Retailers must follow specific data security requirements in order to accept MasterCard® cards. MasterCard Worldwide rules and recommendations apply to all transactions – whether they occur in a store, online, or over the phone.
Millions of dollars are lost each year due to fraudulent use of payment cards. You can help protect your business from this costly crime by:
- Incorporating fraud prevention into employee training sessions.
- Posting fraud prevention reminders and materials near tills and in employee areas.
- Offering rewards or incentives for employees who prevent a fraudulent transaction.
Be fraud savvy
Here are some common types of card fraud:
Altered/Counterfeit cards
On an altered card, the name, expiry date, account number, and/or the magnetic stripe have been changed in some way. Counterfeit cards bear a valid account number. A valid card number may appear on the front of the card, in the magnetic stripe on the back of the card, or in both places.Lost/Stolen card
A card is stolen from the cardholder and used fraudulently to purchase goods or services from a legitimate merchant.
Mail Order/Phone fraud
Someone other than the authorised cardholder obtains a MasterCard account number (often with the expiry date of the account and card validation code from the back of the card) and uses it to purchase goods or services by mail or by phone.
Whether you are starting to accept cards or just need a refresher on security procedures and best practices, the following list outlines steps, checklists and tools to help protect your business.
Be on the lookout for card fraud
Each time a customer presents a magnetic stripe MasterCard card, your staff should go through the following checklist:
Check the embossed numbers on the front of the card
All MasterCard card account numbers start with the number 5 (five). If an account number is embossed, the embossing should be clear and uniform in size and spacing, and extend into the hologram (if a hologram is on the card face). The last four digits of the account number on the front of the card should match the four digits printed on the signature panel on the reverse of the card. These numbers should not be chipped away. And no "halos" of previous numbers should appear under the embossed account number.
Examine the hologram
A MasterCard hologram is usually on the front of a MasterCard card, either above or below the MasterCard Brand Mark. But on some new card designs the hologram may be on the reverse of the card or integrated into the magnetic stripe on the back of the card. The three-dimensional hologram with interlocking globes should reflect light and appear to move when the front of the card is rotated.
Compare signatures
The back of the card should be signed, and the signature should reasonably compare to the cardholder signature on the sales receipt. Check to make sure that it has not been taped over, mutilated, erased or altered in any suspicious manner. The word "Void" on the signature panel indicates that the signature panel has been tampered with.
Look at the magnetic stripe
The magnetic stripe on the reverse of the card should appear smooth and straight, with no signs of tampering.
Examine the expiry date
The card should not be accepted after the last day of the "expires end" date embossed on the card. Merchant sales assistants must validate the card expiry date.
Become familiar with new card designs
MasterCard recently introduced a new card called MasterCard Unembossed. These cards may look different – they have no raised (embossed) numbers, so you cannot make a manual imprint – but the brand behind them is the same. Your business must have an electronic terminal to accept these cards. MasterCard has also introduced new card designs that permit the hologram to appear on the back of the card or integrated into the magnetic stripe on the reverse.
Is the customer using the card the authorised cardholder?
A MasterCard card is non-transferable. Check to see that the signature on the sales receipt matches the name on the front of the card. Also, be observant of the customer's behaviour – does it seem normal, or does the person appear uneasy?
MasterCard also provides a quick reference card that can help you and your employees identify valid MasterCard cards.
If you suspect any suspicious behaviour, you can ask for help. If an employee is at all suspicious about a card, call your Voice Authorisation Centre and request a Code 10 authorisation. The Authorisation Centre will help you decide whether to complete the transaction.
Make sure your systems are secure
The system in your store or business should comply with the following security requirements:
Safeguard cardholder PIN numbers
Cardholder personal identification numbers (PIN) are occasionally used to authenticate a customer's identity during an ATM or point-of-service transaction. If your business requests a PIN from a customer, the PIN should be encrypted in accordance with published security standards. Merchants must never store PIN numbers.
Do not print full Primary Account Numbers on receipts
MasterCard requires retailers to truncate the Primary Account Number (PAN) on printed cardholder receipts. PAN truncation blocks out all but the last four digits of an account number. This security initiative reduces the possibility that a cardholder's account number will end up in the wrong hands.
Store data properly
MasterCard requires issuers, acquirers, retailers and third-party processors to comply with the Payment Card Industry (PCI) Data Security Standard.
Retailers can assess compliance with the PCI Data Security Standard using the MasterCard Site Data Protection Program. This program applies to merchants and service providers that process, transmit or store cardholder data. Through the network scanning requirement, MasterCard Site Data Protection is also designed to protect against the compromise of account data. Remember that your acquirer should be closely monitoring your compliance with the PCI Data Security Standard.
Learn More About the MasterCard Site Data Protection Program and PCI Data Security Standard
Stay abreast of new developments and security challenges
MasterCard continues to develop new ways to protect your business. Stay up-to-date with the latest security program and techniques and payment card enhancements.
MasterCard PayPass™
MasterCard PayPass adds an embedded radio frequency Chip and antenna to MasterCard cards or new contactless devices. With MasterCard PayPass, consumers speed through checkout with a simple tap, rather than a swipe or a dip of their card. As MasterCard PayPass cards and devices never leave their hands, consumers have an added sense of security; advanced Chip-based cryptography (CVC 3) delivers another layer of security to make this fast and convenient payment a safe option as well.
Chip technology
Payment cards containing Chips are more powerful than traditional magnetic stripe cards because they contain tiny computers that make transactions safer. Chip technology also reduces the incidence of fraud by making cards more difficult to counterfeit. Although Chip technology is widely used in some areas of the world, it is still emerging in other areas.
Making remote shopping more secure
For online shoppers, MasterCard offers OneSMART® Authentication, a Chip-based solution that uses a card reader to generate one-time passwords for highly secure shopping over the internet. The same approach can be used to secure mail or telephone order payments and remote banking transactions.