Accepting cards is done over the internet these days, whether that connection happens over a landline, WiFi or mobile network such as 3G.
Not all internet connections are reliable, though, and not all areas of the UK have an accessible mobile network in the first place. Festivals, remote areas, markets and trains are examples of where merchants can struggle with poor network connectivity at the time of payment.
How do you accept cards, offline, in that case?
Some terminals can accept cards offline
The simplest way to accept cards without network connectivity is to choose a card terminal that has offline functionality. You can expect mobile card readers won’t work without at least a basic network connection, but some traditional card machines may enable it if the merchant service provider accepts it.
So how does a suitable card machine accept a debit or credit card offline? You normally swipe, tap or insert the payment card, during which the card and transaction information are encrypted and stored in the software until the next time it’s back online. In other words, the transaction is actually not processed offline – it is pending in the system until it gets the opportunity to connect to the banks over the internet.
Merchant service providers (providing the card machine) will have a limit for how long such an offline payment can be pending for, e.g. 24 or 72 hours. If the card machine does not go back online within that time frame, the encrypted transaction and card details will be erased and the transaction therefore won’t be processed.
There is also the risk that the card will be declined, is invalid or stolen, which you’ll only know when the transaction has attempted processing online.
Due to the risk of the payment not going through, your merchant service provider may ask you to take some of the following precautions:
- Limit the acceptable transaction total for offline payments to an amount you are willing to lose if the payment isn’t successful.
- When taking the payment, check that the card hasn’t expired.
- Ask the customer for an ID that matches the name on the payment card.
- Check that the signature on the card matches a photo ID of the customer.
- Phone the card processor to ask for a transaction verification code to enter on the terminal while the customer is there.
Woman using a card imprinter to swipe over a carbon paper slip with credit card underneath.
Fallback method: card imprinter
If your card machine unexpectedly stops working, you can default to the old-fashioned credit card imprinting machine. This device produces a carbon copy of the embossed card details onto paper slips. These slips may be sent to the bank for verification, or used for manually processing the information later in a virtual terminal.
It works this way: The card imprinter has a sliding mechanism that applies pressure to carbon paper copies placed over the embossed card number and details of the customer’s payment card (i.e. this doesn’t work with cards that are not embossed). You may add extra details in handwriting, for instance the CCV code at the back of the card, transaction total, signature (yours and customer’s) – enough information to have the payment verified later. You can also ask the customer for ID to match the name on the card.
The credit card imprinter was a common sight pre-1990s, but shops now only use it in special circumstances, e.g. if a card terminal doesn’t work, the internet is down or a customer’s card has to be entered manually later.
Writing card details for manual entry later
In theory, you can just write the card details down while you’re with the customer, then put the transaction through later in a virtual terminal or via manual entry on the card machine. The problem with that is that PCI-DSS does not allow this if you’re aiming to be compliant with their card industry standards. (Note that writing on a random piece of paper is different from using a card imprinting machine, which PCI-DSS has accommodated for in their compliance rules.)
There is a secure way around this, though. While you can’t handwrite sensitive card information, some point of sale (POS) software, such as Square’s, allow you to store a customer’s card details in its secure system – if you print a consent form on-the-spot for the customer to sign. This way, the customer authorises you to keep the card details until they request you delete it.
There are several ways this could backfire, though:
- The customer cancels their card before you get a chance to put the payment through online.
- The customer withdraws their consent for you to keep the card details – after they’ve left with their purchase and before you can process the payment.
- The card is stolen, invalid or not authorised when you enter the transaction in the system.
Choose a terminal that works with a weak connection
The least risky way to accept cards is with an online connection, so it’s best to aim for that as a priority.
Some merchants may be tricked into believing that their card machine is offline when in fact the network connection is too weak for the terminal model to process the payment. Some card machines actually require very little connectivity to process transactions – the kind of connectivity you may be limited to at your location.
High-speed options for a mobile terminal include 4G and most WiFi connections. Slower-speed options include:
If you’re on a budget, you can get cheap card readers, such as SumUp 3G, that work well on these speeds without contractual commitment.
If none of the above options are feasible, you can instead:
- Ask the customer to withdraw money from a cashpoint and come back to pay in cash, but they may never return if it’s too inconvenient.
- Ask the customer for a phone number so you can call them when the internet is back. The customer can then either come back to pay you in person, or you can take the payment over the phone.
- Take the customer’s mobile number and you can later text them a payment link to pay remotely.
If the customer is taking their items with them before any transaction is processed, however, you always run the risk of losing those products. If they can get away with not paying for something you gave them, they might very well go for that.
Some cards do not work offline at all
Cards with NFC (contactless), chip and swipe can typically be accepted offline, but some debit and cash cards with electronic chip require online processing whilst in the card terminal. It’s not entirely clear how you identify these cards, only that some types are more likely to elicit a rejection in the offline terminal.
These payment cards may have to be accepted in the card machine while you have an internet connection:
- Visa Electron
If you’re using a credit card imprinter, obviously you can’t make an imprint if the card information is not embossed on the surface.