How to Authenticate Cardholders in 4 Quick Steps
Once you or your customer has swiped her card through your point-of-sale (POS) terminal, industry rules require you to ensure that she is an authorized user of the account. It is also of course in your own best interest to do so, as any unauthorized transaction will almost certainly end up being charged back to you.
The first step in the verification process is requesting an authorization approval from the card issuer, without which you should not complete the transaction. Obtaining one, however, does not guarantee that the transaction is legitimate. An authorization approval merely confirms that there are sufficient funds available and that the card has not been reported as lost or stolen. At this point you need to confirm that your customer is authorized to use the card. Here is how to do that.
4 Steps to Authenticating Cardholders
Once you’ve obtained an authorization approval, you need to ensure that:
- The card is genuine and it has not been tampered with. Inspect the card’s security features for any signs that they may have been altered. Make sure that the account number is clear and all digits are uniform in size and spacing and appear on one line. We’ve written detailed, step-by-step articles on validating the cards of each major brand and you can read, for example, the one for MasterCard for guidance.
- Match the account number on the card to the one on the receipt. Your POS terminal should automatically print out a sales receipt, which will display only the last four digits of the account number. Make sure that they match the last four digits of the number on the card itself.
- Match the signature on the back of the card to the one on the receipt. Unless the transaction is PIN-based, the sales receipt will feature a signature line that your customer must sign (alternatively, the signature may be made on the terminal’s display). The first initial and spelling of the last name must match, but the name on the card and the signature do not need to be identical. Take a look at our detailed guide on verifying signatures for more information.
- Do not accept unsigned cards. Unsigned cards are considered invalid and should not be accepted. If your customer presents an unsigned card, the following procedures should be followed:
- Request an ID. Ask your customer for some form of government-issued identification, e.g. a driver’s license or passport.
- Obtain a signature. Ask your customer to sign the card and if she refuses, do not proceed with the transaction, but ask for another form of payment.
- Compare the signature on the card to the one on the ID. Needless to say, they need to match. If they do not, or you have other reasons to believe that your customer is not the authorized user of the card, make a Code 10 call.
Some cardholders have been led to believe that writing “See ID,” “Ask for ID” or something to that effect in the signature panel of their cards, rather than actually signing them, protects them against fraud. The reasoning behind it is that, having not seen the signature, the criminal would not be able to forge it. In reality, criminals rarely practice signatures, but count on the merchant not to look at the back of the card. In any case, such cards are considered invalid, and the above procedures for unsigned cards need to be followed.
The Takeaway
If you go through these verification steps every time you accept a card for payment, you will all but eliminate the possibility of processing unauthorized transactions. There is no excuse for not doing it. It takes seconds to go through the authentication process and you will get faster as you gain experience. The alternative is equivalent to accommodating fraud. And you will be paying for it.
Image credit: Thecitywire.com.
“The reasoning behind it is that, having not seen the signature, the criminal would not be able to forge it.”
Incorrect. The reasoning is that any responsible merchant will see the notice and request ID, exactly as you said in step #4. Who cares whether or not a criminal can forge your signature? The point is to make the criminal present ID, which is a much bigger hurdle.