PCI Security Awareness

Handling Credit Card and NFC Payments

Credit cards and NFC (near field communication) payments are electronically authorized by guests at VeriFone payment terminal.

FOR CHIP CARD TRANSACTIONS:

ALL CHIP CARD TRANSACTIONS DO NOT REQUIRE A  SIGNATURE.

CHIP READ FAILURE:

 If chip-read fails, ask the guest to remove and reinsert the card.  DO NOT hit “Go Back,” as this  will reset the transaction.  If chip read fails again, the payment terminal will prompt the guest to swipe the card

FOR NON-CHIP CARD TRANSACTIONS:

It is not necessary to request a signature for the following:

- Visa transactions of $25 or less that are authorized electronically (by card swipe).

- American Express, Discover, or MasterCard transactions of $50 or less that are authorized electronically (by card swipe).

For non-chip cards above transaction limits, the POS will automatically print a receipt.

*Signatures only required for catering orders*

“I'm afraid this card was not approved. Do you have another form of payment?”

If the guest does not have an alternative form of payment, handle the situation according to Restaurant policy.

Protect confidentiality of financial information when working with credit cards.

A credit card should not be honored, and an alternative form of payment should be requested, in the following situations:

-  When authorization is declined.

-  When guest does not have actual card with them, unless you accept telephone orders and have a signature-on-file document for that guest.  This does not apply to NFC payments.

-  When a credit card appears to be tampered with.

- Do not send credit card account numbers via email or write cardholder's personal information on a bankcard sales slip.

- Do not keep sensitive cardholder data unless strictly necessary.

- Store any documents or slips containing cardholder account information locked in a secure location.

NEVER store the card verification code (CVV).

This violates PCI (Payment Card I industry) data security standards.

-        Review secure documents on a quarterly basis; destroy any with credit cards that have expired or that have not been used for the period of 1 year.

-        To prevent risk of reconstruction, destroy documents by cross-cut shredding, incineration or pulping.

-        Never sell, transfer or disclose cardholder information. This information should be released only to your payment processor or as specifically required by law.

-        If you think someone may have gained unauthorized access to any cardholder information, notify Chick-fil-A Treasury or Legal department promptly.

Financial information, including credit card numbers, must be handled in a secure manner to protect both guest and Restaurant.

   DO NOT give cash back on a credit card, debit card or NFC transaction.

DO NOT issue cash refunds for items originally tendered as credit or debit.

NFC (near field communication) allows guest to make a secure payment by holding an NFC-equipped mobile device (such as an iPhone with Apple Pay®) near an NFC terminal while enabling Touch ID.  The payment terminals in Chick-fil-A Restaurants are equipped to process NFC payments.

Avoid taking mobile device from guest. Due to liability issues, Team Members should not handle a guest's mobile device.