Washington State University

Best Practices

  • Share
  • Print

CARD ACCEPTANCE BEST PACTICES

 

IN PERSON

The card must be swiped through the card processing terminal. Follow the prompts given by the terminal. Do not keep any card information after the transaction has completed.
 

OVER THE PHONE

The card information can be keyed into the card processing terminal. Follow the prompts given by the terminal. If any card information is written down while performing the transaction, that information must be shredded once the transaction has been completed.

VIA EMAIL

Card information must never be accepted via an email message. If a customer sends their card information via email, delete that email and send a response that card information is not accepted via email. In the response, give the customer a list of alternative methods of sending their card information (FAX, mail, phone, etc.) If you reply to the original email, make sure you remove any card information before sending the message.


VIA FAX

Most PC-based FAX software does not provide a secure repository for storing incoming FAXes, therefore the best method to accept card information is by a standalone FAX machine in a controlled location. Treat a FAX the same way as you would treat cash.  The card information can be keyed into the card processing terminal. Follow the prompts given by the terminal. Once the transaction is complete, the part of the FAX containing card information must be rendered unreadable. If the entire FAX must be kept, marking out the card information with a china marker is preferable.
 

VIA MAIL

The card information can be keyed into the card processing terminal. Follow the prompts given by the terminal. Once the transaction is complete, the part of the mailed form containing card information must be rendered unreadable or shredded. Shredding is preferable, but marking out the card information with a china marker is acceptable.
 
 

FORM TIP

When designing a form that will have an area to enter card information, put that section at the bottom of the form. After the payment has been processed, the bottom of the form can be cut or torn and shredded. Remove the card information before scanning or imaging the form, or any other long term storage. Card information on paper being disposed of must always be shredded.
 

PROCESSING DELAY

It is preferable to only accept card information when it can be processed immediately. If a delay is required and card information must be stored, do not store it in electronic format and treat the paper containing card information as if it were cash.

 

E-Commerce, PO Box 641025, Pullman, WA 99164-1025, Contact Us