Payment Card Transactions and Policies: What Jewelers Need to Know to Be Secure and Compliant
Payment card processing can be overwhelming and expensive and is sometimes referred to as a necessary evil for small businesses.
When making sales by payment card transaction there are a few considerations to keep in mind. The first is the type of payment card being used —a chipped Europay, Mastercard and Visa (EMV) or non-chipped (magnetic stripe) card. Chipped cards are much harder for criminals to duplicate making the unchipped version more of a target. This means there is a higher risk when conducting sales with unchipped cards.
It’s a good idea to create a committed practice around payment card acceptance that’s written into your store policy. Here are a few best practices that could be written into the policy.
Payment Card Transaction Best Practices
1. Follow the rules set out in the merchant account agreement for accepting payment by way of payment cards. If you don't, and a sale is determined to be fraudulent, there is a slim chance of recovering the loss, even if you have insurance that covers this type of loss.
2. Match the signature to the name on the payment card. Take the extra time to read it closely, don't just check to see if there is a signature.
3. Check the payment card for a signature on the back. If it doesn't have one, get the client to produce another form of ID with their name and signature on it, then have them sign the payment card so you can compare. Check the other ID to make sure the name matches the signature on the payment card as well.
4. Verify that the signatures compare if you have after sales programs, such as free cleaning and servicing for a year, that involve a client signature to sign up.
5. Accepting payment cards over the phone. Require the following pieces of information for every card payment you take over the phone:
- Complete card number
- Expiration date
- Security code/CVV code
- Billing ZIP code (match the billing and shipping zip codes while on the phone, if they are different, ask the customer why they don’t match)
On the signature line of the receipt, write “phone order” and file the paper receipt. When shipping the order, purchase tracking for the shipment so you have a paper trail. This will make it more difficult for a customer to claim their goods were not received or it was fraudulent.
6. Know your customer. Good sales practice is to have a rapport with a client and obtain their name and remember it. This happens at the front end of a potential sale, before a payment card is presented. When/if a payment card is presented, verify the name they provided matches the name on the payment card.
Security and Compliance
Accepting payment cards at your jewelry business means you are responsible for the proper handling of your customer’s card holder account information. The two sources noted below can help you become compliant with industry standards.
Payment Card Industry Data Security Standard (PCI DSS)
PCI DSS is a baseline of technical and operational requirements designed to protect card holder account information and applies to all entities involved in payment card processing. PCI DSS compliance is documented through an annual submission of a self-assessment questionnaire (SAQ).
If you are not PCI DSS compliant, you may be charged a non-compliance fee from the payment card companies. This is a separate fee not associated with your merchant processor, which is important to note.
Mastercard and Visa (EMV)
To be EMV compliant simply means you have upgraded your point-of-sale equipment to machines that accept the chip or the magnetic stripe. If your jewelry business has not upgraded your equipment you run the risk of being liable for any fraudulent activity.
Looking for more ways to mitigate loss and keep your business secure? Visit our JM University® online training resource featuring the Selling with Security course to help you run a well-protected and successful jewelry business or read our comprehensive Jeweler Security Guide by clicking the button below.