Merchant Acquiring Guidelines (“Guidelines“)

1. Scope of the Guidelines

These Guidelines form part of the Rapyd Merchant Agreement and are in addition to and supplement the General Terms.

These Guidelines set out operational guidelines that apply to Card Payments. Capitalised words or phrases have the meaning given to them in the separate Definitions document

You must at all times comply with all Applicable Laws and the Agreement.

You warrant and undertake not to use the Services for a type of business and/or Merchant Products that are prohibited or restricted by the Prohibited and Restricted List. You agree that you have sole responsibility for ensuring that your business and/or Merchant Products (if relevant) are compliant with the Prohibited and Restricted List, the Rapyd Network Rules and all Applicable Laws. We may update the Prohibited and Restricted List at any time and you agree that you have sole responsibility for checking it regularly and ensuring you remain compliant with it.

You must be in control of and have the right to use the Merchant Outlet irrespective of whether it is a physical store or website. In addition, the Merchant Outlet must be registered in your name as detailed in the MA Form.

You must not:

  1. Accept Card Payments for Merchant Products that are prohibited by the Prohibited and Restricted List.
  2. Accept Card Payments for products or services offered by third parties. 
  3. Accept Card Payments to obtain funds that you intend to or do in fact transfer or forward to third parties. 
  4. Accept Card Payments or engage in any other activities that may harm our brand or image and/or those of the Card Schemes.
  5. Accept Card Payments for morally or ethically dubious purposes or Merchant Products, that in any way violate Applicable Laws.
  6. Use your own card(s) or cards belonging to a director or partner of your business for Card Payments to generate sales, increase turnover, remove funds from the business or for any purpose other than a genuine sale or purchase.
  7. Allow any third party access to your Payment Device.
  8. Initiate a Refund if there are insufficient funds in your Settlement Account to cover the Refund. 
  9. Split a sale into two or more separate Card Payments whether on one Payment Card or across different Payment Cards to avoid having to obtain Authorisation for the full amount. 

2. Your obligations

2.1 Compliance with security requirements

Payment Devices and Payment Methods

You may use only such Payment Devices and/or Payment Methods as are permitted by this Agreement, the Card Scheme Rules, and Applicable Laws and that we have  approved  including in relation to technical and security requirements.

You must at all times comply with all applicable verification procedures and security requirements that we communicate to you, including 3-D Secure and other measures to avoid fraudulent transactions.

You must ensure that no unauthorised person has access to your Payment Device or Payment Methods including by preventing the installation of skimming equipment.

At least once a day you must  inspect your Payment Devices to ensure they have not been tampered with. We may require you to  install anti-skimming equipment and/or camera surveillance where we  in our sole discretion deem there to be a risk of skimming and/or “money traps”. If your Payment Devices are skimmed, we may require you to take additional measures, including inspecting the Payment Devices more frequently.

The compromising of systems

You must inform us immediately of any confirmed or suspected unauthorised access to any of your systems that contain Card Data. If  any of your systems containing Card Data or those of any of your third party suppliers are or might have been compromised, we reserve the right to charge you the equivalent of any charges or penalties the Card Schemes impose on us.

You are responsible for any loss or damage resulting from or connected to Card Payment fraud and/or any security breach affecting your systems including any associated investigative costs. Any investigations into confirmed or suspected security breaches must be performed by a certified data security firm approved by the Card Schemes and you must fully cooperate with and assist us, the relevant data security firm and/or any relevant public authorities in relation to any such investigations.

During an investigation we may suspend the  Services until  you are compliant with the relevant PCI DSS security requirements.

2.2. Processing of Card Data and Transaction Data and other documentation

General

You must limit your use of Card Data to Transactions and must not use it to identify a person, whether legal or natural.

You must store all documentation in a fully secure manner to protect it from unauthorised access. You must store documentation from a Card Payment, including Receipts bearing a person’s signature, for a minimum of 540 days to allow, among other things, for the resolution of disputes. Once this retention period has expired, you must destroy the Card Payment documents in a suitable manner, to prevent unauthorised people from accessing any Transaction Data.

Compliance with PCI DSS requirements

You must comply with all PCI DSS requirements  and are liable for all associated costs. Upon request, you  must provide us with your PCI DSS validation, for instance an attestation of compliance (AOC) or a report of compliance (ROC) completed by a certified data security firm (Qualified Security Assessor) and a pass result for a vulnerability scan performed by a certified data security firm (Approved Scanning Vendor) in line with our and the Card Schemes’ validation requirements. Even if you do not handle or store Card Data you may still have to present PCI DSS certification if we or the Card Schemes require. You must not  store Card Data and must inform us if you or any third party connected to you handles or stores any Card Data. You must not under any circumstances store the Payment Card’s Security Code or other sensitive Card Data after an Authorisation is complete.

If you use a  third party agent they must be validated for PCI DSS compliance and listed on the PCI Security Standards Council’s list of validated service providers. Any third party partners that we use will be PCI DSS compliant where appropriate. The global list of PCI DSS validated service providers is located on the PCI Security Standards Council’s website.

2.3 Use of and rights to trademarks

For general rules on our Intellectual Property Rights, please refer to our General Terms.

All rights in the Payment Card trademarks belong to the relevant Card Schemes and/or to us. We retain all ownership of and rights in our Intellectual Property Rights. You are entitled to use the Payment Cards’ logos in connection with your marketing of Merchant Products that can be paid for using the Payment Cards. Similarly, you are  entitled to use 3-D Secure logos. You must clearly display the Payment Card logos. If you use 3-D Secure, you must display the relevant 3-D Secure and Payment Card logos. You must not use the logos for any other purpose.

You may obtain and order from us the relevant logos and stickers for use at the Merchant Outlet and in your marketing materials. The logos must always be displayed in their original, correct layout.

Images of Payment Cards used in marketing materials must not contain a valid card number or Customer name.

Your use of the logos must not violate the owners’ Intellectual Property Rights must not create the impression that the products and services are sponsored, produced, offered, sold or otherwise supported by the Card Schemes.

Following the termination of this Agreement you must immediately stop using the trademarks and logos in any sort of marketing including signage, on the Internet or via social or other media.

2.4. E-Commerce Transactions

We will provide you with E-Commerce Transaction Services only if this is expressly set out in this Agreement. 

In carrying out E-Commerce Transactions we will in most cases capture the following information:

  1. Payment Card number;
  2. Payment Card issue number (if applicable);
  3. Customer name as it appears on the Payment Card;
  4. Payment Card expiry date;
  5. Customer’s full billing address as it appears on their billing statement;
  6. Shipping/delivery address if different from the Customer’s billing address; and
  7. The three digit Payment Card Security Code (CSC) also known as the CVV2, which appears at the end of the signature stripe.

For American Express Payment Cards there are four (4) security digits, found at the front or back of the Payment Card.

E-Commerce Transactions are largely protected by Card Scheme Authentication. However, you must always implement all additional measures required for Card Not Present Transactions, and also look out for:

  • Any alert from us that may indicate the Card Payment is of higher risk;
  • Orders where the Customer’s billing country, the country attached to the Customer’s IP address and/or Card Issuer country do not match;
  • An e-mail address that bears no resemblance to the Customer’s name;
  • An email, name or address which suggests illogical or fictional characters;
  • Multiple Card Payments being attempted by an individual using more than one card, whether Payment Cards or otherwise; and/or
  • Card testing – where multiple transactions are attempted on cards whose numbers appear to run in close sequence.

