Payment Card Processing Best Practices

 

Payment Card Processing Best Practices

University of Colorado Treasurer’s Office

 

General Requirements

 

Honor all card brands equally

    •  If you accept any cards of a particular brand you must accept all cards from that brand equally
    • You cannot establish a minimum or a maximum for card purchases
    • You cannot impose a surcharge or fee for card payments separate from cash or check but you can give a discount for paying in cash (check)
    • You cannot establish special conditions for accepting cards
    • You can impose a convenience fee for certain payment channels, but there are conditions and limitations and the fee must apply to all payments received through that channel
    • You cannot ask for personal information unless instructed by the Authorization Center (a Code 10 authorization). This includes home or business phone number or address as well as drivers license information. The exception is for Mail Order / Telephone Order (MOTO) or Internet transactions for which you can collect an address for delivery and a zip code for the Address Verification Service.

Display card program marks

    • Signage for your physical location is available through Wells Fargo for free for Visa, MasterCard, and Discover; available separately for American Express (if needed)
    • Logo files for online display are available
    • Display card marks on MOTO / printed materials

 

Secure cardholder data

    • Do not store cardholder data in spreadsheet, word processing, database, or other software
    • Create and disseminate to staff a card information security policy
    • Design forms with cardholder information / signature line in box at bottom of the form. When processing the transaction, write the last four digits of the card number and the authorization number on the upper part of the form, then separate and shred the cardholder information from the bottom of the form

 

Processing Payments

 

Correctly identify the card

    • Know the identifying characteristics of each card brand accepted: Visa, MasterCard, American Express, Discover

Confirm that the card’s effective date is valid for the day of the sale

    • Confirm that the sale date is between the [Valid From] and the [Valid To] dates on the card or is prior to the [Valid Thru] date

Confirm that the signature panel on the back of the card is signed

    •  See if the card signature "compares favorably" with the signature on the receipt

Confirm that the person using the card is the actual cardholder

    • Know the risk that you run if a student uses a parent’s or guardian’s card to make payments on their account

Process transactions correctly and accurately

    • Authorize every transaction. If the transaction is declined, ask for another card for payment or refuse to process the transaction.
    • Always swipe the card through the terminal for card-present transactions
    • Create a sales draft / receipt for each transaction and give a copy to the customer
    • Compare the card number and expiration from the front of the card to the number and expiration date showing on the swipe card terminal
    • The customer card number must be truncated (to last four digits) on both the customer and merchant copies of the receipt
    • The expiration date of the card must be masked on the customer copy of the receipt
    • Sales tax must be included in the transaction total and must be detailed on the sales receipt
    • Employees cannot process their own sales transactions
    • Do not accept cash payments for transactions included on a sales draft
    • Do not ever give cash advances on cards
    • Do not give cash over / cash back on a card sales transaction
    • Balance and "batch out" at end of day, and more often if warranted (that is, transmit all transactions in the card swipe terminal at the end of each processing day before 9 p.m.)
    • Confirm your activity in PeopleSoft daily to ensure that your funds have been properly posted into your FOPPS
    • Do not process transactions for other departments or merchants

Be alert for fraud (see Fraud Flags material)

    •  Build Fraud Flags into your processes and procedures

Chargebacks

Reduce chargeback potential on MOTO and Internet transactions

    • Obtain the card expiration date
    • Include all necessary information on receipt and charge slip
    • Utilize AVS for all transactions if possible

 

Process chargebacks timely

    • You cannot resubmit a charged-back transaction you must dispute or process the original chargeback
    • Provide documentation within the given time frame (note that this is usually calendar rather than business days)

 

 Refunds

Specify a Refund Policy

    •  If your policy is "No Refunds", this must be printed on the customer receipt
    • Your refund policy must be disclosed to your customers, via signs in your physical location if you process card-present transactions, on your web site, or in your mailing materials
    • Refunds must be processed against the original card presented for payment and for the full amount of the original purchase; they cannot be paid in cash or by check
    • Refunds should be approved by a supervisor, and this approval should somehow be documented along with the refund documentation

Tips

Limit delayed delivery or processing of transactions after the initial transaction as much as possible

    •  If a transaction or sale takes part in two portions, Visa requires each part to be separately authorized and MasterCard requires a single authorization for the total amount
    • If the delivery of a purchased item is delayed for more than 25 days after the initial sale, you must reauthorize the unprocessed portion of the payment

Know about and use MasterCard’s Quick Payment Service (QPS) / Visa’s Small Ticket programs for small card present transactions in selected industries (fast food, parking)

    • Universities are categorized as an "Emerging Industry" and so have special, lower interchange rates in effect
    • QPS and Small Ticket allow the merchant to not give a receipt for a transaction under $25 (or the program limits) unless requested
    • Always give the customer a receipt if requested

Keep Treasury apprised of staff and address changes

Resources

 

Visa’s Card Acceptance and Chargeback Management Guidelines forMerchants:

http://usa.visa.com/download/merchants/card_acceptance_guide.pdf

Visa E-Commerce Merchants’ Guide to Risk Management:

http://usa.visa.com/download/merchants/visa_risk_management_guide_ecommerce.pdf

Visa Merchant Download center:

http://usa.visa.com/merchants/merchant_resources/tips_tools_downloads.html

MasterCard Merchant Acceptance Guide:

http://www.mastercard.com/us/merchant/pdf/MerchantAcceptanceGuide_Manual.pdf

MasterCard Resources Library:

http://www.mastercard.us/merchants/resources/downloads.html

Identifying Cards:

http://www.discovernetwork.com/common/pdf/Card_ID_Features_Merchant.pdf