Customer Operating
Instructions
Welcome
Contacting us
Your obligations
Payment and information security
Card present transactions
Authorising payments
Keypad problems
Refunds
Card not present transactions
Reconciling your invoice
Reducing fraud
Disputed payments and chargebacks
Recognising different cards
Terminology
03
04
05
07
08
12
13
14
15
17
19
23
26
30
Contents
Welcome
Thanks for signing up for WorldPay Zinc. We’re the UK’s number one card
processor*, managing millions of payments every day. We make it easy for
you to enjoy the benefits of accepting credit and debit cards.
About this guide
This guide tells you what you need to know about using WorldPay Zinc. It also explains some of your obligations and responsibilities under the contract. It forms part of your contract with us, so please read it carefully.
You’ll find out how to:
• Take card payments efficiently and smoothly
• Protect your business by minimising the risk of losses due to fraud and mistakes • Understand your responsibilities under the contract
Other guides
To be sure of having all the information you need, you should also read: • The WorldPay Zinc Terms and Conditions
• The WorldPay Zinc User Guide • The WorldPay Zinc My Account Guide • Any prompts on your Chip & PIN keypad • Any updates or instructions we send you later.
Your Merchant Number
When you join WorldPay Zinc, you get a unique Merchant Number. You need to quote this whenever you write to us, or when you call our Helpdesk or Authorisation Centre.
Never give your Merchant Number to anyone else. No one from WorldPay Zinc will ever call to ask you for this number.
You can find your Merchant Number in your Welcome email from WorldPay Zinc, or on your monthly statement from us.
Using credit card logos and symbols
You can use MasterCard, Maestro and Visa card symbols and logos in your marketing material and websites. We can supply:
Please also refer to the 'Cards you can accept' section below which sets out the point-of-sale legal requirements you need to meet if you decide not to accept all the card product types available from the Card Schemes in the European Economic Area area.
• Artwork examples
• Design guidelines for using logos and symbols • Pantone™ numbers for colours
• Digital artwork files for print or web
To download the logos and symbols you need, go to worldpayzinc.com/logos
Contacting us
Questions about your keypad or reconciling payments:
• Log in to your My Account account at worldpayzinc.com/account.
Click Help & Contact us. Most of the questions you’ll have are answered there. • Call the WorldPay Zinc Helpdesk on 0330 333 3601*
The Helpdesk is open 24/7.
*Calls from BT landlines are charged at 10p per minute.
Calls from mobile phones may charged at a higher rate. Calls from other networks may vary. • Write to us:
WorldPay Zinc
Gateshead Card Centre, Victory House 5th Avenue, Gateshead NE11 0EL
Authorisation queries
• For card present transactions 08457 60 05 00* • For card not present transactions 08457 60 05 30*
*Calls from BT landlines cost up to 6p per minute. Calls from other networks may vary.
Complaints
If you need to complain about any aspect of the service, please go to the Contact page of worldpayzinc.com to view our Complaints Procedure.
Your obligations
Important: please read this information carefully before you start
using your keypad. It tells you about your obligations when taking card
payments with WorldPay Zinc.
If you have any questions, we’re happy to help. Our contact details are in Contacting us, on page 04.
Your contract
This guide forms part of your contract with us. It covers all the services that may be available to you. You must only use the WorldPay Zinc service to accept card payments for the products and/or services sold or provided by your business that you told us about in your WorldPay Zinc Application.
If you have any doubts about your contractual obligations after reading this guide, we recommend you get legal advice.
You must tell us if:
• You change the nature of your business. For example, if you start selling different sorts of products
or services, or you want to start taking card payments online, or you want to offer new guarantees or warranties
• You change the length of any guarantees or warranties on your products
• You change the legal entity of your business. For example, if you go from sole trader to a limited company
• You change your bank account details
• You change your postal address
• You change your email address
• You change the contact name for your business
• You change your contact phone number
• A partner or director leaves, or a new partner or director joins
• You close or sell your business
• You decide to stop taking card payments.
You do not want to take all or any particular card product types issued in the EEA any more.
•
You must notify us in writing about any changes to your circumstances, with an authorised signature. Our contact details are in Contacting us, on page 04.
If you do not tell us about any of the changes above, we may suspend or withdraw some or all of your card processing facilities.
If you do close your business and you do not tell us, you will still be liable for any debts incurred for chargebacks or refunds from the closure date. (See Disputed payments and chargebacks on page 23.)
You may not sell or transfer your keypad to another business or person.
Your keypad is for business use only
You must not process any transactions not directly related to the sale of goods and services provided by your business. Never process transactions on behalf of third parties. This includes sales or refunds to your own
Minimising risk
You take card payments at your own risk. You can reduce the risk by making sure you and your staff follow the instructions in this guide carefully. But card payments are not guaranteed.
Please make sure anyone taking card payments for your business reads this guide thoroughly first, and practises the procedures. We also recommend regular training sessions with staff to refresh their understanding.
Much of the in
As from 9 June 2016, you can choose to accept only some of a Card Scheme’s card product types such as one or more of personal prepaid, debit or credit cards or commercial cards (i.e. corporate cards used by businesses) if these are issued in the EEA. However you must accept all of these card product types if they are issued by that same Card Scheme outside of the EEA.
Where you do not wish to accept all card product types issued in the EEA then you are required to clearly display at your shop entrance and point-of-sale counters the type/s that you will accept. Please see ‘Using credit card logos and symbols’ on page 3 for how you can obtain display materials.
You can encourage customers to pay using one type of card product type over another but your customers will always have the right to choose which payment method they prefer.
Visa also require that any surcharge for transactions using Visa cards issued in the EEA are clearly communicated to cardholders and agreed by them before you take a transaction.
You may soon start to see more co-badged cards. These cards look very like regular cards but allow the cardholder to choose to make payment from two or more payment brands (e.g. both MasterCard and Visa), or two or more payment methods (e.g. debit and credit) of the same brand. The cardholder is entitled to choose which payment brand or method they prefer and must be allowed to do this. For more details on what a co-badged card looks like, see ‘Combination Cards’ on page 29.
formation and guidance in this document is based on what we believe is current industry best practice. We hope such practices will help you minimise the risk of security breaches or losses through fraud and chargebacks. However, WorldPay (and any affiliated companies, representatives, etc) do not guarantee that security breaches or losses will not happen, and will not be held liable in any such cases.
Cards you can accept
You can only accept MasterCard, Maestro, Visa and VPay card types and cards from such other Card Schemes as we may agree with you. If you attempt to process any others through your WorldPay Zinc keypad, the
transaction will be declined. The keypad will show a ‘declined’ message.
Keeping records
Receipts and other transaction records are high-security items. You should restrict access to them.