If you are suspicious, take additional steps to verify your Customer’s identity. Try contacting them using the contact details (email and phone number, a landline is preferable) they have supplied to you.

Always try to deliver Merchant Products to the individual who placed the order and to the Customer’s billing address. Never hand Merchant Products to someone waiting outside the Merchant Outlet. Obtain a signature from the Customer as proof of delivery and keep this with your Card Payment records in case a dispute arises.

2.5. Requirements regarding your website for E-Commerce Transactions

You must have certain content or features on your website to make it easier for online Customers to use and to reduce Customer disputes and/or Chargebacks, including as a minimum:

  1. Your business name, company registration number, VAT registration number and full address (including country);
  2. An email address and telephone number for customer services or similar;
  3. A description of your Merchant Products their prices, and any taxes and fees;
  4. Your terms and conditions, including terms dealing with the Customer’s rights of cancellation, delivery and payment as well as shipping costs;
  5. A “click to accept” button or another type of confirmation function that requires the Customer to accept the conditions governing the returns policy for the Merchant Products;
  6. Wording that Customers are able to pay using Payment Cards;
  7. The logos of the Payment Cards in the part of the website where the Customer chooses the payment method;
  8. The Transaction Currency; and
  9. Any export restrictions.

In addition, your payment solution must contain a function for the Customers to enter their Security Code.

2.6. External suppliers

You must inform us if you use an external supplier that handles Card Data or for other reason you grant a third party access to Card Data e.g. a web hosting service, payment solution provider, digital wallet, etc. You must also inform us if you change any of your external suppliers.

You are responsible for the acts and omissions of your external suppliers and for ensuring that if they process Card Data on your behalf, they fulfil  all relevant security and data privacy obligations that we, the Card Schemes and/or the  PCI DSS require.

2.7. Risk assessment

We reserve the right to perform a risk assessment of you at any time. You agree to provide us with all information and data we may request including that relating to any third parties or external providers you may use, financial statements and any other information we may reasonably require to assess your creditworthiness and risk profile. We may require you to provide information about your licences, and your revenue related to prepayments. We may also assess your sales, Refunds, Chargebacks, and/or fraud performance.

We may, as a result of a risk assessment:

  1. Require you to provide a guarantee, collateral or other type of security;
  2. Withhold Settlement in whole or in part;
  3. Extend the Settlement period for all or part of your revenue;
  4. Require you to pay a risk and/or Chargeback fee; and/or
  5. Amend or terminate the Agreement.

As part of any ongoing risk assessment, we or the Card Schemes may conduct, at your expense, an unannounced physical inspection of your Merchant Outlet to the extent it is relevant to this Agreement, which may include a security assessment and/or a general assessment of:

  1. Your Merchant Outlet;
  2. Your servers and stored data;
  3. Your stock f( if any);
  4. Your internal processes; and/or
  5.  Your compliance with the security requirements of this Agreement.

2.8. Changes in your circumstances

You must inform us in writing of any change in your business circumstances as previously reported to us, including changes in your business, such as a change of: the legal entity; ownership, directors or partners; address/contact details; or bank account. You must also inform us of any actual or potential insolvency event, or sale or other disposal of all or any material part of your business.  

You must inform us prior to making any significant changes to the Merchant Products or your payment or delivery conditions in connection with Card Not Present Transactions, e.g. prepayment, or if you anticipate significantly increased sales. If you change the nature of the Merchant Products, you must inform us before processing any Card Payments for those Merchant Products. Such change includes a change in the length of any guarantees or warranties that you may offer for the Merchant Products. 

Any changes relevant to this section may mean we need to conduct a new risk assessment under section 2.7 of these Guidelines or that we need to amend the Agreement or enter into a new agreement. If you make any  changes to the Settlement Account you must inform us of this in writing and provide us with written  confirmation from the relevant bank or copies of account statements that are signed by an authorised signatory or person holding a power of attorney with authority  to bind you.

3. ACCEPTANCE OF PAYMENT CARDS

3.1. General

You must ensure that all personnel who handle Card Payments on your behalf understand the Card Scheme requirements and you must provide them with appropriate training.

You must accept all payments that your Customers make using the type of Payment Cards you have chosen to accept (e.g., credit, debit, prepaid or commercial), regardless of the amount involved.

However, you are not obliged to accept payments made with all the different types of Payment Cards (e.g., credit, debit, prepaid or commercial) offered by the Card Schemes, provided your decision is not based on the identity of the Card Issuer or the Customer. If you decide not to accept certain types of Payment Cards, you must make this clear  to Customers before they attempt to purchase Merchant Products from you by displaying information or a notice to this effect in the case of a physical Merchant Outlet, prominently at the entrance  and near the point of sale terminal or in the case of a Card Not Present Transaction, on your website or other applicable electronic or mobile medium.  If for whatever reason you do accept a Card Payment made with a type of Payment Card you do not want to accept, provided the Payment Card is covered by this Agreement, we will process the Card Payment in accordance with the Agreement and charge you the relevant Fees. 

You must always follow the instructions displayed on the Payment Device. Keep the Payment Device in sight during each transaction and take it back from the Customer as soon as they have entered their PIN. 

If the Payment Card has a chip, the Payment Device must always be used to read the Payment Card’s chip, except for Contactless Payments. If the chip cannot be read, you may ask the Customer to complete the Card Payment using the magnetic stripe. Be aware that if a Customer tries to distract you during a Card Payment, especially during Authorisation, this may be an indication of attempted or actual fraud.

A Customer must never disclose their PIN to you and they should be encouraged to shield the PIN pad when entering their PIN. If the Customer enters the wrong PIN three times the Payment Card will be locked and you should advise them to contact their Card Issuer. 

You may allow a Customer to use a signature to verify a Card Payment only when absolutely necessary. This is usually only when the Payment Card does not support chip and PIN Authentication, only has a magnetic stripe or when the Customer is unable to use PIN verification due to a personal disability. 

Never process a Card Payment by PKE simply because the Customer cannot remember their PIN. If a technical issue results in the Payment Device being unable to read the chip, you can process the Card Payment by way of the magnetic stripe and signature or PKE. However, you should ensure that the security features on the Payment Card are present and correct.

The Customer is entitled to a copy of the relevant Receipt for each Card Payment. Once the Card Payment has been completed, you must ensure that the Customer receives a Receipt, either in paper form or if the Customer has consented, as an Electronic Receipt. Regardless of the type of Receipt, it must contain at least the following information:

  1. Merchant Outlet’s name and address;
  2. Amount;
  3. Transaction Date;
  4. Last four digits of the Payment Card number;
  5. Authorisation Code;
  6. Customer’s signature (where appropriate); and
  7. Delivery address for Card Not Present Transactions.

In particular specified circumstances, for example for low value Card Payments using Customer Activated Terminals, e.g., soft drink vending machines, we  may agree to Payment Devices not printing  Receipts.

