Merchant Agreement

and Card Acceptance

Operating Guide
 Contents
1. Introduction 4
Basic rules 4
Recordkeeping 4
Banking procedures 4

2. Before you accept card payments 5

How to verify the card? 5
Commercial cards 5
How to guard against fraud 5

3. Accepting Card-Present (CP) transactions 8

Chip and PIN enabled cards 8
Contactless transactions 8
Chip and signature cards 8

4. Accepting Card-Not-Present (CNP) transactions 8

Card Security Code (CSC) 8
Address Verification Service (AVS) 9
Authorisation responses 9
E-commerce transactions 10
Preauthorisations 13
Referrals 13

5. Purchases with cashback 14

6. Refunds 14

7. Paper vouchers 14
Completing a sales/Refund voucher 14
Preparing/Submitting vouchers for submission 15

8. Exceptional procedures 15
Can I pass charges to my customer? 15
Split sales and transactions 15
Terminal fallback 16

2 Operating Guide
 9. Chargebacks 16
Common causes of chargebacks 17
Retrieval requests 17
Chargeback reversal procedure 17

10. Other services 18

Vehicle rental services 18
Hotels, lodging and accommodations 19
Dynamic Currency Conversion (DCC) 23
Multicurrency and cross-border transaction acceptance 23
Payment of debt 23

11. Payment Card Industry Data Security Standard (PCI DSS) 24

Becoming PCI compliant 24
Implications of not complying with PCI DSS 24
Third-party obligations 24
Secure data storage 24
Demonstrating compliance with PCI DSS 25

12. Keeping your Point-Of-Sale (POS) device safe 25

Positioning your POS device 26

13. Qualifying/Non-Qualifying transactions 26

Processing method – Transactions taken exclusively in a face-to-face environment 26
Processing method – Transactions taken in a face-to-face environment and/or
Mail and Telephone Order 26
Processing method – Transactions taken in an E-commerce environment 26

14. Voicing your concerns 26

15. Useful contact information 27

16. Changes to your business 27

Operating Guide 3
1. Introduction • Manually key a payment card transaction into a point-of-sale
terminal when the card details have been provided through
Thank you for choosing First Data. This guide forms a part an internet shopping cart
of your Merchant Agreement and contains the procedures
• Process card transactions without the
that need to be followed regarding Card acceptance. Please
cardholder’s permission
remember that all businesses that accept payment by credit
and debit cards must follow the procedures set out by the • Process e-commerce transactions without prior agreement
Card Schemes, First Data as your Acquirer and the Payment and designated e-commerce facility
Card Industry Data Security Standard (PCI DSS). These
• Leave your terminal unattended for example, where
standards exist to protect you and your customers. It is
fraudsters could have easy access
important to follow some basic procedures that are strictly
enforced by the Card Schemes. • Store sensitive card data (see Section 2)

Basic rules Recordkeeping

You must: • A card transaction is only completed on the final delivery of
• Clearly display card acceptance logos for your customers to goods or services
see, for example, Visa, Mastercard and Diners • Sale and refund receipts should be stored in a secure area
• Only accept the card types that you are entitled to take as in accordance with the PCI DSS (see Section 12)
specified in your Merchant Agreement • Store only the portion of the customer’s account
• Ensure surcharges added to card payments are displayed information that is essential, for example, name, account
to the cardholder and be part of the transaction amount number and expiry date
that is cannot be charged separately • You must not store the following under any circumstances:
• Include any taxes in the amount charged on card transactions – Full content of any data from the magnetic stripe or chip
• Provide a sales receipt for the cardholder to confirm the – Card Security Code (CSC) – The three-digits printed on
amount debited from their payment card the signature panel of the card
• Validate your compliance with the PCI DSS (see Section 12) – If requested by us, please supply all sales and refund
• Never process any transactions for goods and services that receipts within fourteen (14) business days
do not directly relate to your Business, as specified in your
Merchant Agreement Banking procedures
• Notify us of any changes to your business (see Section 16) Please follow the end-of-day banking procedures detailed in
• Retain a copy of all sale and refund receipts for 18 months your Terminal User Guide to ensure you receive payment for all
transactions. It is essential that all transactions are submitted
You must not:
for payment within two (2) working days of being accepted.
• Indicate that any Card Scheme endorses your goods
and services Please note that if a transaction is submitted after two
working days, the card issuer may reject the transaction,
• Submit a card transaction that has been previously subject
resulting in it being charged back.
to a chargeback

• Accept card transactions on behalf of third parties

4 Operating Guide
2. Before you accept card payments Please note that some Visa Electron Cards do not have
a hologram. On Visa cards a look for a flying dove;
Your Merchant Agreement with First Data states the card Mastercard look for the globe and Maestro look for
types that you are allowed to accept. It is important that you William Shakespeare’s head.
and your staff understand how to recognise different card
• Card Security Code – Typically located on the back of the
types to reduce fraud risk.
card – on signature panel or the white box next to it”
As the majority of the cards are processed as PIN-verified • Ultraviolet (UV) features – Images under the UV light will
or Contactless, you will not have the sight of the card. show: On Visa – a flying dove; on Mastercard – letters “M”
If signature verification is required, then you will need to and “C” and Diners Club International/Diners – a circle
ensure the signature on the back of the card matches the with a vertical line in the middle. Similarly to the hologram,
signature provided by the cardholder. some Visa Electron and Mastercard Cards issued after
October 2015 do not carry the UV image.
With the development of electronic payment services, there
are a variety of cards available to cardholders. We strongly • Card scheme logo – This should be clear and match the
advise you and your staff to familiarise yourselves with the examples shown below:
examples we have provided below to recognize security
features, such as card logo, hologram, card security code

and so on.

Newly issued cards will have a card type printed on the front Commercial Cards
of the card as debit, credit, commercial or prepaid.
Commercial Cards bring specific benefits to
business-to-business sales transactions. They look like any
How to verify the card? other Visa or Mastercard; although, many have the description
• Chip – Works together with cardholder’s PIN or signature to of the card’s function on the front of the card, for example,
create a more secure payment, look for any visible damage Business Card, Corporate Card and Purchasing Card.

• Card Number – Usually, (but not limited to a) 16-digit long

number on the front of the card that should be clear to read How to guard against fraud
and in line There is a risk that exists with taking all types of transactions.
• Cardholder title and name – Should be clear to read and This section outlines industry best practices that can help
in line. Check that the title printed/embossed on the card you to identify and reduce risk. Remember that the best
matches the gender of the customer presenting the card fraud prevention is well-trained staff. Please ensure that
staff accepting card payments on your behalf have read
• Signature panel – A card should be signed by the
and understand the following procedures. Plus, any fraud
cardholder once received. If transaction is taken in a
prevention documents that we may send you in the future.
way that requires signature verification, ensure that the
This will help reduce financial losses to your business and risk
signature on the back of the card matches the one provided
of chargebacks.
by the customer. Check strip for any visible damages or
evidence of writing over previous signature and so on.
Important – Please note that an authorisation is not
• Expiry date/ Valid from date – Only some cards have valid a guarantee of payment, it only confirms there are
from date, but all should have an expiry date. Ensure that enough funds to pay for the goods and that the card
card is not presented to you after the expiry date and/or has not been blocked at the time of the transaction.
before the valid from date

• Hologram – The 3-D image should move when the card is

tilted and may be located on the front or back of the card

Operating Guide 5
Face-to-Face transactions (Card-Present) • The customer purchases more than one of the same item
Preventing and detecting fraudulent face-to-face (That is, items that may be easily re-sold such as jewellery,
transactions: video equipment, stereo equipment, computer games)

• Chip and PIN are the most secure types of transactions. • A fraudster may present more than one card, often to find
As the cardholder will retain the control of the card when a card that will be successfully authorised. If this happens,
processing the transaction, you are not required to make take particular care and also look out for cards presented,
visual checks of the card. You must, however, follow the issued by the same card issuer, where the card numbers
instructions shown on the terminal are sequential or very similar.

