Yes, new equipment is shipped programmed and tested.
In-person purchases using Apple Pay or Android Pay will be processed just like other in-person transactions. Similarly, purchases made in-app using Apple Pay or Android Pay will be processed just like other online purchases. Merchants with questions should contact VeriPay Merchant Services Customer Service at 1-800-451-5817 or their VeriPay Merchant Services relationship manager if they have additional questions.
We want to make sure your customers understand fully the product/service they’re purchasing and any courses of action should they be unhappy with their purchase. By including your refund/service return policy on your website, you help reduce the likelihood of chargebacks from your customers. Visa®, Mastercard®, Discover®, and American Express® also require a refund/service return policy.
We ask merchants to complete an application so we can obtain information to assess the risk level that your business or organization may have when processing card payments.
The System Perimeter Scan is applicable to all merchants and service providers with external-facing IP addresses. Even if an entity does not offer Web-based transactions, there are other services that make systems Internet accessible. Basic functions such as e-mail and employee Internet access will result in the Internet-accessibility of a company’s network. These paths to and from the Internet can provide unprotected pathways into merchant and service provider systems if not properly controlled. If a merchant or service provider does not have any external-facing IP addresses, they will only be required to complete the Report On Compliance or the Compliance Questionnaire, as applicable.
If you have questions, please contact our VeriPay Merchant Services Customer Service representatives at 1-800-451-5817.
Eligible Visa®, Mastercard®, Discover®, and American Express® cards can be used with Apple Pay and Android Pay.
For information on payment card network and industry cardholder information security programs, please visit the following websites on a regular basis: VeriPay PCI Standards and Cardholder Data Security Visa USA Mastercard Discover American Express PCI Security Standards Council
New terminal deployments are shipped by overnight delivery on the day following the approval of a new merchant account.
Acceptance of EMV chip debit cards at the point of sale may vary slightly by merchant, thus customers may experience different terminal prompts at the point of sale. For example, merchant terminals may prompt the customer to select Visa Debit¢ or U.S. Debit¢, Credit¢ or Debit¢, or may preselect the debit application based on what is supported by the EMV chip debit card. The terminal prompts following will then depend on what the customer selected. Merchants should be aware that customers may need additional assistance with the terminal prompts during the EMV transaction.
When a customer presents an EMV chip card, the merchant will ask them to insert it into the slot in the PIN pad or terminal, or tap if the card supports contactless payments. The terminal guides the customer through the process. The customer will be prompted to authorize the amount, and may be prompted to enter their PIN or provide a signature. The EMV chip card must remain inserted in the slot through the entire transaction. If it is removed too soon, the transaction will be cancelled. If the PIN pad or terminal supports PIN bypass, the customer can bypass the PIN prompt by pressing the Cancel key. The transaction will then route as signature transaction and a signature line will be printed on the receipt for the customer to sign. If the card issuer approves a PIN bypass transaction, then the card issuer is liable for any card present fraud. For more information on how to accept an EMV chip card, watch our video What Merchants Should Know About EMV Chip Cards.
Acceptance of EMV chip cards in the tipping industry may vary depending on a merchant¢s point of sale. For example, wireless point of sale solutions can simplify the payment process for restaurants as a server can take a wireless EMV chip-enabled terminal to the table to collect payment and tip from the customer. Some point of sale solutions will prompt for tip as part of the payment process due to PIN entry requirements. If your point of sale supports PIN bypass, you can continue to accept and edit transactions for tips just as you do today by pressing the Cancel key when prompted for tip, and pressing the Cancel key when prompted for PIN. This allows the point of sale to print a tip line on the receipt and the transaction to be edited for the tip before settlement.
If you receive a chargeback, read the chargeback carefully and see if you are able to provide the requested information. For example, for a “credit not issued” chargeback, the cardholder is stating they are entitled to a refund, but have not received one. In this case, if you receive a “credit not issued” chargeback but have already sent a refund check to the customer, you can provide a copy of the front and back of the cancelled check.
If a merchant does not store cardholder data, the PCI Data Security Standards still apply to the environment that transmits or processes cardholder data. This includes any service providers that a merchant uses.
Below you will find a link to the card processing software programs that Visa® has validated to be compliant with the PCI Data Security Standards requirements, including the requirement that after authorization, Security Data will be purged from the records and systems. Security Data is certain security information, including the full contents of any track of the magnetic stripe from the back of a card and the cardholder validation code (the three or four digit value printed on the signature panel of the card). Copies of these software programs that have version numbers older (those with a lower version number) than those indicated must be either upgraded, have a special security patch installed, or be replaced with compliant software to ensure that you do not store Security Data in violation of Visa®, Mastercard® or Discover®’s rules. If you are using any software programs different than the programs indicated, you must confirm with your software vendor that the version you are using is compliant with current security requirements. Access this list of card processing software programs, and choose “Payment Application Best Practices” under the “Visa recommendations” section.
Common cards that can be accepted are Visa®, Mastercard®, Discover®, American Express®, and JCB. American Express and JCB are subject to processing network approval.
Visa®, Mastercard®, American Express® and Discover® announced that as of October 1, 2015, merchants who have not upgraded to EMV chip-enabled equipment may be held financially liable for card-present fraud that could have been prevented by using the more secure EMV technology.
Near Field Communication (NFC) technology enables devices in close proximity to communicate. Payment transactions using NFC technology requires a contactless merchant terminal and an NFC-enabled mobile device.
Cardholder data is any personally identifiable data associated with a cardholder. This could be an account number, expiration date, name, address, social security number, etc. The PCI Data Security Standards apply to all cardholder data stored, processed, or transmitted.
The point of sale (POS) environment is the environment in which a transaction takes place at a merchant location (i.e. retail store, restaurant, hotel property, gas station, supermarket, or other point of sale location). An Internet protocol (IP)-based POS environment is one in which transactions are stored, processed, or transmitted on IP-based systems, or systems communicating via TCP/IP.
An authorization is a validation that the cardholder number is valid for an approval on a cardholder account for a sale amount. Approval of an authorization request by the issuing bank is confirmation that the cardholder has funds available to make the purchase. It is not a guarantee of payment.
A Virtual Terminal is a browser-based application to process payments over the Internet. This feature allows you to accept cards from customers over the phone, fax, or mail. Orders are placed by manually entering card transaction data into the Virtual Terminal.
A System Perimeter Scan involves an automated tool that checks a merchant’s or service provider’s systems for vulnerabilities. The tool will conduct a non-intrusive scan to remotely review networks and Web applications based on the external-facing Internet protocol (IP) addresses provided by the merchant or service provider. The scan will identify vulnerabilities in operating systems, services, and devices that could be used by hackers to target the company’s private network. The tool will not require the merchant or service provider to install any software on their systems, and it will not perform any denial-of-service attacks.
The PCI Self-Assessment Questionnaire is available for download on the PCI Data Security Standards Council website. If a business chooses to enroll with one of the PCI Security Standards Council Qualified Security Assessors to perform the system perimeter scan, they may complete the approved assessor’s Compliance Questionnaire in lieu of the version posted on the PCI Council website.
A retrieval request occurs when your customer requests more information about a transaction that appears on his or her credit card statement.
The payment gateway is a link between your website (or the website hosting your goods or services) and your Payment Processor (VeriPay). When your customer makes an online purchase, the information from your website must be sent through a payment gateway to obtain an authorization and for a payment card transaction to be completed.
A VeriPay Merchant Account enables you to process credit cards, debit cards, gift cards, and other electronic check transactions. These payment methods are convenient for your customers, and they most likely will help you get paid faster. If you have a bank deposit account, you can receive your funds as soon as the next business day.