The Receipt may only show the last four digits of the Payment Card number.

3.2. Manual entry of data

You must not manually enter a Payment Card number or other information into the Payment Device unless you are a specified type of merchant and in specified circumstances, for example hotels dealing with no-show transactions and Delayed Charging or car rental companies dealing with Delayed Charging or modified transactions.

If the Payment Device is in offline mode and has offline Card Payment functionality, the Payment Card’s chip or magnetic stripe must be read by the Payment Device. Youmust, before completing an offline transaction, verify that the Payment Card is valid to make sure that the Payment Card is not blocked. You will receive an Authorisation Code if the Authorisation is approved, and will receive a rejection notice if the Payment Card is blocked, if there are insufficient funds, etc. You must enter the Authorisation Code into the Payment Device. You must not allow the Customer or a third-party to enter a Payment Card number or Authorisation Code into the Payment Device.

3.3. Authorisation

You must ensure that all Card Payments are submitted for Authorisation. A Security Code must always be used for E-Commerce Transactions and MOTO Transactions. Authorisation of a Card Payment is not a guarantee of Settlement. Authorisation simply means that at the time of the  Authorisation request, the Payment Card was not blocked and there were sufficient funds available on the Payment Card/Payment Card account to cover the purchase. Do not obtain Authorisation to set aside a Customer’s credit line for use in future sales.

If you use Pre-Authorisation functionality, you must tell the Customer the amount that has been authorised.

For Card Not Present Transactions, an Authorisation is valid for up to seven (7) calendar days.

You must include the Authorisation Code in the Transaction Data you send to us.

If the Authorisation request is rejected, you must not complete the Card Payment, regardless of the amount involved.

If the Payment Device displays a code indicating that the Payment Card should be confiscated, you must refuse to accept the Payment Card as a means of payment and attempt to confiscate the Payment Card if you consider it safe to do so. You must send all Payment Cards you confiscate to us.

You must not accept an Authorisation Code from a Customer or third party or anyone other than us or systems we have approved. You must not request or obtain Authorisation at the request of a third party.

An Authorisation Code is no guarantee that we will accept the Card Payment, nor is it a confirmation of the Customer’s identity, it merely confirms that at the time of Authorisation the Payment Card is not blocked and that there are sufficient funds in the relevant account to cover the relevant amount.

If a  Card Payment is not completed, you must reverse the Authorisation amount within twenty-four (24) hours of cancellation of the purchase. If the final Card Payment amount is less than the amount of the Authorisation, you must immediately reverse the difference.  Authorisation amounts that you do not reverse must be exactly equal to the final Card Payment amount.

You must not request Authorisation solely to check the status of a Payment Card, but only to complete Card Payments. If you obtain Card Data to perform MITs, you must conduct Account Verification and SCA.

Pre-Authorisations for Mastercard and Maestro: if you are not sure whether you will be able to complete a Card Payment within seven (7) calendar days of Authorisation, or if the amount is not known, you must perform a Pre- Authorisation. A Pre-Authorisation is valid for thirty (30) days for Mastercard and seven (7) days for Maestro.

You must not perform Pre-Authorisations for Maestro cards in Card Present Transactions, except in the case of sale of fuel in Customer-Activated Terminals.

3.4. Refunds

Your Payment Device is set up by default to prompt for a supervisor password before a Refund can be issued. You should only ever issue a Refund to the Payment Card from which the original Card Payment was taken.

The value of the Refund will be taken from your Account, and it will be displayed as a negative in your Net Settlement Amount in Saga. If your Account does not have the funds to honour the Refund, it may be refused.

You must:

  • Only process a Refund to the Payment Card that was used in the original Card Payment;
  • Check this by matching the last four digits of the Payment Card number to those printed on the original Payment Device Receipt;
  • Never give a Refund by way of cash or cheque when the original purchase was made using a Payment Card and do not process a Refund to a Payment Card when the original transaction was not a Card Payment e.g. cash or cheque; and
  • If your Payment Device requires a supervisor card or PIN to enable the processing of Refunds, please ensure that this is controlled by an appropriately authorised individual. 

For specific instructions on how to use your Payment Device to manage Refunds, see the relevant user guide. 

3.5. Card Not Present Transactions

Card Not Present Transactions include the following: 

  • Mail Order/Telephone Order (MOTO) – transactions processed through your Payment Device following receipt of an order via mail, telephone or fax; or
  • Recurring transactions

Card Not Present Transactions present an increased fraud risk to you because there is no face-to-face contact with the Customer and you do not see the Payment Card. You are liable for Card Not Present Transactions and you therefore need to be aware of the risks when accepting them, specifically MOTO transactions. These can be very difficult to defend from Chargebacks because it is difficult to prove that the Customer placed the order or authorised the purchase.

Mail Order/Telephone Order (MOTO)

In order to process a MOTO transaction you should obtain the following information from the Customer: 

  • Payment Card number;
  • Payment Card issue number (if applicable); 
  • Customer name as it appears on the Payment Card; 
  • Payment Card expiry date; 
  • Customer’s full billing address as it appears on their billing statement;
  • Shipping/delivery address if different from the billing address; and
  • The Security Code (CSC) also known as the CVV2, which appears at the end of the signature stripe (if your Payment Device is capable of checking CVV2 data).

Recurring Transactions

Recurring transactions are used to collect regular payments (e.g. subscriptions or instalments) from a Customer.  You must ensure that the first payment in a chain of Recurring Transactions is undertaken as securely as possible i.e. chip and PIN in Card Present Transactions, or in the case of MOTO with CVV2 verification. You must not store or otherwises retain the CVV2 to process  future Card Payments. See further information in Chapter 9.

3.6. Approved currencies

You may accept Card Payments only in currencies that we have approved.

3.7. Dynamic Currency Conversion (DCC)

If we authorise you to offer DCC you must inform the Customer of the current relevant exchange rate and any fees, and must obtain the Customer’s agreement to pay in their own currency before you submit the Card Payment as a DCC transaction. If the Customer does not agree to pay in their own currency, you must complete the transaction in your local currency.

Current exchange rates are fixed daily on banking days by the DCC provider. The currency tables in the Payment Devices are updated automatically.

Settlement of DCC transactions will be based on the original Card Payment amount in the local currency, i.e., the amount prior to DCC conversion.

DCC is not permitted for domestic Card Payments, i.e. where you and the Payment Card have the same local currency. DCC is only permitted for Card Payments with foreign Mastercard and Visa.

You must send Authorisation requests to us in the Transaction Currency and state the final Card Payment amount, i.e. the amount after DCC.

3.8. Submission of Card Payments to us for Settlement

You must submit details of a Card Payment to us without delay and no later than three (3) days after the Transaction Date. Any Card Payments submitted after this time will be downgraded by the Card Schemes and may attract additional charges and Fees. We may charge you a Fee for Card Payments we receive more than three (3) calendar days after the Transaction Date. We may also reject Card Payments we receive more than three (3) calendar days after the Transaction Date.

You must not submit a Card Payment to us for Settlement before you send or deliver the Merchant Products to the agreed recipient, unless we have given you written approval to accept prepayments.

You must submit details of all Card Payments for Settlement via the Payment Device. You must reconcile the Payment Device or on every day that a  Card Payments is made.

