If you’re a travel advisor, one of the most significant touchpoints for legal risk involves how you handle client payment information. As the booking agent for hotels, resorts, tour operators, cruise lines, and airlines, you’re not the actual provider of travel services, but you’re still on the hook for payments you make with suppliers or which you process yourself.
There are two primary ways travel advisors can make payments for a client's trip that we'll cover:
If a client disputes a charge with their bank, the amount of that disputed charge could come out of your pocket, so it’s a good idea to make sure you’ve got processes in place to protect you.
There’s a significant amount of legal risk attached to accepting payments for tours, cruises, hotels and resorts, and airfare directly from clients.
Accepting direct payments from clients is the exception, not the rule. Why? There’s a significant amount of legal risk attached to accepting payments for tours, cruises, hotels and resorts, and airfare directly from clients.
Due to this inherent risk, most host agencies prohibit their clients from taking payments for travel products directly from travelers. For agencies that don’t have that restriction, there are two primary reasons advisors might accept direct payments for travel from clients:
1. Net Rates: Some agencies take net rates from suppliers, which they mark up and re-sell to their clients.
2. Bundling Payments from Different Suppliers: Agencies may bundle payments from different suppliers and run the charge through their accounts to charge one price to the client, in one transaction.
If you do either of these things, you may be treading into “tour operator” territory, and you’re definitely taking on additional legal risk. If you’re an agency that does this, you should make sure that you’re not in violation of your obligations to your host agency if you have one.
If you’re thinking of using Paypal or Square, think again. Those payment processors’ terms of service specifically exclude high-risk transactions.
You’ll also want to make sure that you have a merchant account with a payment processor that is approved for high-risk charges since travel is considered a high-risk industry – and those merchant accounts may be expensive and difficult to get.
If you’re thinking of using Paypal or Square, think again. Those payment processors’ terms of service specifically exclude high-risk transactions. You’ll also want to make sure that your Errors and Omissions coverage will allow you to make direct payments.
You don’t need a high-risk payment processor to run a charge for service or consultation fees.
None of the above about accepting direct payment applies to planning or service fees. Fees aren’t payments for actual travel – they’re payments for professional services. You don’t need a high-risk payment processor to run a charge for fees.
Your host may allow you to accept fee payments directly. There’s much less legal risk attached to taking a direct payment for fees so long as you’re in compliance with your hosting agreement and Seller of Travel laws.
You can absolutely accept a direct payment for fees and feel good about that. But if you’re running payments for tours, cruises, hotels, and airline tickets through your bank account, that’s another matter, and you should be aware that you’re taking on considerable risk.
If you’re a hosted advisor, your contractual obligation to your host agency likely prohibits you from accepting direct payments from your clients (possibly with the limited exception of service fee payments.)
There’s a reason for that. If the money a client pays flows through your bank account, you’re taking on a lot of potential liability. The cleanest way to make payments to a supplier is to use your client’s card to make a payment directly with a supplier. For that, you’re going to need a rock-solid credit card authorization, and you’ll need to get one for each and every charge.
Many advisors will take a credit card number over the phone, or accept an email authorization . . . Here’s why that’s a problem.
Even if you have a great relationship with your clients, you shouldn’t cut corners when accepting payment authorizations. Many advisors will take a credit card number over the phone, or accept an email authorization from the client saying, “Just charge my card that you have on file.”
Here’s why that’s a problem.
If your client decides to dispute a payment that you made with their card, they’re essentially telling their bank that it’s a fraudulent charge. In this scenario, the supplier is going to need to see proof from you that you had authorization from the client to make that charge using that card. If you can’t provide sufficient proof of authorization to the supplier, the supplier can’t defend the chargeback, and it’s likely that you’ll be debited for the amount of the disputed charge.
