Best practices for key-entering credit card transactions


As we continue to grapple with the impact of Covid-19 on retailers and develop new ways to provide goods and services in this radically different landscape, let’s review ways to safely take credit card purchases while lowering processing costs.

Since the virus can be spread by things we touch, a number of retailers are modifying their behavior to minimize or eliminate those points of contact. Whether it is curbside pickup, shipping goods to customers, home delivery or some other innovative solution, you may be considering keying the card number into your terminal because you don’t have or don’t want access to the customer’s physical card.

Most terminals have the ability to accept “contactless” transactions. Some cards are configured to allow the consumer to “tap” the terminal and transmit the data to the terminal for processing. Also, most new smart phones have a contactless solution built into them. As more and more businesses (and consumers) decide to limit the handling of cards to avoid cross contamination, you may want to review your terminal and determine if this payment option is something that fits with your business model and store’s “cash wrap” layout.

If you are key-entering card numbers into your credit card terminal, you need to make sure that you are collecting enough data (and the correct data) to ensure that you qualify at the best rate possible. With this data, you can also prevent bad guys from defrauding your business.

If you don’t swipe, dip or tap a card through the terminal and instead key it into the terminal, your transaction cost can increase. There are a number of interchange rates that you might downgrade to, which will increase your cost of the transaction.

To minimize the downgrade (unfortunately, you can’t eliminate it) and protect against fraud, you need to collect the following information and enter it into the terminal, when prompted, during the authorization attempt.

  • Street address where the month-end statement is mailed.
  • Zip code where the statement is mailed.
  • Three- or four-digit security code on the signature panel of the card (for American Express transactions, it is the four-digit code on the front of the card.)

If you have customers that are paying with a business card (either corporate, business, or purchasing card) then you need to also provide a PO Number and the amount of the transaction that is sales tax, if you charged sales tax on that transaction.

If the cardholder doesn’t have a PO number, use one of your own. Something as simple as the date of the transaction (example: March 27, 2020 would be 20200327). By way of example, for sales tax, if the total sale was $106 (this is what you keyed into the terminal when prompted for the “amount”), then you would indicate that $6 of that was sales tax.

Modifying your behavior at the point of sale can save your business between 33¢ and $1.35 on a transaction of $100.

The other thing that we, unfortunately, need to worry about is fraud. During these chaotic times, the bad guys will figure out ways to commit fraud. Collecting the information above (address, zip, and security code) will provide additional information that you can use to determine if the sale is legitimate.

Address Verification Service (AVS) will return a match, partial match, or mismatch message on the receipt that is printed. Based on this message, you may decide to handle the transaction in a different manner. You should establish business controls to ensure that your staff understands the importance of this data point.

If the security code doesn’t match the one on file at the issuing bank, you will not get an approval code. This business control is hard-coded into the system and will prevent you from processing a sale on a card where the “customer” provides the wrong code.

In modifying your business process, if you choose to write a card number on an order form, you need a process in place to redact or destroy the card number after you are done with it. The same goes for the security code. You shouldn’t ever store the card’s security code after you receive an approval code.

Lastly, if your changes to your business model need a digital invoicing solution (with a payment link embedded in the invoice), we have merchant processing solutions that could help you with that service. Obviously, this type of change is a little more significant, but we have solutions to help you be successful. If you are interested in this type of solution, send an email to or call 800-366-3699 and ask for one of our sales team members.

As always, we are here and able to help you with any questions about these issues or anything else. Please feel free to contact our customer service team at 800-563-5981, option 2 for help.

John Mayleben, one of the nation’s first Certified Payments Professionals designated by the Electronic Transaction Association, is an MRA consultant and national expert on payment processing.