Skip navigation
Best practices to avoid credit card fraud

Best practices to avoid credit card fraud

• See more Technology articles

It’s the nature of the fast-paced restaurant business to create plenty of challenges for owner operators. While credit card processing lacks the drama of a culinary challenge requiring a visit from Gordon Ramsay or a drinking disaster necessitating a Jon Taffer shutdown, unpracticed credit card handling habits can prove to be much worse than a slight annoyance. 

An oversight as simple as accepting an unsigned receipt or keying in a card number versus swiping a card can result in costly chargebacks. These should be clearly identified on your monthly processing statement, but for many operators it is challenging to dedicate the time to track these down and address the causes.

A recent study showed that in some major U.S. cities chargeback levels reached as high as 2.2 percent of total transactions. To prevent your restaurant from losing this revenue and profit, it is important to make sure your employees follow these credit card best practices based on the established rules and regulations of the major card brand associations. We know that our employees are not trying to cause charge backs—they just need the right training.

Always physically swipe credit cards rather than manually keying in the number. This provides maximum protection against fraud disputed losses and/or disputes involving an incorrect charge. But, as we all know, issues with your credit card system can arise, keeping you from operating business as usual. If a problem prevents cards from being swiped, be sure to obtain an imprint of the credit card to ensure proof that the card was present for the transaction. Remember that taking an imprint of the card with a keyed sale is a last resort and not a guarantee against fraud.

Never force a card through the system by manually typing the number into the POS system or terminal. This tactic may process the sale, but it also puts the entire transaction amount at risk. Technically, a credit card that does not swipe correctly should not be considered a working card.

Customers who leave before signing their receipt are another concern. Without a signature, the sale can result in an automatic loss if it is disputed by the customer. This can be particularly challenging in a busy bar. When possible, one practice that can help mitigate this risk is asking customers who are running a tab to leave an identification card along with their credit card to provide additional contact information if needed.

This applies to delivery and pick-up orders as well. The combination of a credit card swipe or imprint, as well as a customer’s signature, helps protect restaurateurs from losing money over disputed amounts. The best practice is to have your delivery staff carry a mobile card-swipe device to obtain a signed and swiped receipt with the delivery. If you are not at risk of charge backs because of third-party delivery services, this may not concern you, but if you are the delivery service, this is an important practice.

Identify online and telephone orders correctly on POS systems and terminals. This is a simple way for your employees to help cover all bases. For every transaction when the card isn’t present, it is important to correctly categorize each sale in your point-of-sale (POS) system or terminal to reduce the risk of fraud losses. Correctly entering orders as phone orders or online orders will open up new fields for further identification, including billing address, delivery address and credit card security code (also known as CVV/CVV2/CID), which the bank uses during the card approval process.

These additional pieces of information are commonly requested by online retailers and consumers are accustomed to providing this information, making it simply a matter of training your staff to use these measures.

If the information entered into the terminal and the data the bank has on file do not match, you should not accept the card as payment. Some POS systems or terminals can be programmed to automatically detect whether or not there is a match. Denying sales as a result of a negative match will greatly reduce restaurateurs’ risk of losses.

Start thinking about EMV. Europay MasterCard and Visa (EMV) “smart cards” are considered by many to be safer than debit or credit cards featuring only the traditional magnetic strip, which most of us are currently using. Upgrading to an EMV system should be part of your security strategy to combat counterfeit, lost or stolen card acceptance. Heartland has adopted a standard for secure transactions including encryption, tokenization and EMV. This solution offers the absolute best protection from stolen card data.

If you do not upgrade, you are liable for fraud chargebacks from counterfeit or lost or stolen card acceptance. Historically, many operators have considered this risk to be small with the thinking that criminals using stolen credit cards would not likely use it to purchase meals, but for bigger ticket items like a big screen TV. However, on Oct. 1, 2015 restaurants will be subjected to new EMV standards, which include the provision that the party with the least secure method of payment will be liable for certain chargebacks.

If you are considering an upgrade to address the EMV risk, you should use the opportunity to upgrade to encryption and tokenization since all three are available through a single terminal device. In this case, the upgrade not only satisfies the EMV requirements, but you are also implementing state-of-the-art security for card payment acceptance, mitigating or greatly reducing your risk of breach.

Interchange qualifications and rates. Each major card brand imposes different interchange fees on merchants for processing credit card transactions. These seemingly small fees can vary greatly if restaurant owners do not follow the best practices.

Clear transactions daily. To minimize interchange costs to qualify for the best interchange rates, restaurant operators should clear transactions each day. If a batch is not cleared within 48 hours, all the transactions in the batch may be qualified at higher rates–for example, 2.30 percent + $0.10 versus 1.95 percent + $0.10 for Visa Traditional Credit. Transactions will qualify for an even higher rate if they are not cleared within 72 hours. This one-third of a percent reduces your bottom line profit on this entire batch.

Do not handle card present transactions offline unless absolutely necessary. A forced transaction is the after-the-fact entry of a purchase transaction into a batch. If transactions are not authorized online, they will qualify for a much higher rate. For example, a MasterCard credit card that would be eligible for a rate of 1.73 percent + $0.10 if transacted online will qualify for a rate of 2.95 percent + $0.10 if authorized offline. This is a full 1 percent bottom line impact.

These are easy steps you can train your employees to follow closely every day, and it will make a difference to your bottom line. A few simple changes in accepting credit card payment will help to prevent avoidable chargebacks.

David Gilbert is the president of the hospitality group at Heartland.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.