Axiom Updates

Latest Industry News

Safeguarding your credit card terminals from inappropriate behavior

  • 04/23/2018
  • The Weekly Spiff!
  • Posted by
  • Comments Off on Safeguarding your credit card terminals from inappropriate behavior

By Phil Villegas

There are multiple fashions by which individuals can take funds from a dealership.  Nearly every position within a dealership has a way of monetizing inappropriate behavior.  Most dealerships will attempt to implement safeguards in key areas of risk, particularly over cash, whether it be two signatures on all checks, segregation of duties on deposits, or review of bank reconciliations.  However, there is one area of cash controls that I commonly find does not have an adequate level of internal controls, and that is over credit card refunds.

Many dealerships allow for customer credit card refunds on nearly any terminal without any system of internal control.  We’ve seen multiple occasions where these credit card terminals have been used to embezzle funds from dealerships by individuals giving refunds on personal cards. In all cases, we found that some basic internal controls could have prevented this from occurring.

To safeguard against credit card refund abuse, consider these basic internal controls:

  • Require the person responsible for the credit card terminal to attach a copy of the original charge slip for all refunds to validate the original charge on that card.
  • Require a security code to be entered into the credit card terminal to issue refunds or limit refunds to only be issued from a credit card terminal in accounting.
  • Implement a policy whereby refunds can only be provided on cards that were previously charged at the dealership, and do not allow refunds to be provided on cards not previously used.
  • Review monthly merchant statements for all refund activity to identify refunds that may have been processed between deposit batches.

While some credit card service providers will provide some internal control safeguards, remember that accountability cannot always be outsourced or delegated.

Back to top