Skip To Main Content
Young business man using credit card

Best Practices for Managing Credit Card Acceptance

When you accept a credit card payment, you and your customer enter into an implicit agreement. You provide goods and services; your customer provides payment for them.

Sometimes those agreements, or transactions, unfortunately go awry. By following some simple practices, you can reduce the likelihood of payment disputes, fraudulent charges and chargebacks — or at least be more prepared to handle them should they occur.

We’ll divide up the best practices between card-present and card-not-present transactions since they have several distinctions.

Card-present transactions:

  • Confirm your customer’s identification. If the situation allows, ask to see a government-issued ID before completing a transaction and compare the name on the ID with the name on the card to ensure they match.

  • Use up-to-date equipment or point-of-sale software. Since the introduction of chip (EMV) cards, you – the seller – are liable for fraudulent transactions if a chip card is swiped, rather than inserted or tapped on a chip card reader. In other words, it pays to stay current with your card terminal. Take the Clover point-of-sale system for example – it uses point-to-point encryption on every transaction which increases payment security from beginning to end. Because your customer’s information is automatically captured in this process, you avoid manual key entry whenever possible.

  • Seek authorization. Do not complete a transaction if the authorization request is declined. This seems like a simple tip but you’d be surprised how many merchants might be quick to blame an equipment malfunction on a decline and override the system to complete the sale.

  • Provide a receipt. A receipt offers value to both you and your customers. It helps customers remember charges when they appear on a card statement. Likewise, it provides you backup support in the event of a customer dispute. Fortunately, most modern point-of-sale systems will keep a log of digital transactions too.

  • Don’t fear contactless payments. Each card has a unique “key” that uses encryption to generate a unique card verification value, cryptogam or authentication code. With each transaction, this data changes so any data stolen would only be useful for that transaction alone. The world is trending in this direction and it’s time to embrace this technology.

Card-not-present transactions:

In addition to obtaining the cardholder name, card number, expiration data and CVV code from the card, merchants accepting online or phone card payments should also:

  • Get to know your customers. Before completing large or high-value orders, verify your customer’s billing and, if applicable, business addresses. For first-time customers, consider conducting an online identity search or ask for an image of their photo ID, making sure it matches the name on the payment card.

  • Confirm billing and shipping addresses and ZIP codes. If a customer’s billing and shipping addresses don’t match, particularly on large orders, find out why. If the answer doesn’t make sense, deny payment for the time being and investigate further. You don’t want to leave your well-intentioned customers in the dark, however you also don’t want to assist in the fraud of a few bad actors. In the meantime, you can call or send an email to your customer to let them know the status. A legitimate buyer should appreciate the extra effort.

  • Obtain delivery confirmation and/or proof of service. If you are shipping a product, keep the tracking information and delivery receipt. For large orders, a signed confirmation of delivery should be required. Once payment is made for a service, ask your customer to review and sign a work order, and keep a copy for your records should anything go awry.

  • Obtain approvals on recurring payments. It’s smart to require customer sign-off on any issue that could be later disputed. If a customer has a recurring charge, for example, either obtain a signature (or e-signature) for each payment to protect against possible claims of unauthorized transactions or get written permission from the cardholder for recurring charges. Written agreements should include transaction amounts, frequency of payment and duration of the agreement, as well as the cardholder’s signature. This will ensure that the correct person is making the transaction and providing authorization for the duration of the agreement.

A few other best practices that apply to all card transactions:

  • State your refund policy. If you don’t allow refunds, you should say so in writing on the customer’s receipt. Refund policies should also be posted on your website and in retail locations. If refunds are allowed, always issue them directly back to the original payment card and for the full amount of the original purchase. If it’s a face-to-face transaction, obtain a signed agreement from the customer acknowledging the refund. This will ensure that all funds are going back to the individual who made the purchase rather than a potential fraudster.

  • Provide contact information on receipts – Include your phone number, mailing and email addresses and other relevant contact information on your receipts. This will help customers reach out to you directly if they have a question about a sale, rather than immediately filing a dispute.

  • Never allow employees to process their own card transactions. This is a basic separation of duties practice which will help decrease the likelihood of internal fraud.

  • Make sure the business name on your receipt matches what appears on a customer’s card statement. If a customer sees an unfamiliar business name on their statement, they may be more inclined to file a dispute. If that isn’t possible, advise customers what name to expect on their statements.

  • Settle all transactions daily. Transmit all transactions at the end of each processing day – or more frequently, if needed, to remain aware of any potential issues more quickly. Limit delays in the delivery or processing transactions as much as possible.

  • Always maintain your PCI compliance. As data breaches increase each year, it is imperative that you perform due diligence to ensure you are not enabling cybercriminal activity. A data breach can mean the loss of revenue, brand reputation and in many cases, the loss of the business altogether due to all associated costs. Protect yourself as well as your customers.

    As the usage of cash fades away, card use will continue to grow, and it’s good for business to make it easy for customers to use them. It’s also good for business to use practices that help protect against disputes and fraud.



Also See: