Refunds Should Require a Passcode
When you became a merchant, you completed an application process that may have included asking for your Social Security number. While many people find this puzzling for a business account, the fact is – someone must be in charge and responsible for your terminal and the actions that take place within your account. Many terminals, such as the Ingenico brand allow three levels of access: Clerk, Supervisor and Manager. Imagine this for a moment – Your rogue employee issues a $10,000 credit to his personal MasterCard debit card on his last day of employment. Buckle up! The ride is about to get very bumpy for you.
Allowing all employees to have “all-access” to the functions of your credit card terminal exposes you to a potential nightmare. As you know, chargebacks, refunds and credits all come directly out of your bank account during the daily batch settlement. This means that you must have sufficient funds in your bank account to cover any refunds or credits issued during a business day. Giving your employees the ability to issue credits and refunds without any approval or oversight is the same as giving them direct access to all the funds in your bank account. They are in control without a passcode.
What Will Happen
The moment that your rogue employee issues an unauthorized credit to their own personal card or perhaps the debit card of an accomplice, the credit is posted to that account. If the funds have been moved to a debit card, the receiving card can then be used for purchases until the money is all gone. At the end of the business day when the bank attempts to remove the funds that were credited and they are not present in your account, the business owner becomes legally responsible for the debt. There will be no hiding or protection for you except for the legal justice system which is slow and inefficient.
If you don’t have the money in your bank account to cover the credit amount, the funds from all future transactions that you process will be held by the bank until you satisfy the debt. It was your terminal that initiated the bank’s loss, and they will recover their money, one way or another. The easiest way for them to do so is to withhold funds from future transactions and your signed Merchant Agreement allows them to do this for as many days as it takes to recover their loss.
We recommend that you put some thought into who has access to certain functions of your credit card processing terminal, merchant account and payment portals. Only managers and supervisors should be able to perform refunds, voids, and manually keyed transactions. Each supervisor and each manager should have their own password rather than a shared supervisor password. If someone steals $10,000 from you, it’s easier to track down who did it if everyone has their own unique code. Codes should never be shared.
The Legal Process
While crooks will eventually get caught, the likelihood of them having the money to return to your business is slim. Using a credit card terminal illegally or improperly is considered a crime of fraud and can be prosecuted as a misdemeanor or a felony depending upon the dollar amount stolen. In the final phase of the process, their sentence will likely include restitution. However, it’s hard to pay restitution when you are in prison and just because you have a judgement doesn’t mean you will ever be able to get your money back.