Guidelines for secure transactions
Please review the information below to ensure that a transaction is secure and read about some signs that may indicate the opposite.
- Contact the approvals center and ask for telephone approval stating “approval code 10”, if the appearance of the card (shape, size, colors, shape display, security features) or the overall holder’s behavior raise suspicions.
- Use your card once for each completed transaction of the holder in your business, irrespective of the number of goods purchased or services provided and their individual or total value.
- If the customer is required to enter the PIN to complete the transaction, give them the ability to do so securely, without it being seen by others.
- Never carry out a transaction when the holder of the card is not present; do not accept powers of attorney or copies of ID cards presented by third parties to perform transactions with the cards of others.
- Be reluctant to perform remote transactions as they involve a much greater risk than those carried out with the physical presence of the card (remote transactions are governed by specific terms and can only be performed after signing an Additional Deed with the Bank).
- Remote transactions involve a significant risk that each business undertakes when they commence a collaboration with the Bank, by signing the additional deed for transactions with an open keyboard. The risk stems from the fact that the real holder’s consent to the remote transaction cannot be demonstrated in the same manner as in transactions that take place with the presence of the card (signature on the receipt, use of PIN).
- Do not break down a transaction to smaller ones in order to force its approval. The provision of approval by the issuer bank is related to the creditworthiness of the holder and does not guarantee the lawfulness of the transaction.
- Regarding the use of the “Pre-approval & Completion” functions, keep in mind the following: Pre-approval of a transaction is valid for 30 days. If the 30-day period has elapsed, you will have to receive a new pre-approval. The pre-approval of a transaction and its completion will have to bear the same approval number and the two actions have to take place within 30 days. The pre-approval of a transaction and its completion may feature a different amount, but the completion must not have a greater amount than that of the pre-approval. The pre-approval of a transaction and its completion have to be performed using the terminal of the same Bank, otherwise the transaction cannot be processed by the Bank that issued the card.
- For security reasons, do not keep a record of your customers’ card details. Always ensure that your business is PCI-DSS certified.
- In the event of partial or total cancellation of a transaction, always credit the card you charged initially. Never give the customer cash or refund the amount to another card. Keep your copy and any supporting documents for the transaction in good condition for at least 12 months. Send immediately the copy of the transaction to the Bank when so requested.
- For even more advanced transaction security, if you have Cardlink Android POS, we suggest that you lock functionalities that you do not use or you want to ensure that only those authorized have access, such as the Refund feature. Choose “Settings” in the app to lock the functionalities and then choose “Other Settings” to proceed with a ”Refund” using a PIN that you have set.
- Take all necessary measures to protect customer data on your business’s electronic systems (e.g. passwords, firewalls, controlled personnel access).
- Check that the card is signed and compare the signature with that on the receipt of the POS terminal, when a holder’s signature is requested on the receipt.
What to watch out for
Watch out for situations where the customer:
- tries another card when a transaction using a previous card has been rejected and the cards do not have the same surname;
- makes high-value purchases using different cards;
- makes a lot of purchases without considering the size, quality, color or price;
- tries to distract you so that you will carry out the transaction without performing the necessary checks;
- tries to expedite the purchase before the store closes;
- changes opinion about the purchase when they realize that the merchant is calling for approval of the transaction;
- is very anxious and behaves strangely during the process;
- buys goods in a hurry;
- buys a lot of bulky high-value products and collects them personally on the spot;
- asks you to break down a transaction to contactless transactions of a lower value for which it is not necessary to enter a PIN.