French desbourser, from Old French desborser funds directly to the intended deposit account for the business function and not via unrelated commingled accounts.
Statement on Auditing Standards
Statement on Auditing Standards (SAS (1) (SAS Institute Inc., Cary, NC, www.sas.com) A software company that specializes in data warehousing and decision support software based on the SAS System. Founded in 1976, SAS is one of the world's largest privately held software companies. See SAS System. ) No. 70, Service Organizations, is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants With over 330,525 CPA members (in August 2006), the American Institute of Certified Public Accountants (AICPA) is the largest professional organization of Certified Public Accountants (CPAs) in the United States of America. (AICPA AICPA
See American Institute of Certified Public Accountants (AICPA). ). The standard represents that a service organization has been through an in-depth audit of its control activities, which generally include controls over information technology and related processes. Service organizations or service providers must demonstrate that they have adequate controls and safeguards when they host or process data belonging to their customers.
Is It Compliant? The requirements of Section 404 of the Sarbanes-Oxley Act of 2002 make SAS 70 audit reports even more important to the process of reporting on effective internal controls at service organizations. Request a SAS 70 letter from an acquiring bank or ISO or MSP to satisfy compliance obligations.
When residents offer their bankcards at the point of sale, over the Internet, on the phone or through the mail, they want assurance that their account information is safe. That's why Visa USA has instituted the Cardholder Information Security Program The Cardholder Information Security Program (CISP) was a program established by Visa USA to ensure the security of cardholder information as it is being processed and stored by merchants and service providers.
CISP has since been superseded by the [https://www. (CISP CISP Cardholder Information Security Program (Visa)
CISP Comitato Internazionale per lo Sviluppo dei Popoli
CISP Certified IRA Services Professional (American Bankers Association) ) and MasterCard has mandated the Site Data Protection (SDP (Session Description Protocol) An IETF protocol that defines a text-based message format for describing a multimedia session. Data such as version number, contact information, broadcast times and audio and video encoding types are included in the message. ) Program. These programs--based on a common payments industry security requirement, the Payment Card Industry (PCI (1) (Payment Card Industry) See PCI DSS.
(2) (Peripheral Component Interconnect) The most widely used I/O bus (peripheral bus). ) Date Security Standard are intended to protect cardholder card·hold·er
One who holds a card, especially a credit card.
cardhold data, wherever it resides, ensuring that members, merchants and service providers maintain the highest standards of information security. All merchants and their processors are subject to strict compliance with these rules.
Is It Compliant? Distinct, yet as significant as the mandate to comply with data security requirements, is the validation of compliance. It is a fundamental and critical function that identifies and corrects vulnerabilities and protects customers by ensuring that appropriate levels of cardholder information security are maintained. Visa and MasterCard have prioritized and defined levels of compliance validation based on the volume of transactions, the potential risk and exposure introduced into their system by merchants and service providers.
Managed Payment Service Providers and ISOs and MSPs of major acquiring banks are required to comply with association roles including these data security rules. As such, managers processing transactions through these managed services An umbrella term for third-party monitoring and maintaining of computers, networks and software. The actual equipment may be inhouse or at the third-party's facilities, but the "managed" implies an ongoing effort; for example, making sure the equipment is running at a certain quality are able to benefit from their "built-in" compliance and conduct their businesses with the full knowledge that their data and customer data are secure and confidential.
This is an abbreviated executive summary of a white paper co-authored by Ryan Gilbert, CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of PropertyBridge Inc., a provider of online payment systems to real estate managers and owners, and published by National Multi Housing Council, titled "Automated Electronic Payments: Leveraging Technology for Cost Effective Collections and Transaction Management."