August 26th, 2005 by Jamie Estep
Credit Card Truncation
Filed in: Credit Card Equipment, Merchant Accounts | 5 comments
I wrote a lengthly truncation article about two years ago on my business website, and I think it is important enough to post an article about it here. Visa and MasterCard have slightly different policies regarding truncation so I will cover the most restrictive here.
Please refer to Credit Card Truncation if you would like information about a specific state’s policies.
What is Credit Card Truncation?
Credit Card Truncation is the removing of all but the last 4 digits of the credit card number and the expiration date from the customer’s transaction receipt. The merchant’s copy of the receipt is not required to be truncated. Many businesses complain that customers cross out their numbers on the merchant’s copy of the receipt, but the merchant is allowed to keep these.
I don’t recommend storing them unless you can provide security for them, due to the ease of an employee or a thief to commit credit card fraud with them.
Why is truncating important?
People being very careless with their credit card receipts has led to a rise in credit card fraud from receipts getting found by the wrong people. Truncating the customers copy of the receipt protects the customer and other merchants from fraud when the consumer looses or disposes of their receipt.
What are the penalties?
As of now Visa and MasterCard policies are still not completely in effect for all business in all states. New terminals must all be truncation compliant, and existing terminals have until July, 1 2006 to be truncation compliant. But, many states have stepped forward and created their own regulations. Regulations in states are anything from a small monetary penalty to a class D felony in Kentucky.
Visa and MasterCard penalties are as follows:
1st Violation – $5,000
2nd Violation – $10,000
3rd Violation – $25,000
4th Violation – $50,000
Willful or Egregious Violation – $500,000/month
Visa and MasterCard can also shut down a businesses credit card processing and prevent them from accepting credit cards ever again.
Besides these reasons, it is just a bad business practice to not truncate. Why should a business have the right to jeopardize the security of a consumers credit card.
I take credit cards manually. What does it mean for me to truncate the receipts?
As long as you are using a manual imprinter, then you don’t need to truncate. You should probably inform your customer to be careful with their receipt, but there are no formal, or legal requirements for manually processing.
It has been considered, but it is more dificult than most people would think to make a manual imprinter than only imprints the number on one copy of the receipt.
I would imagine that it is something that will be required in the future, but not in the near future.
Even if the credits taken manually,Will there be any truncation?
I have to agree that unless the store can provide some sort of security then I don’t see how they can stored this information, this goes for online stores aswell, the ones that accept credit cards are more of a risk than offline stores because of hackers
Truncation is great, but what about the $69.00 fee my c.c processor just charged me to download the software to truncate my machine. Is this even legal? I think I could have truncated without downloading this new software. Any one else furious over these charges?