In 2003, the Fair and Accurate Credit Transaction Act set terms for credit card processing services. The act was meant to make individuals safer when they used their credit or debit cards, because identity theft had become such a stark reality. Part of this act includes the terms of truncation. Those terms went into full effect in 2006 and, because of this, billions of dollars’ worth of lawsuits were filed.
As a merchant, it is important that you, too, understand the terms of this act so you can make sure you are always in compliance.
What Is Truncation?
In the world of math, truncation is limiting the numbers to the right of the decimal point so that there is not a long string of them. This often means rounding up or putting a line over the top of the last printed number. In the world of credit card transactions, it means limiting the amount of numbers printed on the receipt. To be exact, merchants may print no more than the last five numbers of the credit card on any receipt. Merchants are prevented from printing the expiration date at all.
Securing Data
Identity theft sometimes involves using a stolen credit card number, and sometimes the expiration date, to conduct transactions by posing as the person who owns the credit card. When full credit card numbers are printed on receipts, it makes it easy to pose as the owner of the card, especially when making online transactions. Having the expiration date would open up a whole new list of identity theft options, as some merchants will not process credit or debit cards without that date. By not printing this data on receipts, the risk of identity theft through the use of stolen receipts is greatly reduced.
Exceptions
There are exceptions to this rule, but only because they cannot be avoided. When a credit or debit card number has to written in by hand, or when the card is imprinted, the receipt will include all of the numbers. This is done mostly when an electronic payment service is unavailable. Most merchants no longer use these methods, or even have the tools to do so. In part this is because everyone must now be set up to receive cards with chips in them, chips which can only be read by special electronic readers found in credit card processing machines.
Merchants who use credit card processing services should be in compliance with this act. Otherwise, you could be met with a lawsuit, even if no identity theft actually occurred. This is true whether the act of processing a card in such a manner was done knowingly or negligently. Those who do it unknowingly may be held liable for the cost of purchases and attorney fees. Those who did it “recklessly” (knowingly) can expect statutory damages not to exceed $1,000, as well as punitive damages and attorney fees.
If you think this won’t add up, look to Costco, which faced a class action suit to the tune of $17 billion. Contact Leap Payments today to make sure your transactions are secure in every way.