Helpful Articles

RCSC’s credit card processing experts compiled some helpful articles to provide you with pertinent information and helpful tips for accepting card payments.

Processing credit cards with phone lines is like surfing the Web using dial-up

Would you buy a new computer, connect it to the Internet via dial up and expect an enjoyable and reliable browsing experience? Modern websites are so content rich that dial up connections struggle to get the job done. Processing EMV credit cards through a phone line is a similar idea.

Analog phone lines, also known as plain old telephone systems (or POTS), are simple and use an electronic signal to transmit sounds but they are limited in the amount of data they can carry. Digital phone lines transmit more data but the signals are in binary code (i.e., zeros and ones) and the receiving device reassembles that code back to the original signal. Digital lines are great for phone calls, but not so great for transmitting credit card data. RCSC routinely receives calls from frustrated business owners who have been using the same analog or digital phone line for years and suddenly receive errors like AP dupe, no line, comm error, critical batch error and more.

Broadband has become the preferred way to transmit data while surfing the web or transmitting card data. It is often less expensive to use a broadband connection than to pay for an additional dedicated analog line. Telecommunication companies are working to bring broadband to their customers, though some rural areas only have access to analog phone lines. RCSC offers mobile readers for smart phones or tablets, and wireless terminals that run on 3G as alternatives for merchants with phone line issues who are unable to get a broadband connection.

The checkout is your customers’ final interaction with you before they leave your store. Call RCSC if you have any questions about upgrading your connection so you can ensure the final step of your customer experience runs without a hiccup. You can reach Michele, Nicholl and Carly at (800) 442-3589 or info@rcnys.com.

 

What you should know about your credit card agreement

To accept credit cards at your business, you signed a contract with a processor. That contract, often called a merchant agreement, details the practices and policies your business must abide by to continue accepting cards. Your contract with most credit card processors prohibits the following practices:

  • Minimum purchases – Merchants cannot establish policies setting a minimum or maximum purchase amount for credit card customers
  • Personal information – A business cannot require customers to give their phone numbers, addresses, driver’s license numbers or any other personal information as a condition of making a purchase with a credit card
    • You may request this information from the customer, however, he/she has the right to decline to give out personal information and cannot be refused a sale because of that refusal
  • Fees for credit card purchases – Businesses cannot charge fees to customers using credit cards
    • The credit card companies do allow businesses to offer discounts to customers paying with cash or check
  • Cash refunds – Businesses must credit returns through the credit card that was originally used to purchase the item being returned. The card associations prohibit businesses from offering cash or check refunds to credit card customers for returns.

Each processor provides a manual to new customers describing all its policies. Pick up this manual regularly for a refresher – you’ll be glad you did!

 

What cardholder data you can and cannot store


Security rules your business must follow

As a business owner you’re understandably concerned with the rising incidence of stolen cardholder account data. The thefts cause businesses and financial institutions fraud losses and unanticipated operational expenses, and inconvenience consumers significantly.

The major credit card companies (Visa, MasterCard, American Express, and Discover) have established stringent requirements for collecting and storing customers’ payment card data. These Payment Card Industry (PCI) Data Security Standard Requirements protect your business, your customers (cardholders) and the payment system’s integrity.

You may store the following cardholder data:

  • Account number
  • Cardholder name
  • Expiration date

Cardholder data you should never store:

  • Full magnetic strip information
  • The card verification codes or values (three digit code on the signature panel or code embedded within the magnetic stripe)
  • The cardholder’s PIN

You should always destroy or purge all media containing obsolete transaction data with cardholder information.

According to the PCI requirements, your business may have to comply with security audits and you may be asked for a system’s scan or self-assessment. If your business has a security breach and is found not in compliance with the payment card security rules, there are severe penalties, including barring your business from accepting payment cards.

When you follow the payment card security requirements you protect your customers’ sensitive data, and put your business at a competitive advantage with others that are not in compliance.

Contact the bank or company that manages your payment card processing for details or visit www.pcisecuritystandards.org for more details on the PCI Data Security Standards Requirements.

 

Earn cash reward for credit card pick up

Every once in a while a business owner swipes a card and an unusual message appears on their terminal screen telling them not to return the card to the customer. A reported stolen credit card or an extremely overdue payment may be the reason for this “pick up” message.

If the terminal displays a pick up card response, such as “PICUP” or “PIC UP,” or the Authorization Center tells you to take the card, follow their instructions. You may be eligible for a cash reward from your credit card processor for doing so.

To collect your reward, simply cut the card in half directly through the entire account number. Place the card in an envelope along with your name, merchant number, date of pick up, and your address and mail it to your credit card processor (check your card acceptance guide for the appropriate address).

 

What to do when you get a draft retrieval request

Occasionally, your customer’s credit card issuing institution may require a copy of a sales draft (sales receipt) for a billing question or because the cardholder does not recognize the transaction.

Your credit card processor will forward a retrieval request letter when someone requests a sales draft from your records.  The letter will ask for a copy of the receipt with the following legible information:

  • Cardholder’s account number
  • Reference number
  • Dollar amount
  • Date of the transaction

You should forward a copy of the sales draft along with the request form to the appropriate processing center (per the request letter).

It is advisable that you respond to all retrieval requests within the number of days indicated, or a chargeback may occur. You should give requests for draft copies top priority to avoid this problem.

 

Payment Card Industry Standards Info and Materials

The payment card industry (American Express, Visa, MasterCard, Discover, JCB) developed the Payment Card Industry Data Security Standards (PCI-DSS) to protect cardholder data from being stolen and used for fraudulent purchases or identity theft. You must comply with PCI-DSS if you accept credit cards at your store or business.

Visit the PCI Security Standards PCI-DSS Web page for more information and to learn what you should do to be in compliance.

  • PCI-DSS Self Assessment Questionnaires (SAQ). Find all SAQs in the Documents Library, SAQ tab of the PCI Security Standards web page.
    • SAQ A – Card-not-present (e-commerce or mail/telephone-order) merchants, all cardholder data functions outsourced. This would never apply to face-to-face merchants.
    • SAQ B – Imprint-only and stand-alone terminal merchants with no electronic cardholder data storage.
    • SAQ C – Merchants with POS systems connected to the Internet, no electronic cardholder data storage.
    • SAQ D – All other merchants (not included in Types 1-4 above) and all service providers defined by a payment brand as eligible to complete an SAQ.
  • PCI-DSS Prioritized Approach – Provides guidance that will help merchants identify how to reduce risk to card holder data as early on as possible in their compliance journey.

Source: PCI Security Standards Council website