Version 1.0
Prepared by: @Lorraine Sebata
Approved by: @Marcia Wilkinson
Reviewed date: 2025-09-13
Next review date: 2026-09-11
This Standard Operating Procedure (SOP) for Receivables - Credit Card Processing is established to ensure the accurate, secure, and timely processing of customer payments made via credit or debit cards. Its purpose is to define a systematic approach for receiving, processing, and reconciling credit card transactions, thereby maintaining accurate accounts receivable records, minimizing processing errors, and ensuring compliance with payment card industry (PCI) data security standards.
This SOP applies to all Accounting Team members, Loan Officers, and any other staff authorized to accept and process customer payments via credit or debit cards for Easyterms. This includes payments made in person, over the phone, or through online payment portals.
Data Security Policy - specifically related to PCI DSS compliance
Accounting Team Member / Authorized Staff: Responsible for processing credit card payments, ensuring data accuracy, and reconciling transactions.
Charge Anywhere: Facilitates the authorization and settlement of credit card transactions.
Bank: Receives and processes funds from the payment processor into the company's bank account.
Customers: Provide credit card details for payment.
5.1.1 When a customer wishes to make a payment via credit/debit card, confirm the amount due and the purpose of the payment (e.g., loan repayment, fee).
5.1.2 For in-person payments, instruct the customer to swipe/insert their card into the POS terminal. For phone payments, obtain card details securely over the phone (adhering to PCI DSS guidelines, e.g., not storing sensitive data).
5.2.1 For POS Terminal / Virtual Terminal:
5.2.1.1 Enter the payment amount into the POS terminal or virtual terminal provided by the payment gateway.
5.2.1.2 Process the transaction (swipe, insert, or manually enter card details if permitted and necessary, ensuring PCI compliance).
5.2.1.3 Wait for authorization. If approved, obtain a transaction receipt. If declined, inform the customer and request an alternative payment method.
Caution: Never manually record or store full credit card numbers, CVVs, or expiry dates in physical or unsecured digital formats. All processing must occur through PCI DSS compliant systems.
5.3.1 Log into the Accounting Software (Xero).
5.3.2 Create a 'Receive Money' transaction for the customer.
5.3.3 Ensure accurate details are entered: customer name, amount received, date of payment, and reference (e.g., transaction ID from payment processor).
5.3.4 Allocate the payment to the appropriate customer invoice or loan account.
5.4.1 Daily/Weekly, access the transaction reports from the credit card payment Charge Anywhere gateway/processor.
5.4.2 Compare the total amount of transactions processed through the Gateway with the total 'Receive Money' transactions recorded in Xero for credit card payments.
5.4.3 Identify any discrepancies, such as:
Transactions processed by the gateway but not recorded in Xero.
Transactions recorded in Xero but not appearing on the gateway report.
Differences in amounts due to processing fees or errors.
5.4.4 When the net settlement amount (total payments less fees) is deposited into the bank account, match this deposit in Xero's bank feed. Ensure the processing fees are correctly accounted for as an expense.
5.5.1 For any discrepancies identified during reconciliation, investigate the root cause. This may involve:
Reviewing individual transaction details on the payment gateway.
Checking Xero entries for data entry errors.
5.5.2 Make necessary adjustments in Xero to correct errors, ensuring proper documentation and approval.
5.5.3 Document all investigations and resolutions for audit purposes.
5.6.1 Retain digital copies of credit card transaction receipts and payment gateway reports.
5.6.2 Ensure all customer payments are accurately recorded and applied in Xero, reducing the outstanding balance of the respective invoices or loans.
5.6.3 Regularly review the Accounts Receivable Aging Report in Xero to ensure that payments are correctly reflected.
5.6.4 Ensure all processes adhere to PCI DSS (Payment Card Industry Data Security Standard) requirements to protect sensitive cardholder data.
5.6.5 Retain all relevant documentation as per the Financial Reporting Policy.
Credit Card Transaction Receipts (from Credit Card Machine/Terminal)
Charge Anywhere Gateway Transaction Reports
Xero 'Receive Money' Transactions
Xero Bank Reconciliation Report
Accounts Receivable Aging Report (from Xero)
All staff members authorized to process credit card payments will receive mandatory training on this SOP, relevant financial policies, and PCI DSS compliance annually or upon significant revisions. Training will emphasize secure handling of cardholder data.
This SOP will be reviewed annually by the Accounting and Finance Departments, in conjunction with IT, to ensure its continued effectiveness, compliance with financial policies, PCI DSS, and alignment with business objectives and any changes in payment processing technologies or regulations.