You can see details of all your transactions on ‘My Account’. If you print any transaction records, please keep copies in a secure, fireproof place for at least 18 months, in case there’s a query later. If you can’t produce receipts or transaction records when asked to, you may be liable for a chargeback. (See Disputed payments and chargebacks on page 23.)
Do not alter transaction records in any way. If there is a dispute, the cardholder’s copy is normally taken as correct. Make sure only authorised staff are allowed access to stored transaction receipts and records. After 18 months, make sure you dispose of all transaction records securely, in line with your
WorldPay Zinc contract.
Authorising payments
A payment authorisation confirms there are sufficient funds in the cardholder’s account, and the card has not been reported lost or stolen. It does not confirm the authenticity of the card, or the person presenting it. Nor does it guarantee payment.
The WorldPay Zinc app automatically seeks authorisation for a card transaction or card refund. The cost of the data used for this depends on the data package you have with your mobile phone network provider.
Payment and information
security
To accept card payments with WorldPay Zinc, you must comply with
certain rules and regulations. No exemptions, no exceptions.
Payment Card Industry Data Security Standard (PCI DSS)
This is a compliance requirement. It aims to ensure customers’ card data is always stored, processed and transmitted securely. Sensitive cardholder data is a tempting target for criminals. It takes security and vigilance to avoid the threat of data theft.
There has been increasing publicity of this issue in recent years. Large companies and small merchants alike have been the targets of orchestrated data-hacking attacks. This is not industry scaremongering. It’s a real threat to any business taking card payments.
The Card Schemes need to be sure that merchants have enough protection in place to identify, prevent and continually defend against hackers and criminals. Cardholder data is increasingly targeted by fraudsters, as shown in a series of recent high-profile breaches around the world.
You need to be PCI DSS compliant
Every merchant who stores, processes or transmits any cardholder data is responsible for ensuring that it complies with PCI DSS. Now that you accept card payments, this includes you.
If you don’t comply with PCI DSS, you’ll be responsible for any losses through fraud. You may also face considerable fines. Small businesses can lose thousands of pounds from the fraud itself, and through fines and costs incurred for non-compliance. Your customers will also suffer if their card details are compromised. The WorldPay Zinc Terms and Conditions require that you take responsibility for PCI DSS. To find out more about PCI DSS, and how to validate your compliance, please go to worldpay.com/saferbusiness and
worldpay.com/saferbusiness/level-four.
If you think account data is compromised
If you believe, or even suspect that account data has been compromised, it’s your responsibility to notify WorldPay Zinc as soon as possible. This forms part of your Terms and Conditions.
We recommend you:
• Contact us immediately. Email [email protected], or call 020 3246 5454.
• Leave compromised systems alone. Don’t access or alter them in any way. Don’t log in or attempt to change passwords.
• Don’t try to turn off compromised systems. But do disconnect them from your PC network.
• Back-up immediately. This preserves your system’s current state, which helps with any future investigations.
Card present transactions
These are payments you take in person, when the cardholder and card
are both physically with you.
Chip & PIN
Chip & PIN is the usual way you take card payments through your keypad with the card and cardholder present. You must take payment by inserting the card into the Chip & PIN keypad if the card and cardholder are present. Some customers, however, will continue to use a signature to authorise payments. This could be due to an impairment that stops them entering their PIN. Some will still be using magnetic stripe cards without a chip. You mustn’t refuse these cards. For more details, see Verifying by signature below.
With the WorldPay Zinc app, you can provide SMS, email, printed or written receipts. If a customer has a magnetic stripe card, you can give them a handwritten receipt. A template for a receipt can be found in the User Guide for WorldPay Zinc.
Chip & PIN cards have a contact plate like this:
Contact plate
Before you begin
Are you sure the card belongs to the person presenting it? If you’re suspicious, you could ask the cardholder for other identification such as a driving licence or a passport. (For more details, see Reducing fraud on page 19.) For security reasons, the maximum single payment or refund you can process is £5,000. Any transaction above £5,000 will be automatically declined.
Chip & PIN step by step
Make sure your Chip & PIN keypad is paired to your compatible mobile phone or tablet. (You can find out how to do this in your User Guide)
1. Switch on the Chip & PIN keypad.
2. Open the WorldPay Zinc app on your phone and login using your email address and password.
3. Simply enter the amount for the payment. If you make a mistake use the delete key and re enter the amount. 4. Next, you can add a Payment Reference so you can identify this sale later within your payment information. This might be an invoice number, or you can leave it blank. Then tap card from the
payment method options.
5. When prompted insert the card into the chip reader slot on the keypad.
6. Your keypad will usually ask the cardholder to enter their PIN. If it doesn’t, it could be that the card doesn’t work with Chip & PIN technology. It may be a chip-and-signature, or magnetic stripe card. Your keypad will tell you what to do. (For more details, see Verifying by signature below.)
7. Ask the cardholder to check and confirm the transaction amount, and then to enter their PIN. They get three chances to enter their PIN. If they get it wrong three times, the PIN will be locked. The cardholder will need to contact their card issuer to unlock their card.
8. Take the keypad back as soon as the cardholder enters their PIN.
9. Your keypad will send the transaction for authorisation automatically. (See Authorising payments on page 12.) 10. Once the keypad receives the authorisation it completes the transaction, disconnects from the phone and will present the different options to produce a receipt for the cardholder.
11. Only hand over any goods you’re selling when you have received authorisation and completed the card transaction. If the payment isn’t authorised, stop the transaction and ask your customer for an alternative payment method. (See Reducing fraud on page 19.)
12. Complete the transaction by removing the card from the keypad and returning it to the cardholder, along with any goods they’ve bought.
Authorisation is no guarantee of payment.
Verifying by signature
You should only verify payments with a signature in exceptional cases. The main reason to do so is if the customer has a non-Chip & PIN card. A receipt template can be found in the User Guide for WorldPay Zinc. Never accept a signature just because the customer can’t remember their PIN.
Extra security checks
If you’re verifying a payment with a signature as verification, you should take extra security precautions. These are some basic ones:
• Check the cardholder’s signature matches the one on the back of the card • Make sure the card isn’t damaged, cut or defaced in any way
• Check the signature strip for signs of damage or tampering
• Check any specific security features for that card. (For more details, see Recognising different cards on page 26.)
• If you’re not sure, ask for additional proof of identity, or make a ‘Code 10’ call. (See Authorising payments on page 12.)
Signatures step by step
1. Make sure the Chip & PIN keypad is paired to your mobile device. (To find out how to do this, see your User Guide.)
2. If the card has a chip but no PIN (still issued by some countries), insert it as normal. Then follow the prompts on the keypad.
