Mobile payment technologies allow anyone to become a “merchant” and accept payments by credit or debit card anywhere there is an Internet connection. Common versions of this technology allow a user to insert a device into his or her smart phone or tablet that serves as a debit/credit card reader. Together with its accompanying app, the device allows the user to accept card payments with a simple swipe. Two of the most well-known providers of this technology are Square and PayPal Here.
When considering the use of mobile payment methods, churches often have questions about internal control and security considerations.
Folks might expect that a CPA’s response would be to recommend extensive controls over such payment methods or that a church avoid them altogether due to the inherent risks. But such an approach is not practical, so let’s look at the issue realistically.
First, mobile payment acceptance methods should only be used when they are the only practical payment option. For example, churches should not use mobile payment methods as the means for accepting general contributions on a regular or wide-scale basis. But mobile payment systems may be appropriate for collecting admission fees to remote events, for concessions at remote locations, for participation fees in youth outings, and for similar activities.
The primary risk associated with using mobile payments is that the payments don’t make it to the church. A simple way someone could misappropriate funds would be to configure the payment app to direct the funds to his or her personal bank account. How can a church reduce the possibility that someone might do such a thing? Here are some tips:
- Use only official church-owned devices, and brand the devices in a way that will make it very noticeable if anyone uses an unauthorized device.
- Control access to the church’s account with the app provider, making sure that nobody in the church’s accounting department and nobody who will actually use the devices has access to the account. Do not allow unauthorized people to change account settings in the app (restrict access to passwords).
- Post a conspicuous notice at the event stating that charges will show in the payers’ debit/credit card accounts as “XXXX” (indicating the name that will show up on their account statements if the authorized payment system is used.)
- Employ metrics independent of the payment devices that can be used to evaluate whether the amount of payments received aligns with the activity (e.g., admission tickets sold for an event or a before-and-after inventory for concessions). Follow up on any significant variances found when performing such analyses.
- Keep an eye on things. There is no substitute for eyeball-based oversight and supervision.
In an increasingly cashless society, mobile payment devices can be an efficient way to collect funds in certain situations. Used sensibly, prudently, and only when truly necessary, they can be a great help to churches.
Adapted with permission from a feature article published by Batts Morrison Wales & Lee (BMWL). BMWL is a national CPA firm dedicated exclusively to serving and protecting nonprofit organizations through audit, tax, outsourced accounting, and strategic advisory services.