Card Verification Procedures
When a card is used for payment for products and services in transactions conducted in a face-to-face environment, the card must be presented to the merchant. The merchant must complete the following steps to determine whether each card presented for payment is a valid payment card:
- Check the valid date and the expiration date on the face of the card. If the card is expired or not yet valid, the merchant should not accept it and request an alternative payment method from the customer.
- Check the Electronic Warning Bulletin or international Warning Notice(s). If the account number is listed, the merchant should not complete the transaction without obtaining an authorization from the issuer.
- For Visa, MasterCard and Discover cards compare the four-digit truncated account number imprinted in the signature panel with the last four digits of the embossed account number on the face of the card. American Express cards have the full account numbers imprinted in the signature panel. These numbers should match. A non-match is a strong indicator of fraud and the card should not be accepted.
- Compare the embossed account number on the face of the card with the number displayed or printed from the point-of-sale terminal. If the numbers do not match, the merchant should not accept the card.
- If a photograph of the cardholder is present on the card, compare the photograph on the card with the person presenting the card.
- Check that the card is signed. See below for procedures regarding unsigned cards.
- For unique transactions processed in a face-to-face environment, merchants should request personal identification of the cardholder in the form of an unexpired, official government document. Compare the signature on the personal identification with the signature on the card. If the signatures do not match, you should make a Code 10 call.
Code 10 is the call to the payment processing provider’s authorization center that a merchant needs to make when he or she suspects that a fraudulent activity might be taking place at their establishment. It can be the card looks as if it has been tampered with or the customer acting in an unusual manner that causes your suspicion. Whatever the cause, you should make a “Code 10” and request a voice authorization for the transaction at issue with your merchant processing provider.
If the card is not signed, the merchant must complete the following steps:
- Obtain an authorization from the card issuer.
- Ask the cardholder to provide identification.
- Require the cardholder to sign the card.
The merchant must not complete the transaction if the cardholder refuses to sign the card.
Authorization Procedures
The merchant must use its best efforts, by reasonable and peaceful means, to retain the card while making an authorization request. An authorization from the card issuer is required before completing a transaction in the following instances:
- The transaction amount exceeds the merchant’s floor limit or the floor limit applicable to the transaction.
- The card is expired or not yet valid.
- The card is not signed.
- The merchant wishes to delay presenting the transaction record.
- The transaction receipt cannot be imprinted although the card is present.
- The merchant’s point-of-sale terminal is unable to read the magnetic stripe or the chip (if one is present) on the card.
- The account number is listed on the regional Warning Notice.
- The transaction is a recurring payment installment and a previous authorization request was declined by the card issuer.
- The merchant is suspicious of the transaction for any reason.
If either the card or the cardholder look suspicious, the merchant must contact their card processing provider’s authorization center and state “This is a Code 10 call” and await instructions. In all instances, except where the transaction exceeds the applicable floor limit, the merchant must inform the authorization center of the reason for the authorization request.
If a cardholder account is listed on the Electronic Warning Bulletin or regional Warning Notice, the merchant must not complete the transaction. The merchant must retain the card by reasonable and peaceful means and contact their payment processing provider’s authorization center for further instructions. If a merchant is advised by the authorization center to pick up the card, or is given other instructions, the merchant must use its best efforts to comply with the instructions. If the authorization center cannot be reached, the merchant must retain the card until the center can be reached. If, at any time the merchant feels threatened by the customer, the merchant should complete the transaction, wait for the customer to leave the store, and then contact the authorization center.
