Guidance on card security and taking card payments

Entering the PIN - always ask the cardholder to enter their PIN. Nobody else should do this on behalf of the customer.

Locked cards - when a customer enters an incorrect PIN three times in a row, the card is locked. Tell the customer to contact their card issuer. It’s vital you don’t swipe the transaction instead.

Not every card has Chip and PIN. When you’re presented with one of these cards, make sure you check all visual security.

• Check the card to ensure it looks genuine by following the steps on the Card Watch website.
• Use an ultraviolet lamp to spot the security mark on most cards. Some Visa Electron cards don’t have a security mark.
• Name and gender - check the title on the card with the gender of the person using it.
• Signature - check the spelling of the name on the signature strip against the spelling on the front of the card.
• Check the long number - make sure the number on the front of the card matches the card number you’ll see on the till receipt. Sometimes, when fraudsters ‘clone’ a card, the number held in the magnetic strip doesn’t match the one printed on the card.

If a Chip and PIN card is not processed correctly, you could be liable for the transaction if it is confirmed to be fraudulent. Even if a card is authorised, if you've not carried out all the correct checks - there's a chance you may not receive the payment.

Remember, authorisation is only designed to show two things: that enough funds are available to cover the payment and that the card has not been reported lost, stolen or compromised in any other way.

For more information on preventing card fraud, visit the Worldpay website.

Card scheme rules don’t allow the use of two different cards for one purchase.

Be wary of the following signs. If you suspect something is wrong, make a ‘Code 10’ authorisation call.

A 'Code 10' call is an additional security check that’s available, should you become suspicious about a transaction. This can be done at any time, even if the transaction has been processed through the terminal and has been authorised. If you’re suspicious about the card, the authenticity of the cardholder or something just doesn’t feel right, we recommend you make a 'Code 10' call to your merchant acquirer.

Advice on making ‘Code 10’ calls is often available in the user operating instructions, or published on the merchant acquirer’s website.

• Indiscriminate purchases - does it almost look as if the customer doesn’t really care what they buy? If the goods could easily be sold on, you should be suspicious.
• Easy sales - is the customer too good to be true? For example, they are not even interested in the price or details about the goods.
• Large sales - ask yourself if the sale is much higher than your usual sales. Is the customer buying lots of different items at random?

If you notice a felt pen signature on a card, it could be a sign that fraudsters are trying to hide the real signature. The card signature should always be in ballpoint pen.