Merchants need to verify the validity of both the card and its cardholder for each payment. Industry rules require it to ensure protection for cardholders and issuers against fraud and merchants need to do anyway it to protect themselves.
Card validation is much more easily done in a face-to-face setting than it is in virtual transactions. If you incorporate the following best practices into your payment acceptance process, you will be able to verify the legitimacy of both the card and your customer in each transaction:
- Swipe the card. Avoid key-entered transactions as much as you can. They limit your ability to verify payment information, are much more prone to processing errors and get higher interchange rates.
- Obtain transaction authorization approval. Do not complete the payment unless your authorization request is approved. Skip this procedure if the transaction amount is below your floor limit.
- Compare the account numbers. Your point-of-sale (POS) machine should allow you to verify whether the account number embossed on the face of the card matches the one encoded in the magnetic stripe. Check the owner’s manual or call the manufacturer for the exact procedure. Some terminals will display the number encoded in the magnetic stripe while others will print it out on the transaction receipt, in which case you will only see the last four digits. Some terminals will enable you to check the numbers electronically, in which case you will be prompted to key-enter the last four digits of the embossed account number. Whatever the exact procedure, if you receive a “No Match” response, you should make a Code 10 call.
- Check the card’s expiration date. You should not be accepting expired cards.
- Check the Electronic Warning Bulletin or International Warning Notices. If you get a positive response, you should not complete the transaction, unless it is authorized by the issuer.
- Check the four-digit number in the signature panel of the card. It should be an exact match of the last four digits of the account number on the front of the card.
- Check the photograph on the card. If the card features a photo of its owner, there is no reason not to take advantage of it.
- Check the signature. The card must be signed to be valid. Some consumers have been led to believe that writing “Ask for ID” instead of signing their card is a form of fraud protection, however according to industry rules such cards are just as invalid as unsigned cards. In either of these cases you will need to follow these procedures:
- Obtain an authorization approval for the transaction.
- Request a photo ID (e.g. driver’s license) from the customer.
- Ask your customer to sign the card.
If your customer refuses to sign the card, do not complete the transaction and ask for another form of payment.
If during the validation process you discover that the card has been altered in some way or suspect that your customer may not be the legitimate cardholder, make a Code 10 call to your processor’s voice authorization center. You will be connected with the card issuer who will instruct you on how to proceed with the transaction.
Image credit: Fnbsf.com.