Merchants accepting payments in a face-to-face environment typically enjoy much lower levels of fraud than their e-commerce counterparts. The reason is that it is much easier to establish the validity of the card and the identity of the cardholder when both are present during the transaction. This article will review the procedures that merchants should follow when processing card-present payments.
Whenever you accept a credit card payment, the first thing you have to do is ensure that three qualifications are met:
- The card is valid, meaning that it has not expired, it is genuine and it has not been altered.
- The customer is an authorized user of the card. Only the person whose name is on the front of the card and whose signature is on the back of it can use it.
- The issuer approves the transaction. The issuer may not approve a transaction for a variety of reasons, including insufficient account balance, the account is listed on the Warning Bulletin File, the account number is not on file, etc.
In a card-present setting, the merchant can ensure that the first two requirements are satisfied by physically examining the card and, if needed, requesting an additional form of identification. The third requirement is met through requesting a transaction authorization.
Authorization is the process through which a card issuer approves or declines a credit card transaction (see diagram above). In a card-present environment, the authorization occurs automatically when a card’s magnetic stripe is swiped through a card reader at the point of sale. The card information is then routed to the card issuer through the respective Credit Card Association’s payment network and then the card issuer’s response is routed back through the same channel.
Typically, if everything goes right, credit card transaction authorizations are processed in a matter of seconds. The card issuer may, however, request additional information if it decides that the transaction requires further scrutiny. The authorization process protects both the merchant and the issuer from fraudulent transactions and chargebacks. Merchants are required to authorize all card transactions for amounts above their floor limit. Floor limits can vary from business to business and are usually specified in the merchant processing agreement.
The possible responses you can receive from the card issuer to your transaction authorization request are listed in the table below, along with an explanation for each one of them and a suggestion on what your action should be.
|Approved||The card issuer approves the transaction. This is the most common response – about 95% of all authorization requests in a card-present environment are approved.|
|Declined or Card Not Accepted||The issuer does not approve the transaction. The transaction should not be completed. Request an alternative payment method, then return the card and instruct the cardholder to call the issuer for more information on the status of the account.|
|Call, Call Center, or Referrals||The issuer needs more information before approving the sale. Most of these transactions are approved, but you should call your voice authorization center and follow whatever instructions you are given. In most cases, the authorization center representative will ask to speak directly with the cardholder or will instruct you to check the cardholder’s identification.|
|Pick Up||The issuer wants to recover the card. Do not complete the transaction. Inform the customer that you have been instructed to keep the card, and ask for an alternative form of payment. If you feel uncomfortable or threatened, simply return the card to the cardholder.|
|No Match||The embossed account number on the front of the card does not match the account number encoded on the magnetic stripe. Swipe the card again and re-key the last four digits at the prompt. If a “No Match” response appears again, it means the card is counterfeit. If it can be done safely, keep the card in your possession, and make a Code 10 call.|
A positive authorization response indicates that there are funds available in the account and that the card has not been reported as lost or stolen. It is not a proof, however, that the card is not fraudulently used.
Image credit: OLSDallas.com.