Credit Card Processing Best Practices
We are a merchant service provider dedicated to facilitating the passage of your sales tickets back to the thousands of institutions that issue the MasterCard® (including Diners Club®) and Visa® cards carried by your customers, as well as to the independent card issuers of American Express®, Discover® and JCB®.
Here we have summarized a few of the basics to get you started and help you with a few best practices and tips on how to make the most out of your relationship with Paya and protect yourself against chargebacks and fraud.
The following rules are requirements strictly enforced by Visa and MasterCard:
- Merchants can choose the category of MasterCard or Visa cards they will accept:
- Accept all MasterCard and Visa cards, including consumer credit and debit, and commercial cards
- Accept MasterCard and Visa consumer credit and commercial cards only (those merchants choosing this option must accept all MasterCard and Visa credit and commercial products including Visa business check cards)
- Accept MasterCard and Visa consumer debit only (those merchants choosing this option must accept all Visa consumer
- debit card products)
- You cannot establish any special conditions for accepting a card.
- You cannot establish procedures that discourage, favor or discriminate against the use of any particular card.
- You cannot require the cardholder to supply any personal information (for example, home or business phone number; home or business address; or driver's license number) unless instructed by the authorization center. The exception to this is for a mail/telephone order or delivery-required transaction, and ZlP code for a card-present key-entered transaction in order to obtain an Address Verification (AVS).
- Any tax required to be collected must be included in the total transaction amount and not collected in cash.
- You cannot submit a transaction or sale that has been previously charged back.
- You must deliver at least one (1) copy of the sales slip or credit slip to the cardholder.
Effective Expiration Dates
At the point of sale, the card should be carefully examined for the effective (valid from) (if present) and expiration (valid to) dates which are located on the face of the card. The sale date must fall on or between these dates.
Check the back of the card. Make sure that the signature panel has not been disfigured or tampered with in any fashion (an altered signature panel may appear discolored, glued, or painted, or show erasure marks on the surface). The signature on the back of the card must be signed in the same format as the signature panel on the card; for example, Harry E. Jones should not be signed H.E. Jones. Any card having two signatures on the back panel is invalid.
Visa: If the signature panel on the card is blank, in addition to requesting an authorization, a merchant must do the following:
Review positive identification bearing the cardholder's signature (such as an unexpired passport or driver's license) to validate the cardholder's identity.
Indicate the positive identification, including any serial number and expiration date, on the transaction receipt.
Require the cardholder to sign the signature panel of the card prior to completing the transaction.
MasterCard: If the card is not signed and the cardholder refuses to sign the card, do not accept it for a transaction. If the cardholder is willing to sign the card in your presence, request two pieces of valid and current identification (for example, driver's license, another bankcard, etc.).
Deposits of Principals
Owners, partners, or officers of your business establishment are prohibited from depositing sales transacted on their own personal bankcards, other than transactions for valid purchases of goods or services (for example: cash advances are prohibited).
Prepare one sales receipt per transaction using the full transaction amount. Merchants may not split the cost of a single transaction between two or more sales receipts, using a single cardholder account, in order to avoid authorization limits.
Deposit transactions only for your own business. Depositing transactions for a business that does not have a valid merchant agreement is called laundering or factoring. Laundering is a form of fraud associated with high chargeback rates and the potential for forcing merchants out of business.
Authorize only for the known amount, not the transaction plus an estimated tip. An authorization that includes an estimated tip can reduce a cardholder's available funds or credit by an unrecognizable or unexpected amount.
Completion of Sales/Imprint Slips
The following information must be contained on the sales slip:
- Clear imprint of the card* including the cardholder's account number and expiration date.
- Cardholder's signature
- Date of the transaction
- Amount of the transaction
- Description of the goods and/or services involved in the transaction (if there are too many items, combine them into one description; for example, "clothing" instead of "one pair of pants, one shirt"). Do not carry information onto a second sales slip.
- A valid authorization code
- Merchant's DBA (Doing Business As) name and location (city and state required)
Note: Whenever the term "imprint" is used, it refers to the process of using a manual imprinting machine to make an impression of the card on a sales slip; it does not include the printout from a roll printer attached to an electronic device. If you use an electronic device (for example, authorization/draft capture terminal, cash register, and so on) and swipe the card to read and capture the card information through the magnetic stripe, you do not have to imprint the card. However, if you are unable to swipe the card (for example, due to a defective magnetic stripe or your terminal is down), you must imprint the card to prove that the card was present at the time of the transaction. In addition, the sales slip must have the cardholder's signature. Failure to follow these procedures may result in a chargeback. Entering information into a terminal manually will not prevent this type of chargeback.
