Procedure
guide
Welcome to Barclaycard
Global Payment Acceptance
About this document
This procedure guide along with the Terms and Conditions and Additional Service Conditions you subscribed to gives you the information you need for your business to accept payments.
This guide contains some critical information about the risks associated with accepting payments, and gives details of the steps that you should follow to help raise your awareness of risks and reduce as far as possible, your exposure to these risks.
This forms part of your agreement with us and will allow you and your business to accept payments. For your own benefit and protection, we recommend that you read this document carefully.
Please make sure you keep this guide in a safe place, where your employees who use it have easy access to it, but out of reach of your customers and anyone else.
Barclaycard
Merchant number
For ease when you contact Barclaycard, please have your merchant number ready. You can keep a record of it here:
Changes to
your business
To make sure that you are receiving the services that are most appropriate for your business, please let us know if any of the following changes take place (you can contact our Customer Services team on 0844 811 6666):
• The type of business you have been carrying out
since you signed the original merchant agreement changes, including changes to the goods or services you provide
• If you start to use other channels
• If you change the name of your business
• If you sell your business or change its legal entity
• If there is a significant change in shareholding
• If you stop trading
• If your business enters any form of
insolvency procedure
You will also need to tell us if you change your:
• Business address
• Correspondence address
• Contact details
• Phone number
We must have up-to-date records on you and your business so we can contact you if needed.
Protecting you and
your business
Being aware of bogus and
phishing emails
We will never email you asking for transaction or card details. If you receive an email claiming to be from us and asking for details of your transactions, please do not respond to the email (known as a phishing email). Instead, please do the following:
• Open a new email and attach the ‘phishing email’.
Do not forward it as this will lose potentially important information we need to trace the message
• Send your email with the attachment to:
[email protected] To report any of these instances contact: [email protected]
Transaction laundering and
third-party processing
If you are approached with a proposal to buy card transactions or process another business’ transaction through your facility, please contact us on 0844 8111 981. This is called laundering and breaks the terms of your agreement.
Contents
Payment acceptance
Card present Card not present
Accepting Card Present
transactions
Barclaycard processing equipment 7
Using your own processing equipment
or one supplied by another company 7
Plastic card designs 8
Accepting cards – best practice 9
Accepting card payments
Accepting cards with a chip 9
Accepting non-chip cards 9
Accepting contactless payments 10
Contactless payments using
other technology and items 10
High-value payment (HVP) 10
Transactions entered using the keys 10
Verifying card payments
Verifying cardholders using chip and PIN 11
Verifying cardholders by signature 11
Authorisations 11
Voice authorisation 11
Code-10 calls for card-present transactions 12
Referrals for card-present transactions 12
Split Sales 12
Exchanges 13
Processing a fall-back paper voucher 14
Failure of the chip to read or swipe 16
Banking procedures
and other services
Sales and refund vouchers 17
Completing your merchant voucher
summary (MVS) 17
Posting vouchers 18
Preventing and detecting fraudulent
card-present transactions 18
Returning wanted or recovered cards 18
Reward scheme 19
Other services
Dynamic currency conversion (DCC) 19
Accepting Card Not Present (CNP) transactions – e-commerce, mail and
telephone order 19
Authorising Card Not Present transactions 20
Shipping goods and providing services 20
Recurring transactions 20
Accepting payments over the internet
(e-commerce) 20
Website information 20
Transaction receipts 21
Using an accredited payment service
provider (PSP) to accept e-commerce payments 22
Accepting payments over the internet using
your own software 22
Using our payment gateway for
accepting payments 22
Requirements for merchants not using
the Hosted Payment Page (HPP)
Accepting Mail Order and
Telephone Order (MOTO) payments 23
Taking telephone orders 23
Preventing and detecting fraudulent
card-not-present transactions 23
Tools for monitoring fraud Card Security Code (CSC) and
Address Verification Service (CSC/AVS) 24
Internet authentication (3-D Secure)
Fraud-screening 24
Further advice for internet transactions 24
Refunds 25
Other services
Dynamic currency conversion for
e-commerce transactions 25
Chargeback and
retrieval requests
What is a retrieval request? 26
Responding to retrieval requests and
chargeback letters 27
Faxlink service 27
To help reduce the risk of chargebacks 27
Timescales for chargebacks 28
Payment security 29
What is PCI DSS? 29
What information must be securely stored? 29
What information must not
be securely stored at any time? 29
What you must do to keep to PCI DSS 30
Demonstrating that you are
keeping to the PCI DSS 31
Card-scheme-approved
Other organisations that store, transmit
or process your cardholder data 33
If you fail to keep to PCI DSS 33
Protecting cardholder information 34
Storing your records 34
Understanding
your statement
What will the statement look like 35
Transaction payment advice 35
Periodic statement 35
Advice on the details of the service charge 35
If you have a question about a merchant
invoice and statement you have received 35
Exceptional procedures
Can I pass charges to my customer? 36
Minimum charging 36
Internet authentication
Authenticating cardholders successfully 37
How do I use the internet
authentication service? 37
Types of authentication 37
Full authentication 37
Attempted authentication 37
Passive authentication 38
The main benefit of authentication
– transferring liability 39
Levels of protection 39
Displaying the Verified by Visa
Direct to card schemes 40
Your responsibilities 40
Our responsibilities 41
Transaction records 41
Card issuer pop up or in-line window 41
Your authentication merchant information 41
Message values 42
BIN cache 42
Keeping to the card scheme 42
If authentication fails 43
If authentication fails for Visa transactions 43
If authentication fails for MasterCard and
Maestro transactions 43
Mistake during authentication for
Visa transactions 43
Error during authentication for
MasterCard and Maestro transactions 43
Passing authentication values 44
Error conditions 44
Scheme directory server unavailable 44
Hosted authentication service not available 44
Cardholder browser suppresses pop-up window 45
Own authentication software not available 45
Chargeback reason codes included 45
Sector-specific trading
Vehicle rental companies
Best practice for reducing chargebacks 46
Tips on taking reservations over the phone 46
Taking reservations by fax or mail 46
Taking reservations over the internet 47
Extra tips for checking genuine customers 47
Your cancellation policy 47
No-show 47
Collecting the vehicle 47
Pre-authorisation 47
Accidents involving the vehicle 48
Procedures for dealing with delayed charges 49
Accepting split sales 49
Your refund policy 49
Extended hire 49
Disputed transactions 50
Extra rules for the Visa vehicle-rental
reservation service 50
Lodging and accommodation
Best practice for reducing chargebacks 52
Taking advance reservations 52
Tips on taking telephone reservations 52
Taking reservations by fax or mail 53
Taking a reservation over the internet 53
Extra tips for checking genuine customers 54
Taking advance lodging deposits 54
Your cancellation policy 54
Guests arrivals and check-in 54
Pre-authorisation departures and check-out 54
Express and priority check-out service 55
Extended stays 55
Disputed transactions 55
Replying to requests for information and
notice of chargebacks 55
No show 56
No-show charges 56
Express and priority check-out charges 56
Other charges 56
Contact numbers
57Payment acceptance
We can help you to accept payments from your customers in a number of environments using various payment methods.
