Qadirah Anti Card Fraud Policy

Qadirah Inc. Credit Card and Gift Card Transaction Policy

Effective Date: 9/29/2019
Last Revised: 9/29/2024
Reviewed By: Compliance

  1. Purpose

This policy outlines the procedures for handling credit card and gift card transactions at Qadirah Inc. to ensure secure, compliant, and efficient processing, protecting both the company and its customers from fraud and theft.

  1. Scope

This policy applies to all employees who handle or process credit card and gift card transactions. It also applies to third-party services involved in payment processing on behalf of Qadirah Inc.

  1. Responsibilities
  • Employees: All employees must comply with the procedures outlined in this policy and report any suspicious or fraudulent activity immediately to the manager or designated security team.
  • Management: Management is responsible for enforcing compliance with this policy and ensuring that all employees are trained on the proper procedures for handling credit card and gift card transactions.
  • Third-Party Payment Processors: Qadirah Inc. will only engage PCI DSS-compliant third-party processors and ensure they follow industry best practices.
  1. Credit Card Transaction Procedures

4.1 PCI Compliance

Qadirah Inc. will maintain compliance with the Payment Card Industry Data Security Standards (PCI DSS). All credit card transactions must be processed through PCI-compliant software or hardware.

4.2 Cardholder Verification

  • Address Verification System (AVS): Employees must verify the billing address provided by the customer matches the address on file with the card issuer.
  • CVV (Card Verification Value): Always request the CVV code for all non-face-to-face transactions (e.g., online or phone orders).

4.3 Fraud Detection

  • All transactions must be processed through real-time fraud detection systems.
  • Suspicious transactions should be flagged for further review, such as:
    • Transactions above a certain threshold.
    • Multiple transactions from the same card within a short period.
    • Transactions from high-risk countries.

4.4 Refund and Chargeback Handling

  • Refunds will only be issued to the original payment method used by the customer.
  • Chargeback disputes must be responded to promptly, following the internal dispute resolution procedures.

4.5 Employee Training

Employees who handle credit card transactions must complete training on PCI compliance, fraud detection, and safe handling of sensitive customer information.

  1. Gift Card Transaction Procedures

5.1 Gift Card Activation

  • All gift cards must be activated at the point of sale and must include a unique serial number or QR code to prevent fraudulent use before purchase.

5.2 Gift Card Limits

  • The maximum amount that can be loaded onto a gift card is $500. Any exceptions must be approved by management.

5.3 Gift Card Usage

  • Gift cards can only be redeemed in Qadirah Inc. locations or through its official website.
  • No refunds will be issued for gift card purchases, but customers may request balance transfers in the event of loss or theft, provided they can show proof of purchase.

5.4 Monitoring & Audits

  • Regular audits of gift card transactions will be conducted to ensure there is no misuse or fraud.
  • Any suspicious gift card activity, such as unusual purchasing patterns, must be reported immediately to the appropriate manager.
  1. Security Measures

6.1 Encryption and Tokenization

All credit card information will be encrypted and tokenized to prevent unauthorized access. Customer credit card data must never be stored locally in any employee system.

6.2 Two-Factor Authentication

All employees accessing payment processing systems must use two-factor authentication to prevent unauthorized access.

6.3 Physical Security

All point-of-sale systems and terminals must be secure, and only authorized personnel can access them. Terminals should be monitored, and any tampering must be reported immediately.

  1. Reporting Fraud and Unauthorized Access

Any employee who becomes aware of suspicious activity or potential fraud must report the incident to the designated security team or management immediately.

  1. Disciplinary Actions

Failure to comply with this policy may result in disciplinary action, up to and including termination. Legal action may also be pursued in cases of gross negligence or fraud.

  1. Policy Review

This policy will be reviewed annually or as needed to ensure compliance with industry regulations and best practices.