Customer Card Data Safety: What Merchants Need to Teach Employees

In recent months, we at E-Complish have devoted several blog posts to customer card data and what merchants can do to keep it safe.

However, employees can also play a key role in preventing this data from falling into the wrong hands providing that they have received the proper training. Here are a few critical pointers to share with your staff.

Treat Records Carefully

Employees who have access to documents or electronic records that contain customers’ credit card information, for instance, merchandise orders, account records, and authorizations to keep credit card numbers on file should be trained to handle it with care. This means returning paper documents to their designated place (hopefully, under lock and key) or, in the case of electronic records, ensuring that they are closing down (or shutting off) computers instead of leaving information on-screen where others can see it.

Redact, Redact, Redact

As mentioned in our last blog, card security numbers known by names such as CW2, CID, and CSCs serve to confirm that a transaction authorized by telephone or online is legitimate, in other words, that the cardholder is who he or she claims to be and actually has the card in his or her possession. We also noted that this information should not be kept on file together with credit card numbers. For this reason, merchants that record customers’ credit card numbers on paper should teach employees to redact card security numbers from paper records before storing them. By redacting we mean crossing out with black ink so that there is no way any card security numbers.

Lock up Lost and Forgotten Cards

If a customer has left a credit card behind and does not immediately return for it, staff should not merely set it aside, but hand it over to a supervisor so it can be locked away. If the card remains unclaimed for 24 hours, it should be destroyed.

Employees may be tempted to stash a forgotten credit card in a drawer rather than give it to a supervisor, hoping that the cardholder will return before the 24-hour period is up so. Emphasize that this practice is forbidden because it leaves the card open to theft.

Just Say No to Skimmers

As unbelievable as it may seem, fraudsters have been known to approach employees in stores and either insist that they have been sent to alter the point-of-sale equipment or to stealthily start doing so. Their motive? To install skimmers that duplicate credit card numbers, so that the information can be used to produce counterfeit cards or make unauthorized purchases. Instruct employees not to allow this and to alert management immediately if they notice it happening.

One final piece of advice we would like to share: As with all employee policies, put all instructions for handling and safeguarding customers’ credit card information in writing.

E-Complish can work with merchants to ensure that the payment processing solutions they use will keep customers’ credit card information safe. Learn more and schedule a consultation.