That’s why you should be getting an authorization for every single charge you make using your client’s credit card. The authorization should accomplish three things:
1. Identify the card being used
2. Indicate the amount of the charged
3. Include the date of the authorization
Additionally, the credit card companies are now requiring that the client agrees to the booking terms and conditions at the time of authorization and that the cancellation and refund policies are brought to the client’s attention at the time the payment is made. That’s a lot of info to put into a credit card authorization statement, but you’ll need one for every transaction you put through.
A good tool gives you the ability to send a detailed invoice for client approval and allows you to save a record of all client authorizations in your system.
Since you’ll need to get an authorization for each transaction you process, it’s worth considering investing in a technology tool that will make it easy for you to get those authorizations. This will make it easy for your clients to authorize those charges.
A good technology tool gives you the ability to send a detailed invoice for client approval and allows you to save a record of all client authorizations in your system.
You might have to subscribe to a CRM platform in order to access those tools — but consider it a cost of doing business. Spending $50 a month for a tool that protects you is a lot more affordable than losing a credit card chargeback and having to pay for $10,000 of your client’s vacation.
When you’re looking at those tech tools, make sure that it complies with PCI (Payment Card Industry) data compliance standards. Taking a card number by email or (even worse) text message, or storing card numbers in an unencrypted spreadsheet or database is extraordinarily risky.
If your unencrypted system for storing and holding numbers gets hacked, your clients could become victims of identity theft, and you could wind up having to pay a lot of money to comply with laws governing the clean-up in the aftermath of a data breach. Again, investing in a PCI-compliant tech tool is a no-brainer. My recommendation? Spend the money, learn how to use it, and use it consistently.
Remember how we mentioned your terms and conditions when we talked about credit card authorization language? Well, maybe we were putting the cart before the horse, but … You do have a terms and conditions document, don’t you? If not, now’s the time to put something in place.
Your terms and conditions statement is the baseline for every trip you book for your clients. You'll want to have your clients affirmatively agree to your terms when booking travel for them — either as part of a client agreement, when authorizing credit card payments, or both.
The terms and conditions you have in place will protect your business from all sorts of legal risk, everything from complying with government regulations to limiting your liability for supplier errors to making advisories to clients about risks of travel…and much more.
Where chargebacks are concerned, one of the provisions that you’ll want to put in your terms is a provision where your client agrees that they won’t dispute charges they have authorized, except in cases of fraud. Obviously, you can’t restrict a client from disputing fraudulent charges, but if they’ve authorized you to pay the supplier for their vacation, and then they try to dispute the charge, you don’t want the amount of that charge coming out of your pocket.
In a high-risk industry, a one-size-fits-all approach is not going to be as useful as having something fine-tuned to the specifics of your business.
If your clients have agreed to such a provision in your terms document, you could (if you needed to) go to court to recover the amount that you were damaged. Essentially, you’d show the court your terms, where the client agreed to those terms, where the charge was authorized, and proof that you were damaged. Obviously, no one wants to be in the position of having to sue a client, but if you have a client that disputes a significant charge as a way of getting out from under a supplier policy they don’t like, you shouldn’t have to pay for that.
If you don’t have a well-crafted terms and conditions document already in place, it’s time to fix that. There are some cookie-cutter documents and templates floating around out there, including some that you can purchase. But I have a strong view that in a high-risk industry, a one-size-fits-all approach is not going to be as useful as having something fine-tuned to the specifics of your business.
A business that does a lot of school groups will need slightly different terms than someone who books a lot of adventure travel. Before you spend money buying a cookie-cutter document, consult with an attorney who knows the travel and tourism industry about what it would take to protect your business adequately. ASTA has an attorney-referral program, and the attorneys in that program all offer complimentary consultations to ASTA members, as well as discounted rates. Think of it as a cost of doing business.
HAR Resource: Looking for a travel lawyer? Look no further. Find HAR's list of travel attorneys here!
Selling travel is a high-risk business and a lot of that risk centers around how you handle your client’s payment information. The good news is that all of that risk can be managed if you avoid taking payments directly from clients, have a solid credit card authorization, use a PCI-Compliant tech tool, and have a well-crafted terms and conditions document.