You are responsible for ensuring the Transaction Data sent via the Payment Device is error-free. We may refuse to receive or process Card Payments that have Transaction Data errors. We reserve the right to correct errors in Transaction Data.

3.9. Strong Customer Authentication (SCA)

SCA requirements

You must, unless explicitly exempted, apply SCA in all cases where the Customer:

  1. Initiates a Card Payment;
  2. Provides you with Card Data for you to use on a later date, e.g., MITs; and
  3. Carries out any action through a remote channel that may indicate a risk of payment fraud or other abuses.

In addition, you must apply SCA as required by the relevant Card Issuer.

You must not use SCA for MOTO Card Payments.

Your payment solution must be able to support SCA even if you intend to limit your offering to  SCA exempted Card Payments.

You must only use a type of SCA that we approve. We have approved the following types:

  • For Card Not Present Transactions: 3-D Secure; and
  • For Card Present Transactions: Customer’s PIN

You must always use a version of 3-D Secure that is compliant with the rules of the relevant Card Scheme(s).

You are responsible for ensuring that all Card Payments are marked correctly, including with respect to submitting the transaction indicator.

If you are using third parties to carry out Card Payments or otherwise handle Card Data, you are responsible for ensuring that such third parties apply SCA in accordance with this Agreement. For example, if you use third parties for bookings, e.g., lodging merchants, vehicle rental merchants, travel agencies and airlines, you are responsible for ensuring that those third parties apply SCA.

If you wish to accept American Express cards for E-Commerce Transactions, you must use the American Express Safekey.

SCA-exemptions

You do not need to apply SCA where the Customer initiates a Card Present Transaction and the Card Payment is:

  1. A Contactless Payment that does not exceed EUR 50; or
  2. A Card Payment where a Customer Activated Terminal is used to pay a transport fare or a parking fee.

You do not need to apply SCA where the Customer initiates a Card Not Present Transaction that is EUR 30 or less.

If we consider that your Merchant Products  are low risk, we may waive the requirement for SCA. We will notify you in writing of any such waiver. If we do not tell you that we have waived this requirement, all SCA requirements must remain in full force and effect. Even if we do notify you of such a waiver, a Card Issuer may still require you to apply SCA to Card Payments.

Merchant Initiated Transactions (MIT)

For MIT, you must apply for Authentication using SCA for the first Card Payment but not for subsequent MIT.

Requirement for SCA on all Card Payments

We may, with immediate effect, require you to apply SCA for all or specific Card Payments if:

  1. The number of disputes in which you are involved is disproportionately high relative to the number or volume of your Customer Card Payments;
  2. We in our sole discretion consider your risk assessment to be unsatisfactory;
  3. We do not consider the Merchant Products to be low risk;
  4. The Card Schemes require it; or
  5. We reasonably believe this is required by Applicable Law.

Potential suspension of Services and rejection of Card Payments

If you do not fulfil the SCA requirements, we may immediately and without notice suspend the Services and/or reject Card Payments until we consider you to be compliant with the requirements. 

Liability

You are fully liable for all disputed Card Payments where you have not applied SCA and we may charge you for the full Card Payment  amount and associated Fees.

4. THE RELATIONSHIP BETWEEN YOU AND THE Customer

4.1. General

You must receive and process any claims from Customers relating to the Merchant Products. You must settle any such claims directly with the Customer and must not involve us. You must not include a clause in your terms and conditions that prevent or limit the Customer from raising claims against you, or that refer the Customer to a third party for claim handling.

4.2. Crediting the Customer 

You may credit the Customer only to void a previous Card Payment in whole or in part, e.g. if the Customer returns a Merchant Product. You must ensure that it is possible to link any such credit to the original Card Payment.

You must always credit Card Payments to the Payment Card used for the Card Payment that is being credited. You must not credit more than the total amount of the Card Payment that is being credited. You must submit credits electronically. You must give a Receipt for the credit to the Customer.

We will either offset a credit against future Settlements or invoice you for the total amount of the credit and any other associated costs. We will not reimburse you for any Fees that we have previously calculated or charged you for in connection with such credits.

4.3.Cancellation of a Card Payment

If a Card Payment is made in error, you must cancel the transaction if possible. If it is not possible to cancel the Card Payment, you must implement  a credit. If this is not possible, you must contact us.

4.4. Fees for use of Payment Cards

If you, acting in accordance with Applicable Laws, charge a fee for a Card Payment (surcharge), you must inform the Customer before the Card Payment is completed.

5. DISPUTED CARD PAYMENTS

5.1. Disputes

A Chargeback is a way in which a Card Issuer can reclaim funds on behalf of a Customer for a Card Payment that you have processed.  This may occur if the Customer or Card Issuer disputes the validity of a Card Payment. When a Card Payment is disputed the Card Issuer and we (as the acquirer) must operate within clearly defined Card Scheme procedures to manage the dispute and establish whether you should retain the disputed amount or whether it should be returned to the Customer.  

A Chargeback can occur when there is a dispute over the validity of a Card Payment, Merchant Products have not been supplied or when there has been a processing error.  Some of the most common reasons for receiving a Chargeback are: 

  • Failure to respond to a retrieval/copy request within a given timescale, or with appropriate information;
  • The Customer not recognising a Card Payment recorded  on their statement, such as the amount, your  ‘doing business as’ name or the location;
  • A Recurring Payment not being cancelled, despite the Customer’s request to do so;
  • The Customer being promised a Refund and not receiving one; or
  • The non-arrival of or a failure to deliver the Merchant Products.

You may dispute a Chargeback. To do so you must supply us with information and evidence to prove that the Card Payment was authentic, authorised and made by the Customer. We will consider any information you supply and will attempt to dispute the Chargeback where we consider it  appropriate to do so, but we cannot guarantee this will be successful and it will ultimately depend on whether the evidence you provide meets the Card Scheme requirements.

If you fail to provide documentation or information within the applicable time limits, we will not contest the Chargeback and we may uphold the Chargeback and offset or deduct the disputed amount from your Account. We are not required to provide you with documentation regarding the Customer dispute.

If we receive a claim disputing a Card Payment and we are unable to reject it, we may withdraw the disputed amount in full plus any associated Fees from your Account, or offset it against Settlement. If there are insufficient funds in your Account or insufficient revenue, we may invoice you.

We reserve the right to withdraw money from your Account or to offset any dispute concerning:

  1. Card Payments made using Payment Devices that do not read chips if: (i) the Payment Card used was forged or counterfeit; and/or (ii) the Customer claims they did not complete the Card Payment;
  2. Card Not Present Transactions carried out without Authentication that uses the latest version of 3-D Secure; and/or
  3. Card Payments made using Customer Activated Terminals and completed without the use of a PIN.

We will approve Card Payments that were: (i) completed using the Payment Card’s chip and PIN; or (ii) Authenticated by the Customer using 3-D Secure in the event of Card Not Present Transactions, unless you  knew or should have known that the Customer was not entitled to use the Payment Card, or you failed to provide documentation we requested from you.

You must monitor all Copy/Retrieval Requests  as well as Chargeback back office systems.

