Credit Card Processing at Automated Dispensing Machines

Automated Dispensing Machines (ADM) are considered to be Level 1 Cardholder Activated Terminals (CAT). The following credit card processing requirements apply for merchants who use ADMs at their locations:

1. Each Automated Dispensing Machine must accept a personal identification number (PIN) as a proxy for a customer signature.
• If the PIN is not supported as a standard within the country or location or the card issuers have not provided one to their customers, this type of service is not available for the retailer.
• The PIN authorization process must be routed via a secured information transmission.
• ADM terminals need to be able to support numeric, alpha, or alphanumeric PINs with a minimum length of four digits.
2. The merchant's credit card processing bank may reject a transaction authorization after four attempts and four subsequent negative replies of "invalid PIN" or "invalid transaction" have been received from the Credit Card Association (Visa or MasterCard). Alternatively, the acquiring bank can allow for more than four subsequent PIN entry attempts to be used if each has received a negative response at an ADM.
3. All payments, regardless of the transaction amount, need to be authorized with a full, unaltered magnetic stripe read data transmitted through the payment processing system.
4. Card pick up at an ADM is not mandated. However, if the terminal has that capability installed, the retailer can do so only at the card issuer's expressed request.
• The retained credit card must be logged and secured using adequate audit controls.
• The retained credit card must be cut in half through its length and then returned to the retailer's acquiring bank.
5. For payments processed at ADMs where a PIN and a full, unaltered card data is transmitted, "No Cardholder Authorization" chargeback rights are not offered to the card issuers, as the PIN is a valid proxy for the cardholder's signature.
6. Each ADM that is also a hybrid terminal can also perform fallback procedures, provided it is not prohibited by the specific region or location. Credit card processing banks use the fallback process when a smart card is used at a hybrid terminal and the retailer processes the transaction by using the magnetic stripe or by physically key-entering the card number because the merchant cannot process the payment using smart card technology.

Retailers who do their credit card processing at ADMs must always request the customer's billing address ZIP code as an alternative fraud prevention measure. A fraudster may not know what the billing ZIP code of a stolen card is and keep on trying to guess it until she is locked out by the payment system.