Contactless payments are transactions that use chip-based technology and require no physical connection between the payment device (a card or mobile device) and the physical merchant terminal.
A merchant’s Compliance Classification Level is determined by annual transaction volume. The volume calculation done for you will be based on the gross number of Visa®, Mastercard®, or Discover® transactions processed through your merchant account.
When a credit card transaction is disputed (either at the request of the Cardholder or by a card Issuer), you may receive a chargeback. If a chargeback occurs, the amount of the original sale and a chargeback fee will be deducted from the checking or savings account you provided.
Your statement will include a summary of your transaction processing information received, processed, and funded to your checking account. The statement can be used to determine if the deposits and funding records balance back to your internal business reporting. The recap statement is used for merchants with multiple locations. Learn more about how to read your statement in our Guide to Process Card Payments (PDF).
The PCI Data Security Standards are payment card network (Visa®, Mastercard®, Discover®, and American Express®) and industry mandated requirements for handling of credit card information, classification of merchants, and validation of merchant compliance. Merchants are responsible for the security of cardholder data and must be careful not to store certain types of data on their systems or the systems of their third party service providers. Merchants are also responsible for any damages or liability that may occur as a result of a data security breach or other non-compliance with the PCI Data Security Standards. The information security principles contained within these standards are based on ISO 17799, the internationally recognized standard for information security practices.
It is good business practice to adhere to the PCI Data Security Standards and protect cardholder information. Additionally, Visa®, Mastercard®, American Express®, and Discover® may impose fines on their member banking institutions when merchants do not comply with PCI Data Security Standards. You are contractually obligated to indemnify and reimburse us, as your acquirer, for such fines. Please note such fines could be significant, especially if your business is compromised and you have not been validated as compliant.
Some of the reasons for chargebacks may include: Merchandise is damaged in transit and arrives broken A cardholder returns the merchandise but has not received a refund A cardholder disputes a transaction as a fraudulent use of their card
Service charges, also known as the Discount Rate, are the amounts charged to authorize, process and settle card transactions. The service charges you pay are determined by a variety of factors such as: Your payment processing methods (face-to-face with your customers, online, by phone or mail) The types of cards your customers use to pay you How quickly you settle transactions How your merchant services account is set up
These are the variable fees charged by the payment networks for processing transactions. VeriPay pays these fees on its customers behalf, directly to issuing banks (the card companies that issue payment cards to your customers) and the payment networks, such as Visa®, Mastercard®, Discover®, and American Express®, in compensation for facilitating the exchange of information and funds between your bank and your customers¢ banks. Factors that affect Interchange charges include card type, information contained in the transaction, and how/when the transaction was processed.
Fees are the range of transaction-based and/or fixed amounts charged for specific card processing services.
Yes, if you have upgraded your terminal equipment with both EMV hardware (slot to insert EMV chip cards) and EMV software (software that enables the EMV hardware to process an EMV chip transaction). Occasionally you may come across a damaged chip, or a chip card that is not ready to be used. In these scenarios, the EMV chip card terminal or PIN pad may prompt you to swipe the card. The transaction will be processed as a magnetic stripe transaction, and if the card issuer approves the transaction, the issuer is liable for any EMV related fraud. Once you have upgraded your terminal equipment with both EMV hardware and software, it is important to: Closely monitor your EMV chip card transactions Ensure that staff are properly trained on merchant acceptance procedures for EMV chip cards Contact VeriPay Merchant Services Customer Service at 1-800-451-5817 or your VeriPay Merchant Services relationship manager immediately for a replacement device and to avoid any EMV related fraud chargebacks to your account if: Your currently enabled EMV terminal or EMV PIN pad suddenly stops allowing you to insert EMV chip cards. This indicates a hardware malfunction. You realize you are processing all EMV chip cards as swipe transactions. We¢re here to help you upgrade your equipment to accept and process EMV chip cards transactions. Get a Quote, or call us at 1-866-380-9828, Monday Friday, 7:00 am 6:00 pm, Pacific Time. Already a VeriPay Merchant Services customer? Call 1-800-451-5817 or contact your VeriPay Merchant Services relationship manager.
