Onboarding online payments, what should be on the website?

Introduction

Paying by card on a website or in an app is the most convenient way to accept payments, a large number of businesses are moving into the online sphere and we are increasingly facing requests to connect online payments.

What is a merchant account?

A merchant account is a type of bank account that allows your business to accept debit or credit card payments online. With a merchant account, you do not need to set up your own merchant bank account; instead, you will need to sign an agreement with a payment processor that manages that bank account. When you sign an agreement with the payment processor, the latter will assign you an identifier; this merchant identifier will serve as your merchant account.

According to the contract terms, payments of the funds accumulated by you on the merchant account will be made at regular intervals to the current account of your company.

How merchant accounts work

Merchant Accounts are the key aspect of business operations for most merchants. A merchant can be any person or company selling goods or services.

Merchants have many options when choosing a merchant account service provider. Merchant accounts are provided by acquiring banks or payment aggregators that work with merchants to facilitate electronic payments. A key component in making the decision is the cost of the transaction.

The processing agreement is the main document regulating the relations between a merchant and a merchant provider. The key terms of the contract include the fees charged per transaction by the bank, the bank’s card processing network, penalties, and any monthly or annual fees the bank charges for providing these services.

Payment gateway

A payment gateway is a service that your site will use to initiate a transaction and receive feedback, such as approval or denial of the transaction. It is the virtual equivalent of a bank card terminal in offline stores. In fact, it is a virtual terminal for special bank card transactions in the same way as a regular terminal.

The payment gateway is responsible for reporting settlements, as well as initiating chargebacks and canceling transactions. The gateway handles all sensitive information in a secure manner. It also serves to support anti-fraud measures, such as address or geolocation verification. When the processor determines whether a transaction is approved or rejected, it passes the authorization back to the gateway, which provides a response to your e-commerce system.

Payment processor

A payment processor and a payment gateway are two different entities. A gateway is the service that your e-commerce system uses to interact with the payment processor. The payment processor is the service that actually interacts with the card-issuing banks.

When a transaction is sent to the payment processor from the gateway, the processor sends a request to the card-issuing bank. The card-issuing bank then checks the transaction for fraud, credit, and debt, and then informs the processor of the “approved” or “declined” status. The payment processor forwards this response to the gateway for transmission back to your e-commerce system.

The payment processor is who you’ll be entering into the agreement with, and it’s the one that does all the heavy lifting. He also takes most of the risk and therefore will thoroughly vet you and your business before signing an agreement with you.

E-commerce

Finally, you need a way to sell your merchandise to initiate a card transaction. This could be an e-commerce system or custom software written by you or your developers to interact with the payment gateway. If you already use or plan to use an e-commerce system, you need to see which payment gateways it is compatible with before deciding on a payment gateway.

Transaction processing

All card transactions happen within minutes and involve various fees for the merchant, which are deducted from his account. The acquiring bank charges the merchant a fee for each transaction. The network processor also charges the merchant a fee for each transaction. These fees can range from 0.5% to 5.0% of the transaction amount plus $0.20-0.30 per transaction.

Acquiring banks also charge merchants monthly fees, as well as fees in special situations like chargebacks. A monthly merchant account fee is paid to the acquiring bank to cover certain electronic payment card risks that may arise from the transaction, as well as transaction settlement services.

Chargeback (eng. Chargeback) or chargeback is a fee that is returned to the payment card after the customer has successfully disputed an item on the account statement or transaction report. This occurs when a product or service that was paid for by the customer is not received. If the chargeback request is granted and returned to the customer, the merchant must pay a penalty or chargeback fee. The chargeback request can be challenged under existing Visa and Mastercard procedures.

The chargeback process can be initiated by either the merchant or the cardholder’s issuing bank. If the chargeback is initiated by the issuing bank, the issuing bank facilitates the chargeback through communication with its processing network. The merchant bank then receives the signal and authorizes the transfer of funds with confirmation of the latter.

How it works

Below will be a schematic representation of the entire cash flow.

What information should be on the site? Merchant provider requirements.

Information required on your business website to use Stripe

Stripe, like other merchant providers, is an international system for secure online transactions that allows businesses to accept payments in multiple currencies.

Stripe is one of the most popular and feature-rich systems that also supports local payment methods.

To use Stripe, your website must contain (at a minimum):

• A full description of the products or services offered
• Transaction currencies
• Customer service contact information (phone, email, address)
• Return/refund and shipping policies (if delivering physical goods)
• Legal or export restrictions (if applicable)
• Privacy Policy
• Terms and conditions of any promotions
• Security features and payment card data transfer policy
• Full merchant information (legal entity details and address)

Information needed on your business website to use Fondy

Fondy has a wider range of requirements for its users.