There are two main environments where payments can be accepted.
Card Present (CP)
When the cardholder is in front of you and has their card with them at the time of the transaction and you take the payment either by reading the chip, by swiping the card through the processing equipment, or by using contactless technology.
Card Not Present (CNP)
When the cardholder and card are not with you at the time of the transaction. A Card Not Present transaction can take place:
• Over the internet (e-commerce)
• By mail order or by telephone order (MOTO)
• As a recurring transaction, where the cardholder
gives you authority to charge a fixed or varying amount at intervals agreed between you and the cardholder (you would take the agreed amounts from the cardholder’s card for subscriptions, membership renewals and regular premiums
• Using ‘tokenisation’, where a cardholder has agreed
that you may take extra payments from their card at a later date without them having to give you their card details each time
The transaction types you can accept are shown in your agreement with us. You must make sure that you tell us if you want to process any other types of transaction.
Accepting Card Present
transactions
You can accept card payments using processing equipment that we have either supplied (referred to as ‘Barclaycard processing equipment’) or by using an approved processing equipment of your own or one supplied by another company. You must make sure that your processing equipment can take both chip-and-PIN and magnetic-stripe payments.
If you are using your own processing equipment you must make sure that you regularly carry out ‘asset
Barclaycard processing
equipment
If you are using Barclaycard processing equipment, please make sure you and your staff read the PDQ Terminal Operating Guide, see the terminal section of our website at:
http://www.barclaycard.co.uk/business/existing-customers/mypdq along with this guide before you start using the device.
Please see the Terminal User Guide for important safety information about the equipment and its use, and for relevant information on keeping to our conditions. It is important that you look after your processing equipment and make sure you keep all liquids away from the device. If damage to your device results in it not working, it may need to be repaired before you can accept transactions. If you damage your processing equipment, we may charge you to replace it.
Using your own processing
equipment or one supplied by
another company
If you are using your own processing equipment or one supplied by another company, we will need to test and approve it before you use the equipment for live transactions. You must tell us who your supplier is. You can contact our Customer Services team on 0844 811 6666.
You are responsible for making sure your supplier keeps to the Payment Card Industry Data Security Standard (PCI DSS) and for making sure the equipment meets industry security standards. If the supplier fails to meet these standards, it will mean you are not keeping to some of these regulations and the card schemes may charge you penalties as a result.
Plastic card designs
There are many different designs for credit and debit cards. You should become familiar with the basic features (such as the card number, chip and so on) on most cards issued by banks and financial institutions. If you do not follow the basic checks, you may be accepting a fraudulent card, which may lead to unavoidable chargebacks.
Most processing equipment allow the cardholder to insert their card into the device themselves. However, if you have processing equipment that allows you to handle the card, there are some visual checks which you can carry out before accepting the payment.
Visa
Chip Embedded microchip Card type identification ‘Electronic use only’ may appear on electronic cardsCardholder number 16-digit account number with first 4 digits printed below
Magnetic stripe
Can be a traditional stripe or a hologram (one or a number of flying doves) Last four digits of the card number May not appear on Visa electron cards issued outside UK CVV2 Can also be on signature strip Hologram Plain silver or gold background, the dove flies and changes colour when the card is tilted. Can appear on the front of Electron cards Visa symbol or logo
Cardholder’s name Can be embossed or not. VPay cards are printed
Card valid from and to dates Can be embossed or not. VPay cards are printed Hologram Flying dove (optional on Visa Electron cards) V or UV element Contactless
acceptance Signature strip Visa repeated. Some international cards will have a message on the strip and will not be signed. Ask for ID such as a driving licence or passport or make a code 10 call. Strip can be shortened
JCB
Cardholder numberAn embossed 15 or 16-digit account number with first 4 digits printed above or below
Magnetic stripe Can be a traditional stripe
Signature strip The card must be signed
3-digit card security code Cardholder’s name Always embossed Card valid from and to to dates Hologram Sun, moon and JCB characters move when card is tilted Symbol or logo
MasterCard
Chip Embedded microchip Chip Embedded microchip Cardholder‘s number 16-digit account number starting with 5 (embossed or not) with first 4 digits printed belowMagnetic stripe or halomag stripe
Maestro cards can carry cheque guarantee details or branding for an ATM network. This can be on the front or back of the card.
Maestro cards can also hold a photograph of the cardholder and a signature on the front of the card
CVV2 Can also be on signature strip Hologram Can be debit or global hologram MasterCard symbol Cardholder’s name
Can be embossed or not Card valid from and to dates Can be embossed or not
Hologram
MasterCard Globe, which changes colour, must appear unless the hologram or halomag stripe appears on the back of the card Symbol/Logo
The symbol is linked circles in red and orange with MasterCard printed in the middle of them
Signature strip
MasterCard repeated. The card must be signed. Some international cards will have a message on the strip and will not be signed. Ask for ID such as a driving licence or passport or make a code 10 call
Accepting cards – best practice
• Make sure that the card is valid and in date
• Rub your thumb over the signature strip (it should
be smooth and level with the surface of the card) and also check that no part of the card has been damaged or tampered with
• If you ask the cardholder to sign the transaction
receipt, check that their signature matches that shown on the back of the card
• Check that the last four digits of the cardholder
number printed on the receipt match the last four digits of the embossed account number on the front of the card. If they do not, you must ring for an authorisation and say, ‘I have a card number mismatch.’ If you cannot speak freely, just say, ‘I have a code-10 call.’ (Please see the ‘code-10 calls for card-present transactions’ section of this guide on page 12)
• Check that the spelling of the signature (if you
can read it) corresponds with that of the name embossed or printed on the card
• Check the hologram moves as you tilt the
card back and forth. Counterfeit cards use poor reproductions so it can be easy to identify a fake with a quick glance
You must make sure you can accept chip-and-PIN and magnetic-stripe cards.