3. If it’s a magnetic stripe card, swipe it through the reader on the top of your keypad. Then follow the prompts on the keypad.
Note: You might see a ‘card read error’ message on your keypad after inserting a card in the Chip & PIN slot. Remove the card. You may find it has no chip, or the chip has been damaged. (Or it may simply have been inserted the wrong way around.) If you can’t use Chip & PIN, check the card has a magnetic stripe. If so, you can swipe it instead.
4. When the keypad prompts you, key in the full transaction amount.
5. The keypad will connect to the smartphone or tablet and will call for authorisation automatically. (See Authorising payments on page 12.)
6. Ask the cardholder to sign the space provided on your smartphone screen.
7. Check that their signature matches the one on the card. If you’re not sure, you should ask for additional identification such as a driving licence or a passport. If you’re still not sure, call the Authorisation Centre on 08457 60 05 00. (See Authorising payments on page 12.)
8. If you’re happy with the signature, confirm the transaction on the keypad.
9. After the keypad receives authorisation it completes the transaction and disconnects from your mobile device. A list of receipt options will then be presented on your phone. Tap the written option.
10. Then return the card with the cardholder’s copy of the receipt, and hand over the goods they’ve bought. Only hand over any goods you’re selling when you have received authorisation and completed the card transaction. If the payment isn’t authorised, stop the transaction and ask your customer for an alternative payment method. (See Reducing fraud on page 19.)
Troubleshooting
Always follow the prompts on your keypad. Never swipe a card to avoid using the higher-level security features (such as Chip & PIN).
• If the cardholder enters their PIN incorrectly three times, the card will be locked. They can’t use it until they get a new PIN from their card issuer. You need to ask for another form of payment.
• If the cardholder forgets their PIN, they can’t use their card until they get a new PIN from their card issuer. You need to ask for another form of payment.
• If you get a message that the PIN is locked, the cardholder can’t use their card until they get a new PIN from their card issuer. You need to ask for another form of payment.
• If neither the chip nor magnetic stripe reader works, you will get a ‘card read error’ message. Check the card has been inserted or swiped correctly. If it has, the card is probably damaged. Ask for an another form of payment. The cardholder needs to contact their card issuer to ask for a replacement card.
• If someone leaves a card behind:
1. Keep it somewhere safe for at least 24 hours, in case the cardholder gets in touch.
licence or other cards, and compare the signatures.
3. Ask the person to sign a blank piece of paper and compare the signatures. Then destroy the piece of paper.
4. If you’re happy with the cardholder’s identity, give them back the card.
5. If you’re suspicious, ask for additional proof of identity. If you’re still not satisfied, call the Authorisation Centre on 08457 60 05 00. Tell them, ‘This is a “Code 10” call.’ The operator will talk you through the process. (See Authorising payments on page 12.)
6. If the card is not claimed, please send it to us to be cancelled. Please cut off the left hand corner as shown below. Make sure you don’t damage the signature strip, magnetic stripe, hologram or chip.
7. Send both pieces of the card, with a short note giving your address and the date you found the card, to:
Harrogate Card Centre Card Rewards Section PO Box 700 Central House Otley Road Harrogate HG3 1XH Card Number Name
Authorising payments
This section deals with authorising payments when the card is present.
If it’s not, please see Card Not Present Transactions on page 15.
Authorisation is a way of checking the card hasn’t been reported lost or stolen, and that there is enough money in the account to cover the payment. Authorisation does not guarantee payment.
Suspicious transactions
If you’re suspicious about a transaction, you can make a ‘Code 10’ call to the Authorisation Centre. They will tell you what to do.
A ‘Code 10’ call is an extra security check in case you become suspicious about the card, the cardholder or the circumstances of the sale. You can make this call at any time during a transaction, even if the card has gone through the keypad and been authorised. However, even if this call leads to authorisation, the payment is still not guaranteed.
How to make a ‘Code 10’ call
If you become suspicious after a payment has completed on the keypad, call the Authorisation Centre immediately on 08457 60 05 00.
Enter your Merchant Number when requested. Then select the option for ‘Code 10’. The operator who answers will be aware this is a ‘Code 10’ call. You will need to inform them that no authorisation code is required. Follow the operator’s instructions.
If the sale is approved, no further action is required.
If the sale is declined, the operator will tell you how to reverse the transaction.
If the Authorisation Centre asks you to retain the card
Explain politely to the cardholder that the card issuer has asked you to hold onto the card. Your company policy should provide guidance on whether to detain the cardholder or call the police.
NEVER PUT YOURSELF, ANOTHER MEMBER OF STAFF, OR A MEMBER OF THE PUBLIC AT RISK.
Even if the Authorisation Centre does not ask you to retain the card, you may decide that a card or a transaction is suspicious. For example, you may have identified it as counterfeit. (See Recognising different cards on page 27.) There may be a reward for recovering a card that is being misused. See Reducing fraud on page 19.
Changing a transaction between authorisation and processing
Sometimes, you need to alter a transaction after it’s authorised. For example, the cardholder may change their mind about their purchase.
If so, you can cancel the sale on your keypad by tapping the Void button on the WorldPay Zinc App. It will make the adjustments automatically. But this may take a few days to appear on the cardholder’s statement. Refer to the Void section in the WorldPay Zinc User Guide for further information.
You only need to process a refund if the payment itself has already been processed. See Refunds on page 14.
Split transactions
Do not allow customers to split the sale into two amounts on one card, or between different cards, to avoid having to get authorisation for the full amount. You can only split a payment between the card and another form of payment, like cash or cheque.
Keypad problems
If there’s no mobile or wifi coverage where you are, you can’t use your
Chip & PIN keypad or the WorldPay Zinc app. You’ll need to ask for a
different form of payment.
If you’re having any other problems with your keypad, please see your User Guide.
Refunds
If you refund a card payment, the amount is returned to the
cardholder’s card account. A corresponding debit is made to your
nominated bank account.
You must only refund a payment to the card used for the original payment. You can either make refunds through the WorldPay Zinc app or process a refund through ‘My Account’. Log in to your account and select the payment you need to refund.
Before making a refund
Never make a refund if there was no original payment made on the card. If you do, we may withdraw your WorldPay Zinc processing facility.
• Check that the cardholder has given you the card used for the original payment. The last four digits should match those on the card receipt. If they don’t, ask for the original card.
• Never give a cash or cheque refund for a card payment. Fraudsters often try to get cash this way. (See Reducing fraud on page 19.)
• Check that the refund is exactly the same as the original payment – or less. ‘My Account’ will not allow you to refund more than the original payment.
• If the customer has a replacement card, the card number may have changed. If so, check that the start date on the new card is after the purchase date. Then call our Helpdesk on 0330 333 3601.