A copy of the completed sales slip must be given to the cardholder at the time of the transaction.
Mail, Phone & Internet Orders
You may only engage in mail/telephone/internet orders provided they do not exceed the percentage of your total bankcard volume you indicate on your application. Failure to adhere to this requirement may result in cancellation of your agreement.
Since you will not have an imprinted or magnetically swiped transaction and you will not have the cardholder's signature on the sales slip as you would in a face-to-face transaction, you will assume all risk associated with accepting a mail/telephone/Internet order transaction. It is with this in mind that we recommend the following:
- On the sales slip, clearly print the cardholder's account number, effective and expiration dates, date of transaction, description of the goods and services, amount of the transaction (including shipping, handling, insurance, and so on), cardholder's name, billing address, and shipping address, authorization code, and merchant's name and address (city and state required).
- For mail orders, write "MO"; for telephone orders, write "TO" on the cardholder's signature line.
- For your protection, it is best to have the cardholder's signature on file or to utilize address verification* (see following) to provide an indication as to whether the purchaser is indeed the cardholder, as you are responsible for identification of the cardholder and the validity of the card user.
- For telephone orders, it is recommended that written verification of the sale be requested from the cardholder (sent by mail or fax).
- You may not submit a transaction for processing until after the merchandise has been shipped or the service has been provided to the customer. [Visa will permit the immediate billing of merchandise manufactured to the customer's specifications (that is, special/custom orders) provided the cardholder has been advised of the billing details.]
- Notify the cardholder of delivery time frames, special handling, or a cancellation policy. Merchandise shipping dates must be
- within seven (7) days of the date authorization was obtained. If, after the order has been taken, additional delays will be incurred (for example, out of stock), notify the cardholder and reauthorize the transaction.
- You may not require a cardholder to complete a postcard or other document that displays the cardholder's account number in
- clear view when mailed.
- If you accept orders via the Internet, your website must include all the following information in a prominent manner:
- Complete description of the goods or services offered
- Returned merchandise and refund policy
- Customer service contact, including email address and/or telephone number
- Transaction currency (U.S. dollars, unless permission is otherwise received from services)
- Any applicable export or legal restrictions
- Delivery policy
- Cardholder information must be secured using SSL
*Address Verification is not a guarantee against chargebacks; it is designed to assist you in reducing the risk of fraud and may help you avoid incurring additional interchange expenses.
Authorization & Capture
All transactions must be authorized in one format or another (for example, by terminal, VRU, or voice). Failure to authorize a sales transaction may result in a chargeback and/or the termination of your agreement.
An authorization only indicates the availability of the cardholder's credit at the time the authorization is requested. It does not warrant that the person presenting the card is the rightful cardholder, nor is it an unconditional promise or guarantee that you will not be subject to a chargeback or debit.
For cards other than MasterCard and Visa (AMEX, Discover, JCB, etc) or for check acceptance, you must follow the procedures for authorization and acceptance for each.
You may not attempt to obtain multiple authorizations for a single transaction. If a sale is declined, do not take alternative measures with the same card to obtain an approval of sale from other authorization sources. Instead, request another form of payment. If you accept and process a transaction that was declined, or attempt multiple transactions and/or multiple authorizations, you are subject to a chargeback and cancellation of your agreement.
Inoperable electronic authorization: Should your electronic means of authorization become inoperable, call of appropriate voice authorization "800" number and follow the instructions.
"Call" or "Hold, Call" response: Should you receive one of these responses, you may call the appropriate voice authorization "800" number or ask for another form of payment. A "Hold, Call" requires that you should physically hold the card and call voice authorization and await its instructions.
On occasion, the authorization center will ask you to obtain identification from the cardholder before issuing an approval code. If you are instructed to do so, clearly write the appropriate identification source and number in the space provided on the sales slip unless otherwise prohibited by law.
If the appearance of the card being presented or the behavior of the person presenting the card is suspicious in nature, you must immediately call the voice authorization center (see p.1 for contact information). Enter your Merchant ID (MID), Zip code, press the # for more options, then enter option 8 for suspicious card and follow the automated prompts. Answer any questions and follow given instructions.
Chargebacks and Retrievals
Chargeback process/dispute: A cardholder, or the card issuing bank, has the right to question/dispute a transaction. In many cases, before a chargeback is initiated, the card issuing bank requests a copy of the sales, slip, through a "media request" or "retrieval." Once a media request or retrieval is received from the card issuer, we will respond by sending a copy of the transaction, if available.