• Despite the fact that nearly all cards in the U.K. are chip Returning wanted or recovered cards
enabled, sometimes you will require the cardholder’s
• Keep the card safely at your premises until the end of
signature as a verification method. Please ensure that the
business on the day when the card was found
person presenting the card is the genuine cardholder and
follow the prompts on your terminal. • If the cardholder returns to claim the card, obtain the
claimant’s signature and compare this signature with that
Checking the Card on the card
• Never key a card number into your terminal if both card and • Only release the card if you are satisfied that the claimant
cardholder are present. This may result in a chargeback is the cardholder
to you.
Card-Not-Present (CNP) transactions – Mail Order
• Verify if the name on the card matches the signature. Telephone Order (MOTO)
Remember to check the condition of the signature
CNP transactions are considered high risk as you cannot
panel; if it looks damaged, it may be because the original
check the card or the customer. Fraudulent CNP transactions
signature has been covered over.
are your liability as they are likely to be charged back to you.
• If possible, check the spelling on the card and sales Written agreement from First Data is needed to take this
voucher transaction type.
• Compare the last 4-digits of the card number to that
Preventing and detecting fraudulent MOTO transactions
printed on the sales receipt. This check will allow you to
identify a cloned card. • Goods relating to a CNP transaction should not be
collected by the cardholder. If the cardholder wishes to
• Check for the special mark on the card using a UV lamp.
collect the goods they must present the card for payment
If you place the card under the lamp, you should see
at the time of collection.
a hologram.
• Never dispatch the goods to anybody other than the
Checking the cardholder cardholder and be wary if the delivery/customer is overseas
• Check if the title on the card matches the customer • Be aware of “social engineering.” Fraudsters may spend
• Does the customer seem nervous or hurried? time building up credibility and then place a large order or
make a request for goods or services outside of your usual
• The customer insists upon taking the goods immediately
trade, such as money transfers.
for example, they are not interested in free delivery
• To prevent MOTO fraud look for:
• The customer takes an unusual amount of time to sign and
refers to the signature on the back of the card – High-value orders that can be easy to resell

• The customer repeatedly returns to make additional orders – First-time customers placing multiple orders
in a short period of time – Multiple purchases of the same goods completed on the
• If a transaction is declined and the customer then requests same card
a lower-value authorisation attempt – Customers that are hesitant or make errors providing
their personal information
Checking the transaction
• The customer makes an order substantially greater than – If customers are more interested in speedy delivery than
you would normally expect the good’s price

6 Operating Guide
Preventing and detecting fraudulent e-commerce • Insist that goods may only be delivered to the cardholder’s
transactions permanent address. If you agree to send goods to a
different address, take extra care and always keep a written
Signs to look out for include:
record of the delivery address with your copy of the card
• Multiple transactions attempts using the same or similar transaction details.
customer details or card numbers
• Only send goods by registered post or a reputable courier
• High-value purchases that are unusual for your business and insist on a signed and dated delivery note
• Mismatching of the Card Security Code (CSC) or Address
Instruct your courier
Verification Service (AVS) check
• Make sure the goods are delivered to the specified address
• Mismatching combination of IP address, card issue country
and not given to someone who “just happens to be waiting
and the billing currency
outside.” Instruct your courier to return with the goods if they
• An email address that bears no relation to the shopper are unable to deliver to the agreed person/address.
name or makes no sense, for example,
• Do not deliver to an address that is obviously unoccupied
“jfyfjlfuiy@gdyflg.com”
• To obtain signed proof of delivery, preferably the
• Request to bring forward the delivery date after the order
cardholder’s signature is preferred
has been placed
• If you have your own delivery service, consider training
• Request to alter payments details
your driver to check the card. If you wish to do this, please
• Multiple deliveries to the same address contact the Fraud Department by phoning the Merchant
Support Centre on 0345 606 5055† for more details.
• Delivery country that is unusual for the purchase