Avoiding unnecessary Chargebacks

While disputes are rare for most merchants, they are probably inevitable at some point. Not dealing with them adequately can lead to Chargebacks, which in turn can result in loss of business and revenue. To minimise losses from Chargebacks, you must understand your responsibilities in the Chargeback process and establish procedures and practices for managing them.

The following may be helpful in preventing Chargebacks:

  1. Respond promptly and adequately to  Copy/Retrieval requests – you must always supply copy documentation as soon as possible in response to Copy/ Retrieval Requests. Send legible copy documentation with all necessary and available information regarding the Card Payment within the specified time limit. Incomplete or unfulfilled Copy/Retrieval Requests will invariably lead to a Chargeback. 
  2. Ensure your name is recognisable – It is critical for a Customer to be able to recognise Card Payments on their Payment Card accounts or statements to avoid potential disputes and Chargebacks for the ‘Customer Does Not Recognise’ reason. 
  3. Expired Payment Card – If the Payment Card expiry date given by the Customer precedes the Transaction Date, the Payment Card is expired and as such is invalid. If you do not obtain Authorisation, the Card Payment  may be subject to a Chargeback due to the Payment Card being  ‘Expired or Not Authorised’.
  4. Declined Authorisation – A Card Payment should not be completed if the Authorisation was declined. Similarly, in the case of 3D secure transactions, you should not proceed where the Authentication has failed.
  5. Submit Card Payments only once – Make sure Card Payments are submitted only once. If the same Card Payment is processed more than once it will lead to a Chargeback for ‘Duplicate Processing’. 
  6. Communicate your return, Refund and cancellation policies – Communicate these clearly to the Customer at the time the Card Payment is completed, or include this information in clear terms on your website and adhere to them. 
  7. Transmit Transaction Data promptly – Submitting Transaction Data after a three (3) day period may lead to Chargebacks due to ‘Late Presentment’.
  8. Deposit or submit Refunds (credit transactions) promptly – You should process Refunds as soon as possible, preferably the same day they were generated. If you fail to do this it may lead to Chargebacks for ‘Credit Not Processed’.
  9. Customer complaints – Act promptly when a Customer contacts you about a problem. 
  10. Delayed delivery – If the Merchant Products are likely to be delayed, notify the Customer of the delay and communicate the new expected delivery date. 
  11. Out of stock Merchant Products  – If Merchant Products ordered by the Customer are not in stock, if delivery will be delayed or the Merchant Products are no longer available, you should notify the Customer and offer the option of acquiring similar Merchant Products or canceling the Card Payment. To avoid a potential Chargeback due to ‘Not as Described’ or ‘Non-Receipt’, Merchant Products should not be substituted for different Merchant Products without the Customer’s agreement.
  12. Ship Merchant Products  before processing Card Payments – You should not submit Card Payments for processing until you have shipped the Merchant Products unless the Card Payment is a deposit. 
  13. Recurring Payment cancellation requests – If the Customer requests the cancellation of a Recurring Payment, you must always respond to the request and cancel the Recurring Payment immediately or as specified by the Customer, subject to any notice period you have expressly agreed with the Customer. Confirm to the Customer in writing that the request has been received and actioned. Failure to respond to cancellation requests will almost invariably lead to a Chargeback.

6. MONITORING, FRAUD, ETC.

We monitor Authorisations and Card Payments we receive from you. We also monitor any Card Payment reported as being a dispute, Chargeback,  or case of fraud.

We will contact you and investigate if our monitoring reveals a deviation from what we reasonably consider to be your usual patterns or behaviour or those of the industry in which you operate or if we have a reasonable suspicion of fraud or if the reported level of fraud associated with you is higher than what we would reasonably consider to be normal. In such cases, we are entitled immediately to change the Settlement arrangement, including  withholding Settlement, suspending the Services and/or terminating the Agreement.

We may also reverse Card Payments that the relevant Card Issuer has confirmed as being fraudulent, provided you have not delivered the Merchant Products.

We may require you to implement measures to reduce the number of fraudulent transactions, disputes, Chargebacks or credit transactions, etc., for instance by upgrading or replacing Payment Devices, implementing a fraud monitoring system that we have approved, or by implementing manual monitoring of Card Payment. You must act in accordance with our instructions to limit fraud within the time limit specified.

If the number of disputes, Chargebacks, fraudulent transactions or credit transactions leads to additional costs for us, e.g. in the form of charges payable to one or more of the Card Schemes, we may pass such costs on to you.

Your right to Settlement for Card Payments where 3-D Secure has been applied may lapse if the Customer denies having participated in the Card Payment and the fraud reported to Visa and/or Mastercard exceeds 0.5% of your revenue from Visa and Mastercard respectively. Fraud, Chargebacks and disputes may be calculated on the basis of domestic, European or international card use and/or number of Card Payments. We will let you know if your right to Settlement for a Card Payment has lapsed.

It is in everyone’s best interests to reduce and prevent the risks of fraud when processing Card Payments, whether they are Card Present Transactions, Card Not Present Transactions, or online Card Payments. You as a merchant can also play your part in protecting yourself from fraudulent purchases and spending behaviour. Also protect yourself from fraud by knowing and training your staff, not letting anyone access your Payment Device or offer you an unexpected “replacement” without independently validating who they are. Be aware also that fraudsters may make telephone calls pretending to be one of your service providers. Stay alert. 

7. OPERATING INSTRUCTIONS FOR CONTACTLESS PAYMENTS

7.1. Scope

These guidelines apply to Contactless Payments. 

7.2. Payment Device requirements

Contactless Payments are available if you  have a Payment Device with approved Contactless Payment functionality.

You are responsible for ensuring that the technical configuration of the Payment Device/ contactless card reader used for Contactless Payments complies at all times with this Agreement and possesses technical characteristics that comply with EMV Contactless Specifications, which are available at www.emvco.com. You are liable for any losses that may arise as a result of improper technical configuration, (see section 9 (Liability etc.)).

7.3. Receipt

The Payment Device must be able to print Receipts for Contactless Payments. You must print a Receipt at the Customer’s request.

7.4. Transaction limit

The transaction limits for Contactless Payments are set by the Card Schemes and are subject to change without notice at any time. We post the current transaction limits on our website.

Customer Authentications are not required for Contactless Payments, unless the transaction amount exceeds the applicable transaction limit, or if the Payment Device prompts Customer Authentication.

You must complete Card Payments that exceed the prevailing transaction limits with Customer Authentication by means of PIN entry.

Card Payments completed with another approved Payment Device, e.g. a smartphone, that exceed the prevailing transaction limits, must be completed with Customer  Authentication using the security precautions associated with the given Payment Device. When a smartphone is used as a Payment Device, the Customer is verified through the entry of a password on their smartphone. Any instructions that appear on the Payment Device must be followed at all times.

7.5. Settlement

We will settle all Contactless Payments provided you comply with all the provisions of these Guidelines and do not exceed the maximum transaction limit for Contactless Payments prevailing at any given time.

8. OPERATING INSTRUCTIONS FOR STORED CARDS AND APP PAYMENTS

8.1. Scope

This section applies to you if you offer a Stored Card function on your website or App Payments. 

