CARD ACCEPTANCE BEST PACTICES
IN PERSON
The card must be swiped through the card processing terminal. Follow the prompts given by the terminal. Do not keep any card information after the transaction has completed.
OVER THE PHONE
The card information can be keyed into the card processing terminal. Follow the prompts given by the terminal. If any card information is written down while performing the transaction, that information must be shredded once the transaction has been completed.
VIA EMAIL
Card information must never be accepted via an email message. If a customer sends their card information via email, delete that email and send a response that card information is not accepted via email. In the response, give the customer a list of alternative methods of sending their card information (FAX, mail, phone, etc.) If you reply to the original email, make sure you remove any card information before sending the message.
VIA FAX
Most PC-based FAX software does not provide a secure repository for storing incoming FAXes, therefore the best method to accept card information is by a standalone FAX machine in a controlled location. Treat a FAX the same way as you would treat cash. The card information can be keyed into the card processing terminal. Follow the prompts given by the terminal. Once the transaction is complete, the part of the FAX containing card information must be rendered unreadable. If the entire FAX must be kept, marking out the card information with a china marker is preferable.
VIA MAIL
The card information can be keyed into the card processing terminal. Follow the prompts given by the terminal. Once the transaction is complete, the part of the mailed form containing card information must be rendered unreadable or shredded. Shredding is preferable, but marking out the card information with a china marker is acceptable.
FORM TIP
When designing a form that will have an area to enter card information, put that section at the bottom of the form. After the payment has been processed, the bottom of the form can be cut or torn and shredded. Remove the card information before scanning or imaging the form, or any other long term storage. Card information on paper being disposed of must always be shredded.
PROCESSING DELAY
It is preferable to only accept card information when it can be processed immediately. If a delay is required and card information must be stored, do not store it in electronic format and treat the paper containing card information as if it were cash.