• If the card has expired, you should still make the refund to it. Explain to the cardholder that they need to contact their card issuer to make sure they receive the funds.
• Your keypad can only process transactions up to £5,000. This includes refunds. If you attempt to refund over £5,000, it will be automatically declined.
Note: if you make a refund to any card other than the one that made the original payment, you may get a ‘chargeback’. See Disputed payments and chargebacks on page 23.
Making a refund
For details of how to make a refund using ‘My Account’ and through the WorldPay Zinc app, please see your User Guide.
Card not present
transactions (CNP)
These are transactions where the card and cardholder are not physically
with you. Like mail order or telephone order payments, for example.
This option provides flexibility both for you and your customers. However, these transactions are not guaranteed and pose a greater risk of fraud. It is entirely at your risk if you accept CNP transactions. For more details about reducing the risk of fraud with these payments, please see Reducing Fraud on page 19. Card not present transactions include taking payments using the manual payment facility on My Account as well as the Pay by Link option (if available).
You can accept:
• MasterCard
• Debit MasterCard
• Visa
Maestro cards issued in the UK as well as international cards cannot be accepted through the CNP facility or the Pay by Link option (if available).
Reduce the risk of fraud
Most CNP transactions are genuine. However, they are relatively anonymous. You don’t see the card or the customer. So it can be seen as a less risky way to attempt fraud. Fraudsters may want to obtain goods they can sell on for cash. Others will ‘test’ a card to see if it will be authorised.
If a CNP transaction is disputed, it’s very difficult to prove that the real cardholder ordered the goods. To reduce the risk of fraud and financial loss, make sure you always follow the correct procedures.
Get the right cardholder details
To process a CNP payment, you need the cardholder’s:
• Card number: the long number across the centre of the card
• Name as it appears on the card, including any initials
• Card expiry date
• Card Security Code (CSC): the three-digit code on the end of the signature strip (or in a separate white box
next to the signature strip)
• Full postal or billing address, including post code, as it appears on the cardholder’s statement
Do not write down the customer’s card details. Type the details directly into the CNP facility on My Account.
For more details, see Recognising different cards on page 26.
You may have a limited returns policy, such as no refunds. If so, you must make this clear before asking for payment. To avoid disputes, we recommend you ask cardholders to agree to your terms, in writing if possible, before completing the transaction.
Never ask for a customer’s PIN
• Visa Debit
In addition, to make CNP transactions you need to enter both of the following:
1. Card Security Code (CSC)
This is the three-digit code at the end of the signature strip, or in a separate white box next to the signature strip. Never write down or record the CSC. It must only be used for one transaction. (See Recognising different cards on page 26.)
2. Billing Address
The cardholder’s registered billing address that they have with the card issuer.
Authorising Card Not Present transactions
You must get authorisation for all Card Not Present (CNP) transactions, usually this happens automatically however, if authorisation cannot be obtained the payment will be declined and you will need to obtain payment by other means.
The fact that a transaction has been authorised does not guarantee payment. Authorisation simply means the card has not been reported lost or stolen, and there are sufficient funds available at the time of the transaction. Authorisation cannot always validate the given address. Consider making additional checks as appropriate.
Protect your business
Most CNP sales are genuine. But as the card and cardholder are not present, the risk of fraud is greater. So please follow all the processes in this section.
It is entirely at your own risk if you accept CNP transactions.
These additional keypad checks cannot confirm cardholder names. If you’re at all unsure about the transaction, please take additional steps to do so. (See Reducing Fraud on page 19).
Delivery, documents and record-keeping
Goods ordered by CNP must be delivered to the person who ordered them. Do not release them to third parties, including relatives or taxi drivers.
Make sure the cardholder signs for the goods on delivery. This is important evidence if there’s a dispute later. Always send these documents to the cardholder with your delivery:
• Sales invoice, to support the transaction
• Cardholder’s copy of the payment receipt
If a cardholder wants to collect their goods, they must come to your premises in person and produce their card. In this case, cancel or refund any previously completed CNP transaction, then process a new Card Present (CP) payment. Follow the prompts on your keypad. (See Card Present Transactions on page 8.)
Pay by Link
Pay by Link is an easy and flexible way to request payments from your customers. If this option is available WorldPay Zinc will provide a payment page so all you need to do is send your customer a unique URL via email or SMS. If this option is available Pay by Link may be used through the WorldPay Zinc mobile app or through the online portal, My Account. Pay by Link is considered a card not present transaction because you are not physically with the customer at the time of payment and do not see their card.
Your customer will be sent an unique URL which allows them to enter their credit/debit card and address details on the WorldPay Zinc payment page. The URL link will expire after 5 days. If this happens simply login to the WorldPay Zinc app and issue a new link. Once your customer has filled out their details for the payment they will have the option to request a receipt via email or SMS. You will receive an email once your customer has complet-ed the payment or if the link has expircomplet-ed. Please refer to the User Guide for your type of device for more
Reconciling your invoice
You get a monthly invoice from us. Check regularly that your monthly WorldPay
Zinc invoice matches the funds reaching your bank account. If you notice any
discrepancies, please contact the WorldPay Zinc Helpdesk immediately.
It is your responsibility to reconcile all debits and credits made by WorldPay to your bank account. If you need any help from us to reconcile complex queries, we may need to make an additional charge. We may not be able to resolve any issues over 12 months old.
Settlement of funds
Card payments processed on your keypad should usually reach your nominated bank account within four working days. The exact time depends on where you bank.
Understanding your bank statement
Here’s a typical line on your bank statement, showing transactions on your keypad.A: Payments from us show in this format: ‘WORLDPAY’.
B: The date is shown as DDMM. This example shows 24th January as 2401. This is the transaction date – not the processing date. The processing date is usually later. This is shown on your monthly paper invoice.
C: The amount is the total of the day’s card transactions taken on your keypad (£115.75 here).
Transaction and processed dates
The batch totals section of your invoice shows the dates when we processed the transactions. Not the dates of the transactions themselves. The processed date is usually the day after the transaction. This means transactions you took at the end of one month can sometimes appear on the next month’s invoice.
Understanding your invoice
Our chargesA: Charges on card payments are worked out as a
percentage of the total transaction amount. Refunds are charged on a pence per item basis.
B: We may also make charges for other products and services you’ve used. We’ll itemise these if so.
A B C High Street Shopping Cinema WORLDPAY 2401 Travel Supermarket A Sample 100 Any Street Anytown AN Y1
Current account No: 12345678
105.00 55.00 54.60 115.75 40.00 70.00
Adjusting batch totals
We’ll advise you separately about any adjustment to your batch totals.
Postal problems
If there is a problem with the post, your invoice may be delayed. We’ll get it to you as soon as we can.