• General inconsistency

Delivery warning signals

Here are some danger signs to look out for when arranging
delivery of goods:

• Never dispatch the goods to anybody other than the

cardholder and be wary if the delivery/customer is overseas

Operating Guide 7
3. Accepting Card-Present transactions 4. Accepting Card-Not-Present (CNP)
Chip and PIN-enabled cards transactions
• Ask the cardholder to insert the card into the chip reader A CNP transaction is when a card is not presented at the
and enter the PIN, as prompted point-of-sale for example, mail/telephone order, e-commerce
or recurring transactions all of which must be authorised.
• Once the transaction is completed, the cardholder will be
prompted to remove the card • Take extra care to ensure it is the genuine cardholder
• Cardholders have three attempts to enter their PIN placing the order
correctly before it is locked. If this happens inform the • To defend any disputes keep a record of any permission to
cardholder and ask for an alternative method of payment. debit the card for example, a recurring payment agreement
Contactless transactions or a call recording

If the cardholder’s card or device, for example, mobile has To process a CNP transaction you must obtain the
been enabled for contactless, the process is as follows: following information:

• Initiate the transaction as you would normally do using • Card number

your terminal • Expiry date
• Ask the cardholder to hold their contactless payment • Card Security Code (except for mail order transactions)
device within two centimeters of the contactless reader
• Cardholder’s full name and address
• Follow the terminal prompt to check the transaction has
• Transaction amount
been completed
• Delivery address, if different to the cardholder’s address
• As a further security measure, occasionally the cardholder
will be prompted to insert the card and enter their PIN
There are increased risks of chargebacks for CNP
You cannot offer cash back on a contactless transaction. transactions as the cardholder and card are not
Chip and Signature cards present. If you choose to deliver goods to an address
other than the cardholder’s address you are taking
• Ask the cardholder to insert the card into the chip reader additional risk.
and follow the prompts on the terminal

• Ask the cardholder to sign the receipt and check that it Card Security Code (CSC)
matches the one on the card being used
The CSC is a three or four-digit code that appears on a
Debit/Credit Card that is used as a fraud prevention tool in
CNP transactions:

• The CSC is not retained in your terminal, if supplied

through us

• If a customer provides written card details, you must

ensure the details are securely deleted

8 Operating Guide
• Card Numbers and the CSC are valuable data you must Authorisation responses
never record or accept copies of
If there are available funds and the card has not been reported
• CSC is not required for the following: lost or stolen, one of the standard responses shown below
– Reservations will be received. Please remember:

– Corporate and purchasing cards • The final decision to accept the payment or not is yours
– No show transactions • You are responsible should a transaction be confirmed
– Cancellation refunds as invalid or fraudulent, even if, the data matches and an
authorisation code is issued
– Charges after check out
• AVS/CSC does not protect you from a chargeback. AVS and
– Mail-order transactions CSC responses do not consider whether there are sufficient
funds or even if the card is lost or stolen. You can still get a
CSC cannot be stored; it can be used for one transaction positive AVS/CSC match on a declined transaction.
only. Once the transaction has been authorised, you
must not keep a record of the CSC. Response Definition Action to take
Data Matches/ Both the AVS If you have been issued
Address Verification Service (AVS) Data Matched and CSC match an authorisation code
the card Issuer’s and are satisfied the
AVS is available on cards issued in the U.K. and allows you to
records transaction is genuine,
check the cardholder’s statement address with the card Issuer
then unless there
to help reduce fraud. You need to ask the cardholder for the
are other suspicious
following information:
circumstances you
• Only the numbers in the postcode of the cardholder’s are likely to want to
statement address go ahead with this
• Up to the first five numbers of the cardholder’s transaction. As with
statement address all CNP transactions,
payment is not
• Your terminal will prompt you to enter the numbers in the
guaranteed and you
three stages below:
bear the risk if the
transaction is disputed.
Cardholder’s Card Postcode Address
address security numeric numeric* Data The CSC and one Indicates this could
code Non – Match/ or both of the be either a fraudulent
Data Not address details transaction or the
55 South Street 000 or 171 55
Matched do not match details have been
Any Town, Any County 1234
the card issuer’s entered incorrectly. We
SS17 1BL
records recommend you don’t
Flat 3, 21 North Street 000 or 57 321
CSC Match Either house proceed unless further
Any Town, Any County 1234
Only number or checks are made to
LM5 7LT
postcode do not verify the cardholder
The Cottage East Lane 000 or 123 Bypass*
match the card and the delivery
Any Town, Any County 1234
Issuer record address provided.
SS12 3BL
AVS Match Both address and
Apt 62, 2190 West Road, 000 or 451 62219
Only postcode match
Any Town, Any County 1234
but not the CSC
LM45 1LT

* Where a customer address includes only a house name, you

may bypass this prompt by pressing the ENTER key.

Operating Guide 9
 Response Definition Action to take Website requirements

Not Checked The CSC and AVS You will have to make a The details that follow should not be considered as a
have not been decision based on the comprehensive list of the information which you may be
checked information you have. required to provide on your website under applicable legal
We recommend further requirements and should not be seen as a form of legal
checks are made advice. You should obtain your own legal advice on the content
before going ahead of and activities carried out on your website.
with the transaction.
You should ensure that your website, its contents and any
For more information on AVS and CSC, please contact our activities related to it, such as marketing are in accordance
Merchant Support Centre on 0345 606 5055.† with all local legal requirements and regulations.

You must also comply with the requirements of all data

An authorisation with or without confirmation of
protection legislation and where you process personal data
AVS/CSC information does not guarantee payment.
on your website, include a Privacy Policy that cardholders are
If fraud subsequently occurs you will liable for
required to agree to before providing any personal data on
the chargeback.
your website.

Rules for CNP transactions You need to ensure that your website provides some basic
When the Cardholder places the order, you must obtain an information about your business, so that the online shopper
pre-authorisation and when the goods or services are ready to can easily identify you. It also needs to display contact details
be delivered the transaction should be processed. (For example, landline telephone number and correspondence,
The preauthorisation is valid as follows: or email address), so any customers who wish to contact
you to resolve a dispute can do so. You should also clearly
• Visa – The transaction amount must be within 15% state the physical location of your business and a statement
of the pre-authorisation amount and the goods must be detailing under which legal jurisdiction your business operates)
shipped within 31 days, otherwise a second before the transaction is completed. Any trade association
preauthorisation is required membership, professional bodies that you are registered with,
as well as VAT registration number (if applicable) should also
• Mastercard and Diners – The transaction amount must
be provided.
equal the preauthorisation amount and the goods must be
shipped within 30 days, otherwise a second preauthorisation The order page on your website, whether provided by a
is required third-party or created by you, must be PCI (Payment Card
Industry) compliant and collect at least the following details:
E-commerce transactions
• Cardholders’ full name
You must make an application to take e-commerce
transactions with First Data, even if you have an existing • Cardholders’ email address
Merchant Agreement. • Cardholders’ billing address and postcode

