The UK and Europe's number one card payment processor*
Share Follow Me on Pinterest

Navigate This Section

Image of a florist

ECommerce Transactions

Important information on accepting eCommerce transactions.
 

Call us today?

Get in Touch

Contact us Require additional information or interested in accepting card payments? Don't hesitate, call our sales team. see more

 

Quick Links

Operating Instructions

Print MOI section

Merchant Operating Instructions: ECommerce Transactions

We provide a range of services to enable you to trade online. Our payment gateway solutions are designed to simply connect to your eCommerce store.

Important

  • Before you can make eCommerce sales, you need a supplementary agreement with us to establish your Internet merchant account (IMA).
  • After this agreement is in place, we will give you guidance about setting up and integrating your website with our payment gateway.
  • You will need a specific eCommerce merchant account.
  • You will be issued with a new eCommerce merchant account just for your eCommerce sales. You must never use an existing offline merchant account for your online sales.
  • Your floor limit for eCommerce sales will be zero to ensure all transactions are authorised
  • Payment types you can accept 
  • Our Business Gateway services allow you to accept a wide range of credit and debit cards, including:
    • Visa Debit and Credit
    • MasterCard Debit and Credit
    • Maestro
    • Visa Electron
    • American Express (on request)
    • JCB
    • Diners Club (on request)
    • Laser
    • ELV

Back to top

  • Reducing fraud and chargebacks 
  • Most eCommerce sales are genuine. However, because the Internet is relatively anonymous – you don’t see the card or the shopper – some people see it as a less risky way to attempt fraud. Many want to obtain goods they can sell on for cash; others ‘card test’, placing an order to check if the card details they have will be authorised.

    If an eCommerce transaction is disputed, it is very difficult to prove that the real cardholder ordered the goods. To reduce the risk of fraud and chargebacks, it is extremely important to follow the correct procedures. Find out more in Reducing Fraud.

Back to top

  • How to complete an eCommerce transaction 
  • When making an eCommerce sale, you must do all you can to check your customer’s identity and make sure that they are entitled to use the card being offered. If you employ a third-party PSP to capture and process your eCommerce transactions, they should deal with the below process for you.

    Details to collect:
    • Card number
    • Card issue number or start date for UK-issued Maestro and Solo cards
    • Cardholder’s name and initials as they appear on the card
    • Card expiry date
    • Name of the bank or other financial institution that issued the card
    • Cardholder’s full postal address/billing address
    • Delivery address, if different
    • Card Security Code (if your PSP software is enabled) – the last three numbers on the signature strip (Please note:  This information must only be used for one transaction and must not be stored for future use.)

Back to top

  • Authorisation for eCommerce sales 
  • The authorisation number for eCommerce transactions is 08457 600 530.
    • Authorisation of a transaction does not guarantee payment.
    • Authorisation only checks the availability of funds and that at the time of the transaction, and that the card has not been reported lost or stolen.
    • Authorisation cannot always validate the address you have been given and you should consider undertaking additional checks as appropriate.

    Find out more about Authorisation and Referrals.

Back to top

  • Cancellations after an eCommerce order is taken 
    • If an eCommerce transaction is cancelled for any reason and the original transaction was authorised ,you must let the Authorisation Centre know.
    • If you employ a third-party PSP to capture and process your eCommerce transactions, you must also let them know that the transaction is cancelled.
    • If the transaction has already been processed, you will need to make a refund.

Back to top

  • Keeping customer data secure 
    • Card details must be captured and stored securely, either on your own secure server or by a PSP able to connect to Streamline.
    • Card details must always be encrypted and the host server must be protected by a firewall.
    • E-mail is not a secure way to transfer card transaction data. You must ensure that the card number is omitted from the order confirmation message sent to your customer.

    Find out more about Payment and Information Security.

Back to top

  • Cardholder Authentication 
  • Cardholder Authentication is a security tool designed to help you authenticate cardholder details in the online eCommerce environment. It brings together MasterCard SecureCode and Verified by Visa.  For more details, please contact your PSP.
     
    Both systems enable an online shopper to prove they are the genuine cardholder by entering a unique password at the shopping-cart stage. The process only takes a few seconds and the customer is unlikely to notice any interruption to the sale process.
     
    Most chargebacks happen when customers deny that they have made a purchase – this security tool goes a long way towards proving that a sale is genuine.
     
    Please note that the use of MasterCard SecureCode is compulsory for eCommerce Maestro transactions.

Back to top

  • Using card scheme logos on your website 
  • As a Streamline customer, you are entitled to use credit and debit card logos on your website, as long as you follow the artwork guidelines.

    Download the guidelines.

Back to top

  • If you change your payment service provider (PSP) 
  • If you decide to change your PSP, please contact the Helpdesk with your new details. They will arrange for a new outlet to be set up for you so that you can begin trading with your new PSP as soon as possible.

