The must-have regulations for online payments

The must-have regulations for online payments

Payments regulations and compliances

During the last decades, the world of payments has grown and changed significantly. With the exceeding potential of online purchases and card payments in general, the banking networks and states had to establish relevant rules to protect the cardholder’s data.

Being a merchant today means complying with the set of requested regulations. They can differ depending on the territory or market, and there are also unified standards for any business that accepts electronic payments. What are we talking about? Find out in this Maxpay article. 

Card network regulations

The main card brands such as Mastercard, Visa, American Express, and Discover have created guidelines for the credit card-not-present transactions or simply CNP payments. The rules aim to protect sensitive customer data and give a clear policy to a merchant on how to treat this data.

Presented information on the website

When structuring a website, a business owner is highly recommended to follow these card regulations to reduce the potential chargeback amount and keep up with established requirements. 

  • Product or service description. A clear full description must be provided with photos. 
  • Pricing. The price must be indicated clearly, including all the parts and delivery costs.
  • Delivery. Delivery options, costs, and schedules must be available for a customer to read through.
  • Contact information. A customer must be provided with an easy option to contact a business.
  • Refund and cancellation policies. Both refund and cancellation policies must be on the website. 
  • Privacy policy. The privacy policy is a must on every website that in one way or another operates with sensitive data.

Collected data during the payment

While allowing a CNP payment, a merchant must ask for the card number, the name of a customer, CVV or Card Verification Value, and expiration date. In addition to this, the third-party tools of fraud prevention must be involved, along with the transaction record or invoice sent to the customer by mail. Violation of data collection and payment regulation can lead to massive chargebacks that would be satisfied by card brands due to the business’s inaccurate data treatment.

PCI DSS compliance

The PCI DSS stands for the Payment Card Industry Data Security Standard, which is a set of mandatory rules that protect the cardholder’s private data while processing, storing, or transmitting this information. PCI DSS is an obligation for any business in the world including Europe, the UK, and France that operates with electronic payments.

To be compliant with PCI DSS a merchant must follow 12 audit requirements. Not being compliant leads to massive fees from $5000 to $100 000 each month till the merchant accords with PCI DSS. 

Know your customer processes

Know Your Customer or KYC process is represented with a set of obligations that are utilized in the investment and financial industries to verify cardholder’s identity, risk profiles, and fin profile. 

The Know Your Customer process is also important for real-time and cross-border payments in any currency like EUR, USD, GBP. In this case, KYC provides a trustful approach, transparency of the money transaction, and risk mitigation. 

To pass the KYC successfully a cardholder usually is asked to provide a government-issued identification document such as: 

  • birth certificate
  • ID card 
  • passport
  • social security card
  • driver’s license

Besides that, the address of a customer should be verified, as well with proof of identification document or with another address proving valid file.

Anti-money laundering

Anti-money laundering or AML is represented with laws, obligations, and procedures that aim to prevent income falsification. Anti-money laundering laws and obligations follow up illegal activities such as market manipulation, trading non-legal items, corruption, tax avoidance.


How are payment systems regulated?

They are regulated by various financial institutions, for example, by card associations. The goal is to protect the way sensitive cardholder data is treated.

Are payment processors regulated?

Yes, they always are. The payment processor that does not have all the needed compliances is not trustworthy.

What are the different types of payment systems?

There are ways, but we can highlight the card-present transactions and card-not-present transactions, the second case is the matter of a higher level of security.

Are payment service providers regulated?

Yes, always. PSPs must comply with various regulations, depending on the specific nature of a business.