Accepting card payments
Accepting cards with a chip
In the UK, cards are issued with a microchip (chip). However, cards issued outside the UK may have embedded chips but they may require different methods of cardholder verification, for
example signature.
Chip and PIN is currently one of the most secure methods of card payment available. Your processing equipment must be chip enabled and you must accept transactions using chip and PIN technology where possible to avoid a higher risk of being liable for fraudulent transactions.
The card should be inserted into the chip card reader (see the ‘Verifying card payments’ section on page 11). If the processing equipment cannot read the chip, you are allowed one level of ‘fall-back’ and you may process the transaction by swiping the magnetic stripe through your device (see the section on accepting non-chip cards and using a non-chip-enabled terminal). You need to make sure that you get authorisation at the time of processing the transaction. Authorisation confirms that the account has enough funds for the transaction and that the card has not been reported lost or stolen at the time of the transaction. It is not a guarantee of payment. If the genuine cardholder disputes the transaction, you may be liable for the resulting chargeback if you cannot provide a defence.
Accepting non-chip cards
Your processing equipment should have online access and read non-chip-enabled cards. If you are presented with a non-chip-enabled card, swipe the card through the processing equipment using the magnetic-stripe reader. You must get an online authorisation.
If the processing equipment cannot read the magnetic stripe (and the card does not have a chip), ask the customer for another form of payment. If they do not have another form of payment, you may process the transaction as a transaction ‘entered using the keys’. However, this will increase the risk of processing a fraudulent transaction and receiving a chargeback claim (see the section ‘Transactions entered using the keys’
Accepting contactless payments
A contactless transaction is a transaction that is processed using near field communications (NFC) technology, where the payment instructions are shared securely between a contactless card or other item and processing equipment which has contactless technology enabled. The contactless reader can be a separate reader or part of your processing equipment. A contactless transaction takes place when the
cardholder places the card, item or device over a secure reader. They do not need to enter their PIN unless it is for a high-value payment (HVP).
You can identify a contactless card as it will display the following symbol:
There is a limit for an individual contactless-card transaction. You can find the current limit at: www.barclaycard.co.uk/simplepayment
On Barclaycard processing equipment you can also carry out a contactless refund up to the value of the current limit.
If the transaction cannot be completed using contactless technology, carry out a chip-and-PIN transaction. Or, if the card was issued outside the UK and does not have a chip, carry out a magnetic-stripe transaction.
Occasionally the processing equipment may tell you to change a contactless transaction to a chip-and-PIN transaction. This is a security measure aimed at making sure that the person with the card is authorised to use it.
Cardholder copies of receipts are optional. We have configured our processing equipment to only print a merchant receipt after a contactless transaction. For information on how to print a cardholder receipt, please see your Terminal Operating Guide.
Contactless payments using other technology and items (payment form factors)
Contactless technology can be embedded into other technology and items such as watches, wristbands, mobile phones and key fobs. For these types of transactions, the processing equipment will go online to check that funds are available. The processing equipment will not ask for a PIN as it does not need to check this. If the transaction fails, the cardholder should use either the associated card or another method of payment.
High-value payment (HVP)
We can configure point-of-sale devices to support HVP contactless transactions. HVP transactions are most likely to be made using a mobile phone to carry out the transaction and they need some method to confirm the cardholder is genuine, such as a PIN, to complete the transaction.
Transactions entered using the keys
If the card presented for payment has a magnetic stripe and fails to swipe through your processing equipment, you can enter the transaction into the device using the keys while the customer is with you. Please make sure you follow the procedure shown in the card chip-read/ swipe failure section in this guide. Make sure that your processing equipment goes online to get authorisation for the transaction.
If a transaction fails to swipe, you should call for an authorisation on 0844 822 2000. If you are suspicious about the transaction, quote ‘code 10’ as an anti-fraud measure. If you have a record of an approved code-10 authorisation, this will protect you from chargebacks. See the ‘Voice authorisation’ section of this guide for more information.
Please remember
You cannot enter transactions using the keys for Maestro, Visa Electron, V Pay and unembossed cards. If chip and PIN or swipe (or both) fail for these types of card, you should ask the cardholder for another method of payment.
To prove you saw the card at the time of the transaction, take an imprint of the card using your manual imprinter. This will help you provide a defence if the card issuer raises a chargeback claim against you. 1. Fill in the voucher details in full and get the
cardholder’s signature on the paper voucher. 2. Enter the card details into the electronic processing
equipment using the keys.
You will automatically be credited for transactions entered using the keys on your processing equipment, so you do not need to send the paper voucher
for processing. But make sure you keep the paper vouchers for 13 months along with the processing equipment receipts so you can produce them as proof that you saw the card when the transaction was carried out, in case you need to. If you cannot provide an imprinted voucher for these transactions at a later date, it could mean we will charge the transaction back to your business.
Verifying card payments
Verifying cardholders using chip and PIN
When a card with a chip is inserted into the chip-card reader, the processing equipment will ask the cardholder to enter their PIN (personal identification number) to confirm the transaction. The processing equipment will ask for authorisation for all chip-and-PIN transactions.
If authorisation is declined, do not go ahead with the transaction as we will not be able to defend you if the transaction is charged back at a later date. Ask the customer for another method of payment. Do not swipe the card or enter the details using the keys on the device.
If your point of sale equipment is not able to read the chip, you should complete the transaction as a ‘magnetic stripe’ transaction and confirm it using the customer’s signature.
Verifying cardholders by signature
There may be instances where you cannot check the identity of the cardholder using their PIN and so you
Authorisations
For card-present transactions, you must get an authorisation at the time of the transaction, either as a pre-authorisation for the expected value of a transaction (such as a hotel or car-hire bill) or as authorisation of the actual amount. For more information on how to complete a pre-authorisation, see your Terminal User Guide.
Authorisations are either done online through your processing equipment or you can phone for an authorisation on 0844 822 2000.
You do not need authorisation for offline devices if the transaction value is below the agreed floor limit. For transactions that are over the floor limit, the processing equipment will try to get online authorisation and may instruct you to get authorisation by phone.
Voice authorisation
When you process a card payment electronically, in most instances your processing equipment will automatically communicate with the card issuer for an authorisation. However, your processing equipment may instruct you to call our authorisation service or you may choose to call the authorisation service without having received an instruction.