Merchants should deal only with PCI Data Security Standards-compliant service providers. If there are service providers handling cardholder data on a merchant’s behalf, the merchant is still responsible for the security of this data and must ensure that contracts with these service providers specifically include PCI Data Security Standards compliance as a condition of business. Per payment network rules, you must inform VeriPay if you are using a service provider. Click on this link for a list of PCI Compliant Service Providers.
Please refer to the directions below for the preferred card type you wish to accept. If you have additional questions, please contact our VeriPay Merchant Services Customer Service representatives at the number provided on your statement. If you would like to begin accepting American Express® cards, please contact us at 1-800-451-5817 for more details. If you do not have an entitlement number which is assigned by JCB, contact JCB at 1-800-366-4522. For other card types not mentioned please contact us at 1-800-451-5817 for more details.
If the legal ownership of the new store is the same as your existing merchant account with us, and it is also the same type of business, we can open an additional location under your current merchant account unless you are opening an eCommerce location. If the business type of your new store is different, you will need to set up a new merchant account for the new location. If you are planning to open another location or need assistance, please contact our VeriPay Merchant Services Customer Service representatives at 1-800-451-5817.
The shopping cart collects items from your customer, adds up the item’s costs, calculates taxes and shipping costs, and provides a total amount to the customer. A payment gateway’s function is to collect the purchaser’s name, address, credit card number, and expiration date. The payment gateway securely sends this information and verifies that the purchaser has enough funds in their account at that time to pay for products ordered.
Here is how the credit card payment process works: Customer places an order with the merchant. Merchant submits the order/transaction via their payment/point-of-sale system (POS such as a terminal, cash register, payment gateway, software). The system securely forwards the payment authorization request to the card issuing bank to verify the customer¢s card account and funds availability. The authorization (or decline) response is returned via the system to the merchant. This process typically averages around two seconds, however, EMV chip card processing may take a few seconds longer. Upon receipt of the payment authorization, the merchant fulfills the customer’s order. Merchant then Åsettles the batch of transactions through their POS system, which requests from their processor to get a group of authorized settled transactions and the funds credited to their account. POS systems can often be set to automatically batch transactions each day. Alternatively they can be set for manual batching, which requires the merchant to close their batch of transactions on a regular basis. VeriPay deposits transaction funds into the merchant’s business checking or deposit account. When funding to a VeriPay deposit account, funds are usually available within 24 hours of batch settlement.
A customer contacts his or her credit card issuer to initiate the request.
A chargeback begins when a buyer contacts their card issuer to dispute a transaction. The chargeback is passed through the applicable payment network to the seller. Your account will be charged at the time the chargeback is received. When the seller receives the chargeback, it will include a “respond by” date. Since the payment networks only allow a limited amount of time to respond to a chargeback, it is critical that any response be provided by this date. In some cases, chargebacks can be “re-presented,” in other words information can be presented back to the cardholder’s card issuer disputing the chargeback. Below are the most common scenarios where re-presentment is feasible. The ultimate decision of whether or not to accept the re-presentment rests with the cardholder’s bank. Potential re-presentment scenarios include: If the chargeback reason is “non-receipt of merchandise” and signed proof of delivery is available, the chargeback can be re-presented with a copy of the delivery confirmation including the signature and the complete address that the item was delivered to. If the chargeback reason is “credit not processed” and the customer has already received a refund, the chargeback can be re-presented along with a copy of the cancelled check or the credit card refund information. If the chargeback reason is “fraud” and proof of delivery to the buyer’s billing address is available and a complete address verification match was received, the chargeback can be re-presented with a copy of the proof of delivery. If the chargeback reason is quality-related, e.g. “not as described” or “defective merchandise” and the seller has not received the merchandise back, the chargeback can be re-presented with the statement that the merchandise has not been returned.