You may not offer a Stored Card or App Payment function unless this Agreement covers E-Commerce Transactions or we have approved this in writing. 

If we have agreed that you may offer E-Commerce Transactions: 

  • You must provide an option for non-registered Customers to pay using Payment Cards; and
  • You may offer Stored Card or App Payments as an alternative payment method for Customers who have created a customer profile, provided this payment method is available through your payment solution.

8.2. Registration

The Customer must create a username and password on your website or in your user interface.

The Customer must give their consent to Card Data being retained by your payment solutions  supplier.

Your payment solutions supplier must be PCI DSS-certified, and Card Data must be processed, stored and transmitted in accordance with PCI DSS. You must ensure your payment solutions supplier deletes the stored Card Data at the Customer’s request.

Your website or user interface where the Customer enters their username and password must use approved encrypted data storage and an encrypted connection, in order to prevent unauthorised parties from gaining access to this information.

We may impose requirements regarding your validation of the Customer’s information at the time of registration.

8.3. Password requirements

The Customer’s password must consist of a combination of uppercase and lowercase letters and numbers/symbols, and must comprise at least seven (7) characters for Stored Cards, and at least four (4) characters for the App Payments function, unless otherwise agreed with us in writing. After six (6) failed attempts by the Customer, you must block access.

The Customer’s password and username must not be identical. The Customer’s password must not be the same as any of the four (4) most recent passwords used by the Customer.

8.4. Security requirements

Once the Customer has entered their password, you must ensure that they may only remain logged in for as long as the browser window remains open. If the browser window is closed, you must ensure the Customer has to log in again. You must configure a time limit of fifteen (15) minutes or less that the browser window can remain open without any activity (timeout). You must ensure that if the Customer exceeds this time limit they are logged out automatically.

You must ensure that for App Payments, the Customer is logged out automatically when they close the application and they must then log in again. You must configure a time limit  of fifteen (15) minutes or less that the Customer can be logged in without any activity (timeout). You must ensure that if the Customer exceeds this time limit they are logged out automatically.

Using applications to store passwords is not allowed.

8.5. Authentication

At the time of the first Card Payment, you must complete full Authentication using 3-D Secure unless otherwise agreed with us in writing.

8.6. Information on the payment screen

You must ensure that the payment screen shows both the last four (4) digits of the account number or token, and the logo of the relevant Card Scheme,

8.7. Receipt

You must send an Electronic Receipt to the Customer by email once the Card Payment has completed.

8.8. Changes

If the Customer wishes to change information related to their account or Payment Card, you must complete Authentication again using 3-D Secure, unless otherwise agreed with us in writing.

8.9. Storage of Customer Data

You must store all Customer Data, such as usernames and passwords, in a proper manner that prevents Customer accounts or information from being compromised.

You must ensure the Customer’s password is hashed or encrypted.

8.10. Limit

We may require that a daily limit is imposed on each Payment Card. You must ensure that your payment solution provider is able to handle and implement such limits.

9. OPERATING INSTRUCTIONS FOR RECURRING PAYMENTS, INSTALMENT PAYMENTS AND UNSCHEDULED CREDENTIAL ON FILE

9.1 Scope

This section applies to you if you offer Recurring Payments, Instalment Payments or Unscheduled Credential on file in connection with E-commerce. 

You may offer Recurring Payments, Instalment Payments or Unscheduled Credential on File, only if this Agreement covers E-commerce Transactions. Recurring Payments allow you to collect regular Card Payments (e.g.subscriptions or instalments) from your Customers’ Payment Cards. You must ensure that the first Card Payment in a Recurring Payments chain is conducted as securely as possible i.e. by using chip and PIN in a Card Present Transaction, or in the case of MOTO with CVV2 verification. You must not retain the CVV2 for future Card Payments.

It is your responsibility to ensure that your  payment solution provider marks the Card Payments correctly, including submitting the transaction indicator for Recurring Payments, Instalment Payments and Unscheduled Credential on File.

9.2. Your terms regarding Recurring Payments, Instalment Payments and Unscheduled Credential on File

You must have entered into an agreement with the Customer  that authorises you to complete transactions using the Customer Data. The agreement must include as a minimum:

  1. Description of the Merchant Products;
  2. Total amount and Transaction Currency;
  3. Your cancellation and refund policies, including the date any cancellation privileges expire without advance payment forfeiture;
  4. Your name and location;
  5. Your address, email and phone number;
  6. The last four (4) digits of the Payment Card number;
  7. Information about how the Customer will be notified of any changes to the agreement;
  8. Transaction amount or a description of how the transaction amount will be determined, if applicable;
  9. Information about how the stored credentials will be used;
  10. Information about the time and frequency of Card Payments;
  11. If a stored credential is likely to be used for Unscheduled Credential on-File Card Payments, information about the event that will prompt the Card Payment e.g. if the Customer’s balance falls below a certain amount;
  12. The expiration date of the agreement, if applicable; and
  13. The fixed dates or intervals on which the Card Payments will be processed, if applicable.

You must ensure that all requirements related to these specific transaction types are clearly displayed when the Customer gives their consent and must be displayed separately from your  general terms and conditions.

You must notify the Customer of any change in the Card Payment amount or any other terms of the agreement at least two (2) working days before the change. You must retain this information for the duration of the agreement and provide it to the Customer or us upon written request.

If you offer Recurring Payments you must:

  1. Confirm the implementation of the Recurring Transaction agreement within two (2) business days;
  2. Provide a simple cancellation procedure, and, if the Customer’s order was initially accepted online, at least an online cancellation procedure;
  3. At least seven (7) days before a Recurring Transaction, notify the Customer via email or another agreed method of communication if any of the following occur:
  •       More than six (6) months have passed since the previous Recurring Transaction; or
  •     The Recurring Transaction agreement has been changed, including the amount of the Recurring Transaction, the date of the Recurring Transaction, or any other terms of the agreement.

You must complete full Authentication using 3-D Secure or PINfor the first Recurring Transaction unless otherwise agreed with us in writing.

You must not store the Payment Card’s Security Code after Authorisation of the initial Card Payment.

You must ensure that the Customer either signs the agreement with you on Recurring Payments, Instalment Payments or Unscheduled Transaction on File or accepts it directly on your website and that you follow this up with  written confirmation to the Customer. You must make the terms and conditions and prices accessible to the Customer when they  sign up. 

You must obtain written authorisation from the Customer allowing you to take regular payments from their Payment Card and you must keep  this authorisation on file for the duration of the arrangement and provide a copy to the Card Issuer upon request. The Customer’s written authorisation must include a statement to the effect that it will remain in force until such time as it is cancelled in writing, and must also include: 

  1. The Payment Card  number;
  2. The Customer’s name;
  3. The Customer’s full address;
  4. The Customer’s telephone number; and
  5. Details of the payment pattern.

9.3. Procedure for renewal and deletion of Card Data

You must have a secure procedure for registering, renewing, and deleting Card Data, and for handling expired Payment Cards.

Your procedure for deleting Card Data must provide for the deletion of the information from your Customer register immediately after the Customer makes a request to this effect.

You must inform us immediately if you stop offering Recurring Payments, Instalment Payments or Unscheduled Transactions on File.