A voice authorisation asks for confirmation that the cardholder has enough funds available on their account and checks the card has not been reported lost or stolen at the time of the transaction.
You may need to get a voice authorisation for one or more of the following reasons:
• If the sale is more than your floor limit
• If you are suspicious in any way about the card
or cardholder (see ‘Code-10 calls for card-present transactions’ for details)
• If your processing equipment instructs you to
• If you have to use fall-back vouchers due to a fault
with your processing equipment
A voice authorisation does not confirm the cardholder’s identity or guarantee payment.
If you need to change the amount of the transaction after the authorisation, cancel the original transaction and get a new authorisation for the new amount. This will make sure the correct amount is taken out of the cardholder’s account.
Code-10 calls for Card Present transactions
If you or your staff are in any way suspicious about a card, the person making the payment or the
circumstances surrounding a transaction, you must call for an authorisation on 0800 161 5382. This may mean you can then defend any fraudulent transaction from being charged back to your business:
• You will be asked for your merchant number and
then for the type of transaction
• If you are suspicious and cannot speak freely and
want to avoid a confrontation, you will be given the option to say, ‘This is a code-10 call’ or press 9
• You will be asked for the card number, followed
by the expiry date and the issue number (if this applies) and will be given options to choose from depending on the type of call you are making
• After this, you will be connected to an operator
who will ask a series of questions which you should answer with a yes or no
• Remember to keep the card and the goods out
of reach of the customer
• If you have any surveillance equipment, switch it on
If the operator asks you to keep the card, tell the customer politely. Code 10 is only available for Card Present transactions where we may ask to speak to the cardholder. It is not available for transactions where the cardholder is not present, such as mail, telephone and e-commerce transactions. In card-not-present circumstances, we cannot guarantee that the person carrying out the transaction is the genuine cardholder.
Referrals for
Card Present transactions
Occasionally, when processing transactions, the company which issued the card may ask for a referral and the processing equipment will instruct you to call for an authorisation.
A referral may happen when the card issuer asks us to contact them before releasing a decision.
Our aim is to process the referral in a quick and efficient way to reduce the time spent processing the transaction.
On most occasions we will ask you to put the
cardholder on the phone. Simply follow our customer service advisor’s instructions, and once we have spoken to the person who has given you the card and the card issuer, we will give you a decision.
Split sales
Sometimes, a cardholder will ask to split the payment for something between several cards, or between a card and cash or a cheque. It is important that you follow the instructions below to make sure you understand when you can and when you cannot split a transaction as instructions vary depending on each possible scenario.
1. If several cardholders ask you to split a transaction amount into smaller amounts so that they all pay part of a bill, this is allowed. For example, in a group booking in a restaurant, each person will ask to pay either their own bill or part of the total bill. You are allowed to split the total bill between each cardholder. To prevent future disputes, always make sure each cardholder agrees the amount they will pay by making sure that you process separate transactions for each card. Each transaction must be verified by the cardholder’s PIN or signature as prompted by your processing equipment. Please make sure
each cardholder receives a copy of the transaction receipt which applies to the agreed amount. This may or may not include a gratuity (tip) as agreed by the cardholder.
2. If one cardholder asks you to split a transaction amount across more than one card (possibly issued by different card issuers), you may go ahead as follows:
• Only go ahead with the transaction if you are
not suspicious of the transaction or person with the card
• Make sure each card is issued in the same
cardholder name (if the name appears on each card)
• Follow the normal card-acceptance procedures as
Split sales may usually take place when accepting large-value transactions where the cardholder may not have enough credit available on one card. The cardholder may ask to pay part of the total amount by cash or cheque. Make sure any cheque payment is also issued in the cardholder’s name. We recommend you only allow a cardholder to split a transaction over more than one card if:
• The cardholder has their card with them in front of
you (we strongly recommend you do not split a sale on several cards for any telephone, mail-order or e-commerce transaction as you cannot confirm that your customer is the genuine cardholder and so you may be at risk of chargeback claims if the transaction is fraudulent)
• Each transaction is authorised (no matter what
floor limit you may operate)
• The cardholder clearly agrees to how much is
charged to each card and is given transaction receipts
3. If authorisation is refused on a transaction, do not split the transaction into smaller amounts in an attempt to get authorisation as this may result in chargeback claims against you.
If you try to split a sale, any transaction may be charged back. We will not be able to defend you from these chargebacks.
Exchanges
• You do not need to carry out any other procedure
if a cardholder exchanges a purchase for goods of the same value
• If the value of the new purchase is less than that
of the original, you will need to make a refund transaction for the difference of the cost. You should process refunds on the same card as the original sale. If the original card has been lost or stolen, the refund can be applied to the new account or card. For any other type of card closure (for example, the cardholder has closed their account), you must refund the card number used in the original transaction
• If the value of the new purchase is more than
the original, carry out a sale for the difference in cost. You will need to get authorisation even if the amount is below your floor limit. Please remember, you cannot make refunds using cash or cheque
Processing a fall-back paper voucher
If you are using Barclaycard processing equipment, we will give you a manual imprinter in case your
processing equipment fails. Please make sure that your imprinter and paper vouchers are to hand and you get a telephone authorisation for each transaction.
You should only use the fall-back paper vouchers in exceptional circumstances, for example, if your processing equipment is out of use because:
• Your phone line is faulty
• The device itself is faulty
You cannot process Maestro, Visa Electron, VPay and unembossed cards using paper vouchers. You can only process these cards electronically.
Please remember authorisation from the card issuer is not a guarantee of payment nor does it confirm that the person who presents the card is the genuine cardholder. The card issuer can charge the card
payment back to you even if it has been authorised and particularly if you did not follow the correct procedures. If you rent Barclaycard processing equipment,
you must report all faults to our Customer Services Department on 0800 161 5350.
1. Carry out all normal checks of the card. Please see the ‘Plastic card designs’ section of this guide on page 8.
2. Place the card face up on the imprinter
.3. Place the sales voucher
, face up, over thecard
and operate the imprinter
.4. Remove the sales voucher and card from the imprinter.
5. Using a ballpoint pen write the following details clearly:
• The date
• The amount of each item
• The transaction total (you must not split a sale
– split sales are at your own risk and could be charged back)
• Details of what was bought. Please do not just write
‘Goods’ as this is not acceptable
6. If the customer is using a purchasing card, they may need a customer reference number to be recorded in the relevant boxes on the sales voucher.
