The Truth in Lending Act dictates that every credit card transaction should be authorized by the cardholder, which can be cumbersome and overly complicated if you want to collect credit card data to process a third-party service.
Dear Your Business Credit,As travel agents, my business partner and I are starting to sell cruises to groups of people. As a group, the individual cruisers can’t make payments toward their cruise with the cruise line. All payments have to be processed by us, the agents.
Rather than getting the individual cruisers to pay us and then we turn around and pay the cruise line out of our account (which would have cost $9,000 on the last project), we are wondering if there is a way to securely collect the credit card information from the individual cruisers (using a customer relationships management system [CRM]) and then be able to access it later and process the payments ourselves with the cruise line using the information given to us by the individual cruisers?
We want to be PCI Compliant but can’t find a CRM that offers this option. – June
I admire your dedication to finding the most efficient way to run your business. When you run a lean team, using tools like a CRM can be a great way to extend what you can do.
However, I don’t think you’re going to find a CRM that allows you to store your customers’ credit card data on behalf of a third party (the cruise line) and then convey it to that third party so they may be charged for their purchases.
Storing customers’ credit card data securely is not the issue, in case you are wondering. Many merchant processors offer technologies for encryption and tokenization that can help with this. For a more extended discussion, see my previous column, “Securely storing customers card data.”
What the law says about using customers’ cards
The reason you probably won’t find such a CRM is that the cruise line cannot use the credit card numbers of the cruisers to process payments unless the cruise line has gotten authorization from the cruisers to put charges on their credit card.
Regulations in the Truth in Lending Act define unauthorized use of a credit card as “the use of a credit card by a person, other than the cardholder, who does not have actual, implied or apparent authority for such use, and from which the cardholder receives no benefit.”
If there is a way you can persuade the cruise line to collect their credit card information so you do not have to process the payments, that would be the most direct way to do what you are trying to do. The cruise line will likely need to issue a contract or legal document of some sort that the cruisers sign, authorizing the charges.
Consider whether the effort is worth it
Should you go this route, consider the possibility of unintended consequences. Is there any benefit to your company of collecting the money up front, such as improved cash flow? You’ll want to take that into account before you move ahead.
If you are collecting the exact amount you owe the cruise line for the cruises ahead of time, it should not be difficult to pay for the cruises yourself unless you are in a cash crunch and find yourself deploying the money for other purposes.
I’m all for using technology, but this is a case where sticking with what you’re doing may be the best solution. Only you know your cash-flow situation, so once you take that into account, I’m confident you’ll find the best solution.