General requirements for the site

The site must work and display all pages correctly.
All products and services on the site must have detailed descriptions and specifications.
the products and services you sell must match those on your Fondy application
If you have certificates and licenses, they must be published on the site.

Documentation on the site 

The following policies must be clearly presented to the buyer before he/she makes a payment:

• privacy policy
• shipping policy
• return policy

Currencies and payment methods

The site must contain information about supported currencies.

Logos of payment systems

You should also place card payment system logos on the homepage so customers know which payment methods are accepted before making a purchase.

Information about your company

The following information about your company must be displayed:

• company name
• registered business address
• place of incorporation
• registration number
• email address
• contact phone number

Legal requirements for website content

Requirements for website content vary greatly depending on the country in which you are going to offer your services and products, but we will describe the general requirements that are suitable for most countries.

Privacy Policy

It is important to understand that your customers’ personal information will be used for payment processing, and that certain personal data protection requirements must be met in order to collect and process this information according to local regulations. In the case of EU countries, these are the provisions of the General Data Protection Regulation (GDPR).

Two basic privacy documents need to be drawn up for your business.

• Privacy policy – This document regulates the entire flow of personal data within your company and its employees.
• Privacy notice – a public document for your customers, which should be on the site and provide full information about your business, the data you collect, the purposes and subjects of the transfer of personal data.
  There is a standard within the data privacy industry that merchants often require to comply with in order to ensure that you meet applicable laws.

What is the PCI standard?

If you want to accept payments directly on your website, without having to go to a payment page provided by the merchant provider, you will be required to prove PCI compliance.

PCI provides comprehensive standards and supporting materials that include specification frameworks, tools, measurements, and support resources to help organizations secure cardholder information.

PCI DSS provides the necessary framework for developing a complete payment card data security process that includes preventing, detecting, and appropriately responding to any threat to the security of personal data.

A key part of PCI compliance is protecting account information, including how the information is stored, as well as the equipment and service providers you use.

PCI compliance requirements:

1. Use of a firewall
2. Proper password protection
3. Secure encryption of payment card data
4. Use of antivirus
5. Updating software
6. Restrict access to data
7. Unique identifiers to access card information
8. Restrict physical access
9. Create and maintain logs to access information
10. Testing your operating system for vulnerabilities
11. Availability of Data map

One of the basic conditions for compliance with the above standard is the prohibition of storing bank card security code. The card security number, referred to by many acronyms including CVV2, CID and CSC, is a three-digit number on the back of Visa/MasterCard/Discover cards or a four-digit number on the front of American Express cards. It is designed to let merchants know if the customer authorizing the transaction by phone or online actually has the card.

What are Terms and Conditions?

To cut long story short, a Terms & Conditions agreement sets out the rights and responsibilities of the service provider and the recipient/user of that service.

This agreement is an integral part of any site and includes many clauses and sections, such as: responsibilities and obligations of the parties, payment, refunds, account management, force majeure, and other.

In fact, it’s a contract that your client signs with you accepting the terms and conditions fixed in it by clicking the checkbox in the special window.

Depending on the country in which you will offer your services/goods – this contract, as well as its form and name may vary. In Ukraine, websites often make two separate documents – Public offer and Terms of use.

However, today, the most common practice, especially for companies focused on the EU and U.S. market, is to create one single agreement called Terms and Conditions.

For the purposes of this article, the clause and refunds and refunds will be disclosed.

What is a return and refund policy?

A return and refund policy informs customers of your terms and conditions if they are not satisfied with the goods or services they have purchased from you.

This often applies to tangible items such as clothing or electronics. The return and refund policy also applies to digital goods and services, but there are exceptions. It all depends on the local consumer protection laws in the country where your business is registered.

A return and refund policy generally contains the following elements:

• The cost of the return or refund, for example, the customer must pay for return shipping.
• The timing of the return.
• Form of return, such as store credit or refund of purchase price.

These terms are spelled out in the Terms of Use.

You can also spell out the Terms of Use and Return Policy in separate documents on your site, for the convenience of users.

Conclusions

Checklist for connecting card payments on your site:

1. Checking and adjusting all the technical component of your site, such as: the presence of all the necessary windows, logos and checkboxes.
2. Preparing and placing on the site all the necessary data about your company and policies according to the law, as well as support contacts.
3. Checking the technical component of the site with regard to site security and personal customer data.

After completing the filling of your site and checking for compliance with all legal regulations – you need to sign a contract with a merchant provider. To do this you must:

1. Choose a merchant provider by studying all the terms and conditions.
2. Submit an application and get your business site checked for the compliance with all legal provisions and requirements of the merchant provider.
3. Carry out technical integration.

The main problem entrepreneurs encounter when setting up a merchant account is that their site doesn’t meet the merchant provider’s requirements/applicable laws.

Our lawyers will be happy to advise and accompany you in the merchant account integration process and prepare the appropriate policies for your site.