On approval, a new First Data Merchant number will be • Delivery address

issued, this is solely for the purpose of acceptance of
Payment page (Check-out)
e-commerce transactions for the business described within
the new application form. Providing cardholders with sufficient information about their
purchases is very important, so that they have a good idea
All e-commerce transactions are regarded as “Card-Not-Present of what is on offer. You should ensure that you provide a
transactions” and are taken at your own risk. In the case of a description of the following:
dispute, we retain the right under the Merchant Agreement
• The products and the services, as well as, total cost (That
to chargeback any e-commerce transactions irrespective of
is, showing any additional cost such as applicable tax,
whether an authorisation code is obtained.
packaging, delivery charges and so on)
• Terms and Conditions, including your return and
cancellation policy
• Instructions on how to complete their order

10 Operating Guide
The payment page on your website, whether provided by a with their card issuer will be required to use a personal PIN
third-party or created by you, must be PCI DSS compliant and or password at the time of the transaction to confirm they
collect at least the following: are the genuine cardholder. Verified by Visa and Mastercard
SecureCode operate on your website and interact with
• Transaction amount both the customer and their card issuer. The whole process
• Card type box, for example, the card types detailed in your takes a few seconds and the online shopper is unlikely to be
Merchant Agreement inconvenienced by it.

• Customers’ card number These services must be present on your website in order to
accept e-commerce transactions by Visa, Mastercard, Maestro
• Card expiry date
Cards and Diners. It will allow you to reduce likelihood of
• CSC chargebacks, as the tool helps to ensure that the online
shopper is a genuine cardholder.
Payments and refunds
For further information on these services, contact the
• Cardholders should be provided with clear information on
Merchant Support Centre on 0345 606 5055†.
all payment options and clear instructions on how to pay

• Cardholders should be informed of their cancellation, Payment Services Provider (PSP)

refund, replacement and complaint rights at the time You must be set up with the First Data e-commerce Gateway
of purchase (or a third-party PSP) if you want to accept e-commerce
• Receipts should be provided with the goods on delivery transactions. Please note if you are using a third-party PSP they
must be PCI DSS compliant and accredited with First Data to
Receipt requirements submit e-commerce transactions to us. Your chosen PSP will
You must provide a cardholder receipt by email and/or post be able to advise you of relevant costs set up times and how
which contain the following: their systems integrate with your website.

• Partial Cardholder Account Number – For e-commerce Security

transactions please note the cardholder account number, First Data can provide you with a fully hosted solution.
Card Security Code (CSC) and expiry date must not appear For further details, please contact our dedicated in house
on the transaction receipt (this is a PCI DSS requirement) support team on 0330 1231241.
• Unique Transaction Identifier – To assist in disputes you
You must ensure card details are captured and stored securely
should assign a unique identification number to the
in accordance with PCI DSS requirements. Card details should
transaction and display it clearly on the transaction receipt:
be encrypted and protected by a firewall. Never send full card
– Cardholder name details through email as this is not a secure method for data
– Transaction date transfer.
Delivery and guarantees
– Transaction amount
• Delivery dates/times should be clearly stated and agreed
– Transaction currency
with the cardholder. If it is not possible to deliver on the
– Authorisation code agreed date/time another delivery should be arranged. If this
– Description of merchandise or services is not possible the cardholder should be offered a refund.

– Merchant name • You should capture both billing address details and delivery
address details
– Website address
• In the event of a non-delivery it is the merchant’s
Best practice is to provide your customers with an responsibility to prove receipt of the goods by the cardholder
acknowledgement of their purchase prompting them to either
• Apart from deposits, full payment for goods and services
print or save this document for their own records.
must not be debited from a cardholder’s account until
Verified by Visa and Mastercard SecureCode the goods have been dispatched or the service provided.
Should you wish to be able to take deposits on goods and
These are industry wide initiatives introduced to
services, you must get agreement from First Data for this
combat Internet fraud, commonly known as Cardholder
before any deposits are taken.
Authentication. Cardholders who register for this service

Operating Guide 11
Recurring and instalment transactions

Recurring Transaction – Payment for goods or services that are received over time, for example, insurance or subscription. Written
agreement from First Data is needed to take these transaction types.