10. OPERATING INSTRUCTIONS FOR LINK PAYMENT

10.1. Scope

This section applies to you if you offer payments with Link Payment.

10.2. General

You may offer Link Payments only if this Agreement allows you to offer E-Commerce Transactions.

10.3. Information to the Customer

You must as a minimum provide the Customer with the following content in the payment window:

  1. A description of the Merchant Product;
  2. Your name, company registration number and address (including country);
  3. Your email address and telephone number for customer services or similar department;
  4. The amount to be paid by the Customer, broken down in terms of  prices, taxes, shipping costs and fees;
  5. Your general terms and conditions, including terms relating  to the Customer’s right of cancellation, delivery and payment;
  6. A “click to accept” button or another type of confirmation function on your website whereby the Customer is required to accept the conditions governing your policy relating to the return of the Merchant Products;
  7. Clear wording information the Customer that they are able to pay using a Payment Card;
  8. The Payment Card logos including in the place where the Customer chooses the payment method;
  9. Transaction Currency; and
  10. Any export restrictions.

10.4.    Receipt

You must ensure an Electronic Receipt is  emailed to the Customer once the Card Payment has completed.

11. CAR RENTAL

This section applies to car rental businesses and their authorisation to charge a Payment Card. These guidelines are based on American Express, Mastercard and Visa regulations.

11.1 Your terms and conditions 

You must make your car rental terms and conditions available to the Customer when they are making a booking and before  the completion of the booking/purchase on the Internet. You must show your terms and conditions in the same window as the booking/purchase confirmation. You must not display your terms and conditions in a separate window or at a separate URL. You must also email your terms and conditions to the Customer with the booking confirmation. 

See point 13 for further Information about proper disclosure of a Refund, return or cancellation policy. 

If your car rental terms and conditions are on paper you must explain them  to the Customer and they must indicate their agreement by signing on the same page as the terms and conditions. If the Customer purchases your  car rental insurance (CDW), you must obtain the Customer’s explicit confirmation of this by having them write their  initials if your car rental agreement does not cover this provision.

11.2 On commencement of rental

On commencement of a rental, you may request the Pre-Authorisation of the estimated amount of the rental cost. The Pre-Authorisation amount may not include your costs for self-risk or insurance for possible damage. If the final rental costs exceed the Pre-Authorised amount, you may make a new Authorisation request for the difference in amount.

11.3 Charge for VISA Customer damage and self-risk

If, after a vehicle has been returned, you identify that it was damaged during the rental period and if the Customer is not present, you may charge the Customer the amount of the damage assessment provided you:

  • Inform the Customer in writing about the damage and its estimated costs within ten (10) days of the return of the vehicle. The Customer then has twenty (20) days to object before their Payment Card is charged. You must obtain a signed agreement from the Customer agreeing to  a charge for self-risk in the event of possible damage. The Customer must have accepted your insurance terms and conditions by signing the terms and conditions and writing their initials next to the relevant self-risk wording.
  • Together with the notification of damage, you must send to the Customer:
    • Documentation explaining the damage and showing that the damage occurred during the rental period;
    • A damage report, police report and/or insurance certificate if appropriate;
    • Two damage estimates from separate approved workshops and confirmation that the lower estimate will apply;
    • Statement of the amount payable  by the Customer and that recoverable under the relevant insurance policy and the reasons for this; and
    • Notification that the Customer does not have to pay for the damage with the Payment Card and that they  may pay for it using a different payment method.
  • Obtain the Customer’s written consent to a charge for damage to the vehicle.
  • Keep the  damage charge separate from the rental charge or costs.
  • Request Authorisation for the amount of the estimated damage, or for the amount agreed by the Customer. The amount you charge for damage must not be higher than the amount agreed to by the Customer, nor higher than the assessed value of the vehicle if it is considered a write-off.
  • Submit the Card Payment for the damages charge  within ninety (90) calendar days of the rental return date.
  • Repay the Customer the difference within thirty (30) days if the actual costs for the repair of the damage prove to be lower than the amount you charged the Customer .

11.4 Charge for American Express and MasterCard Customer damage

If after a vehicle has been returned you identify it was damaged during the rental period and if the Customer is not present, you may charge the Customer the amount of the damage assessment provided:

  • The Customer has previously agreed in writing to being charged in this way if they damage the vehicle. Examples of such written agreement include a signed payment receipt and a liability declaration (a signature on a car rental agreement containing provisions on charging for possible damage would not be sufficient). You can see an example of a liability declaration on our website at: /wp-content/uploads/2023/06/acknowledgement-of-liability-for-damages-eydublad-endanlegt-2021-birt-a-heimasidu-2021.pdf 
  • Keep the damage charge separate from the rental charge or costs. 
  • Specify the amount payable by the Customer and that recoverable under the relevant insurance policy and the reasons for this.
  • Ensure that you do not seek Authorisation for a charge for damage that is higher than the amount agreed to by the Customer, nor higher than the assessed value of the vehicle if it is considered a write-off.
  • Ensure that you obtain the Customer’s acceptance of your insurance terms and conditions by having them sign on the same page as the terms and conditions and write their initials next to the self-risk item.
  • Ensure you charge an American Express Payment Card for damage within ninety (90) calendar days of the rental return date;
  • Ensure you charge a Mastercard Payment Card for damage within thirty (30) calendar days of the rental return date.
  • Repay the Customer the difference within thirty (30) calendar days if the actual costs for repairing the damage prove to be lower than the amount the Customer was charged.

11.5  Other accrued costs

You may charge the following costs to a Customer’s Payment Card after the return of a vehicle:

  • Road tolls that the Customer failed to pay for the rental vehicle;
  • Driving offences committed by the Customer with the rental vehicle; and
  • The cost of fuel if the Customer fails to return the rental vehicle with the agreed amount of fuel.

In this situation you must write “signature on file” on the signature line of the sales slip. 

If we subsequently request documents relating to a Card Payment, e.g. for a fine relating to a driving offence, you must provide us with documents from the relevant authorities containing details of the vehicle’s registration number, the time and location of the offence, the fine amount and the currency. 

You must charge an American Express Payment Card or Visa Payment Card for the above costs within ninety (90) calendar days of the rental return date. 

You must charge a Mastercard card for the above costs within thirty (30) calendar days of the date you receive notification from the relevant authorities. 

You may charge a handling fee for the above costs, but only if you have specified this in your rental agreement and it has been accepted by the Customer as evidenced by their  signature.

11.6 Customer objection to a Card Payment for damage

If a Customer complains to us about a charge for damage, you must provide us with a copy of the following documents:

  • The signed rental agreement and  final agreement;
  • Estimate for the damage repair from an approved workshop (two (2) approved workshops in the case of VISA cards);
  • Police report if applicable;
  • Car rental insurance certificate if you require the Customer to pay self-risk in connection with the damage;
  • Your  terms and conditions, (showing the signature/initials of the Customer);
  • Agreement signed by the Customer, authorising the charge for the damage repairs to be posted to the Payment Card. For American Express and MasterCard Payment Cards there must also be an agreement following an estimate for  damage having been made, such as a declaration of liability and a signed payment receipt. In the case of Visa Payment Cards, if you do not have Customer agreement after the event authorising you to charge for damage, you must be able to demonstrate that you sent the Customer a notification of the damage within ten (10) days of the return of the vehicle, together with the appropriate documents specified above;
  • Transaction slip; and
  • Any other important and applicable documentation that we notify to you.

