Best Practices for Credit Card Transaction Receipts

Best Practices for Credit Card Transaction Receipts

The card acceptance process concludes with the printing of a sales receipt, which you need to ensure that your customer signs and then you have to compare that signature with the signature on the back of the card. Depending on the card and point-of-sale (POS) terminal, the customer should be in your full view when signing the receipt or the POS terminal signature window display. If possible, you should check the two signatures for any obvious inconsistencies in spelling or handwriting.

Today I will review the requirements with which each transaction receipt should comply and the information it needs to contain. Then I will show you how you can use the receipt for transaction verification purposes, so that you can protect yourself from fraud. Finally, I will review the circumstances when a receipt is not required. Let’s get started.

Sales Receipt Content

Sales receipts are used by both customers and merchants to validate transactions in which they have participated and are used as reference points whenever a dispute needs to be resolved or a representment is requested in a case of a chargeback. Each copy of a receipt for a retail sale, credit, or cash disbursement transaction must contain the following information:

    Best Practices for Credit Card Transaction Receipts
  • In the case of retail sale and credit receipts, a space for the description of products or services that are sold by the merchant to the customer and their cost, in sufficient detail to identify the transaction.
  • Sufficient spaces for:
    • Customer’s signature.
    • Card imprint and the merchant or bank identification plate imprint.
    • Transaction date.
    • Authorization number (except on credit slips).
    • Sales representative’s initials or department number.
    • Currency conversion field.
    • Merchant’s signature on credit receipt.
    • Description of the identification document supplied by the cardholder on cash disbursements and retail sale slips for certain unique transactions.
  • A note clearly identifying the receipt as a retail sale, credit, or cash disbursement and the receiving party of each copy.
  • On the customer copy of the sales receipt, the words (in English, local language, or both): “IMPORTANT — retain this copy for your records,” or words to that effect.

The merchant can include other relevant information on the receipt, provided it is not inconsistent with these rules. It is recommended that each retail receipt identifies the organization that distributed the receipt to the merchant.

Content of Sales Receipts at the Point of Sale

Each copy of a transaction receipt produced by a physical POS terminal must be in compliance with all requirements of applicable laws and regulations. Whether a terminal or some device has been used at the point of sale, the sale receipt must not display magnetic stripe track data other than card account number, expiration date and cardholder name. The following information must be included in all sales receipts:

  • The merchant’s Doing Business As (DBA) name, city and state, country or the point of banking location.
  • Transaction date.
  • Card account number.
  • Transaction amount in the original transaction currency.
  • Sufficient space for the customer’s signature (required on the merchant copy only).
  • Authorization response code (except on credit receipts). Alternatively, the acquiring bank also may print the transaction certificate, the application cryptogram or both for EMV chip card transactions.
  • Merchant’s signature on credit receipts only.

It is also required that each sales receipt must clearly identify the transaction as a retail sale, credit or cash disbursement.

Card Account Number Truncation

The Credit Card Networks of Visa and MasterCard require that acquiring banks truncate or otherwise make indeterminable on printed sales receipts generated by automated telling machines (ATM), a minimum of four digits of the personal account number (PAN). The Networks also require PAN truncation for all receipts generated at Cardholder-Activated Terminals (CATs).

Furthermore, since 2005 it is also required that all sales receipts generated by newly installed, replaced or relocated POS terminals, whether attended or unattended, display only the last four digits of the account number. All preceding digits must be replaced with fill characters that are neither blank spaces nor numeric characters, such as “X”, “*” or “#”.

Following best practices for truncating card account numbers helps merchants fight fraud but it also promotes customer confidence in the merchant’s ability to securely handle and protect personal information. The last four digits provide the customer with enough information to identify the card that she had used in the transaction.

General Truncation Consideration

Typically, the truncation of a greater number of digits, when compared to the total number of digits in the personal account number (PAN), increases the effectiveness of the procedure. However, it can also make it more confusing and difficult for cardholders to reconcile transaction receipts to their monthly card statements. There are several considerations to take into account when developing your own procedures for truncating account numbers:

  • A truncation of the routing bank account number (BIN) alone, while helpful, may not prevent duplication of the PAN. It is possible to observe the card in use in order to obtain card issuer identification.
  • Truncating the check digit and several other digits does not improve PAN security. Without the check digit, calculation of several missing digits within the PAN, especially if the routing BIN also is truncated, is substantially more complicated and time consuming.
  • Truncating a small number of digits, when compared to the total number of digits in the PAN, makes the procedure less effectiveness. It is possible to reconstruct a few missing digits by trial and error.
  • Truncating a greater number of digits, when compared to the total number of digits in the PAN, increases the effectiveness of the procedure.

It is now generally accepted to truncate all but the last four digits of the account number.

