In recent months, we at E-Complish have devoted several blog posts to customer card data and what merchants can do to keep it safe.
However, employees can also play a key role in preventing this data from falling into the wrong hands—providing that they have received the proper training. Here are a few critical pointers to share with your staff.
Treat records carefully
Employees who have access to documents or electronic records that contain customers’ credit card information—for instance, merchandise orders, account records, and authorizations to keep credit card numbers on file—should be trained to handle it with care. This means returning paper documents to their designated place (hopefully, under lock and key) or, in the case of electronic records, ensuring that they are closing down (or shutting off) computers instead of leaving information on-screen where others can see it.
Redact, redact, redact
As mentioned in our last blog, card security numbers—known by names such as CW2, CID, and CSCs—serve to confirm that a transaction authorized by telephone or online is legitimate, in other words, that the cardholder is who he or she claims to be and actually has the card in his or her possession. We also noted that this information should not be kept on file together with credit card numbers. For this reason, merchants that record customers’ credit card numbers on paper should teach employees to redact card security numbers from paper records before storing them. By redacting—we mean cross out with black ink, so that there is no way any card security numbers.
Lock up lost and forgotten cards
a customer has left a credit card behind and does not immediately return for
it, staff should not merely set it aside, but hand it over to a supervisor so
it can be locked away. If the card remains unclaimed for 24 hours, it should be
Employees may be tempted to stash a forgotten credit card in a drawer rather than give it to a supervisor, hoping that the cardholder will return before the 24-hour period is up so. Emphasize that this practice is forbidden because it leaves the card open to theft.
Just say no to skimmers
As unbelievable as it may seem, fraudsters have been known to approach employees in stores and either insist that they have been sent to alter the point of sale equipment—or to stealthily start doing so. Their motive? To install skimmers that duplicate credit card numbers, so that the information can be used to produce counterfeit cards or make unauthorized purchases. Instruct employees not to allow this and to alert management immediately if they notice it happening.
One final piece of advice we would like to share: As with all employee policies, put all instructions for handling and safeguarding customers’ credit card information in writing.
E-Complish can work with merchants to ensure that the payment processing solutions they use will keep customers’ credit card information safe. To learn more or schedule a consultation, click here.