By JOHN MAYLEBEN
When “credit card declined” pops up during a transaction, what do you do?
There are many reasons a card will fail to get a successful approval code. It is helpful to understand the transaction flow, which can help pinpoint what didn’t work correctly when you don’t successfully complete a transaction.
The transaction starts when you “dip”, “tap”, “swipe” or “key” a transaction into your terminal, your smart phone or a desktop computer. Once you have completed the entry of the needed fields, the system reaches out to the “processor”, who determines which card association’s brand (Visa, MasterCard, Discover, American Express, or someone else) is on the card and they reach out to that organization. Once the transaction arrives at the card brand’s server, they determine which bank (if appropriate) issued the card and hand the transaction off to that bank (the “issuer”).
Once an issuer receives a request for the transaction they review the “open to buy” (aka, credit limit) and determine if there are funds available to hold for the amount requested. If there are funds available AND if the transaction passes whatever anti-fraud rules that particular issuer is applying to the specific card, then they provide an approval code and that code flows back through the system to the terminal, where a receipt is printed for the consumer’s signature.
All of this happens in the 3-5 seconds between the dip, tap, swipe or key and the printing of the receipt.
Obviously there are a lot of “single points of failure” that could interrupt the transaction and return an unsuccessful transaction response.
Before reviewing these situations, you, as a merchant need to make sure that you have appropriate responses for your staff. Your safety, the safety of your employees, and your customer’s safety is the primary goal. When in doubt, simply hand the card back to the consumer and indicate that they will have to provide a different form of payment.
SIGNS OF FRAUD
If a customer attempts to swipe a chip card and the terminal is set up for chip processing, they will be told to dip the card. In this case, if the card that they are presenting doesn’t have a chip, you as the merchant should be very concerned whether this is a counterfeit card. The mag stripe fallback on a chip card is coded to alert the terminal that there should be a chip present. If someone has a card that says this and they don’t have a chip on the card, there is strong possibility that the card was skimmed at another retail location and a counterfeit card has been made.
If a chip card is dipped and the terminal is not able to read the chip, you may have a card that has been damaged. In this case, you need to attempt to dip the card two more times before the terminal initiates the “fallback” procedures. After three unsuccessful dip attempts, the terminal will prompt you to swipe the card. If this fails three times, then the terminal will ask you to key in the card number.
In the case of a fallback failure, you should make sure that the last four digits of the card number match what is printed on the receipt. This will help insure that a bad guy didn’t damage a card and code the mag stripe with a different card number as a way of committing fraud.
If all of the fallback procedures fail and you are keying a card number, or you have a mag stripe-only card that has a damaged mag stripe, you need to complete the transaction as you normally would but also get (and complete) a manually imprinted transaction receipt. This is normally done via the old-fashioned “knuckle buster” and a carbonless sales draft. This step in the transaction process will allow you to prove you had the card in your possession at the time of the sale, thereby minimizing the opportunity for a chargeback.
After all of this, you as the merchant still need to make sure that your staff understands the various responses that the terminal provides at the end of the transaction process.
If you attempt to process a sale and it receives a decline code, normally it means that the credit limit for a credit card or the checking account balance for a signature debit card is not large enough to cover the amount of the transaction. It is rare that rerunning the transaction for the same amount will generate a different response.
A decline may also be given if the issuer thinks that the card is being used fraudulently. This might happen if the cardholder is spending more than they usually do or is shopping outside of normal travel patterns. A decline in this situation simply means that the issuer is declining the transaction in an abundance of caution.
SCAMS ON THE RISE
One of the scams we see on the rise involves a Decline or a Pick Up Card message. In the case of a Pick Up Card message, the card issuer is alerting you that a transaction is being attempted on a card that the issuer would like to retrieve. If a cardholder has had his or her card stolen, lost the card, or the issuing bank has closed the account, any attempt to process a transaction will generate the Pick Up Card message. If you can do it safely, you are asked to keep the card.
If this is not possible or especially if the cardholder demands the card back, by all means return it to the customer. If you are able to keep the card, once the cardholder leaves you should call your voice authorization center for directions on submitting the card to the appropriate card brand.
For a Decline or Pick Up Card message, the cardholder uses his or her cell phone (or convinces the sales clerk to make the call) to contact someone at the issuing bank. In reality, the cardholder has called a friend who is impersonating the bank.
The fake bank employee then walks the clerk through the process to do a force transaction and provides a fake authorization code. The clerk thinks everything is okay … until a couple of days later when the transaction is returned as unauthorized. By then the merchandise is gone and the store is out the money. This is why staff training on fraud is so important.
The best advice is NEVER call the number on the back of the card or let the cardholder call “the bank.” Use your voice authorization center for that call. That way you can be sure you are speaking to a legitimate source for your information.
And if the cardholder talks to “their bank” and is told that it is a legitimate transaction, you should rerun the card through the terminal in an attempt to get an approval code.
If you ever have questions about these types of issues, please call one of our customer service team members at 800.563.5981.
John Mayleben, one of the nation’s first Certified Payments Professionals designated by the Electronic Transaction Association, is an MRA consultant and national expert on payment processing.