7. If you are selling fuel, use the ‘For Merchant Use Only’ boxes on the sales voucher to record the vehicle registration number.
8. Ask the cardholder to sign the sales voucher in the box shown. Hold the card and watch while the voucher is being signed.
9. Check that the signature on the sales voucher matches the signature on the back of the card. 10. Check that the spelling of the signature (if you can
read it) matches that of the name embossed on the card and check that the card is in date. If a title is shown on the card, make sure it matches the sex of the person giving you the card.
11. Check the signature strip to make sure that no attempt has been made to disguise the original signature.
12. You must get voice authorisation by calling authorisations on 0800 161 5382. Ask for a ‘standard authorisation’.
13. If the transaction is authorised, you will be given an alphanumeric (a mix of numbers and letters) authorisation code by a voice-response service. Write the code in the appropriate box on the sales voucher. Tear off the cardholder copy of the sales voucher and hand it to the customer with their card and goods.
14. If the request is refused, no reason will be given and you should return the card to the customer unless the operator tells you otherwise – and ask for another form of payment.
15. If the transaction is referred to an operator, you should follow their instructions, including passing the phone to the cardholder if needed.
16. Once the procedure has been completed and all the necessary checks have been carried out, you must make sure that you have recorded the details of the transaction on all copies of the sales voucher. You should then tear off the cardholder copy of the voucher and hand it to the customer with their card and goods.
17. Key in the transaction when your processing equipment is working again. If you are using Barclaycard processing equipment, you should do this as a forced sale (at the READY prompt, press MENU and select Force Sale from the TRANSACTION MENU then follow the terminal instructions). This will prevent a second authorisation code being given or the transaction being refused. Take care when keying the card details in to make sure that they are correct. If at a later date, the transaction is charged back due to invalid details being put in, your company may have a chargeback taken.
18. If the transaction is accepted, store the sales voucher somewhere safe in case there is a dispute about it. Do not bank the voucher as the processing equipment will credit the amount into your bank account.
19. If when entering the transaction using the keys you receive a ‘Declined Authorisation’ message, fill in the sales voucher and send the sales voucher to us for processing. See the ‘Sales and refund vouchers’ section in this guide We may honour the transaction as long as you have authorisation where needed (in other words, at the time the transaction was carried out with the cardholder present, you followed all the procedures correctly and reported the fault to us, so that it shows on our log reports).
20. If you have not been able to key in any vouchers to your point-of-sale processing equipment, pay the vouchers into your bank account within two banking days (see the ‘Sales and refund vouchers’ section of this guide).
Remember, we will not accept altered vouchers. If you make a mistake when entering the details of a transaction, you must destroy the incorrect voucher and start again.
Never pin, staple, fold or damage vouchers as this may cause processing problems.
If you are suspicious about the card, the person using it or the circumstances of the transaction, you must follow the Code 10 procedure.
Card imprinter
Sales voucher
Failure of the chip to read
or swipe
The following information will help you and your
company reduce losses through counterfeit fraud. Most of your card transactions will be chip-read or swiped through your electronic processing equipment with no problems. However, there may be times when your processing equipment cannot read the chip or magnetic stripe. You are allowed one level of fall-back, so if the device cannot read the chip, you can fall back to using the magnetic stripe. Or, for a non-chip card, if the device cannot read the magnetic stripe, you may need to manually enter the card number embossed on the front of the card using the processing equipment keys. If you have chip-enabled processing equipment, you should find chip cards will not usually fail to read the chip. You may find that if you enter the details using the keys or swipe the magnetic stripe on a chip card the issuer may refuse the card. This is for increased security. If this is the case, follow the processing equipment prompts, which may mean you have to speak to our authorisation department. Please make sure you follow their instructions. Only give the card back to the customer if you are not asked to keep it. When a card transaction is processed in this way, a number of very important security checks, usually carried out by the electronic processing equipment, are avoided. It is clear that some fraudsters are aware of this and are taking advantage of the opportunities. Under Visa and MasterCard Card Scheme Regulations, a card issuer has the right to ask to see an imprinted verification voucher signed by the cardholder. If you fail to provide this, the card issuer has the right to charge the transaction back to you.
To protect your business from losses and reduce the risk of chargebacks when a card fails to be read by your electronic processing equipment, you should do the following:
• Enter the card number, embossed on the front of
the card, using the processing equipment keys and get authorisation
• As well as manually entering the card number
into the processing equipment, imprint a sales voucher and fully fill in the verification voucher. (This must be signed by the customer and you should write the words ‘For verification only – this voucher is not for banking’ on the voucher.) Pass the customer copy to the customer along with the processing equipment receipt. If you need a supply of pre-printed verification vouchers, please call 0800 161 5363
• Please do not bank the verification (or sales)
voucher as your processing equipment will still process the transaction in the usual way
• Banking the verification or sales voucher will cause
the cardholder’s account to be debited twice. The voucher is simply your proof that the card was present at the point of sale. You can then use it to prove the transaction was valid if the customer then disputes it
• You should keep the merchant copy of the
processing equipment receipt and the verification (or sales) voucher together in case of any future query. If you fail to provide copies and a card issuer does have a query, it could result in a chargeback and losses to your business. You need to fill in the verification voucher fully and include full details of the goods or services bought. Do not just write ‘Goods’. Make sure you write the authorisation code provided by the authorisation department
You can only process Maestro card transactions and Visa electron and V Pay cards that are un-embossed electronically (by swiping the magnetic stripe or reading the chip). You cannot enter the details using the keys for printed cards as you will not be able to take an imprint of the card as proof of the card and cardholder being present at the time of the transaction. If a Maestro, Visa electron or VPay card fails to chip-read or swipe through, you should ask your customer for another form of payment as there is no chargeback defence if the card fails to swipe.
Banking procedures and
other services
Please make sure that you follow the end-of-day banking procedure (as shown in your Terminal Operating Guide) to make sure you receive payment for all transactions. It is essential that you send all transactions for payment within two working days of being accepted.
If you send a transaction after two working days, the card issuer may reject the transaction, resulting in it being charged back. We will not be able to defend you from these chargebacks:
• If your processing equipment is not working,
please make sure that you follow the procedure in ‘Transactions entered using the keys’ section of this guide on page 10, so you can receive the payment. To bank any voucher that cannot be processed by your processing equipment, please follow the procedures below
• Complete the three-part merchant voucher
summary (MVS) before handing the bank copy of your sales and refund vouchers into any branch of Barclays Bank
Each batch of vouchers must be accompanied by part three (the white copy) of the completed MVS. No more than 20 vouchers should accompany each MVS.
