Best Practices for Merchants Accepting Credit Cards
July 9, 2016
Card Present (Chip Cards)-
In most POS situations, the cardholder, not the business owner, inserts the card into the terminal. Use the following best practices when accepting a chip card.
Ask your customer to insert their card into a chip ready device and leave it in the device during the entire transaction.
The chip card and terminal will determine if a PIN or signature is required for verification.
If a PIN is required, the device prompts the customer to enter it. (When a PIN-based transaction is approved, the customer retrieves the chip card from the terminal. There is no opportunity for the business owner to examine the card.)
If the transaction is PIN-verified, there is no need for a signature.
If the customer does not know their PIN, ask for another form of payment.
Print a copy of the transaction receipt for the customer.
If the transaction is not PIN-based, the receipt will have a signature line for the customer to sign.
Ask the customer for their card to compare signatures from the receipt and the back of the chip card. Do not accept an unsigned card.
If the POS terminal (or credit card terminal) cannot read the chip on the card, follow “fallback” acceptance procedures and swipe the card’s magnetic stripe or key enter the data.
Warning: swiping or key-entering a transaction increases the risk of accepting a counterfeit card because the chip information is not available. And, with the October 1, 2015 liability shift, liability for chip card-present fraud shifts to whoever is not using chip technology.
Card Present (Magnetic Stripe Cards)-
Check the card security features to make sure that the card has not been altered.
Swipe the stripe through the terminal in one direction only.
Check the authorization response and take appropriate action.
Get the cardholder’s signature on the transaction receipt.
Compare the name, account number, and signature on the card to those on the transaction receipt. They should match.
Call or email the customer back verifying the order
Include your phone number in the customer service field
If a card cannot be swiped, card account data must be entered into a POS terminal.
Warning: key-entering a transaction increases the risk of accepting a counterfeit card because the magnetic stripe information is not available.
Card Not Present-
Use the following steps when key-entering a transaction:
Check the POS terminal to ensure it is operating properly. If the terminal is OK and the problem appears to be with the card’s magnetic stripe, continue to step 2.
Match the account number. Verify the embossed account number on the front of the cards matches the number indent-printed on the back.
Check the expiration date. Look at the “good thru” or “valid thru” date to be sure the card hasn’t expired. If the card has a “valid from” date, be sure the card isn’t being used before it is valid.
Follow any prompts, including requests for entering the CVV. If the card does not have a legible CVV, consider asking for another method of payment.
Check the signature on the card to ensure it matches the signature on the sales draft. Do not accept an unsigned card.
Get an authorization.
Ask for the card expiration date and include it in your authorization request. An invalid or missing expiration date can indicate the person on the other end does not have the actual card in hand.
Use fraud detection tools like Address Verification Service (AVS) and Card Verification Value (CVV) as part of your authorization process.
Be on the lookout for questionable transaction data or other signs indicating an “out of pattern” order.
If you receive an authorization but still suspect fraud:
Ask for additional information (e.g., request the financial institution name on the card).
Contact the cardholder with any questions.
Confirm the order separately by sending a note via the customer’s billing address rather than the ship-to address.
Remember, an authorization is not a guarantee of payment. An authorization means funds are available and the card has not yet been reported as lost or stolen.