⚠ We would appreciate if you would disable your ad blocker when visiting our site! ⚠

Put Your Gateway to the Test

Order a reprint of this story
Close (X)

To reprint an article or any part of an article from Hospitality Upgrade please email geneva@hospitalityupgrade.com. Fee is $250 per reprint. One-time reprint. Fee may be waived under certain circumstances.


October 01, 2005
Credit Card Processing | Disaster Recovery
J. David Oder

View Magazine Version of This Article

© 2004 Hospitality Upgrade. No reproduction without written permission.

This is the motto of the U.S. Postal Service. Of course, we are all aware that the post office no longer lives up to this lofty motto. However, when it comes to credit card processing, and more directly to credit card gateways, this is a motto that should be followed. Since your organization is dependent on credit cards for the majority of your income and cash flow, you cannot accept service that can be interrupted, period.

When Hurricane Charlie, Frances, Ivan and Jeanne were in the news, this issue was brought to the forefront, and it should be a concern for everyone, not just those who are using gateways or credit card services that are located in Florida. The thought of loosing one’s credit card processing capability or support for several hours, days or even weeks merely because your gateway is in the path of the storm, could be hit by lightning, destroyed by a tornado, an earthquake or a severe snow storm is a concern for everyone, everywhere.

We shouldn’t kick Florida while they are down, but we must all be aware how important it is to have a credit card gateway that would not be affected by a natural disaster or an act of terrorism.

Visa’s® Cardholder Information Security Program (CISP) has one domain (or section) on disaster recovery. Visa’s belief is that security is not only for loss from thieves (electronic or actual) but also it is being secure in the fact their cards can always be used no matter what the circumstances.

The big boys like Visa, MasterCard® and American Express® and many others have good systems. However, on that terrible day in September 2001 when the twin towers fell, American Express was hit as well. If their data center was like many of the gateways no one would have been able to use an American Express card on Sept. 12, but that was not the case. Why? Because American Express had redundant data centers. When one was hit, the other took over. While there was some loss of service and even some loss of quality of service, merchants could still accept and cardholders could still continue to use American Express.

When choosing a gateway it is important to not only look at how much it costs, how fast it is or how it works but it is also important to make sure that it will keep working no matter what. Otherwise, the question becomes, how much does it cost me to be down?

Some of the costs are out-of-pocket actual costs, and others are costs that will never really be known, such as how much business was lost because of poor guest services.

Out-of-pocket costs include the cost of using the call center for authorizations, the cost of transactions downgrading from electronic to manually keyed, the cost of increased clerk labor and the cost of additional accounting. The costs that are not seen are guests who are upset over additional time at check in because you must use a manual process when the gateway is down. Guests have choices and many will choose an alternative if their experience is burdensome.

When looking at your current gateway or any gateway that you are considering, here are questions to which you should get substantiated answers.

1| Is the gateway CISP, SDP or otherwise certified? That is, are they included on Visa’s list of firms that have been independently audited to comply with the 12 domains of CISP? Remember, compliancy is not certification. Ask the gateway provider to prove their certification.

2| Is the gateway registered with the various card associations? Ask for registration numbers.

3| Does the gateway have redundant data centers (i.e. one goes down, the other takes over)? This keeps you up in the event of a terrorist act or a catastrophe like a building being destroyed by an unforeseen accident.

4| Are the gateway data centers in areas not prone to natural disasters, like hurricanes, earthquakes, tornadoes and snowstorms? Some states like Florida and California have their share of natural disasters. When mandatory evacuations take place, even if the systems stay up, the support centers may not be manned.

5| Are the gateway data centers backed up by generator so they can stay up even when the power is out? The grid going down in one state can affect another state as we saw in the Northeast blackout of 2003.

6| Does the gateway data center have redundant connectivity to your company? A single carrier can go down in an area affecting your ability to connect to your chosen gateway.

7| If their connectivity is over the Internet, do they have multiple Internet carriers? While the Internet is becoming more stable, Internet carriers can still go down.

8| Are the gateway’s multiple Internet carriers over diverse technologies like telecommunications, cable, microwave and satellite? This protects against the dreaded farmer or contractor with a backhoe that digs up a fiber upon which multiple telecommunications providers depend.

9| Is your data regularly backed up by the gateway? While computers are becoming more reliable, it would be a disaster if your data were lost because of a hard disk or computer failure.

10| Is your data maintained in two locations? It is great if there are two data centers, but if your historical data is only located at one you are still affected by potential disaster.

11| Can you backup your own data? Even the best backup systems fail. Having your historical data in your possession could become critical.

12| Does the gateway have a policy of being up 24/7? A gateway, which has to be down an hour or more each day for maintenance, is just as bad as a gateway that goes down because of natural disaster, power outage, telecommunications outage or a catastrophic accident. It is always peak time somewhere.

13| Does the gateway have multiple connections to the processors it services? Individual leased lines can go down, and while they are under the control of the processors you are still down.

14| Does the gateway publicly publish their up-time statistics? Those that have good statistics are proud of them and want the world to know. Those that don’t publish them usually have a reason for not doing so.

The right answers to all of these questions are critical. But your experience and the experience of others should be taken into account. Look critically at the statistics. A gateway that answers yes to all of these questions can still be down a great deal merely because the system itself is weak and was not built with reliability in mind.

We can’t change the post office because they no longer live up to their motto, but we can make sure that our credit card processing can weather any storm.

J. David Oder is president/CEO of Shift4 Corporation (www.shift4.com), a Las Vegas, Nev. firm that supplies electronic payment applications and services to hospitality merchants worldwide.


want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.