There are numbers of guidelines issued for accepting card payments, and merchants are expected to understand them all. To avoid issues down the road know a few basic rules in order to keep your business going without being penalized.
There’s a lot of ways to process a credit card: In-store, online, and by phone. There’s also different ways to pay and different brands of cards.
In-store and Card-not-present policies.
In-Store Policies:
- Always verify that the person presenting the card is the cardholder
- Ask for a 2nd ID for comparison
- Cards are non-transferable, cardholder MUST be present for purchase
- Compare the signature on the back of the card with that of the person who presents the card
- Inspect the card to confirm that it’s not visibly altered or mutilated
- Validate the card’s expiration date
Online/Phone Payment Policies: Card-not-present transactions
- Card account number
- Card billing address
- CID (3 digits on back of card OR 4 on the front)
- Card expiration date
- Card member’s home or billing telephone number
- Card member name (as it appears on the Card)
Rules for Visa, MasterCard and Amex that merchants need to know:
- Never store cardholder data on any systems to help minimize the risk of fraud and protect your business from potential chargebacks.
Complying with Federal Laws, State Laws and PCI
- A merchant should be familiar with and abide by Federal Laws regarding accepting credit cards. The Fair Credit Reporting Act is the federal law that establishes the foundation of consumer credit rights. This law regulates the collection and use of consumer credit information by merchants.
- Check state laws on the use of consumer credit information and accepting credit cards. Not all states have additional laws that regulate credit card practices, but some (such as California) prohibit merchants from requesting/requiring a customer to provide any personal information (like their address or telephone number) on any form involved with their credit card transaction. So, it is advised that merchants inquire about further information in their particular state.
- The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that all companies processing, storing, or transmitting credit card information uphold a secure environment. These rules essentially apply to any merchant that has a Merchant ID (MID). If you are a merchant that accepts credit card payments, you are required to comply with the PCI Data Security Standard, large or small businesses.
EMV Liability Shift Set By Visa and MasterCard as of October 1st
U.S. banks and credit card companies are now using the EMV (Europay, MasterCard, and Visa) technology. The EMV liability shift for fraud carried out in physical stores with counterfeit cards belongs to the merchant if it has not yet upgraded its POS system to accept EMV-enabled chip cards. While issuers absorb losses under card-network rules, that burden will shift to acquirers in cases where the fraud occurs at merchants unprepared for EMV.
It’s good to know every aspect of your business. The above guidelines are part of a business that every merchants should be familiar with. The main reason for these rules is to protect your business and keep your customer’s payment card data safe and secure.
To start accepting more credit cards give us a call now at 888-996-2273. We have the latest terminals that’s EMV/NFC capable.