Table of Contents. 2 TouchSuite Welcome Kit

Transcription

1 Welcome Kit

2 Table of Contents Important Account Information... Welcome to TouchSuite Merchant Services... Help Desk Card Enclosed... Your Merchant ID (MID) Customer Support Numbers... 4 Card Acceptance Policies... Asking for Identification... Taxes... Split Sales... Laundering... No Cash Refunds... Delivery of Goods and Services... Zero-Percent Authorizations... No Transactions on Merchant s Own Card Card Processing Procedures... Maintaining Your Account... When to Contact Us Understanding and Avoiding Chargebacks... Why Chargebacks Occur... Avoiding Chargebacks... Chargeback Remedies... Point of Sale... Avoid Illegible Transaction Receipts... Sales-Receipt Processing PCI Compliance Reminder... Payment Card Industry Data Security Standard... Requirements for Protecting Transaction Data If You Have a Security Breach Immediately Contain and Limit the Exposure Alert All Necessary Parties TouchSuite Welcome Kit

3 Important Account Information Welcome to TouchSuite Merchant Services Thank you for choosing TouchSuite as your Merchant Services provider. We look forward to servicing your credit card acceptance needs with a host of products and services that will help your business increase sales and customer loyalty. We encourage you to contact us if you have any questions, comments, or financial needs. Help Desk Card Enclosed Keep the Help Desk card included in your welcome package in a secure, non-public location close by the credit card terminal or computer used for payment processing. Call the toll-free number on the card and reference the account information when you need credit card related assistance. MERCHANT ID Your Merchant ID (MID) is. Please keep your MID readily available for identification purposes when seeking assistance on your account. TouchSuite Welcome Kit 3

4 Customer Support Numbers Equipment Help Desks Terminal Help Desk > Option 1 >Option 1 (24/7) Restaurant POS Help Desk (24/7 Available) Salon ELITE POS Help Desk (M-F 9a-9p EST) Salon Firefly POS Help Desk (M-F 9a-9p EST) Inquiries and Account Changes Merchant Support (M-F 9a-6p EST) American Express (24/7) Voice Authorization Response Unit (VRU), Referrals, and Code 10 Operators Visa & MasterCard Authorization Center (24/7) American Express Authorization Center (24/7) 4 TouchSuite Welcome Kit

5 Card Acceptance Policies Asking for Identification Although payment network rules do not preclude merchants from asking for cardholder ID, merchants cannot make an ID a condition of acceptance. Therefore, merchants cannot refuse to complete a purchase transaction because a cardholder refuses to provide ID. The payment networks do allow merchants to ask for ID as part of their regular card acceptance procedures. Laws in several states also make it illegal for merchants to write a cardholder s personal information, such as an address or phone number, on a sales receipt. You may ask for the ID if the card is not signed; you must have the cardholder sign it and check the signature against two other pieces of identification, including one government issued ID. Taxes Include required taxes in the total transaction amount. Do not collect taxes separately in cash. This policy reflects the needs of the many Visa, MasterCard, and Discover Network cardholders who must have written records of the taxes they pay for goods and services. Split Sales Prepare one sales receipt per transaction, using the full transaction amount. Merchants are not allowed to split the cost of a single transaction on a single cardholder account between two more sales receipts in order to avoid authorization limits. TouchSuite Welcome Kit 5

6 Card Acceptance Policies Laundering Deposit transactions only for your own business. Depositing transactions for a business that does not have a valid merchant agreement is called laundering or factoring. Laundering is not allowed; it is a form of fraud associated with high chargeback rates and the potential for forcing merchants out of business. No Cash Refunds Complete a credit receipt for merchandise returns or adjustments. Do not provide cash refunds for returned merchandise originally purchased with a card. Visa and Discover Network does not permit cash refunds for any credit or debit card transaction. By issuing credits, you protect your customers from individuals who might fraudulently make a purchase on their account and then return the merchandise for cash. Delivery of Goods and Services Deliver the merchandise or services to the cardholder at the time of transaction. Cardholders expect immediate delivery of goods and services unless other delivery arrangements have been made. For card-not-present transactions, cardholders should be informed of delivery method and tentative delivery date. 6 TouchSuite Welcome Kit

7 Card Acceptance Policies Zero-Percent Authorizations Merchants should not estimate transaction amounts. For restaurant merchants, in particular, this means debit or credit transactions should be authorized for only the known amount of the check. Do not add an estimated tip. Cardholders today can check their account balances almost instantly via the Internet or ATMs. An authorization that includes an estimated tip can reduce their available cash or credit balance by an unrecognizable amount. The authorization hold may make it appear he or she was overcharged. That can mean angry phone calls from unhappy customers and the potential for reduced business. To ensure zero-percent tip authorization for all transactions, restaurant merchants should: Instruct staff to authorize only for the check amount. Your staff training and review materials should emphasize the importance of authorizing only for the known amount of the check, excluding any estimated tip. Ensure your authorization system is set up for zero-percent authorization. For further information on zero-percent tip authorization, contact the Merchant Support Center. No Transactions on Merchant s Own Card Merchants should not use your own card, or one to which you have access, to process a transaction for the purpose of obtaining credit for your own benefit. TouchSuite Welcome Kit 7

