Six Simple Rules For Safe Credit Card Handling

Let's face it, it's becoming more and more frequent to read about credit card data breaches in the news these days.

Unfortunately, what is not touched on as frequently as the numerous electronic threats are the physical security issues present in restaurant and retail establishments.

Netsurion's CEO Kevin Watson posted a blog in January 2015 listing Five Steps to Protect Retailers from Credit Card Theft. To follow up on the information presented in that article, we want to provide additional knowledge that retailers can utilize in protecting themselves from credit card theft.

Why is Safe Credit Card Handling Important?

We are, and have been, rapidly migrating toward a cashless society. Consumers today expect and deserve to feel safe and secure when presenting credit cards during transactions.

Therefore a certain social as well as business obligation exists for restaurants, retailers, and other businesses to respect the personal data of consumers. This extends to the employees that represent those businesses, as well.

So without further hesitation, here are Netsurion's Six Simple Rules For Safe Credit Card Handling.

Six Simple Rules for Safe Credit Card Handling Procedures

  • 1. Never make an electronic copy of sensitive cardholder data.

    Train employees to understand and deny the use of any unauthorized external device, such as a "skimmer", used to record credit card information. Criminals have been known to be brazen enough to approach employees requesting to install devices in order to record credit card information.

    A majority of the time, it is the employee that is caught and prosecuted, not the criminal. It may seem like easy money, however it can easily mean jail time for the employee involved.

  • 2. Do not physically record credit card numbers.

    At times, companies may choose to keep credit card data for means of convenience. This practice, however efficient it may seem, is not safe.

    Cardholder information must be kept in a locked drawer, with very limited access to the data. Once you factor this security in, many businesses realize that collecting data during each individual purchase is a more efficient method while also holding less risk for the business.

  • 3. Physical and electronic cardholder data must be destroyed after it is no longer needed.

    If you don't need it, destroy it, and do so properly.

    Destroy all physical credit card data when it no longer serves a practical purpose. Netsurion's Credit Card Handling video details several methods to properly dispose of physical credit card data.

  • 4. Never send emails or other correspondence containing credit card information.

    Do not send sensitive credit card or banking information via email. Period.

    As an aside, ensure that employees are trained to understand that your company will never request individual cardholder data under any circumstances. Any attempts to request such information should be notified to a manager immediately.

  • 5. If customer leaves their credit card behind by mistake, destroy it if it has not been retrieved within 24 hours.

    Sometimes we are forgetful. If a customer mistakenly leaves their card in your establishment, contact them the same day to inform them your business is in possession of the card and that it will be destroyed if not properly claimed within a specific amount of time.

    Netsurion advises no more than a 24-hour window. However, we urge you to check with your management team for your company’s specific policies relating to this practice.

    If the consumer does return after the specified time, politely inform them that you properly destroyed their card in order to protect their information and to ensure their security.

  • 6. If you see anything you are uncertain about, report it.

    If something seems suspicious, report it. If you see credit cards being stored in an unsafe manner, report it to the proper management team so it may be corrected.

    Additionally, regularly inspecting the cash wrap area for any evidence of physical hardware tampering is strongly recommended to combat security threats.

6 simple rules for safe credit card handling infographic

BONUS: Free Credit Card Handling Video

Restaurants and retail establishments post the highest turnover rates, with each employee costing employers up to $3,000 or more to train. With such high turnover rates and costs associated with training employees, any and all free training should be a welcome resource in assisting with securing and running a business.

Netsurion offers employers a free Safe Credit Card Handling Video, complete with a confirmation to indicate that the employee has viewed and completed the video in its entirety.

View Netsurion's Safe Credit Card Handling Video.

After viewing the video, one should find it to be comprehensive enough for all employees involved, from part-time employees to managers and owners alike. Employees benefit greatly, and could be enticed to study the video. This training may be added to an application as a skillset, increasing an employee's odds of being hired, making a higher wage, and being more desired as an employee trained in safe credit card handling procedures.

Owners can benefit by reducing the ever-increasing credit card data threat to their business.

  • Are there any weaknesses in your Point-of-Sale System?

    September 06, 2016

    News about a company being breached seems to be a regular occurrence nowadays. And it’s no wonder, with hackers getting more sophisticated and hungry for more.

    Read More
  • Six Simple Rules For Safe Credit Card Handling

    October 05, 2015

    The more you create a culture of security in your business, the safer your business will be. Make sure you have resources that your employees can use to educate themselves on dealing with security threats.

    Read More
  • Five Steps to Protect Retailers from Credit Card Theft

    January 07, 2015

    The Georgia based fast food company, Chick-fil-A, has confirmed that it is investigating a potential credit card breach. The investigation is focused on the company’s point-of-sale (POS) network at some of its restaurants and the breach is thought to have occurred between December of 2013 and September of 2014.

    Read More