Wait a minute, why the hell were clients sending their credit card numbers via email in the first place?!
Our tipster shares a recent email from the higher ups:
Gordy Viere, Denny Schleper, John Shutkin and Chas McElroy have made a decision that we will no longer accept credit cards as a method of payment for services. The primary reasons are the bank fees associated with the payments as well as the security risk and stringent compliance we need to adhere to by obtaining and retaining the clients credit card information.
If you have extenuating circumstances, these should be brought to the attention of your managing principal.
If you have clients that are making reoccurring payments, you will have to notify them that our method of payment is by check, bank wire or ACH. International payments are an exception, and have been approved although a bank wire for these payments would be preferred.
In CLA's defense, those bank fees will kill you. My apartment complex recently added the convenience of online rent payments (which is way easier than finding my check book and a pen, filling out a check, putting it in an envelope, and walking it downstairs to the designated rent box in our lobby) which seemed like an excellent idea until I saw a $40 processing fee to pay with my card. That's just a little over 3% of my rent, so clearly my property overlords were passing the credit card fee on to me but damn, who is dumb enough to pay that?
Anyhoo, this new policy came after a discussion about just how big these fees were for CLA. "After reviewing the credit card transactions that we process, we were all caught off guard by the volume. By accepting Visa, MasterCard and American Express we have processed over 5 million dollars Firm wide in a 6 month period," an earlier email said.
Not to mention their previous security measures regarding credit card numbers prior to this new no credit card rule were, er, a little not secure:
If a client sends their credit card information in an email, write the information down including their email address. Delete the email and email the client back letting them know you have received their credit card details and in the future please call and provide this information over the phone, not email, to ensure that the security of their credit card is protected.
Give the information over the phone to the person who process the payment then shred the credit card information once the payment is processed.
There you have it. Not very revolutionary stuff but hey, maybe now CLA will consider accepting Bitcoin. YOU NEVER KNOW.