8 Card Processing Procedures 1. Swipe the card to request the transaction authorization. 2. Hold the card throughout the transaction. 3. Check the card s features and security elements while the transaction is being processed. Make sure the card is valid and has not been altered in any way. 4. Obtain authorization. 5. Get the cardholder signature on the transaction receipt. 6. Compare the name, number, and signature on the card to those on the transaction receipt. 7. Return Card and transaction receipt to your customer. IF YOU SUSPECT FRAUD, MAKE A CODE 10 CALL 8 TouchSuite Welcome Kit

9 Maintaining Your Account When to Contact Us From time to time, your business may experience changes. Some changes may require updates to your merchant processing account, including the following: Bank Account Ownership or ownership structure Federal tax identification number Company DBA and/or Legal Name Address, phone number, etc. Type of kind of business Processing method (switching from MOTO to Retail or vice versa) Additional documentation may be required to update your account. To request account changes, please contact TouchSuite Merchant Support at: Phone: Fax: Mail: TouchSuite Attn: Merchant Support 1081 Holland Drive Boca Raton, FL TouchSuite Welcome Kit 9

10 Understanding and Avoiding Chargebacks A chargeback is a reversal of a sales transaction. The following are the top five reasons for which chargebacks are initiated and how you may be able to dispute them if appropriate. All supporting documentation must be provided within twelve (12) business days. Why Chargebacks Occur The most common reasons for chargebacks include: Customer disputes Fraud Processing errors Authorization issues Non-fulfillment of copy requests (only if fraud or illegible) Avoiding Chargebacks Most chargebacks can be attributed to improper transactionprocessing procedures and can be prevented with appropriate training and attention to detail. The following best practices will help you minimize chargebacks. 10 TouchSuite Welcome Kit

11 Understanding and Avoiding Chargebacks Chargeback Remedies Even when you do receive a chargeback, you may be able to resolve it without losing the sale. Simply provide Merchant Services with additional information about the transaction or the actions you have taken related to it. For example, you might receive a chargeback because the cardholder is claiming that credit has not been given for returned merchandise. You may be able to resolve the issue by providing proof that you submitted the credit on a specific date. Send this information to Merchant Services in a timely manner. The key in this and similar situations is always to send Merchant Services as much information as possible to help remedy the chargeback. With appropriate information, Merchant Services may be able to resubmit, or re-present, the item to the card issuer for payment. Timeliness is also essential when attempting to remedy a chargeback. Each step in the chargeback cycle has a defined time limit during which action can be taken. If you do not respond during the time specified on the request which may vary depending on Card Association rules Merchant Services will not be able to remedy the chargeback. Although many chargebacks are resolved so that the merchant does not lose the sale, some cannot be remedied. In such cases, accepting the chargeback may save you the time and expense of needlessly contesting it. TouchSuite Welcome Kit 11

12 Understanding and Avoiding Chargebacks Point of Sale Declined Authorization Do not complete a transaction if the authorization request was declined. Do not repeat the authorization request after receiving a decline; ask for another form of payment. Transaction Amount Do not estimate transaction amounts. For example, restaurant merchants should authorize transactions only for the known amount on the check; they should not add on a tip. Referrals If you receive a Call message in response to an authorization request, do not accept the transaction until you have called the authorization center. In such instances, be prepared to answer questions. The operator may ask to speak with the cardholder. If the transaction is approved, write the authorization code on the sales receipt. If declined, ask the cardholder for another form of payment. Expired Card Do not accept a card after its Good Through or Valid Through date unless you obtain an authorization approval for the transaction. Card Imprint for Key-Entered Card-Present Transactions If you must key-enter a transaction to complete a card-present sale, make an imprint of the front of the card on the sales receipt,using a manual imprinter. Even if the transaction is authorized and the cardholder signs the receipt, the transaction may be charged back to you if the 12 TouchSuite Welcome Kit