If this happens, we recommend you log in to your My Account to see the transactions that will be on the invoice. Postal problems can also delay our letters to you. But chargebacks and fees will still be debited from
your account as usual.
My Account reporting
You can see details of all your transactions any time by logging into My Account at worldpayzinc.com.
How and when to pay
You don’t need to make a payment when you receive our invoice. The amount due is taken by Direct Debit from your bank account (A), on or after the date shown (B).
You must let us know if you change your account, bank or branch. (See Contacting us on page 04.) We’ll cancel your old Direct Debit and send you a new mandate to fill in.
A B
Reducing fraud
Card fraud is increasingly sophisticated. Unless you’re vigilant, your business
can suffer financial losses. In this section, we’ve given some useful tips to help
reduce your risk of losing money through fraud.
Always remember:
• Follow all the prompts on your keypad.
• Stay alert. If you’re suspicious of a card or the person presenting it, make a ‘Code 10’ call. (See Authorising payments on page 12.) Follow the operator’s instructions.
• If you’re suspicious, be discreet. Never take risks with anyone’s safety.
• Never let anyone else use your account to authorise or process card transactions. This would breach your terms and conditions, you may not receive payment of the funds, and you could lose your WorldPay Zinc facility. You would also be liable for any fraud losses or chargebacks, despite the fact you processed
transactions on behalf of someone else.
• Always keep your keypad in sight during a transaction. Take it back from the cardholder as soon as they’ve entered their PIN.
Authorisation does not guarantee payment. It just means the card has not been reported lost or stolen, and there are sufficient funds available at the time of the payment. (See Authorising payments on page 12.)
Training your staff
Your staff are the front line of defence against card fraud. Alert, well-trained people can significantly reduce the risk of financial losses.
If you or your staff enable fraud through carelessness, you could lose money. We may even stop processing card payments for you.
Please make sure your staff read this guide carefully. They must also read any other fraud prevention publications we send you.
Withholding payments
If we’re suspicious about a transaction you have processed, or believe that a transaction may be fraudulent, we may withhold payment while we investigate.
If so, we’ll keep you informed by letter and/or telephone throughout the investigation. There is no set time limit for an investigation. Once it is concluded and it has been agreed the money can be paid to you, it will be credited to your account.
Card Present (CP) transactions
If the cardholder is with you for the transaction, be aware of their behaviour. Anything that seems out of the ordinary, or just doesn’t feel right, could be a sign of potential fraud. Trust your instincts. Don’t process a transaction if you are suspicious.
Take extra care with signatures
Nearly all cards in the UK now use Chip & PIN. But some need to be verified using a signature, rather than a PIN. Understanding these cards and their security features will help you spot potential fraud. Take extra care when accepting these transactions. You could be financially liable if a transaction is confirmed as invalid or fraudulent. You can accept:
• Chip and signature cards. Only use a signature to verify a transaction in exceptional cases. For example, if the customer has a card issued overseas, or an impairment that means they need to sign. Your keypad will prompt you to ask for a signature. Never accept a signature just because the customer doesn’t know their PIN. • Magnetic stripe and signature cards. These will mostly be cards from countries that haven’t yet upgraded to Chip & PIN.
Checking for fraud with signatures
If you’re using a signature as verification, take extra security precautions:
• Check the security features of the card. (See Recognising different cards on page 26.) • Check the cardholder’s signature matches that on the back of the card.
• If possible, check that the spelling on the card is the same as the signature. Sometimes fraudsters don’t spell the name correctly.
• Check the title on the card (Mr, Mrs, etc) matches the gender of the cardholder.
• Check the signature strip for tampering. Has another strip been placed over the original one? If the word ‘void’ appears on the strip, this could mean the genuine signature has been removed and replaced. • If you have an ultraviolet (UV) lamp, put the card under it and check the appropriate security feature. (See Recognising different cards on page 26.)
For more details, see Verifying by signature on page 9.
If the Authorisation Centre asks you to retain the card
Explain politely to the cardholder that the card issuer has asked you to hold onto the card. Your company policy should provide guidance on whether to detain the cardholder or call the police.
NEVER PUT YOURSELF, ANOTHER MEMBER OF STAFF, OR A MEMBER OF THE PUBLIC AT RISK.
Even if the Authorisation Centre does not ask you to retain the card, you may decide that a card or a transaction is suspicious. For example, you may have identified it as counterfeit. (See Recognising different cards on page 26.) There may be a reward for recovering a card that is being misused.
Preserving evidence
Cards used fraudulently are evidence of crime. Please treat them with care. This will make it easier for the Police to catch and prosecute the thieves.
Please check that these instructions are in line with your business policy. If you are responsible for business policy, consider incorporating this advice into staff training. If your staff do encounter criminals it’s better, and less stressful, if they are prepared, and can follow an agreed process.
Preserve the card
• Don’t cut the card in half.
• Handle it by the edges to preserve fingerprints. Avoid unnecessary contact with the front and back of the card. Cut off the bottom left-hand corner, as shown in the diagram.
• Don’t damage any other part of the card. Handle it as little as possible. Place it in a plastic bag or envelope until you can give it to the Police.
Card Number Name
Keep the receipt
• Keep the best copy possible
• Don’t pin or staple anything to it. Put it in the same envelope or bag as the card, until you give both to the Police. Keep the video/CCTV
• If you have video surveillance system, keep the tape. Give it to the Police. • Keep a copy if you can.
Write a description of the card presenter
• Write down all the details you can immediately, while they’re fresh in your memory.
• Think about any unique features such as accent, scars, tattoos and body language. Not just the clothes they were wearing.
Involving the Police
If your business policy requires you to call the Police, they may ask for the card. You should: • Allow the Officer to take it
• Take a note of the Officer’s name, number and station • Obtain the Crime Reference Number
• Get a receipt and keep it safe. It may enable you to claim a reward • Tell the Authorisation Centre
Rewards
There may be a reward for cards you hold on to when asked by the Authorisation Centre. Cut off the bottom left hand corner (see diagram), and send them to:
Harrogate Card Centre Card Rewards Section PO Box 700
Central House Otley Road Harrogate HG3 1XH
Along with the card pieces, please provide the following information: • The name and address of your business
• Your Merchant Number and telephone contact details • The date on which you kept the card
• The name on the card
• The card number (the long number across the middle) • Details of the person who should get any reward.
If the Police have taken the card as evidence, include the Officer’s details in the above list. Also include the date you reported the fraud, and the Crime Reference Number. Keep a copy of these details.
Our Cards Reward booklet (SMS 3401) explains how to return a retained card. To order a copy, just call our Helpdesk.
