Embed Size (px)
DESCRIPTION
Merchant Training
Citation preview
Welcome to Basic PCI Security Training
While processing credit cards you will be exposed to a lot of sensitive information.
This training will show you how to handle credit card information in a safe and secure manner.
Customers trust that we will keep their account
information safe from crooks like these.
• Clearly printed account number (16 digit PAN)• Valid thru date• Holographic security emblem• Card logo (Visa)• Cardholder's name
(Click on the credit card to check your answers)
Look at the above card. Can you find each of the parts listed below?
Front side of cardFirst, lets look at the front side of a typical
credit card.
Valid thru date
Holographic emblem
Card logo
PAN
Now, look at the back side of a credit card.
• Signature panel• A 3 digit security code also called the CVV2
number• Magnetic stripe
(Click on the credit card to check your answers)
Can you find each of the parts listed below on the above card?
Back side of card
CVV2
Signature Panel
Magnetic Strip
Have you ever wondered what is
encoded in the magnetic strip?
• Cardholder name and address• Account number• Expiration date• Special security information to detect
fraudulent cards
Once the card is swiped, this information is electronically relayed to the card issuer, who then uses it to authorize the sale.
The magnetic strip contains:
Now that you know the anatomy for Discover, MasterCard, and Visa
cards, lets explore American Express
card.CID Code
The American Express card has the same safety features as Discover, MasterCard and Visa, but a little different structure.
The American Express's equivalent to the 3 digit CVV2 security code is a 4 digit CID security code which appears on the face of the card.
American Express Card
The CVV2/CID number ensures the caller actually has a credit card in hand
when making the purchase.
CVV2/CID number
When a customer physically hands you their card and you swipe it in a credit card terminal, you will not need to use the CVV2/CID number. This is because when swiped through the card reader, the terminal reads and transmits data from the magnetic stripe which includes the CVV2/CID security code.
Check out these 9 rules for credit card
security.
Credit Card Security Rules
1. Keep the card in the customer’s line of sight.
2. Match signatures on the signed receipt to the back of the card.
3. Accept only the 4 major credit cards, or those identified by your department.
4. Obtain the security code on the back of the card for all telephone sales.
5. Write cardholder information only on designated forms.
6. Store all documents containing card holder data in a secure locked area.
7. Never send or receive card data through e-messaging
8. Process refunds to the card used for original purchase.
9. Never share cardholder information outside your work environment.
Some of these rules may not apply to your department. Each department has a different business process, so remember to double check with your supervisor if you have any questions.
Rule 1 applies to any sales situation where
a customer hands you a credit card.
1. Keep the card in the customer'sline of sight at all times.
Do this:• Place the card on the counter as you log into the POS
terminal.• Hold the card up in front of you or keeps it on the
counter if you needs both hands.
NOT this:• Place the card below the counter• Walk away from your station with the customer's card• Place the card in the drawer• Place the card behind an object that blocks the
customer's view
Rule 2 requires you to make sure the signatures match.
Check the following items:• A signature appears on the card.• The signatures on the card and receipt look similar.• The signature area on the card is intact and not voided.• Color markings appear on the signature stripe.
If the signatures do not match or you have a concern about the authenticity of the card, call your supervisor.
2. Match signatures on the signed receipt to the back of the card.
Rule 3 is plain and simple. NCSU only accepts 4 kinds of
credit cards.
3. Accept only the 4 major credit cards.
Make sure the logos above appear on the card. Your department may even limit which of these 4 cards they accept, so make sure you find out.
Rule 4 is your last line of defense for preventing the fraudulent use of a
card via internet or phone.
4. Obtain the security code on the back of the card for all telephone sales.
• When you (the merchant) ask for this number, you are validating the card is in the physical possession of the cardholder (purchaser).
• If the CVV2/CID number does not match the issuing bank's file, the transaction will be declined and you will receive a message saying the security code does not match.
The CVV/CID number should never be written down on any paper document. It can only be entered through a terminal.
Rule 5 pertains mostly to telephone sales but should
be kept in mind for all credit card transaction.
5. Write cardholder data only on designated forms.
• Follow your department’s policy for MOTO (Mail/Telephone order) transactions.
• If MOTOs are allowed in your department, always record the customer's name, phone number, and credit card number on the designated form.
• Once the order has been placed or recorded, all paper documents are securely stored and destroyed when no longer needed.
Rule 6 applies when cardholder data is
received by mail, fax, or phone.
6. Store all documents containing card holder data in a secure locked area.
Place all order forms in a designated restricted area under lock and key. These documents will remain here until they are later destroyed by designated staff.
To secure cash and credit card receipts:
• Organize credit card receipts into a stack.• Place the receipts inside the cash bag. • Deliver the bag to the safe or cash room.
Rule 7: Under no circumstances should cardholder information
be sent via any electronic format.
7. Never send card data through e-messaging
This includes all electronic communication such as emails, attachments to emails, text messaging and chat rooms.
Rule 8: Refunds must be placed on card used for the initial purchase.
8. Process refunds to the card used for the original transaction.
What if someone does not have their original card?If a customer doesn’t have their original card, inform them a check will be issued for the refund amount.
Internet TransactionsIt's much simpler for internet transactions since the cardholder’s information and card number are linked to the sale. A refund will be automatically issued based on the original transaction and card used.
Never enter the customer’s card information over the phone to issue a refund for an internet transaction.
Rule 9: Never discuss a
customer's personal card information outside of work.
9. Never share cardholder information outside your work environment.
You can discuss at a high level about your work with credit cards, but never
mention specifics.
Customers are trusting you with their sensitive account information! Treat their
information as if it were your own.
Lets take a quiz to see how much you
remember!