Electronic Signatures

Acquiring banks that are using Electronic Signature Capture Technology (ESCT) must ensure the following procedures are implemented:

  • Adequate electronic data processing (EDP) controls and security measures are established, so that digitized signatures are recreated on a transaction-specific basis. Processors may recreate the signature captured for a specific transaction only in response to a retrieval request for the transaction.
  • Sufficient controls exist over employees with authorized access to digitized signatures maintained in the processor’s or merchant’s computers. Employees and agents should be allowed to access the stored, electronically captured signatures only on a “need to know” basis.
  • Digitized signatures are accessed and used in compliance with applicable industry regulations.

Now let’s take a look at how you should use the newly-printed sales receipt for fraud prevention purposes.

Matching Customer Signatures

Once the customer has signed the sales receipt, ideally in your full view, you should closely check that signature to the one on the back of the card, looking for any obvious inconsistencies in the spelling or handwriting. While matching the two signatures, you should also compare the name and account number, as they appear on the card, to those on the transaction receipt.

For magnetic-stripe card transactions, compare both the name and the last four digits of the account number on the card to those printed on the sales receipt, as shown below.

Matching Customer Signatures

Then match the signature on the back of the card to the one on the receipt itself. The first initial and the spelling of the surname must match. However, embossed name and signature do not need to be the same.

Matching Customer Signatures

If the names, last four digits or the signatures do not match, make a Code 10 call and ask for further instructions on how to proceed with the transaction.

Additionally, when a magnetic stripe or chip-based transaction is PIN-based and you do have an active PIN pad, best practices dictate not to print a signature line on the receipt. In such cases, you should not request a signature from your customer.

When Is a Sales Receipt not Required?

Each one of the major U.S. payment brands maintains a program, which allows certain types of merchants to complete transactions below a specified amount, without the need to print sales receipts, unless explicitly requested by their customers. For example, Visa’s program is called Easy Payment Service (EPS) and MasterCard’s is named Quick Payment Service (QPS). Each of these programs is slightly different from the others, yet they are also similar enough to allow me to give you a general overview using the biggest one of them — Visa’s EPS.

Under the current Visa EPS rules, there’s no signature needed on just about all electronically-read (as opposed to key-entered) card-present Visa transactions of $25 or less. Furthermore, signatures are not required on transactions of $50 or less for U.S. merchants in two major category codes: Supermarkets (5411) and Discount Stores (5310). That allows businesses in more than 98 percent of Merchant Category Codes (MCC) to accept Visa without the need for customers to sign their name. Moreover, a receipt is generated only at the customer’s request.

To qualify, transactions need to comply with the following requirements:

  • Be authorized.
  • Include all MCCs for $25 or less.
  • Include sales for up to $50 for Supermarket (MCC 5411) and Discount Stores (MCC 5310).
  • Include unattended terminals, excluding automated fuel dispensers (AFDs), for transactions of $15 or less.
  • Include all card types — magnetic-stripe, EMV chip and proximity (wireless) payments.
  • Terminals must read and transmit unaltered magnetic-stripe, chip or contactless payment data.

Some transactions, however, are excluded from this program. Visa’s EPS, for example, excludes the following MCCs (the list is current at the time of writing):

MCCs Excluded from Visa’s Easy Payment Service


Wire Transfer Money Orders


Automated Fuel Dispensers


Direct Marketing — Insurance Services


Direct Marketing — Travel Related Arrangement Services


Direct Marketing — Catalog Merchants


Direct Marketing — Combination Catalog and Retail Merchants


Direct Marketing — Outbound Telemarketing Merchants


Direct Marketing — Inbound Telemarketing Merchants


Direct Marketing — Continuity / Subscription Merchants


Direct Marketing / Direct Marketers (Not elsewhere classified)


Financial Institutions — Manual Cash Disbursements


Financial Institutions — Automated Cash Disbursements


Financial Institutions — Merchandise and Services


Betting, including Lottery Tickets, Casino Gaming Chips, Off-Track Betting and Wagers at Race Tracks


Intra-Government Purchases (Government only)


International Automated Referral Service (Visa use only)


Visa Credential Server (Visa use only)


GCAS Emergency Services (Visa use only)


UK Supermarkets — Electronic Hot File (Region use only)


UK Petrol Stations — Electronic Hot File (Region use only)


Intra-Company Purchases

Additionally, the following transactions do not qualify for Visa’s EPS program:

  • Fallback transactions — these occur when an EMV-enabled POS terminal cannot process a chip-card transaction using the chip, but reads the card’s magnetic stripe instead.
  • Account funding transactions.
  • Cash-back transactions.
  • Manual cash disbursement transactions.
  • Quasi-cash transactions — these are sales of items that are directly convertible to cash, such as casino gaming chips, money orders, deposits, wire transfers, traveler cheques, travel money cards, foreign currency, etc.
  • Prepaid load transactions.
  • Transactions where Dynamic Currency Conversion is performed.

There is no registration requirement for the signature-less programs. If eligible, you simply run the transaction as you normally would, but eliminate the steps of PIN entry or checking and collecting the cardholder’s signature described above. Additionally, you only need to provide a transaction receipt if the cardholder requests one. That’s it.

Image credit:

Add Comment

Read more:
What Do We Say about Mobile Payments?
What Do We Say about Mobile Payments?