Card Number Name
Take extra care before you process CNP payments. It is entirely at your own risk if you accept CNP transactions. You will be financially liable if a transaction is confirmed as invalid or fraudulent.
Fraud warning signs
Get to know the warning signs, and make sure your staff know them too. Sometimes the first sign of fraud can just be a general feeling that something isn’t quite right. Trust your instincts. Don’t send out any goods until you’ve carried out further checks.
Look out for:
• Multiple or bulk orders. Customers buying lots of the same item, either in the same transaction or separately.
• First-time customers placing multiple orders. The risk of fraud is smaller when dealing with customers you know.
• High-value orders. Orders larger than normal may indicate fraud. Fraudsters often target high-value items like jewellery or electrical goods. These are easy to re-sell. So take extra care if you’re selling these sorts of items.
• Hesitant customers. If someone seems uncertain about personal information like their postcode, or how to spell their street name, they could be using a false identity. Also watch out for customers being prompted when giving the requested information.
• Same name, but different title (Mr, Mrs, etc). Could your customer be using a relative’s card?
• Sales that are too easy. Be wary of customers who aren’t interested in prices and/or detailed descriptions, only delivery times.
• Suspicious card combinations such as:
• Transactions on several cards with the same billing address, but different shipping addresses
• Multiple transactions on a single card over a very short period
• Multiple cards beginning with the same first six digits, offered immediately after previous cards are declined.
• Multiple different cards offered one after another without hesitation, when previous cards are declined
• Orders shipped to a single address, but purchased with various cards.
• Requests for urgent delivery. This could be genuine, but rush orders are common when fraudsters want to re-sell goods before the card is reported stolen.
• Overseas shipping address. Take care when shipping overseas, especially to a new customer or for a very large order.
• Different shipping address. There are many legitimate reasons for the billing and shipping addresses to differ. (For example, when sending a gift.) But requests to send goods to hotels, guest houses or PO boxes are often associated with fraud.
• Duplicate shipping address. Be cautious if the same shipping address has been used for other, similar orders before.
• Requests to send funds abroad. Typically, requests for a money transfer or other payment method to pay for couriers, interpreters or other similar services. For example, you might get a request to take a payment greater than the value of the goods/services being purchased, where the customer requests the surplus funds to be sent overseas or to another bank.
Delivery
You should have your own policies for reducing fraud associated with deliveries. But these suggestions could also help:
• Make sure goods are delivered to the billing address, preferably inside your customer’s premises, and to the person set out in the order.
• Make sure the cardholder signs for the goods on delivery. This is important evidence if there’s a dispute later.
• Don’t release goods to third parties, such as the cardholder’s friends or relatives, taxi drivers, messengers, and so on.
If your own staff make the delivery, think about taking your keypad along. Then you can take a Card Present transaction on delivery.
If a cardholder changes their mind and wants to collect their goods, they should come to your premises in person and produce their card. In this case, cancel or refund any previously completed CNP transaction, then process a new Card Present (CP) payment. Follow the prompts on your keypad. (See Card Present Transactions on page 8.)
Disputed payments
and chargebacks
Sometimes, transactions are disputed by the cardholder or the issuing bank.
If so, we may contact you to ask for more information.
Depending on the nature of the dispute, we may send a Request for Information (RFI) letter or a ‘chargeback’ letter. A chargeback means the transaction is reversed and your account is debited.
Common reasons for chargebacks:
• The cardholder didn’t authorise the payment
• The goods or services were not delivered or provided
• Faulty goods
• Goods delivered but are not as they were described
If you can’t provide the information requested, in the timescales specified, we will not be able to remedy the dispute. In which case an RFI letter may turn into a chargeback.
Request for Information (RFI)
If a card issuer or cardholder asks us for details about a specific transaction, we’ll send you an RFI letter. This is a request for the relevant transaction records.
• A card issuer does not need a specific reason to ask about a transaction.
• We’ll give you as much information as we can to help you trace the payment. This will include the transaction date, card number and transaction reference. We are unable to give the cardholder’s name and address.
If you get an RFI letter
Please send us the information we need as soon as possible. You’ll have a set time to reply. It’s essential you respond by the date given, or within the specified timescale.
• We set the timescale to make sure there’s time to respond to the card issuer within the timescales set by the Card Schemes. This means we can’t give you extra time.
• If you don’t respond, or respond late, you may get a chargeback debit on your account.
What to put in your response
The more information you give us in response to an RFI letter, the more likely it is that we can answer the card issuer’s query or defend your position. However, producing all the documentation you are asked for doesn’t always prevent a chargeback.
You should provide:
• A copy of the invoice for the goods or services provided
• Any documents signed by the cardholder
• Any terms and conditions issued at the time of the sale and evidence that these were provided prior to the transaction being completed.
• Evidence of delivery (if applicable), which should be signed by the cardholder.
• The rental agreement, for rentals.
• If it’s a refund, a printout of the refund receipt from ‘My Account’.
Transaction documentation should include:
• Card number: the 12-to-19 digit number across the centre of the card
• The cardholder’s signature (unless the transaction was verified by PIN). This includes face-to-face, post and fax transactions
• Transaction amount
• Transaction date
• Card expiry date
• Cardholder name and address (generally for CNP transactions)
• Your trading name and location
• Description of goods/services provided
If the cardholder contacts you
You and the cardholder may agree to a refund. But this usually happens before a chargeback is raised. In such cases, please follow the process in Refunds, on page 14.
If you want to make a refund after getting a chargeback or RFI letter, please contact the WorldPay Zinc Helpdesk first. We still need to contact the card issuer. Do not refund the cardholder until you have contacted us.
Secure record keeping
Receipts and other transaction records are high-security items. You should restrict access to them. If you print any transaction records, please keep copies in a secure, fireproof place for at least 18 months, in case there’s a query later. Your records should be stored in such a way that you can locate them easily without cardholder name or addresses, in line with the UK Data Protection Act. If you can’t produce receipts or transaction records when asked to, you may be liable for a chargeback.
Do not alter transaction records in any way. If there is a dispute, the cardholder’s copy is normally taken as correct. After 18 months, make sure you dispose of all transaction records securely.
If you get a chargeback
A chargeback is a claim on your account to reverse a transaction you’ve processed. If this happens, we’ll write to you explaining why.
You may sometimes get a chargeback without an RFI. This can happen when it’s clear you haven’t followed the right process and there is therefore no way to defend the chargeback. For example, if you take a payment without obtaining a valid authorisation code when required. It can also happen when, depending on the chargeback and the type of transaction, there can be no further recourse to, or defence against, the card issuer.
Where there is a valid chargeback, WorldPay will debit your nominated bank account with the value of the disputed transaction. We’ll quote the same unique reference number as the chargeback letter. Your account will be debited within 14 days of the date on the chargeback letter.