Sales and refund vouchers
If your processing equipment is not working, please make sure you follow the procedure in ‘Transactions
entered with the keys’ section of this guide onpage 10.
These vouchers provide three copies of the sale or refund details, one for your own use, one for the bank to process and one for the cardholder.
• Merchant copy – the top copy of the
completed sales or refund voucher is your record of the transaction
• Bank processing copy – the middle copy of the
sales or refund voucher should be handed into your local branch of Barclays Bank. You should hand in vouchers on the day of the transaction and no more than two banking days afterwards
• Cardholder copy – the bottom copy must be
given to the cardholder for his or her records or, in the case of a mail or phone order, it must be posted to the cardholder
Completing your merchant voucher
summary (MVS)
• Write your merchant name and number (this is
normally shown on the top line of your imprinter plate) clearly on the MVS, with the paying-in date
• List the value of each sales voucher and refund
voucher on the back of the MVS in the boxes shown
• Write the total of each column in the boxes at
the bottom
• Write the total number and value of both sales
vouchers and refund vouchers on the front of the MVS
• If possible, vouchers should be deposited on the
day of the transaction and no more than two banking days afterwards
If you have any questions about the credit to your bank account, you should call our Customer Services
Department on 0800 161 5350.
Posting vouchers
If you are in a remote area and cannot get to a branch of Barclays Bank, you may post your vouchers to us for processing. You should send the MVS bank-processing copies of your sales and refund vouchers to:
Barclaycard Financial Exceptions, Dept FX,
Barclaycard House, 1234 Pavilion Drive, Brackmills, Northampton NN4 7SG.
For a supply of our prepaid envelopes, call our Customer Services Department on 0800 161 5350.
Preventing and detecting
fraudulent Card Present
transactions
To prevent fraudulent transactions being charged back at a later date, you should have chip-and-PIN-enabled processing equipment and accept transactions by reading the chip.
You must make sure you get authorisation on any transaction where the card details are not captured using the chip (for example, when presented with a magnetic-stripe card transaction) to avoid the risk of loss due to card fraud.
1. If your processing equipment is chip-and-PIN-enabled you could be presented with a number of different scenarios, all of which you can accept:
• Magnetic stripe and signature verification (for
example, from an overseas customer where the country has yet to upgrade to chip-and- PIN technology)
• Chip and signature verification (for example, from a
disabled customer who cannot use PIN technology)
• Chip-and-PIN verification
2. If your processing equipment has a contactless reader, you will also be able to accept contactless transactions with no verification (please see the section on contactless transactions on page 10). If your customer cannot remember their PIN, ask for another method of payment.
In these instances, if your processing equipment is chip and PIN capable, and the transaction has been taken using the chip and PIN, you will be protected against possible counterfeit, lost and stolen cards, and intercepted card fraud.
Card-fraud statistics show there is increased fraud with non-PIN cards. Be aware of the security checks you should make to reduce this type of fraud:
• Keep hold of the card at all times
• Keep the goods out of reach of the customer
• Check the ‘valid from’ date. If the card is newly
issued, be extra careful
• Watch out for hesitancy when the customer signs
and make sure that the signature they give matches the signature on the card
• Be careful not to be distracted during a transaction.
Fraudsters may try to hurry you, or draw your attention away from making card checks
• Check the name on the card and check that it
matches the sex of the person giving you the card if this is possible to tell
• Be sure not to process transactions on behalf of
anyone else. This would be breaking your merchant agreement and could lead to transactions being charged back to you
Returning wanted or recovered cards
If our authorisation operator asks you to destroy a card and return it to us, please follow the procedure described below. You should politely tell your customer what you have been asked to do.
1. To preserve fingerprints and other forensic evidence, handle the card as little as possible and only by the edges.
2. With the card facing you, cut off only the bottom left-hand corner.
3. Make sure the signature strip, magnetic stripe, chip and hologram are intact.
4. You will find a recovered-card form in your welcome pack.
You can get more recovered-card forms by calling our Customer Services Department on 0844 811 6666
• You must fill in the form in full and keep the cut-off
slip of the filled-in form in your files
• You should send the top section of the form and
both pieces of the card to:
Recovered Card Services, Barclaycard, Department RC, Northampton NN4 7SG
If you are returning a Visa Electron card, please also enclose a copy of the processing equipment declined receipt.
Reward scheme
We may pay a £50 reward to your business for returning a wanted card. You can then decide whether to pass the reward payment on to the person who actually recovered the card.
If the police need to keep a wanted card or sales
voucher for investigation (for example, if a stolen card is presented), you will need to keep certain details in case there is a question about it. Please make sure you have a copy of the sales voucher (a good photocopy will be acceptable), as well as:
• The card number
• The expiry date
• The name embossed on the card
• The date the card was recovered
• The crime reference number
• Details of the officer and police station dealing with
the case
You can still claim a reward if the police take the card for evidence.
Other services
Dynamic currency conversion (DCC)
If your business takes payments from cards
issued outside of the UK, your processing equipment may be configured for DCC. DCC offers Visa and MasterCard international cardholders the choice and convenience of paying for goods and services using their home currency.
Your international customers benefit from a clear and competitive exchange rate for credit and debit card purchases made abroad with this service. Once the cardholder uses their card abroad they will be presented with the option to pay using the currency of the card or the local currency. The transaction will stay in that currency throughout the entire transaction and settlement process. As such, both you and your customer know the exact amount of the purchase at the time you make the sale.
Accepting Card
Not Present (CNP)
transactions –
e-commerce, mail and
telephone order
It is important that you understand the risks associated with accepting Card Not Present transactions. There are increased risks of chargebacks for Card Not Present transactions because the customer and card are not present at the time of transaction and so cannot always be verified.
When processing Card Not Present orders you must make sure you get:
• The card number
• The card expiry date
• The gross amount (in other words, including
postage, packaging and VAT) of the transaction
• The customer reference number, if quoted – for a
Visa transaction only
• The card security code (CSC), otherwise known
as card verification value (CVV or CVV2), card verification value code (CVVC), card verification code (CVC or CVC2), verification code (V-code or V code), card code verification (CCV), or signature panel code (SPC)
If you would like to accept e-commerce Maestro transactions, you must be enrolled with MasterCard SecureCode.
