What to be aware of for compliance:
Merchant location disclosure including our position on the Hosted Payment Pages
Honour All Cards regulations including how this impacts the Hosted Payment Pages
Card scheme rules regarding Merchant location disclosure
Mastercard and Visa mandate that e-commerce merchants must display the address, including the country, of their permanent establishment (the fixed place of business through which an e-commerce or mail / phone order merchant conducts its business) on their website, regardless of website or server locations.
Merchants must display their merchant address on the checkout screen used to present the final transaction amount, or within the sequence of web pages the cardholder accesses during the checkout process.
Merchants must clearly disclose to the cardholder the identity of the merchant at all points of interaction, including:
The merchant’s name, so that cardholders can easily distinguish the merchant from another party, such as a supplier of products or services to the merchant
The merchant’s location (physical address), to allow cardholders to easily determine, among other things, whether the transaction will be a domestic transaction or a cross-border transaction. Merchants must disclose their merchant location before prompting the cardholder to provide card information
The merchant name and location displayed to the cardholder must be the same as the name they provide for both authorization and clearing
Merchants must ensure that cardholders can easily understand that the merchant is responsible for the transaction, including delivery of the goods (whether physical or digital) or provision of the services that are the subject of the transaction, and for customer service and dispute resolution, all in accordance with the terms applicable to the transaction
Merchant Location—Examples of e-commerce (Card-Not-Present) Merchant Disclosure
The following examples illustrate an acceptable disclosure of merchant location for a card not present merchant:
This online merchant is located in [insert country name and address]
This is a [insert country name] retail site located in [address]
This is a [insert country name] retail site located in [address], non [insert country name] cardholders may be subject to international fees
If a Mail Order / Telephone Order (MOTO) customer does not have a website then the cardholder must be notified of the above details before a transaction takes place.
The merchant billing name and address, including country, must be clearly visible prior to a cardholder submitting the transaction.
A link to a separate webpage highlighting the merchant location within terms and conditions is not allowed, and neither is a checkbox to confirm that cardholders have read the Terms and Conditions (T&Cs).
If you want to include the Merchant Location disclosure within your T&Cs, it is acceptable for you to comply with the mandate by:
Ensuring that before the cardholder inputs their PAN they are clearly notified of your business name and your country location, along with your full business address.
To ensure that the cardholder is made aware of this, there would be a requirement for the T&Cs to be checked. Without checking their agreement to the T&Cs the cardholder could not physically proceed to the next screen. Upon checking agreement to the T&Cs, the cardholder would be taken to a new page detailing the T&Cs. It would be clear at the top of these T&Cs where you are located, along with the full business address.
The cardholder would then proceed to purchase the item.
Alternatively, you can display the Merchant Location disclosure on your own hosted web pages prior to redirecting the Shopper to Worldpay hosted payment pages.
For full-page direct or lightbox integrations, Worldpay suggests you display the Merchant Location disclosure on the last page showing the final transaction amount, prior to redirecting the shopper to Worldpay hosted payment pages e.g. Order Summary screen.
If you are using the Worldpay iframe integration and present the Worldpay payment page on the same page as the Order Summary (Basket content including final transaction amount), you have the opportunity to display your Merchant Location disclosure on this screen, rather than a checkout screen prior to this.
The example below illustrates this setup.
Warning: Worldpay Hosted Payment Pages will not populate your Merchant Location disclosure on your behalf. It is also not possible to customise the Worldpay Hosted Payment Pages to include a Merchant Location disclosure. As a result, it is your responsibility to ensure you are compliant with the Merchant Location Disclosure mandate.
Action required by customers using Hosted Payment Pages
You must clearly display your business name and country of location along with your full business address before the payment has taken place on your own hosted web pages.
The name and location shown to the cardholder must be the same as that which you provide in both authorisation and clearing.
Failure to disclose this to cardholders may result in a non-compliance fine from the card schemes.
You are not obliged to accept all card types issued in the EEA within a particular card scheme (e.g. Visa or Mastercard).
However, within a particular card scheme, if you wish to accept one type of consumer card within one of the three categories of consumer prepaid, consumer debit or consumer credit, you will still be obliged to accept all card types within that particular category. For example, if you wish to accept one type of EEA-issued consumer debit card within a card scheme, you will need to accept all consumer debit cards issued within that card scheme.
To make use of this option, you need to define your preferences (preferred card schemes and categories accepted) at the point of payment method selection on website payment pages. Note that, even if you choose not to exclude certain card categories, you can still “steer” customers to a particular form of payment.
You are responsible for displaying all accepted payment cards to your customers during the checkout process. Both the scheme and card category must be clearly visible.
Accordingly, we have updated our Customer Operating Instructions.
If you want to Honour all Cards
No changes are required. The scheme logo can be displayed to show that you accept of all card categories for that scheme (for example, display the Visa logo to show that you accept all Visa Cards).
If you do NOT want to Honour all Cards
If you want to become a ‘limited acceptance merchant', and only accept certain card types issued within the EEA, you will need to take the following steps:
Clearly show on your checkout page the card types you accept, including the scheme/category.
For example, if you don't want to accept Visa credit cards, you must display an “Only Debit/Prepaid/Commercial cards accepted” logo:
You can obtain the card product logos, which include the new logos for each category (Pre-Paid, Commercial, Debit and Credit) from the Card Scheme web sites:
Collect your shopper’s payment method and provide this to Worldpay.
You will also need to collect your shopper's payment method on your website and provide it to Worldpay in each order submission. To achieve this it is recommended that you host your own payment method selection page, which will result in:
The Worldpay payment method selection page being skipped.
The shopper being automatically redirected to a Worldpay Hosted Payment Page, where they can enter their payment details.
To do this, specify a single payment method in the payment method mask, by including the following child element in your initial order to Worldpay:
PAYMENT_METHOD-SSL will be the name of the payment method (for example VISA-SSL).
Note: The payment method names supported are at a scheme/brand level, not a card category level. Refer to the list of payment method codes to ensure the correct code is provided.
Because this bypasses the Worldpay payment method selection page, the shopper cannot change their payment method on our Hosted Payment Pages.
To select a different payment method, they will need to cancel the order, and will be returned to your designated CancelURL.