You are responsible for making sure you have sufficient funds in your nominated bank account. If you don’t, you could lose your WorldPay Zinc facility.
Reasons for chargebacks
This is not a complete list, but covers some of the most common reasons for chargebacks. If you’re not sure about the reason for a chargeback, please call our Helpdesk and choose the chargebacks option.
Disputed payments
• The cardholder claims someone was using the card without his or her knowledge. It could have been stolen and used.
• There is a processing error, such as the wrong card number or wrong amount
• The cardholder disputes some other aspect of the transaction, such as late delivery, unsatisfactory goods or services, or the wrong size/colour/price. (See Goods and services disputes, below.)
Incorrect or suspect card details
• The card is not valid. For example, if it is out of date. • Wrong signature or no signature
• Details on the transaction receipt don’t match the embossed details on the card. Wrong process
• The customer has been billed twice for the same sale • You didn’t get the required authorisation
• You made an authorisation call, but the sale was not authorised
• Two or more ‘split sale’ transactions were made on one card for one sale, to avoid authorisation or referral. • The transaction was not correctly authorised
Your response to an RFI
• You didn’t reply to an RFI letter within the given timescales
• You replied to an RFI letter with illegible or incomplete documentation Service issues, or changes to specification
• You didn’t confirm with the cardholder that a service has been completed to their satisfaction • You changed your price or specification, but didn’t get the cardholder’s signature in agreement Other problems
• In some other way you have gone outside your WorldPay Zinc contract.
Goods and services disputes
These disputes can be difficult to defend. If a customer contacts you with a dispute, make sure you keep accurate records of what is discussed or agreed. Where possible, ask the customer to put the complaint or query in writing (this can be an email). Also ask them to confirm in writing any resolution you agree. Proving the content of a telephone conversation later on is virtually impossible. Card Schemes do not accept recordings of telephone conversations as evidence.
A cardholder does not always have to physically return the goods for a chargeback to be valid. MasterCard dispute resolution rules allow for goods to be ‘tendered’ for return. That means the cardholder only has to offer them for return.
Postal problems
Postal problems can also delay our letters to you. We will do what we can to get them to you. But even so, any chargebacks will still be debited from your account as usual.
Disputing a chargeback
To dispute a chargeback applied to your account, you’ll need to provide information that proves the transaction was authentic. WorldPay will consider any such information. But your account will only be credited if your evidence meets the rules set by the Card Schemes.
Even if you correctly followed and documented all the right procedures, that doesn’t guarantee your dispute will succeed. But our technology is designed to ensure that chargeback enquires are resolved efficiently, with minimum disruption to your business.
Recognising different cards
As more cards come into the marketplace, you’ll be presented with other cards of various shapes, sizes and colours. As long as you make sure all the security features are present, including those specific to the individual Card Schemes, you can accept the card for payment.
You must ensure that all your staff know the process for accepting card payments. They should be familiar with the security features too, and always follow the prompts on your keypad.
Non-Chip & PIN cards
Sometimes you may be presented with a chip-and-signature, or swipe-and-signature card. You must accept these cards, as long as you verify the card and make sure it has all the security features explained in this section, including those specific to the individual Card Schemes.
Key security features
If you have any concerns about a card, these are the key card security details to check.
Not all cards are embossed, or have a full account number or cardholder name. But all valid cards will have:
• A card logo (examples below)
• A hologram (examples below)
• An ultraviolet image
• A Card Security Code (CSC). This is the three-digit code at the end of the signature strip or in a separate white box next to it.
Examples of MasterCard cards
Most of the cards you’ll see will be processed as Chip & PIN. You don’t need
to look at these cards. In other cases, though, you will need to verify that the
signature on the receipt matches that on the card.
ANOTHER
VALI D
FROM EXPIR EE NDS
THIS IS NOT A CHEQUE GUARANTEE CARD
AUTHORISED S IGN ATUR E
3456 567
123 4
1. Chip
2. Primary Account Number (PAN) 3. First four digits repeated 4. Card holder name
5. Expiry date, valid from date if shown
6. Card scheme logo 7. Hologram 8. Signature strip 9. Card Security Code (CSC)
1 2 3
4 7 8 9
Card Front Card Rear
Examples of Visa cards
What to look out for
Chip
If there is a chip, check it for damage.
Card number
The card number (the long number on the front) should be clear, even and in line. On MasterCard cards, it always begins with a ‘5’ or ‘6’. On Visa cards, it always begins with a ‘4’.
The first four digits of the card number will also be laser printed on the front of the card, below the embossed details. They should be identical to the embossed details. (Look for smaller type, above or below the beginning of the long embossed number).
The last four digits of the card number must match the: • Last four digits on your keypad receipt
• Number on the reverse on the signature strip, if there is one
The cardholder’s title (Mr, Mrs, etc) and name should be clear, even and in line. Embossed cards must have either a cardholder name, or a description such as ‘club member’ or ‘gift card’, etc.
Not all flat-printed cards have a cardholder name or description. Check that the title and name on the card match the gender of the person presenting it.
26 ANOTHER
VALI D
FROM EXPIR EE NDS
THIS IS NOT A CHEQUE GUARANTEE CARD
AUTHORISED S IGN ATUR E
3456 567
123 4
1. Chip
2. Primary Account Number (PAN) 3. First four digits repeated 4. Card holder name
5. Expiry date, valid from date if shown
6. Contactless indicator 7. Card scheme logo 8. Hologram 9. Signature strip
10. Card Security Code (CSC) 1
2 3
4 8 9 10
Card Front Card Rear
5 6 7
Visa payWav e
Card scheme logo
The Visa, Maestro or MasterCard logo will be on the front of the card.
Examples of card logos
Holograms
These may be on the front or back of the card. They are 3D images that should move when the card is tilted. If the Visa logo has been placed on the back of the card, the hologram will usually be a miniature version.
Examples of card holograms
The most common current holograms are:
• MasterCard: the world / globe
• Visa: a dove, which appears to fly
• Maestro (UK): William Shakespeare’s head
• Visa Electron: a flying dove – but not all these cards have a hologram.
Examples of UV images
If you have an ultraviolet lamp, place the card under it and check for the appropriate mark. (Some Visa Electron cards do not have UV features.)
On a Visa card with the new logo, the UV image appears within the logo (as below). The word ‘Visa’ is also repeated on the signature strip, and will show up under a UV lamp.
Signature strip
This should not stand proud of the card. It will have either ‘MasterCard’ or ‘Visa’ printed on it. Either the full card number, or its last four digits, should be printed in reverse italic text on the signature strip. If you’re verifying a transaction by signature, make sure the cardholder’s signature on the receipt matches the one on the card.