Chargebacks reversals/collections: If your documentation supports a reversal of the chargeback to the card issuer, and is received within the MasterCard and Visa reversal time frames, we will reverse the item back to the card issuer and your account will be credited. It is important to note that the reversal is contingent upon the acceptance by the card issuer and/or the cardholder. The item may be presented a second time and your account will be debited accordingly. A reversal is not a guarantee that the chargeback has been resolved in your favor.
If the chargeback is presented by the card issuer a second time, it may not be reversible and you may be debited. If you feel strongly that it is an invalid chargeback, you may request to have MasterCard or Visa review and arbitrate the item to determine the validity. Both MasterCard and Visa have a $250 filing fee and a $250 review fee; both fees may be nonrefundable and may be debited to your account. In addition, if the decision is ruled in favor of the cardholder and/or card issuing bank, an additional penalty may be assessed and debited to your account.
If your dispute and documentation supports your case, but is received after the MasterCard and Visa time frames, our only alternative is to attempt a "good faith" collection with the card issuing bank. This process can take from 30 to 180 days, and the transactions must meet the card issuer's collection criteria (for example, above a set dollar amount, usually $50; within a specified time limit; and so on) and the card issuer may assess a collection fee (for example, $25 to $100). A "good faith" collection is not a guarantee that any funds will be collected on your behalf. You will be credited when and if the card issuer accepts the collection and makes payment (less any fees charged by the card issuer).
Due to the short time frames and the supporting documentation necessary to successfully (and permanently) reverse a chargeback in your favor, we strongly recommend the following:
- Avoid chargebacks by adhering to the guidelines and procedures outlined in this section.
- If you do receive a chargeback, investigate, and if you dispute the chargeback, send in the appropriate documentation within the required time frame.
- Whenever possible, contact the cardholder directly to resolve the inquiry/dispute.
Payment Card Industry (PCI) Compliance
The Payment Card Industry Data Security Standard (PCI DSS) is a mandatory global standard established by the major card associations to ensure the protection of cardholder data. Based on twelve guidelines, the PCI DSS requires merchants to make their physical and virtual environments secure to ensure protection of cardholder data. As a merchant accepting credit cards as a form of payment, you are required by the card associations to adhere to the PCI DSS. The PCI DSS encompasses the security
programs from Visa and MasterCard, Cardholder Information Security Program (CISP) and Site Data Protection (SOP), respectively.
The PCI DSS sets technology requirements such as the use of data encryption, end-user access control, and activity monitoring and logging. It also includes procedural mandates, such as the need to implement formal and documented security policies and vulnerability-management programs. They were developed to ensure that cardholder data is protected throughout the transaction process. Compliance with the standard applies to all types of merchants, retail, MO/TO, and Internet. All merchants need to follow best practices for storage and destruction of all paper or electronic records containing account numbers or cardholder data.
Online Reporting Business Management Tool
What is My Virtual Reports?
Virtual Reports is a secure, web-hosted online reporting system that lets you take control of your transaction reporting. Merchants can access their account information 24 hours a day, seven days a week. It's very easy to use, and best of all it's free! Take advantage of this service today. To view the demo, go to: www.SagePayments.com/Demo
What information is available in My Virtual Reports?
Virtual Reports is a great tool for viewing your deposits, transactional data, batch details, monthly statements, chargebacks, and more. There is a variety of reporting options that allow you to drill down for further detail with a click on the magnifying glass. Reports may be emailed or exported to Excel, Word, HTML, or XML and additionally customized to meet your needs. Some of the most popular reports include:
• Daily Batch Summary-review the transactions in a particular batch.
• Monthly Statements-review current and past monthly statements.
• Transaction Search-search for specific transactions by date, card #, authorization #, or amount.
• Returns and Credits Search-review returns and credits.
• 12-Month Chargeback History-review chargebacks to your account.
How can I access Virtual Reports?
Follow the steps below to access our online reporting system.
1. Go to: www.myvirtualreports.com
2. Click the Merchant icon.
3. Enter your 16-digit merchant ID (MID) number in the merchant field.
4. Enter your username and password in the appropriate fields.
5. Enter the security code at the bottom of the screen.
6. Click the Enter Virtual Reports icon.
7. Click the menu bar to make a selection.
First-time users need to register by clicking the merchant logon screen and entering their merchant ID number and bank account number. Follow the steps above to log on.