Modern credit card processing requires a steady internet connection in order to verify cardholders' information and complete the purchase instantly. This can restrict a retailer's ability to travel and orchestrate transactions when the internet is not available.
With offline payment processing, companies can accept credit and debit card payments from anywhere, at any time, enhancing flexibility and functionality.
Firstly, an offline card transaction is when a person uses their debit or credit card to transfer money from their bank to another's bank. With offline card processing (OCP), businesses are able to facilitate this transfer of funds without an internet connection.
By using modern encryption technology, OCP is able to collect and save credit card information to process the transaction at a later time. The data encryption ensures the customers' sensitive information is secure, and the business remains compliant with the Payment Card Industry Data Security Standards (PCI DSS).
A normal card transaction goes through six steps in a matter of seconds-
1. The cardholder swipes their card through the payment terminal.
2. The card reader uses the internet to submit the cardholder's data to the acquiring or merchant bank.
3. The merchant bank forwards the information to the cardholder's network, such as Visa or Mastercard.
4. The card network runs its approval process via an authorization procedure.
5. If approved, the issuing bank places a pending withdrawal on the cardholder's account for the purchase amount.
6. The business receives the approval from the credit card network, in which case they can immediately process or wait until the end of the day to finalize the day's batch.
Without an internet connection, companies cannot run the authorization or verification procedures, as they cannot contact the credit card network. Therefore, OCP terminals encrypt and safely store the information until a connection is available.
OCP is most often used when businesses experience slow or malfunctioning internet connections. However, many busy companies also use OCP when they have too many customers waiting and don't have time for the terminal to run the verification process.
Most credit card processing is done over the internet, whether on a mobile device, computer, or traditional payment terminal. However, this poses a problem for businesses with mobile vendors and faulty internet servers.
Therefore, companies should consider the different ways they can accept offline payments to avoid losing potential sales.
Some terminals have dual functionality that allows businesses to accept credit card payments with or without the internet. However, this is entirely up to the merchant service that provides the terminal.
Some providers set a limit, typically between 24 to 72 hours, in which an offline payment can remain pending.
If the process exceeds the limit, the cardholder's data is erased to prevent identity fraud and theft. This means that the transaction is never finalized, and the business must supplement the loss of goods and revenue. Therefore, companies using OCP must consult their merchant to define this window.
Businesses that use offline terminals might also later find that some customers' cards are invalid or declined, leaving them with a deficit.
To mitigate these types of risks, companies should-
- Limit the transaction total for offline payments.
- Check the expiration date of the cards before accepting payments.
- Cross-examine the card with the customer's ID to ensure it isn't stolen.
A card imprinter is a machine that creates a carbon copy of the credit card onto paper slips. Employees can later use these slips to manually enter the cardholder's information into the payment terminal. Businesses can even send these slips to their bank for verification.
To use a card imprinter, employees simply place the card onto the machine and cover it with a piece of carbon paper. Then push the sliding mechanism over the embossed card number and details. For information that isn't embossed, including the signature and CVV code, employees must manually write down data.
As imprinters rely on the pressure from raised embossments to imprint the carbon paper, modern cards with printed digits and gift certificates must also be manually recorded.
Writing down card details for later data entry should be a last-ditch effort as it is not compliant with PCI DSS.
To avoid legal repercussions, businesses can print a consent form for customers to sign that authorizes them to retain the card information until the transaction is finalized.
However, there are several risks to doing this-
- The customer can cancel their card before the transaction is completed.
- The customer can withdraw their consent after they've left with their purchase.
- The card could be stolen, invalid, or declined by the time the information is entered.
Some businesses may think that they are working offline when really the internet is too weak for the typical terminal to work from. However, some payment terminals require little connectivity to process transactions.
While 4G and Wi-Fi terminals require a stable stream of connectivity, others require slower speeds, such as 3G, GPRS, and EDGE.