Businesses that accept contactless payments can accept payments from Apple Pay and Android Pay. These mobile payments require a terminal to be enabled with Near Field Communication (NFC) technology. Merchants with questions about their terminals¢ capability to accept contactless payments, or about enabling terminals to accept payments from Apple Pay and Android Pay, should contact VeriPay Merchant Services at 1-800-451-5817.
To ensure safe receipt of merchandise, use a form of shipping that provides proof of delivery. For higher ticket items, require a signature for delivery. If a buyer contacts you with a complaint about a purchase, work with that buyer to resolve the dispute. If you can’t resolve the dispute to their mutual satisfaction, instruct the buyer how to return the merchandise and what form of shipping they should use. Once the merchandise has been returned to you, issue a credit to the same credit card used to make the purchase. Pay attention to the AVS (Address Verification Service) response received. Don’t accept numbers and information that don’t match and use common sense in shipping to an address other than the buyer’s billing address. International purchases involve a higher risk, in part because address verification is only available for U.S. transactions.
Many customers may already be familiar with the universal contactless acceptance symbol. This symbol usually appears on the front of a merchant¢s contactless capable terminal or peripheral. In addition, Apple Pay and Android Pay have made stickers available for merchants to display at the point of sale.
The fees are collected, usually on a monthly basis, by an automatic deduction from the checking or savings account you specified.
Not automatically. Merchants must initiate Address Verification Service (AVS) checks and ask customers for their Card Verification Value (CVV), Credit Card Validation (CCV), Card Verification Value2 (CVV2), etc. values.
Yes. Merchants are responsible for the compliance of their service providers.
Yes. The program encompasses all merchants and third party service providers that store, process, or transmit cardholder data.
Yes. As your transaction volume changes, and as payment network and industry rules change, your compliance requirements may change. It is your responsibility to be continuously aware of the data security requirements that currently apply to you.
Yes. Gateways permit for individual batches (files) to be downloaded or uploaded.
No. Merchants physically located outside of the U.S. cannot process transactions with a VeriPay Merchant Account. Currently, only merchants with a physical business address in the U.S. and a U.S. checking account may process transactions with a VeriPay Merchant Account. The only exception is for foreign subsidiaries in Austria, Australia, Belgium, Canada, Czech Republic, Denmark, France, Germany, Hong Kong, Ireland, Italy, Luxembourg, Netherlands, Norway, Poland, Spain, Sweden, Switzerland, and United Kingdom.
Yes. You can manually process transactions with the Virtual Terminal feature included in all gateways offered by VeriPay Merchant Services.
Yes. If cardholder data that you are responsible for is compromised, you may be subject to fines and other liabilities, including the following: Potential fines of up to $500,000 (in the discretion of Visa®, Mastercard®, American Express®, Discover®, or other card companies). All fraud losses incurred from the use of the compromised account numbers from the date of compromise forward. Cost of re-issuing cards associated with the compromise. Cost of any additional fraud prevention/detection activities required by the payment networks (i.e. a forensic audit) or costs incurred by credit card issuers associated with the compromise (i.e. additional monitoring of system for fraudulent activity).
Yes. Visa®, Mastercard®, American Express®, and Discover® may impose fines on their member banking institutions when merchants do not comply with PCI Data Security Standards. You are contractually obligated to indemnify and reimburse us, as your acquirer, for such fines. Please note such fines could be significant.
No. The EMV liability shift is not a compliance mandate. Merchants are not required to upgrade to EMV chip-enabled equipment. However, we recommend merchants use EMV chip enabled equipment to avoid increased expenses due to the shift in liability that went into effect October 1, 2015, and because EMV is a more secure method of accepting card payments.
No, a retrieval request is just a request for information. The amount of a retrieval request is not deducted from your bank account.