In this ongoing series we look at ways of preventing employee theft. In part one we looked a cash handling methods,  in this part we take a look at best practices for preventing theft with Credit Cards, in part three we look at inventory theft , and in part four we look at time theft.  

When it comes to credit cards, preventing theft is not only about preventing theft from the business, but also preventing theft from customers. As with cash which we looked at in part one, the solution to preventing theft with credit cards is having the correct policies and procedures in place that conform to the basic idea of “Trust No One!”

cc1

Image courtesy of Pixabay

Credit Card Basics

Your credit card processor can bring you up to speed as to the best practices for running transactions, but what follows are some generally accepted procedures which should help protect any business.

Have cameras on your credit card machine / terminal(s) or at minimum keep them in an open area where multiple staff members can see them. Always use the chip option if possible when processing transactions. Try to avoid taking credit cards over the telephone. If you have to take cards over the phone, ensure that you are using all the security features; such as address verification and the CVC code on the back of the card. Try to always keep a customer’s credit card in sight of the customer. This is not always possible, but there is less chance of a customer’s credit card information being stolen if their card does not leave their sight.

Do not store credit card numbers, or photocopies of cards, unless you have an air tight system in place that is highly secure. Some of the biggest names in retailing have fallen fowl to having customer’s credit card numbers stolen from their systems. You should think very carefully before exposing your business to that kind of liability.

The ability to give a refund using your credit card terminal should always be protected by a pin or password. An employee giving a refund to themselves using their own credit card, if they are not very smart, or using a reloadable generic card is an easy way for an employee to steal if controls are lax. Members of the public are also not above trying to give themselves a refund if given the opportunity.

cc2

Image Courtesy of Pixabay

Batching

At the heart of preventing employee theft using credit cards is batching. A batch is a report of everything that has been run on that credit card machine since the last batch. Once the batch has been run all the transaction are removed from the machine. Credit card processors will set your terminal(s) to batch out automatically, usually in the middle of the night. A better system is to manually batch your terminals at the end of each shift.

Batching at the end of a shift draws a line as to which shift ran which transactions. At the end of the shift, the batch(s) should be matched to the daily report in the sales system. Please do not use the credit card transaction slips to match up to your sales system. Credit card slips are very important, particularly if there is a dispute with a client; however, slips can get lost either by accident or on purpose. With a batch you will be able to see how many transactions have been run, for how much, and what refunds have been run. As mentioned before, refunds are an easy way for an employee to steal from a company, so it is important to pay them particular mind. Matching batches to your sales system, should also catch unauthorized refunds.

Good practice, particularly if you only have a few credit card terminals, is to ensure that there are no gaps in batch numbers. For each credit card terminal, the batch number should increase by 1 every time a batch is run. A missing batch is almost certainly an indication that transactions have been run, on the missing batch, and one assumes that they have not been recorded in the sales system. If you are missing a batch and realize it, you can always request a copy from your credit card processor or ask them to read out what should be on the batch.

Recording data in your in-house sales system accurately is not only important from an accounting standpoint, but it makes things much easier when trying to match batch transactions to the sales records. Try not to record transactions as “credit card” but as “MasterCard, Visa, or Discover” etc. Also, try to impress upon employees that if a client is paying with multiple cards, even if they are both Visa cards, that they should really be recorded in the sales system as they are ran on the credit card terminal. For example; two visa card payments of $20 should not be recorded in the sales system as a credit card payment of $40, but as two visa payments of $20 by the same client.

Just as with cash, matching the batches to your sales system should be initially performed by a supervisor and the person who has been running the majority of the transactions. Every transaction must be accounted for one way or another. This, of course, can get complicated, particularly when dealing with multiple terminals; however, there really is no substitute for ensuring that all transactions have been recorded properly, and that there are no orphan transactions or transactions that were not actually made.

Of course, the matching of each shift’s credit card batches should also be double checked by a manager who has not taken part in running any credit card transactions, usually the following day.

It can sometimes seem pointless to track down small inconsistencies between what was recorded in the sales system and what was processed on the credit card terminal. However, with a business that runs hundreds of transactions, small amounts can add up quickly. Overcharging clients by $1.00 and then refunding that $1.00 to an employee’s own card can be hard to detect unless small errors and constantly, and consistently, tracked down and resolved.

cc4

Image Courtesy of Pixabay

Reconciliation

It should be noted that with some terminals it is easy to run a report, which prints a batch like list of all the transactions but does not batch out the credit card terminal. When this is done by mistake It is usually caught by the following shift as their batch will have all the previous shifts transactions as well as their own. This will be annoying, and make the matching of batches to sales system reports more difficult, but this is almost certainly just a mistake. More concerning is when a report is ran deliberately instead of a batch. In theory, this means that refunds could then be run on this credit card terminal after the report is ran, and then terminal could be batched out properly and the batch destroyed.

With the method outlined above, even keeping track of batch numbers one shift to the next does not protect the business. Of course, if batch numbers are not being kept track of then all an employee would have to do in order to steal is batch out the terminal, run whatever refunds they want to, and then re-run the batch.

For these reasons it is important, just as it is with cash, to reconcile the credit card transactions with statements from the credit card processor and with the monies deposited into the bank account of the business. This is usually the only way to be sure that there is not money being stolen via credit processing. Ideally, this reconciliation should be performed by someone who has not been involved in any of the previous steps.

cc3

Image Courtesy of Pixabay

Theft from Customers

If credit cards must be ran out of sight of customers, and in a private area, it is easy matter for a thief to write down credit card details, or take a picture of the front and back of card. It is not usual for victims of such schemes, which usually happen at restaurants, to find that additional charges have been ran of their card before they have even got home from the restaurant! The thief texted the card details to an accomplice. If they are not greedy, it can difficult trace where the credit card details were copied from.
When credit card transactions must be ran in less than ideal circumstances, consider banning your employees from carrying cell phones. It is not an ideal solution, but it does make things harder.

As mentioned before, keeping credit card details onsite is an enormous liability and should be avoided unless a 3rd party is prepared to accept the liability, such as a software developer. However, even then I would be wary of such systems.

Next week we are going to look at inventory thefts.