Card Security Code (CSC)
This is always on the reverse of the card, either on the signature strip or in a white box to the side of the signature strip.
Combination cards
These cards let cardholders choose how they pay – for example, by debit or credit account. The cardholder will choose their preferred function when they offer the card. Combination cards look very like regular Visa and MasterCard cards, but can have:
• Two card numbers, one of which is printed on the back of the card
• Two three-digit security codes
• A description of the different functions, for example near the Visa logo
Processing a combination card is the same as for any other card. The only difference is the keypad will prompt the cardholder to choose which function they want to use.
Terminology
| A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z |
A
Acquirer – A financial institution that provides facilities for businesses to accept payments by cards, and receive these funds. Also known as ‘card acquirer’ or ‘card processor’.
Authorisation – The process whereby a transaction for a specified amount is approved or declined by a card issuer, or an acquirer on their behalf.
Authorisation confirms that the card number is valid, that the card has not been reported lost or stolen, and that funds were available in the account at the time of the transaction. It does not confirm the authenticity of the card presenter or the card, or guarantee settlement of the transaction.
Authorisation Call – A telephone call made from a point of sale to obtain authorisation for a transaction. Authorisation Code – A code (which must not be all zeros) generated by a card issuer or acquirer when an authorisation request is approved.
B
Batch Totals – On your monthly invoice, these show the dates the transactions were processed by WorldPay Zinc, NOT the actual dates of the transactions.
C
Card Acquirer – A financial institution that provides facilities for businesses to accept payments by cards, and receive these funds. Also known as an ‘acquirer’.
Card Issuer – An organisation that issues a payment card to a cardholder.
Card Not Present Transactions – Mail order and telephone order transactions where the card and cardholder are not present with the merchant during the transaction.
Card Number – The long number across the front of a credit or debit card.
Card Present Transactions – Card payments processed when the card and cardholder are present with the merchant during the transaction.
Card Processing Facility – The Contract between WorldPay and a merchant.
Card Schemes – Independent organisations which have set up systems for issuing and accepting card payments worldwide. Some, such as Visa and MasterCard, use local financial institutions as agents.
Card Security Code (CSC) – A three-digit code at the end of the signature strip, or in a separate white box next to the signature strip on a card. Never record the CSC – it must only be used for one transaction.
Card Testing – When a fraudster places an order over the phone to check if the card details they have will be authorised.
Cardholder Data – The data obtained as part of a paying transaction, including: • PAN/credit card number
• Cardholder’s name • Expiry date • Service Code
• Sensitive authentication data
Chargeback – When a card issuer charges part or all of the value of a transaction back to a merchant via their ac-quirer. For example, when a transaction is disputed because it’s proven to be fraudulent, or because the merchant has not followed the correct procedures. A chargeback reverses the transaction, and your account is debited.
Chip & PIN – A method of card/cardholder verification and authentication for transactions where the cardholder and card are present at the time of the transaction.
The chip (silver or gold coloured square on the front left side of the card) is embedded into a card to provide highly secure memory and processing capabilities. It holds the same personal data as the magnetic stripe, as well as providing extra security features to safeguard against counterfeiting.
The PIN is a four-digit number that the cardholder enters on the keypad instead of signing a card receipt. Liability for counterfeit card transactions and lost and stolen card fraud rests with the party in any transaction who is not Chip & PIN compliant. Where all parties are compliant, counterfeit transactions are reduced significantly, and there will be no recourse by the cardholder saying they did not authorise the transaction.
Chip & PIN is the standard way for cardholders to pay with a card during Card Present transactions. The cardholder inserts their card into the keypad and enters their four-digit PIN.
‘Code 10’ Call – A call to the Authorisation Centre if you are suspicious about a card or cardholder during a Card Present transaction.
Compromise – Intrusion or access into records where unauthorised disclosure, modification or destruction of cardholder data is suspected.
Contract – Your formal agreement with WorldPay.
Credit Card – A payment card linked to an account which may be settled in full by a set date, or repaid over a period of time, subject to minimum monthly repayments. Interest will normally be charged on any outstanding balance.
D
Data Controller – The Information Commissioner’s Office (ICO) website defines this role as: ‘...a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.’
Debit card – A card that enables a customer to transfer money from a current account or other similar account to make a payment. Examples include Maestro (UK and non-UK), Debit MasterCard and Visa Debit.
Forensic Investigation – Investigation carried out under scientific procedures, with or without police involvement. This can involve removal of computer equipment and data storage from your premises.
M
Magnetic Strip Data (Track Data) – Data encoded in the magnetic strip used for authorisation during transactions when the card is presented. For Chip & PIN transactions, the keypad uses equivalent data to authorise. This data should not be retained by the merchant. (See also ‘Track Data’.)
Management Information (MI) – Reports and analysis for monitoring your transaction processing and charges. (This is your My Account.)
Merchant – A business that accepts cards and provides goods and/or services (and possibly other facilities) to cardholders.
Merchant Number – The unique number we provide when you sign a contract with us. It identifies your business on our systems. Also known as the ‘Merchant Identification Number (MID)’ or ‘Merchant ID’.
Merchant Operating Instructions – The instructions in this guide.
P
Payment Card – A generic term for any plastic card (credit, debit, charge, etc) which may be used on its own to pay for goods and services, or to withdraw cash.
Payment Card Industry Data Security Standard (PCI DSS) – A compliance requirement aiming to ensure that cardholder information is always stored, processed and transmitted securely.
Payment Card Industry Standards Council (PCI SSC) – An organisation founded by five global payment brands – American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Personal Identification Number (PIN) – A set of usually four digits used to authenticate chip card transactions at the point of sale. Also used to verify cash withdrawals and instructions initiated by a payment card through a customer-activated device, such as an ATM.
PIN Block – When a cardholder enters their PIN, the information is first encoded into a plain-text ‘PIN block’. This is derived from the PIN length, the PIN digits and a portion of the primary account number (PAN). The plain text ‘PIN block’ is then encrypted using a standard algorithm. This is used to verify the card.
Primary Account Number (PAN) – The cardholder number of up to 19 digits, which is encoded on the card’s magnetic stripe and usually (but not always) embossed on the front of the card.
Q
Qualified Security Assessor (QSA) – Organisations trained on PCI DSS by the PCI Security Standards Council. They can confirm a merchant’s compliance status or offer support in reaching compliance. The PCI Security Standards Council maintains a list of everyone qualified to assess your systems and processes. For a list, see www.pcisecuritystandards.org.
R
Reconciliation – Comparing the business you undertake using the WorldPay Zinc service with that recorded by WorldPay Zinc and credited to your bank account.