If a Customer objects to being charged for damage where you have not followed the above rules you the charge is likely to be reversed. In such an instance, you must collect the amount by other means. It is your responsibility to ensure  that your rental agreement fulfils all likely requirements of a court of law, as in some instances this will be the only way you can collect amounts due for damage to a rental vehicle.

12. HOTELS AND OTHER ACCOMMODATION PROVIDERS

These Guidelines are not intended to be exhaustive and are for guidance only. To be allowed to charge for a no-show or a non-refundable booking, you must comply with the following instructions.

During the booking process and confirmation of booking, you must:

  • Display the booking and cancellation terms (see point 13  for helpful information regarding returns and cancellations);
  • Email a booking confirmation within twenty-four (24) hours to the Customer that includes the booking reference, as well as the relevant terms and conditions;
  • Ensure the Customer has the option of free cancellation for twenty-four (24) hours after making the booking;
  • Keep the Customer’s accommodation reserved for them for twenty-four (24) hours from their expected arrival if they do not cancel; 
  • If the Customer does arrive within twenty-four (24) hours of their expected arrival time and you cannot provide them with the accommodation they booked you must provide them with equivalent or better accommodation and not charge them more for this; 
  • Provide the Customer with a cancellation reference number if they cancel within the deadline set by  the cancellation policy and email the Customer with  confirmation of the cancellation.

If a Customer makes a  booking within seventy-two (72) hours of their scheduled arrival, the cancellation deadline must be 18:00/ 6:00 PM on the date of the scheduled arrival.

Charging a card after the Customer has checked out:

After the Customer has checked out, you may charge their Payment Card only for services that you have actually provided to the Customer. When charging an American Express Payment Card or a Visa Payment Card in these circumstances, you must submit the charge for processing within ninety (90) calendar days from the Customer’s check-out date, or when charging a Mastercard Payment Card, within thirty (30) calendar days from the Customer’s check-out date. You must provide the Customer with an invoice and a receipt for the charge, including an explanation of the costs being charged.

  • No-show: you may charge for a no-show only if the Customer has not cancelled the booking in accordance with the cancellation policy and the Customer has not used your services. A no-show fee may not be any higher than the rate for  one night’s stay. You must issue an invoice to the Customer  showing that the Card Payment is for a no-show. Further, you must ensure that the words “no-show” are included on the POS-terminal sales slip. If the Customer cancels within twenty-four (24) hours of making the booking, you cannot charge for a no-show.
  • Non-refundable: you may charge the Customer for the entire stay that they booked if your terms and conditions allow this, you properly disclosed your terms and conditions to the Customer during the booking process and they explicitly  agreed and accepted them. 

The rules for charging for damage, theft and/or extra cleaning vary between the different Card Scheme rules.

VISA Rules:

  • You must notify the Customer in writing of the loss, theft, damage, extra cleaning and the estimated cost within ten (10) working days of the Customer’s check-out date and allow a further twenty (20) days before processing the Card Payment so that the Customer has an opportunity to object.
  • You must include in the notification:
    • Details of the damage charge and why  the Customer Is responsible for it;
    • A copy of the damage report, repair bill or police report as applicable; 
    • Details of whether any of the damage is covered by insurance and if so, the amount payable by the Customer; and, 
    • Wording that explains that the Customer does not have to pay the extra charges with the Payment Card and that they may pay for it using a different payment method. 
    • Wording that explains that the Customer may within ten (10) working days of the notification request another assessment of the damage and repair cost at no additional cost to themselves. 
  • If you submit a Card Payment for loss, theft, damage or extra cleaning without the Customer’s authority, they may dispute it.
  • A charge for loss, theft, damage, or extra cleaning must be processed as a separate Card Payment  from the underlying rental, lodging, or other costs.
  • You must not submit a Pre-Authorisation  when the Customer arrives to cover any possible costs relating to damage, theft, additional cleaning etc.

American Express and Mastercard Rules:

  • You must submit any charge for loss, theft, damage, or extra cleaning as a separate Card Payment from the underlying rental, lodging, or other costs.
  • You must not submit a Pre-Authorisation when the Customer arrives to cover any possible costs relating to damage, theft, or additional cleaning.
  • You must inform the Customer of the amount and reason for the charge and obtain their authority to submit the Card Payment before doing so.
  • You must provide the Customer with a reasonable estimate of the cost of repairs and obtain their authority to submit the Card Payment before doing so.  You  must process the Card Payment as one of the following:
    • A Card Present Transaction that the Customer verifies using a PIN or with their signature. 
    • An E-Commerce Transaction that is  fully authenticated with 3-D Secure or an identity check.
  • The Receipt must include wording that the estimated amount charged for repairs will be adjusted upon completion of and submission of the invoice for such repairs.

13. DISCLOSURE REQUIREMENTS REGARDING CANCELLATION OF SERVICE AND GOODS RETURN

The Card Schemes have clear rules on the disclosure and acceptance of terms  for the return of Merchant Products and cancellations for online purchases or bookings. The Card Schemes require you to demonstrate conclusively that you disclosed to the Customer the terms regarding the return of Merchant Products  or the cancellation of online orders during the booking and/or purchase process and before the purchase was confirmed.

The Card Schemes do not consider it sufficient if you direct the Customer to terms that open in a new window or in a scroll list. You must ensure that your terms relating to the cancellation or the return of  Merchant Products  appear in the booking or purchase window itself. You must also ensure that the Customer  confirms they have read your general terms and conditions applicable to their purchase along with your cancellation terms. You must ensure the Customer does this with a direct statement or a check mark. You must also ensure that you send your terms relating to the cancellation or the return of Merchant Products  with your  order confirmation e-mail or you include them on a Receipt or invoice you provide to the Customer.

The Customer may have the right to raise a dispute if you have not properly disclosed to them your delivery, refund and/or cancellation terms.

You must ensure that your return, refund and/or cancellation terms are  visible in English and the local language (if different to English) before you confirm a Card Payment This applies both to Card Present Transactions and Card Not Present Transactions. In addition:

  • In a Card Present Transaction, before a purchase is completed, you must obtain the Customer’s signature or initials indicating their acceptance of your cancellation policy. It is not sufficient if you to disclose your cancellation policy after the purchase and Card Payment are completed; and 
  • In a Card Not Present Transactions, you must display your return, refund and/or cancellation terms on the same website as that through which the Card Payment is conducted and confirmed. It is not sufficient to display your terms on other URLs or websites, nor to display them in a website pop-up or to request the Customer to provide a general approval of your terms. You must display the information prominently, and ensure that your cancellation policy is clearly visible on the online purchase webpage before the Card Payment is confirmed.
  • You will not have fulfilled your disclosure requirements if your cancellation or return terms are so low on the online purchase page that the Customer can complete the Card Payment without viewing your terms. You must also  obtain the Customer’s explicit acceptance of your cancellation terms, e.g. by confirming this with an electronic signature or by checking a box accepting your  cancellation and return terms.