When processing Card Not Present orders you should also get:
• The cardholder’s full name and address, as held
by their card issuer, including the postcode and phone number
• The cardholder’s signature, for mail order
• The delivery address and name of the person
receiving the goods if different from that of the cardholder
Please remember an authorisation does not guarantee payment. It only confirms that there are enough funds available in the account and that the card has not been reported as lost or stolen at the time of the transaction. We cannot guarantee that the person presenting the card details is the genuine cardholder and so you may be at risk of chargebacks following fraudulent transactions.
You should not:
• Release goods to anyone claiming to have been
sent by the cardholder (for example, a taxi driver) to collect the goods
• Allow a cardholder to pick up goods paid for with a
Card Not Present transaction. If a cardholder pays using an e-commerce or MOTO transaction and collects the goods later, you should cancel the Card Not Present transaction and carry out a new Card Present transaction. Make sure you also carry out the full Card Present procedures
Authorising Card Not Present
transactions
Card Not Present transactions must get an authorisation at the time of the transaction, either as a pre-authorisation for the expected value of a transaction (such as a hotel or car-hire bill) or as authorisation of the actual amount.
Shipping goods and providing services
Visa transactions must get an authorisation on any day up to seven calendar days before the transaction date (the date the goods are shipped or services are provided). This authorisation is valid if the transaction amount is within 15% of the authorised amount, as long as the extra amount represents shipping costs.
You must get authorisation for MasterCard transactions on the day the cardholder contacts you to place an order. When the goods or services are ready to be delivered, you should then process the transaction. This should not be for more than the original
authorisation amount. MasterCard consider the date you ship the goods or provide the service as the transaction date. If you are shipping goods more than seven days after the original authorisation request, we recommend you get a second authorisation. When presenting the transaction for processing, please quote the original authorisation code, but keep the second one in case there is a dispute about the transaction.
Recurring transactions
A recurring transaction is one where the cardholder grants permission, in writing or electronically, to a merchant to periodically bill their account for goods or services delivered over a period of time. There cannot be more than 365 days between transactions. For example, merchants who may benefit from recurring transactions are vehicle breakdown services, insurance providers, and those issuing memberships and subscriptions.
Issuers may refuse a recurring transaction taken on a Visa card if the expiry date is missing, not valid, or has expired. You must provide the correct card expiry date for each recurring transaction.
If the cardholder wants to cancel a recurring transaction, they may either contact you or they may contact their card issuer direct. If the cardholder cancels the recurring payment through their issuer, you may not know until the next payment fails.
Recurring transactions must not be carried out using a Maestro card.
Accepting payments over the
internet (e-commerce)
You can accept payments over the internet using a Barclaycard payment gateway which can be integrated in your website. Or, you can use your own software or another payment service provider (PSP).
Website information
You are responsible for designing your own web page but you must make sure you display:
• Your company name, registered office address,
phone number and email address
• Your company registration number and
VAT number
• A complete description and price of all goods and
services, clearly stated, including all extra costs such as taxes and delivery costs
• Clear information on your company’s refund and
cancellation policies
• A statement to describe the type of transaction
security that you provide
• A privacy statement
• Your transaction currency
• The merchant outlet country at the time of
presenting payment options to the cardholder
• The scheme logos of the type of cards you accept
• Your delivery policy
• Any export restrictions
Transaction receipts
You must give your customers a transaction receipt as part of an order confirmation notice at the time of the purchase. The receipt must include:
• An instruction to print or keep the receipt for
future reference
• Your company name, address and phone number
for customer contacts
• Your website address
• The total cost of the purchase, and the currency it is
made in
• The transaction date and type (for example,
whether it is a sale or refund)
• A unique transaction reference number
• The name of the purchaser
• The authorisation code
• A complete description of all goods and
services bought
• Clear information on your Terms and Conditions,
cancellation, return and refund policy (if restricted)
• The exact date any free trial period ends,
if offered
The receipt must only include the last four digits and not the full card number. For MasterCard transactions, the expiry date must not be quoted:
• Keep a record of the cardholder’s name and
address in case of any questions in the future
• It is your responsibility to check the card when the
goods are delivered. You should make sure that the card number and the expiry date quoted agree with the card presented
• It is also your responsibility to get a signature and
make sure the signature on the card matches the one from your customer
• If an order is to be collected, you must cancel the
original transaction and start a new one as a Card Present transaction. See the ‘Card Not Present procedures and chargebacks’ section of this guide Please remember that you must give the customer a transaction receipt.
Using an accredited payment
service provider (PSP) to accept
e-commerce payments
We can accept your internet card payments via a recognised PSP. However, you must make sure that the PSP meets the minimum security measures shown in this procedure guide and that they can offer the communication links needed. It is important to stress that you have the responsibility for keeping to the internet merchant procedures within this
procedure guide for us to accept internet card-payment transactions as we will not enter into any contract with the PSP on your behalf.
You must make sure the PSP keeps to the Payment Card Industry Data Security Standard (PCI DSS), which is a requirement introduced by the major card schemes to help you reduce, as far as possible, the possibility of suffering from a security breach. Please see the section on ‘PCI DSS’ in this guide for more details.
If your chosen PSP offers fraud screening, we would recommend that you use their fraud-management service.
The services that your chosen PSP offers and the charges that they apply are part of the agreement between you and your chosen PSP, which is separate from your agreement with us.
Accepting payments
over the internet using
your own software
You can use your own equipment or software to accept payments over the internet. You are responsible for making sure that we can approve the equipment or software and that it keeps to the necessary card-scheme rules.
You must make sure the PSP keeps to the Payment Card Industry Data Security Standards (PCI DSS). The application must be PA DSS (Payment Application Data Security Standard) compliant where necessary, and the business must be compliant with the PCI DSS.
Using our payment gateway for
accepting payments
Our e-commerce service provides quick and secure transaction processing to authorise and settle card payments. It allows you to accept and process card transactions from your website 24 hours a day, 365 days a year. Your customers simply browse your website, choose the goods or services, and enter their card details as directed.
Hosted Payment Pages (HPPs) are simple solutions for accepting card payments over the internet, and they keep to the Payment Card Industry Data Security Standard (PCI DSS). We host your payment page for you so you don’t see any sensitive card data; keeping you safe and secure.
If you prefer, you can control the whole process and host your own payment pages. To do this you can integrate with our Application Programme Interface (API), which allows you to take full responsibility for collecting cardholder details and communicate directly with our gateway. (We will give you a guide on how to do this.)
