Electronic Exchange Systems
1 (877) 865-7744
Register Now for EXS

Do's and Dont's when Accepting & Processing Credit Card Transactions


  • Use a credit card terminal provider service that truncates the card expiration date and all but the last 4 digits of the card number on the cardholder copy of the receipt.
    Note: The merchant copy of receipt bearing signature may display full account number and expiration date.
  • Store all credit card materials containing cardholder account information in a restricted/secure area
  • Limit access to credit card sales drafts, reports, or other sources of cardholder data to your employees on a “need to know” basis
  • Render credit card materials containing cardholder account information unreadable prior to discarding
  • Retain legal control over cardholder's credit card transaction data and personal cardholder information if you use a third-party
  • Limit access to EXS systems that require unique operator log-in and notify EXS immediately of staff terminations or changes
  • Immediately notify EXS Risk Management of any suspected or confirmed loss or theft of credit card processing materials or records that contain account information retained by merchant or its third party
  • Immediately notify EXS of the use of an outside agent or third party provider who is not identified on the Credit Card Merchant Account Application
  • Communicate these requirements to your agent or third party provider, and direct them to credit card association information, publications, and/or web sites regarding safeguarding cardholder credit card transaction data
  • Require your third party provider to adhere to all CISP, AIS, as well as Visa and MasterCard data security requirements
  • Retain all credit card transaction sales drafts for at least 18 months
  • Display proper Visa and Mastercard credit card signage.


  • Process cash advance transactions unless you are a financial institution approved to do so through your EXS credit card merchant account
  • Assign a minimum or maximum purchase amount when you accept credit cards
  • Add a surcharge or fee to your credit card processing transactions
  • Restrict credit card processing transaction usage (for a sale or discounted item)
  • Use a credit card transaction to guarantee a check
  • List a cardholder’s personal information on a credit card sales slip (unless the credit card authorization operator requests it)
  • Record CVV2/CVC2/CID on credit card transaction sales draft (only the one-digit result code can be recorded or retained)
  • Retain sensitive cardholder data, as it is expressly prohibited, including complete contents of a credit card’s magnetic stripe (subsequent to the authorization)
  • Sell, transfer, or otherwise disclose cardholder's credit card account information or personal information. (This information should be released only to EXS or Member, or as specifically required by law. If you want to participate in a gift and loyalty card program, the gift and loyalty card vendor must be CISP certified by Visa and implemented in accordance with processes and procedures.)
  • Deny a credit card transaction because the cardholder refuses to provide you additional identification such as telephone number, address, social security number, or driver’s license
  • Use any other telephone number other than the official number provided for authorization of a credit card transaction.



CONTACT US |  EXS is a registered ISO of Wells Fargo Bank, N.A., Walnut Creek, CA