Back to top

  • Guidance notes 
  • Supplementary requirements for accepting Internet transactions

    Before you accept any eCommerce card not present sales, you must have received written authority from us to do so. Your attention is specifically drawn to the following:
     
    If you do not have a separate agreement allowing you to accept eCommerce card not present transactions, but you process such a transaction and seek authorisation for it from us, any authorisation given by us shall not be treated by you as a representation by us that we have varied our normal requirement for such transactions to be permitted only on the basis of a separate agreement with us. Any such eCommerce card not present transaction authorised in this way will be subject to full chargeback rights against you if the transaction is charged back against us for any reason.
     
    Before you carry out any eCommerce sales, your legal advisers/solicitors must review your website to ensure that all contractual and legal issues are covered adequately and the website contains appropriate disclaimers and restrictions. As a minimum, your website must clearly display:

    Information about your business

    1. Who you are – commonly referred to as your domain name. This must be recognisable to the cardholder based on their online shopping experience. You should include the identity of your business (if you are a Company, this means the full name of your Company, where it is incorporated and the registration number) and its geographical and online addresses. Your identity should be consistently conveyed on all communications with the cardholder.
    2. A customer service phone number (including both country and area codes) that cardholders can use to resolve disputes. The number quoted must not be that of a mobile phone. If you deliver goods or services internationally, both domestic and internationally accessible numbers must be listed. Your e-mail address should allow you to be contacted ‘directly and rapidly’. This should be the e-mail address of your customer service desk if you have one.
    3. Your VAT registration number.
    4. Details of any Trade Association membership, including registration number, details of the code of conduct to which you subscribe and details of how to contact them.
    5. Details of any professional body you are registered with, your professional title, the member state which granted it and a reference to the applicable professional rules in that member state and information as to how these rules can be consulted electronically.
     
    Information to be given before an order is placed

    1. A description of the products and services (including any guarantees) you are offering, clearly explaining your shipping practices together with any export restrictions. The cardholder must be able to clearly determine when they can expect to receive their merchandise.
    2. Total costs for products or services, including all appropriate shipping, handling and tax charges.  You must quote all prices in a currency agreed with us and the currency offering must be clear to the cardholder. Where applicable, you should indicate details on currency conversion (exchange rate).  
    3. Clear, easy-to-find terms and conditions and procedures, which state the exact commitment that the cardholder is being asked to make. This information must be made available in a format that the customer can store and reproduce.
    4. Your returns policy must be made clear to the customer before payment is requested. If a refund policy is offered, it should include a full refund of the amount of the shipping, handling and applicable tax charges.
    5. Your cancellation policy must be made clear to the customer before payment is requested. If you are offering a free trial period, it must specify exact dates that the free trial ends and the consequences of non-cancellation.
    6. A clear statement that the cardholder is committing to a payment where they are prompted to enter their account number, giving an option to cancel at that point. You may only request a card account number as payment for goods or services and must not request or use the account number for age verification or any other purposes other than payment.
    7. Clear instructions on how to complete the order, together with instructions for correcting input errors before the order is placed.
    8. Whether or not the completed order will be filed by yourself and whether it will be accessible.  
    9. Details of languages offered for conclusion of the order.
     
    Information to be given after the order is placed  
     
    1. An effective, accessible way to correct any input errors at the point of confirmation – before the order is placed.
    2. An e-mail acknowledging receipt of the order, which must be sent the customer ‘without undue delay’.
    3. Confirmation in ‘durable form’  – such as e-mail – of:
      • The name and geographical address of your business
      • A description of the main characteristics of the goods
      • The price, including all taxes and delivery costs where appropriate
      • Arrangements for payment and delivery
      • The geographical address to which any customer complaint should be addressed
      • Information about after-sales service and guarantees
     
    Commercial communications
    You must ensure that any unsolicited commercial communication sent by e-mail is clearly and unambiguously identifiable as soon as it is received. You must clearly identify in all communications, any promotional offer (including any discount, premium, gift or competition) and ensure that any conditions which must be met to qualify for it are easily accessible, and presented clearly. You must also clearly identify as such any promotional competition or game and ensure that any conditions for participation are easily accessible and presented clearly and unambiguously.
     
    You must also comply with the following basic standards:
    1. Data Protection Legislation within the applicable law must be adhered to in order that the collection of personal information is not processed, traded or disclosed illegally.
    2. You must ensure you have appropriate operational and technological processes and procedures in place to safeguard against the unauthorised access or unlawful processing, or disclosure, of personal information. The security measures you must take include the use of the most up to date technologies to protect the personal information collected or stored on your web site and/or systems. Especially sensitive or valuable information, such as financial data, should be protected by reliable encryption technologies.
    3. Distance-selling requirements must be complied with as laid down in the applicable law.
    4. Complying with other applicable trading standards and laws and regulations as the same are created from time to time.
     
    A Guide for e-Business to the EC Directive regulations 2002 and related material can be found on the HMSO website www.legislation.hmso.gov.uk

Back to top

 
Copyright © 2011 WorldPay (UK) Ltd, authorised and regulated as a Payment Institution by the Financial Services Authority 530923. Media or Press? Visit our Media Centre
 

* By transaction value and volume. Nilson Report 2010.