If you choose not to use a Barclays-owned submission product, you must correctly flag every transaction by using the correct level of APACS software. You must maintain the level of software in line with APACS standards. If you fail to keep to this condition, you will be liable for any fines or penalties from the card schemes, which may result from not keeping to the conditions.
Requirements for merchants
not using the Hosted Payment
Page (HPP)
Security of card data
Any merchant accepting e-commerce payments, whether using our payment gateway, an alternative, or their own software, must have minimum security measures before processing card transactions from an internet site. Your payment security responsibilities increase if you use other methods than a Hosted Payment Page (HPP). For more information on these requirements, please see the ‘PCI DSS’ section of this guide.
Accepting Mail Order and
Telephone Order (MOTO)
payments
Maestro cards cannot be accepted for mail or telephone orders except when the merchant and card issuers are from the same country in the UK, Ireland or France.
Taking telephone orders
• Please keep a record of the cardholder’s name and
address in case of questions in the future
• It is your responsibility to check the card upon
collection or delivery. You should make sure that the card number and the expiry date quoted agree with the card presented
• It is also your responsibility to get a signature and
make sure the signature on the card matches the one from your customer
• If an order is to be collected, you must cancel the
original Card Not Present transaction and start a new one as a Card Present transaction. See the ‘Card Not Present procedures’ and ‘Chargebacks’ section of this guide on pages 19 and 26
• If you key in a transaction following a telephone
order, you will not be able to guarantee that the customer is the genuine cardholder and so you may be at risk of a chargeback if the transaction is confirmed as fraud
Please remember, you must still give a customer a transaction receipt. We recommend that the cardholder copy must display only the last four digits of the card number. For MasterCard transactions do not quote the expiry date.
Preventing and detecting fraudulent
Card Not Present transactions
If most of the transactions you are accepting are mail, telephone or internet transactions, you must use an appropriate e-commerce or MOTO solution. You cannot accept e-commerce transactions using your face-to-face chip-and-PIN processing equipment.
You need to take extra care when taking transactions over the internet, over the phone or by mail order. You need to consider the risks before accepting a Card Not Present payment:
• A Card Not Present transaction means that a
cardholder and the card are not present with you at the time of the transaction. These are not like a normal face-to-face situation where you can check that the card is genuine and that the ‘customer’ is not just using a stolen card number. In these situations, the genuine cardholder may not be aware that their card number has been compromised, for example, a fraudster has taken the card details from a customer’s discarded receipt
• e-commerce transactions can be authenticated
by the cardholder to prove they are a genuine customer, when you use internet authentication (in other words, Verified by Visa or MasterCard or Maestro SecureCode) – this is the same as entering the PIN at a physical point of sale. If you cannot prove that the cardholder is genuine, you cannot guarantee that the card information provided relates to the genuine cardholder
• Never release goods to anyone else (this includes
taxi drivers or delivery firms hired by the customer). Always make sure that goods are sent to the person named on the card
• If a cardholder comes to collect the goods in
person, cancel the Card Not Present payment and process it as a Card Present transaction
Authorisation only confirms that the issuer of the card agrees there are enough funds to pay for the goods and to confirm the card has not been reported lost or stolen at the time of the transaction. An authorisation does not guarantee payment.
Questions you need to ask yourself before accepting the transactions:
• Are the goods high value or easily resold?
• Is the customer being prompted by someone else while on the phone?
• Is the customer trying to use more than one card in
order to split the value of the sale?
• Does the customer seem to lack knowledge of
their account? Are they providing details of
someone else’s card (for example, that of a client or family member)?
• Does the customer seem to have a problem
remembering their home address or phone number or do they sound as if they are referring to notes?
Tools for monitoring fraud
You should use security checks, as recommended by the card schemes, as they can help you identify possible fraudulent transactions. However, they do not prevent fraud or shift the legal responsibility for fraudulent transactions, which may result in chargeback claims.
Card Security Code (CSC) and Address Verification Service (CSC/AVS)
There are services that can help reduce Card Not Present fraud by asking for a small amount of extra information from the cardholder:
• The Card Security Code, which is a condition of
the card schemes (the last three numbers on the signature strip on the card or the three digits in a white box next to the signature panel). You must not store the Card Security Code after the transaction has been authorised
• Address Verification Service (AVS);
a) The first five numbers of the cardholder’s full statement address
b) The numbers in the cardholder’s postcode Internet authentication
(3-D Secure)
Internet authentication (Verified by Visa, Mastercard SecureCode) uses 3 D-Secure protocol to authenticate card users as they need to have a password log-on. The cardholder registers for the authentication service with a password they choose, which guarantees that the user is authentic. Please see the internet authentication section of this guide for more details. MasterCard SecureCode must be supported for all Maestro transactions.
Fraud-screening
Using rule-based tools can help to check the validity of transactions. A system which allows you to cross-check the name, address, phone numbers, card details, email address and IP address with past and daily records could help you to reduce the risk to your business. Constantly cross-checking this type of information will identify any duplication of information which may show that a fraudster is attempting to use similar details elsewhere. For example they may quote different card numbers but use the same name or address or may quote entirely different details but still be seen to come from the same IP address.
You should reject any suspicious instance of duplication (also known as velocity checking) and check further before accepting the order or request.
Barclaycard’s payment gateway offers extra fraud-screening tools such as those mentioned above. There are also a number of other providers who can offer help with checking the authenticity of customer information. If you would like more information on these providers, please contact our Customer Services Department on 0844 811 6666.
Further advice for internet transactions
To add to existing velocity checks:
• Check for sequential card numbers
• Review orders made using cards not issued in
the UK
• Review orders where the IP address does not
match the delivery address (country)
• Review orders going to and coming from the same
customer – name, address and card number
• Review or refuse all or new orders going to a
different delivery address other than the registered card address
• Review or refuse duplicate purchases
• Review or refuse the order if the postcode does
not match
• Refuse the order if the CSC does not match
• Refuse new orders with an invalid card expiry date
Use the ‘chargeback data’ you receive to:
• Highlight possible problem names, addresses and
IP addresses
• Always make sure that you respond promptly to
‘request for information letters’ as you may be able to prevent the chargeback
• Use internet authentication (3-D Secure) and CSC/
AVS for added security
You can find more information on our website to help with your staff’s awareness of fraud: www.barclaycard.co.uk/paymentacceptance