13 Understanding and Avoiding Chargebacks Point of Sale Cont. receipt does not have an imprint of the embossed account number and expiration date. Cardholder Signature The cardholder s signature is required for all card-present transactions. Failure to obtain the cardholder s signature could result in a chargeback if the cardholder later denies authorizing or participating in the transaction. When checking the signature, always compare the first letter and spelling of the surname on the sales receipt with the signature on the card. If they are not the same, ask for additional identification or make a Code 10 call. Fraudulent Card-Present Transaction If the cardholder is present and has the account number but not the card, do not accept the transaction. Even with an authorization approval, the transaction can be charged back to you if it turns out to be fraudulent. Legibility Ensure that the transaction information on the sales receipt is complete, accurate, and legible before completing the sale. An illegible receipt, or a receipt that produces an illegible copy, may be returned because it cannot be processed properly. The growing use of electronic scanning devices for the electronic transmission of copies of sales receipts makes it imperative that the item being scanned be very legible TouchSuite Welcome Kit 13

14 Understanding and Avoiding Chargebacks Avoid Illegible Transaction Receipts Ensuring legibility of transaction receipts is key to minimizing copy requests and chargebacks. When responding to a copy request, you will usually photocopy or scan the transaction receipt before mailing or electronically sending it to Merchant Services. If the receipt is not legible to begin with, the copy that the bank receives and then sends to the card issuer may not be useful in resolving the cardholder s question. If this occurs, the transaction may be returned to you as a chargeback for an illegible copy. At this point, unless you can improve the readability of the transaction receipt, you may end up taking a loss on the transaction. Sales-Receipt Processing One Entry for Each Transaction Ensure that transactions are entered into point-of-sale terminals only once and are deposited only once. You may get a chargeback for duplicate transactions if you: Enter the same transaction into a terminal more than once Process the same transaction with more than one merchant bank Voiding Incorrect or Duplicate Sales Receipts Ensure that incorrect or duplicate sales receipts are voided and that transactions are processed only once. 14 TouchSuite Welcome Kit

15 Close your Batches as quickly as possible, preferably within 24 hours of the transaction date; do not hold on to them. Process credit transactions as quickly as possible. Ship Merchandise Before Processing Transaction For card-notpresent transactions, do not process the transactions until you have shipped the related merchandise. If customers see a transaction on their monthly card statement before they receive the merchandise, they may contact their Issuer to dispute the billing. Similarly, if delivery is delayed on a card-present transaction, do not deposit the sales receipt until the merchandise has been shipped. Requests for Cancellation of Recurring Transactions If a customer requests cancellation of a transaction that is billed periodically (monthly, quarterly, or annually), cancel the transaction immediately or as specified by the customer. As a service to the customer, advise the customer in writing that the service, subscription, or membership has been canceled and state the effective date of the cancellation. Disclosing Refund, Return, or Service Cancellation Policies If your business has policies regarding merchandise returns, refunds, or service cancellations, these policies must be disclosed to the cardholder at the time of the transaction. Your policies should be pre-printed on your sales receipts, if not, write or stamp your refund or return policy information on the sales receipt near the customer signature line before the customer signs (be sure the information is clearly legible on all copies of the sales receipt). Failure to disclose your refund and return policies at the time of a transaction could result in a dispute if the customer returns the merchandise. TouchSuite Welcome Kit 15

16 PCI Compliance Reminder Please follow the instructions below to avoid PCI non-compliance fees on you merchant statement Offering the simplest, most convenient means to 100% PCI DSS compliance Every merchant who accepts credit/debit card payments is required to comply with the Payment Card Industry Data Security Standard (PCI DSS). The threat to credit and debit card data has never been greater, and the impact on a merchant and its customers can be devastating. Your best protection is ongoing PCI DSS compliance. To make achieving and maintaining PCI compliance quick and simple, TouchSuite has teamed with ANX, a leading provider of PCI security solutions, in offering a PCI compliance program. This program provides online, wizard-style tools that help you: Complete the Appropriate PCI Self Assessment Questionnaire (SAQ). All merchants are required to complete the SAQ annually. There are five variants of the questionnaire (A, B, C, C-VT, and D) that reflect the controls necessary to secure various payment technologies. ANX s online portal efficiently directs you to the appropriate questionnaire, and an extensive knowledge base helps you accurately answer each question. Schedule and complete quarterly vulnerability scans (if applicable). If your payments solution communicates payment card data over a computer network (versus a phone line), a quarterly scan is required to determine if vulnerabilities would allow a hacker to compromise your network and cardholder data. ANX provides a self-service external vulnerability scanning solution that meets all quarterly PCI DSS security scan requirements. Enhance security through employee awareness. Keeping your business secure and compliant requires ongoing awareness. ANX provides elearning courses and a knowledge base for you and 16 TouchSuite Welcome Kit