Instalment Transaction – A regular payment against a single purchase, for example, car or loan. Written agreement from First Data
is needed to take these transaction types.

Recurring transaction Instalment transaction

The cardholder must consent to periodic charges for recurring You must provide and the cardholder must consent to the
merchandise or services at the time of the first transaction. merchandise or services and all of the following in writing at
This permission must include at least all of the following, in the time of the first transaction:
writing and must be provided to the cardholder:
• Terms of Service
• Transaction amount
• Timing of delivery to cardholder
• Fixed dates on or intervals at which the recurring
• Transaction amount
transactions will be processed
• Total purchase price
• Duration for which cardholder permission is granted
• Terms of future payments, including the dates and amounts
• Cancellation and refund policies
• Cancellation and refund policies
You must retain the cardholder’s permission for the duration of
the recurring merchandise or services An instalment transaction amount must be less than the total
price of the merchandise or services purchased and may
A recurring transaction amount must not: include interest charges.
• Include partial payment for merchandise or Authorisation is required for each individual instalment
• Services purchased in a single transaction transaction. If a request for a subsequent payment is declined
you must notify the cardholder in writing and allow the
• Include finance charges
cardholder at least seven days to pay by other means.
Authorisation is required for each individual
A Merchant must not process an initial instalment transaction
recurring transaction.
until the merchandise or services have been provided to
the cardholder.

If the cardholder cancels within the terms of the cancellation

policy, you must provide to the cardholder both of the following
within three business days:

• Cancellation or refund confirmation in writing

• Credit transaction receipt for the amount specified in the
cancellation policy

You must provide an online cancellation procedure if the:

• Cardholder’s request for merchandise or services was

initially accepted online
• Not complete a recurring transaction beyond the duration
expressly authorised by the cardholder or if it receives
either a cancellation notice from the cardholder or a
decline response

12 Operating Guide
 Recurring transaction Instalment transaction
Visa Account Updater (VAU) and Mastercard Account Billing VAU and ABU are not available for instalment transactions
Updater (ABU) must be implemented to pre-validate card
details prior to the submission of a recurring transaction (please
see VAU and ABU section for further information)

If you do not process a recurring or instalment transaction at the time of entering into the agreement with the cardholder you must:

• Submit an Account Number Verification Transaction Authorisation

• Identify the Account Number Verification Transaction as a Recurring or Instalment transaction in the Authorisation
• Please contact your Payment Service Provider (PSP) to enable Account Number Verification Transaction Authorisation
• Never process Recurring Transactions on Maestro and VPAY Cards as this is not permitted

VAU and ABU Preauthorisations

Visa and Mastercard provide services that allow a merchant If you do not know the final amount that you will submit
to verify card details prior to a recurring transaction the transaction for you should be sending an estimated
being submitted. authorisation request. An estimated authorisation amount
should be used when your customer is booking a room/
Visa Account Updater (VAU) and Mastercard Account Billing
vehicle/equipment and you are not sure if there will be
Updater (ABU) maintain databases that consist of participating
additional charges to be applied later. Estimated authorisation
issuer card information. These databases enable merchants
may also be used where orders for goods are placed and
to validate a recurring payment agreement has not been
multiple items within the order will be dispatched separately.
cancelled and the card number/expiry date is valid. Further
Please remember always to advise the cardholder of the
information is available on request.
amount you are preauthorising as these funds will be
unavailable on their account.
Instalment transactions

Instalment transactions work in a similar way to recurring Referrals

transactions with the exception of instalment transactions
A referral occurs when a card Issuer requires First Data to
that represent a single purchase, with payment occurring on
contact them prior to providing a response to an authorisation
a schedule agreed between a cardholder and merchant, for
request. This may be prompted by an unusual spending
example, loan/car/debt repayment transactions over a set
pattern for the cardholder or a large value that triggers the
period of time.
issuer’s fraud detection rules. Your terminal will prompt you
An authorisation must be obtained at the time of the to call for authorisation in this instance. Generally it will
transaction. You should not proceed when your request for be necessary for the cardholder to come to the telephone
authorisation is declined. Multiple authorisation attempts to answer some security questions. You should follow the
following a decline is not permitted. Please remember that instructions given by the authorisation operator and at the end
it is your responsibility to ensure that all transactions are of the call if authorisation is granted you will be issued with a
authorised in accordance with your Merchant Agreement. code to key into your terminal.

