Other people's cards

colsten

Takmon wrote: »

If i was to make a card purchase over the phone then i would be orally telling someone my card details who would then be typing that into a computer to make the payment.
So if that's never been an issue then why would it be different if the cardholder is standing next to you.

I can easily think of one difference. The person who you give your card details to over the phone will almost certainly be linked to that purchase, in the system of the vendor. If you take the place of the cardholder, even if the cardholder sits right next to you, there is no record that it was you who got to know all the card details.

The second big difference is, as I have already pointed out, the breach of the card T&Cs - with the exception of the Barclaycard CC, perhaps.

I am also staggered that anyone would think that it helps people if you do a simple job for them, instead of teaching them how to do that job themselves. Give a man a fish etc etc etc.

jonnygee2

If we use customer's cards to complete transactions for them, are we breaking any laws, and if there is a problem, who is liable?

1) You are not breaking any laws
2) You are not making yourself liable for anything

Whether it constitutes good practice, good advice etc, is a matter of debate I guess. But of these two things I am certain.

On a personal level I would advise doing as your bosses tell you. As they are not advising anything illegal or obviously unethical and it frankly doesn't sound like its worth losing your job over.

george2571

Only piece of advice i would give you is to make sure you have it in either writing or on a recorder that they have agreed for you too do this. Because at any point you could be accused of all sorts and you will need to make sure everything is in order.

Hope this helps,
george2571

Takmon

colsten wrote: »

I can easily think of one difference. The person who you give your card details to over the phone will almost certainly be linked to that purchase, in the system of the vendor. If you take the place of the cardholder, even if the cardholder sits right next to you, there is no record that it was you who got to know all the card details.

The second big difference is, as I have already pointed out, the breach of the card T&Cs - with the exception of the Barclaycard CC, perhaps.

I am also staggered that anyone would think that it helps people if you do a simple job for them, instead of teaching them how to do that job themselves. Give a man a fish etc etc etc.

Yes it is a slightly different scenario but if you follow the T&C's by the letter then using the card over the phone would breach them too and that is certainly not the intention.

ic

My only concern would be that in such a position, people may believe you are advising them and possibly provide protection. For example, could they think you're advising them on the best bank account to apply for, or the cheapest and most appropriate gas and electric deal? Could they think that if that flight they just booked fell through, that they could come back to you for redress?

Feels like there should be some terms of service somewhere that clearly set out what you're there to do, which is to help them use the computer, but not provide guarantees to that information or any implicit advice.

Sarahspangles

This is the risk that I can see:

• You help a customer by either inputting their card details, or reading them out.
• Later, there is actual fraud, or a claim that there has been fraud on that card.
• The customer that you helped blames the individual employee or team, saying that you have had access to all their card details including their address, postcode, email, date of birth, passwords etc, and have passed them to another party or have ordered and intercepted goods yourself.
• Suspension from work etc pending investigation.

Considering you must be working with people who are elderly, forgetful, in financial distress, holding grudges against the authority this feels like a genuine risk.
This is where I think you/the team need to consider involving your union.   Maybe there can be some procedures put in place to protect you?  
It’s especially important that you aren’t recording audio or writing down any details.  Also, how secure are the computers?  If a business takes card details it has to comply with the PCI-DSS standard.  I’m not suggesting that the Service you work for has to be compliant, but it will give you an idea of the rules.  Someone who works in a team that does take payments made to the Council will be able to expand on the rules, for example if the Council takes payment over the phone for Council Tax or skip bookings.  

To be compliant with PCI, most businesses only use payment terminals provided by one of the card providers, so that the card company controls security, and the till operator looks away when the password is entered.  If this is not possible, for example where someone sitting at a PC takes payments over the phone, there will be procedures so that:

• Calls are never recorded
• Staff are forbidden from writing down numbers or taking paper records away, and their phones will be kept in lockers outside the secure area so they can’t record audio or screen images
• The IT network will be separate and secured to a defined standard
• There will be external audit and accreditation to an ISO standard

Gareth2020

Working in banking, as per T & C it is the persons responsibility to ensure that bank details are kept secure and never to reveal things like PINS etc and extending towards recurring payment details like the long digit card number, expiry date and last 3 digits of the card.  
My advice would be to stay clear, in the event you purchase something and somewhere buried in the small print is a subscription that is easy to miss which is legal but not ethical this can cause significant issues, and the hassle it takes to stop a reoccurring payment authority.