17 your employees to foster that awareness and help keep you safe. Applicable Fees A low annual charge of $89.00 will be added to your merchant statement for this service. This fee will allow us to continue providing you high level support with respect to compliance standards put forth by the payment brands, the PCI Security Council and various entities. As part of this fee, the services described above will be provided to you at no additional charge. Maintaining your merchant account with us or use of your merchant account will represent your acceptance of these terms. While participation in the PCI Compliance Service Assistance Program helps to reduce the risk of a security breach or data compromise that could prove catastrophic to your business, PCIDSS compliance does not guarantee or prevent a security breach or compromise. To get started, please visit or call ANX toll-free at , option 1, then option 4. You may also ANX at You can also contact TouchSuite Customer Service at if you have any questions. If you have validated compliance with another provider, you must supply proof of validation to TouchSuite. TouchSuite Welcome Kit 17

18 Payment Card Industry Data Security Standard Requirements for Protecting Transaction Data Combating fraud is the shared responsibility of all parties involved in payment card transactions. Visa, MasterCard and Discover Network are reaching out to merchants, acquires and other partners to minimize risk and share requirements for safeguarding transaction data. Below are the 12 requirements included in the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS can be viewed in its entirety at: Compliance with the PCI DSS helps preserve the integrity of the payments system and maintains consumer confidence. TouchSuite mandates our merchants validate their PCI DSS compliance through a Qualified Security Assessor. Information regarding the TouchSuite PCI DSS compliance program is sent directly to the merchant following account opening. Any merchant or service provider that stores, processes, or transmits cardholder information must comply with these standards. All eligible merchants and service providers, regardless of size (or in the case of service providers, whether they support issuing or merchant activity) must comply with the 12 basic requirements outlined next. 18 TouchSuite Welcome Kit

19 1. Install and maintain a firewall configuration to protect data. Firewalls are computer software devices that control traffic in the company s network. This includes unauthorized access from the Internet, as well as access to sensitive areas from company s internal networks. 2. Avoid vendor-supplied defaults for system passwords. Hackers attempt to identify these passwords and settings, and use them to compromise systems. You should always change these defaults before installing a system on the network. 3. Protect stored transaction data. Keep transaction storage to a minimum and never store sensitive authentication data after authorization. Take precautions to make stored transaction data unreadable through encryption or some other secure and robust approach. 4. Encrypt transaction data when transferred over networks. Sensitive information should always be encrypted during transmission over wireless networks or the Internet, as it is often easy to divert or intercept data while in transit. Never send encrypted transaction information via Utilize anti-virus software or programs. Install these mechanisms on all systems that can be affected by viruses and ensure that these systems are current, running, and capable of generating audit logs. 6. Develop and maintain secure systems and applications. As a participating merchant or service provider, you must ensure that all components have the latest vendor security and software patches to protect against external hackers and viruses. Develop standard system development processing and secure coding techniques. 7. Restrict access to data. Limit access to resources and cardholder information to employees who need access to the information to do their jobs and limit access only to what is needed. Establish a mechanism for systems with multiple TouchSuite Welcome Kit 19

20 Requirements for Protecting Transaction Data users that restrict access based on an individual s need to know. 8. Assign a unique username and password to each person with computer access to transaction data. This allows for all actions taken on the system to be identified and tracked. Take necessary precautions to protect user identification and immediately revoke access by terminated users. 9. Restrict physical access to transaction data. Use appropriate facility entry controls and monitor access. Develop procedures to help personnel easily distinguish between employees and others. Destroy media containing transaction information when it is no longer needed. 10. Track and monitor access to network resources and transaction data. Logging mechanisms and tracking user activity is critical to uncovering unauthorized illegal activity. 11. Regularly test security systems and processes. New vulnerabilities are continually being discovered. Consistent testing ensures security maintenance. 12. Maintain an information security policy. A strong security policy sets the security tone for the entire company. 20 TouchSuite Welcome Kit

21 If You Have a Security Breach If you experience a suspected or confirmed security breach, you should: Immediately Contain and Limit the Exposure To prevent further loss of data, conduct a thorough investigation of the suspected or confirmed loss or theft of account information within 24 hours of the compromise. Do not access or alter compromised systems. Do not log on to the machine or change passwords. Do not turn off the compromised machine. Instead, isolate compromised systems from the network by unplugging their cables. Preserve logs and electronic evidence. Log all actions taken. If using a wireless network, change the service set identifier (SSID) or network name on the access point (AP) and on other machines that may be using this connection (with the exception of any systems believed to be compromised). Be on HIGH alert and monitor all payments systems. TouchSuite Welcome Kit 21

22 If You Have a Security Breach Alert All Necessary Parties Your internal information security group, incident response team and legal department. Your merchant bank: TouchSuite at Contact must be made immediately and no later than 24 hours after discovery of a suspected breach. 22 TouchSuite Welcome Kit

23 TouchSuite is one of America s leading technology companies focused on the electronic payment space and has been honored five times on Inc. Magazine s Inc. 500 list of the fastest growing private companies in America. Its award-winning, patented point of sale systems are fully integrated with payment processing services catering to restaurants, salons, spas and retail establishments Holland Drive Boca Raton, Florida