Customer complaint today

[BlancoNino]

She was very concerned that the merchant copy of her credit card reciept that she signed has the entire 16-digit CC number displayed on it and she said it should all be Xs except the last four. I told her no that only on the customer copy it should be that way, and the merchant copy is up to the store to decide.

Anyway, she still disagreed and was very worried and I said to call the bank we go through and to talk to them if she has any further concerns since the bank sets up the whole CC system anyway.

 

[pstylesss]

I was under the impression the merchant copy had all the numbers on it... that would be why it's specified who's is who's

 

[HermDogg]

I've heard worse complaints. One woman wouldn't give us her check number over the phone (we have an electronic check approval service) for fear that we were going to steal it. She had no problem, however, handing over the physical check (with the numbers in plain view).

 

[Whoozyerdaddy]

You're a smart guy. Why do you deliver pizzas?

 

[BlancoNino]

Originally posted by: Whoozyerdaddy
You're a smart guy. Why do you deliver pizzas?

Meh, I'm still in college. The job is low-stress and I keep getting raises because my friend owns the restaurant now too.

 

[Whoozyerdaddy]

Makes sense I guess. Low hours, tips, hourly...

Boss is a buddy...

 

[moshquerade]

i don't blame her for being concerned.

 

[GeekDrew]

I don't really blame her; I think that there should be no copies that have the entire CC number printed on them.

 

[oogabooga]

I was wondering this and tried to look it up at work (yay credit card processing). I noticed a slip from a restaurant I ate at had my full CC# for the merchant copy.

PCI (Visa regulations) specify the format of a customers receipt, but I couldn't find anything on merchant copies, just customer copies of receipts. Fair and Accurate Credit Transactions Act which dictates things like no full CC#, no exp date applies only to customer copies as well. so I guess the merchant -can- have the information. If the customer was -really- concerned though they'd have signed the customer copy, took the original and left. Then promptly tear up the original. But of course, it's more fun to complain.

If a merchant is using any sort of integrated (computer based) Credit card processing, they probably shouldn't have the full card number on the receipt. The software would store all the information that it can per VISA/MC Regulations.

If it's a terminal? That I think I can understand that depending on how the terminal prints out the reports at the end of the day.

 

[pulse8]

I just cross out everything but the last 4 numbers with the pen.

 

[Triumph]

I don't see why MY cc number should be blotted out on MY copy, but left in full on a copy that I give to complete strangers? Please explain that to me.

 

[Soapy Bones]

In my experience at a hardware store working retail, it is left on the merchant copy so that they can correct mistakes. We have a POS terminal that does all the legwork for calculating totals and whatnot, but have a separate terminal for processing credit cards which requires a swipe, and entry of the total purchase amount. Sometimes the cashiers make a mistake and enter the wrong amount so before we settle the machine each day it is necessary to go back through and manually charge or refund the difference to balance out.

 

[imported_Baloo]

She's right, you are wrong. What store is this. I'll have to make sure I don't shop there. That makes it too easy for employees to steal.

 

[Ticks]

Doesnt the store need the number to verify that the card was actually used? In case of a dispute?

 

[Atheus]

Chip and Pin For The Win.

 

[GeekDrew]

Originally posted by: Baloo
She's right, you are wrong. What store is this. I'll have to make sure I don't shop there. That makes it too easy for employees to steal.

Unfortunately it's fairly common practice for stores to keep the full number in their records.

 

[NuroMancer]

Originally posted by: Triumph
I don't see why MY cc number should be blotted out on MY copy, but left in full on a copy that I give to complete strangers? Please explain that to me.

Because typically your more likely to lose your receipt then the company is.

 

[Fritzo]

It's up to the POS software designer, but there is a way you can make both copies not show the number. Decent POS systems tie everything to a transaction record in a database so the whole number doesn't have to be on the reciept. Actually the OP's way is old fashioned and should be updated.

 

[QED]

Why would you be concerned about an employee stealing a card number off of the merchant copy of the receipt, but NOT be concerned when you hand that same employee your actual credit card (16-digit numbers and all)?

And for those that have asked, the store NEEDS to keep your card number in some shape or form until they settle with their merchant provider. Ideally, it should be encrypted in some database and not printed on a hard copy... but they do need to keep it for a short while at a minimum.

