Written by Nate Christensen
Updated on May 26th, 2023
Table of Contents
Audience: Loan Servicer or Collector, Loan Servicing/Collections Managers, Compliance
Introduction
LoanPro’s payment integrations make servicing loans with payments incredibly easy. Through the creation of customer payment profiles, payments on loans can be made securely within LoanPro's Loan Management System (LMS). Though, if you don’t have an active Secure Payments account connected to your LoanPro account, you will not be able to add payment profiles; your customer payment profile information is stored in Secure Payments to ensure security and remain in compliance with PCI DSS (Payment Card Industry Data Security Standards).
In this article, we'll explain how to create customer payment profiles within LMS.
How to Add Payment Profiles
Like we mentioned, it's required to have an active Secure Payments account connected to your LoanPro account to create payment profiles. With this in mind, here is a break down of how to create payment profiles in LMS.
You can add a payment profile for a customer in three separate places within LoanPro: the Customer Manager, a customer's information page within an individual loan, or through the Servicing tab within an individual loan.
When you create a payment profile in LMS, you are actually storing the information in Secure Payments through an iframe, which acts as a gateway between the two products.
Common Uses & Questions
Here's some information for specific roles at your company, as well as common questions we hear about payment profiles.
Loan Servicer or Collector Use
Most borrowers prefer that you use one payment profile instead of another. When you add multiple profiles, you can click the key icon next to one of them to make it the primary profile.
If borrowers ever have questions about which profiles have been used on previous payments, you can check in their Payment History tab. That page shows all payments in a table. Clicking the blue text in the 'Info' column will expand information about a particular payment, including the payment profile ID.
Loan Servicing/Collections Managers Use
LoanPro's LMS and Secure Payments software helps you maintain PCI-DSS compliance and keep payment data safe. However, your own agent users can still violate those standards if they mishandle payment profile information. If they store card data on your own software or database, or even a physical copy, you would violate PCI standards and be subject of a fine of thousands of dollars.
We strongly recommend that you train servicers, collections agents, or anyone else who handles payment information to save that information in our system as soon as it is received, and to avoid storing that information anywhere else.
Compliance Use
Payment profile data is stored in Secure Payments which complies with PCI-DSS. We hold a Level 1 PCI-DSS Attestation of Compliance (AOC).
When payment profiles are saved, they're added directly into Secure Payments via an iframe. We strongly recommend that you enter card data into that iframe as soon as it is received, and that it is never stored in your own software or database, as this would put you under the scope of PCI-DSS compliance. Violating these standards can lead to fines of up to $100,000 per month.
Once a payment profile is saved, the full account number or card number can never be retrieved by an agent user. Through roles, users can be granted access to see a redacted number (e.g., "XXXX-XXXX-XXXX-1234"); or, they can have their access restricted so they can't even view that.
Does it matter whether I create the payment profile in the customer manager or the loan manager? Not in the slightest. Regardless of where you add the payment profile, it gets tokenized and saved in Secure Payments and can then be used when you log payments in LMS.
If payment profiles are saved in Secure Payments, why don't I create them there? To keep your borrower's info safe, we save everything in Secure Payments. But for your convenience, we've added iframes that let you put information into Secure Payments without actually logging in.
Can I delete a payment profile? You can't delete a payment profile from Secure Payments, but you can remove it from being associated with a customer. This can only be done through the API. You can read more about this process in our API – Update Payment Profile article.
What's Next?
Before you can process ACH or bank card payments in the software, you'll need to add payment profiles and create a payment processor. Our article Intro to Payment Processors explains what they are and how they work, and Setting Up Payment Processors shows you how to set them up in the software.