Best Practice for using the CardsSafe® system

Our “best practice advice” for how to handle ID, credit, debit or security cards has been developed to ensure that the customer or user has the best experience and that the merchant maximises the service and financial potential of using the unique CardsSafe® system.  

In light of new COVID-19 regulations, it is advisable that the unit, card drawer and keys are wiped with cleaning equipment that the business has provided to you between each transaction.  

Assure the customer (where applicable) that the team take the necessary precautions to ensure the cleanliness of all equipment on-site.

Most important is to never handle a customer’s card outside his or her view!

  • Greet and serve the customer in the normal friendly manner.
  • Politely ask if the customer would like to run a tab to encourage this, as this will lead to increased sales, but do mention that you have a secure device for their card, as a lot of cardholders are concerned about the level of fraud in the UK.
  • Run a 1p charge against the card to make sure it is valid and not reported stolen. If the customer queries this, explain it is for their own protection and that the 1p will be deducted from their final bill.
  • It is also recommended to keep an ID card like a driver’s license with the payment card since most of these do not have a picture of the cardholder, while an ID card does.
  • Take the card and record the customer’s name on the tab sheet on the next available tab number (if you currently do not have a tab sheet, it would be good to start one).
  • Ensure that the boxes are used in numerical order, i.e. 01, 02, 03, etc. when the tab is set up on the till. For instance, set up as 801, 802, 803, etc. as needed.
  • Remove a CardsSafe box from the unit by depressing the two buttons on the top of the unit with one hand and taking out a box with the other hand.
  • In front of the customer unlock and open the CardsSafe box by pushing in the key and using this to pull out the draw.
  • Place the customer’s car in the box and close it by pressing on either side of the draw as the box locks itself.
  • Remove the key and hand this to the customer using his or her surname.
  • Replace the box in the relevant slot in the unit with the empty key slot facing out, which is a visual feedback to staff that this box is in use and continue to serve the customer as required.
  • When the customer wishes to pay their bill, politely as for their CardsSafe key.
  • Remove the relevant box by depressing the 2 buttons on the top of the unit.
  • Take the key from the customer, unlock and open the box in front of him/her and remove the customer’s card(s) which are then handed back.
  • Close the box with the key still in position and replace in the CardsSafe unit (the key should now be on the inside of the unit)
  • Complete the payment transaction in the normal way.



NOTES ON PCI COMPLIANCE

Requirement 9.6 states “physically secure all paper and electronic media that contain cardholder data”, while 9.9 says “maintain strict control over the storage and accessibility of media that contains cardholder data”
The most important “cardholder data” is the card itself!

✓ Requirements 12.2 says to “develop daily operational security procedures that are consistent with requirements…” and 12.6 says to “implement a formal security awareness program…”. 
CardsSafe’s “Best practice procedure for handling credit and debit cards” should be used.

“The PCI DSS standard encompasses 264 controls. CardsSafe helps to reduce the need to meet all these through “compensating controls” which allow the business to comply with the standard without having to change to way they operate”.
Alan Gill – Orthus Limited


NOTES ON GDPR COMPLIANCE

CardsSafe Limited is 100% compliant with GDPR since we:

  1. Only hold data you, or your company, have provided to us voluntarily and under contract.
  2. All monetary transactions between your company and ours are handled by WorldPay.
  3. Our company does not sell to, or share, any data with third-party vendors.
  4. CardsSafe does not store any payment details.

COVID-19

In light of new COVID-19 regulations, it is advisable that the unit, card drawer and keys are wiped with anti-bacterial cleaning equipment, as you would a till or POS or card reader. The business is responsible for providing this equipment, and cleaning should be done after every transaction.  

Assure the customer (where applicable) that the team take the necessary precautions to ensure the cleanliness of all equipment on-site.

WHAT IFs?

The customer leaves without paying their bill and we have no contact details?

Use the manager’s master key to access the customer’s card from the box and complete the payment transaction in the normal way.  Retain the card and receipts in the sealed envelope in the safe, signed across the seal by the Duty Manager, for when the customer returns.

The customer wants to pay their bill but cannot find their key?

Use the manager’s master key to access the customer’s card from the box and complete the payment transaction in the normal way. Politely ask the customer to return the key when it is found.  If the key is not found, call CardsSafe customer service for a replacement key.

CardsSafe note – it is left to the individual merchant’s discretion if the customer should be charged anything for the loss of the key, which some do.

KEEP IN MIND

  • The master key is to be kept in the safe in a sealed envelope, signed across the seal by the Duty Manager, who will re-seal each time after use.
  • Lost keys can be replaced by logging into your CardsSafe online account or if you prefer, by contacting Cardssafe Limited on 0845500 1040.

Any comments or questions regarding the CardsSafe system?

Our staff will be more then happy to help. Give us a call on 0845 500 1040 or drop us an email at [email protected]. Happy to help!