 

[imported_Baloo]

Originally posted by: QED

Why would you be concerned about an employee stealing a card number off of the merchant copy of the receipt, but NOT be concerned when you hand that same employee your actual credit card (16-digit numbers and all)?

And for those that have asked, the store NEEDS to keep your card number in some shape or form until they settle with their merchant provider. Ideally, it should be encrypted in some database and not printed on a hard copy... but they do need to keep it for a short while at a minimum.

You are not getting the point. The store needs the info is true, but the employees at the register do not need it, and should not have access to receipts with full CC numbers on them. What you don't understand, is that many fraudulant CC charges are done by people who get the CC numbers from those receipts.

 

[QED]

Originally posted by: Baloo
<div class="FTQUOTE"><begin quote>Originally posted by: QED

Why would you be concerned about an employee stealing a card number off of the merchant copy of the receipt, but NOT be concerned when you hand that same employee your actual credit card (16-digit numbers and all)?

And for those that have asked, the store NEEDS to keep your card number in some shape or form until they settle with their merchant provider. Ideally, it should be encrypted in some database and not printed on a hard copy... but they do need to keep it for a short while at a minimum.</end quote></div>

You are not getting the point. The store needs the info is true, but the employees at the register do not need it, and should not have access to receipts with full CC numbers on them. What you don't understand, is that many fraudulant CC charges are done by people who get the CC numbers from those receipts.

No, I get it. My current contract involves implementing new procedures and standards to allow my client's (a Fortune 100 company) POS and credit-card processing software to meet PCI requirements.

The problem is not that the card number is printed on the merchant's copy of the receipt, per se. The problem is, what does the merchant do to restrict access to those receipts? If they are simply left in a box behind the counter for anyone to take, that is a clear violation of the PCI requirements. Even storage at a register with no access restrictions is a PCI violation.

 

[GeekDrew]

Originally posted by: QED
<div class="FTQUOTE"><begin quote>Originally posted by: Baloo
<div class="FTQUOTE"><begin quote>Originally posted by: QED

Why would you be concerned about an employee stealing a card number off of the merchant copy of the receipt, but NOT be concerned when you hand that same employee your actual credit card (16-digit numbers and all)?

And for those that have asked, the store NEEDS to keep your card number in some shape or form until they settle with their merchant provider. Ideally, it should be encrypted in some database and not printed on a hard copy... but they do need to keep it for a short while at a minimum.</end quote></div>

You are not getting the point. The store needs the info is true, but the employees at the register do not need it, and should not have access to receipts with full CC numbers on them. What you don't understand, is that many fraudulant CC charges are done by people who get the CC numbers from those receipts.</end quote></div>

No, I get it. My current contract involves implementing new procedures and standards to allow my client's (a Fortune 100 company) POS and credit-card processing software to meet PCI requirements.

The problem is not that the card number is printed on the merchant's copy of the receipt, per se. The problem is, what does the merchant do to restrict access to those receipts? If they are simply left in a box behind the counter for anyone to take, that is a clear violation of the PCI requirements. Even storage at a register with no access restrictions is a PCI violation.

What *should* be a violation should be any access to it that is non-electronic.

 

[T9D]

She's right to be concerned. A lot of stores hide the numbers even on the store copy. I just watched a news program not long ago where a lady found a bunch of credit card info in the dumpsters behind a store. The store was throwing out old records and stuff but said that 3 years ago they stopped having the full credit card number on the store copy. However some of the old paperwork and reciepts were older than that and they didn't realize that until someone found it. So yes she should be concerned. I would be too

 

[BlancoNino]

Well what *can* you do with a credit card number anyway? Stores require it to be swiped with the physical card and shopping online will only let you ship it to the billing address. I'm not saying there isn't anything you can do, just simply asking what.

 

[GeekDrew]

Originally posted by: BlancoNino
Well what *can* you do with a credit card number anyway? Stores require it to be swiped with the physical card and shopping online will only let you ship it to the billing address. I'm not saying there isn't anything you can do, just simply asking what.

That depends on the access that the store employee has. Many POS terminals don't require the card to be physically swiped; it can be typed in.