For authorisation, please telephone: 0344 257 9400 Lines

Authorisation is a check that is undertaken with
open 24-hours a day, 7 days a week.
the card issuer to confirm if they will approve the
transaction. Authorisation from the card issuer is not a
guarantee of payment.

Operating Guide 13
5. Purchase with cashback 7. Paper vouchers
Purchase with cashback allows your customers to request If you are unable to use your card terminal for sale and refund
cashback when purchasing goods using their debit card. transactions follow the procedures below. The paper vouchers
Written agreement from First Data is needed to take this contain the following copies:
transaction type the following rules apply:
• Merchant/Top Copy – You must retain this for 18 months
• Can only be to customers who make a purchase with from the date of the card or last recurring card transaction
their card (To defend a disputed transaction)

• Must be through an electronic terminal, not a manual • Processing/Middle Copy – You must post this to First Data
imprint machine
• Cardholder/Bottom Copy – This is the record of the card
• Must not exceed the maximum cashback amount transaction to be given to the cardholder
confirmed in your written notification from First Data
Please note the voucher for a sale is printed with black text
• Enter the purchase and cashback amounts separately as and the voucher for a refund has red text and is clearly marked
prompted by your terminal refund voucher.

• Cashback can be offered on Visa Debit, Visa Electron,

Completing a Sales/Refund voucher
Maestro, Debit Mastercard issued in Europe only
1. F
 ully complete all the information fields on the voucher
• Follow the terminal prompts it will tell you whether the
purchase with cashback has been approved 2. D
 o not mark copies with pencil or paper clips as these can
transfer through the carbons and obscure details

6. Refunds 3. C
 heck the details are clear on all three copies to avoid the
risk of a chargeback
You are only permitted to make a card refund when the original
sale was on the same card. The refunded amount will be 4. If you make a mistake you must complete a new Sale/
credited to the cardholder's card and debited from your account. Refund Voucher and destroy the old one

When processing refund transactions: 5. For a sale ask the cardholder to sign the sale voucher and
check that the signature matches the one on the back of the
• You must check that the card presented for the refund is
card presented. Failure to do so may result in a chargeback.
the same one used for the original sale

• You should never make a refund on the card where the 6. F

 or a refund you must sign the Refund Voucher
original sale was made by cash or cheque
7. F
 or both a sale and refund you must telephone the
• You should never make a refund by cash or cheque where Authorisation Centre on 0344 257 9400 for an Authorisation
the original sale was on a card Code for each Sale/Refund and write the code provided on
• You should never make a card Refund for amount higher the Sale/Refund Voucher
than the original sale
8.You cannot alter the Sale/Refund Voucher once you have the
Authorisation code to avoid the risk of a chargeback

14 Operating Guide
The Sales Voucher must always be completed in Pounds 8. Exceptional procedures
Sterling (£) unless you have made arrangements with
First Data to accept different currencies. An example of Can I pass charges to my customer?
correctly completed sales voucher is shown below: Surcharging is permitted in accordance with local law. If
you indicate a price to a cardholder which is not applicable
to all methods of payment then before you accept the card
transaction you must display a statement explaining any
methods of payment to which the indicated price does not
apply, including the difference in price either as an amount or
a percentage.

• For all payments made in store or by telephone, you must

inform the customer of the charge amount before they
authorise the card payment

• For payments in store you must clearly display a statement

regarding any surcharges at the point-of-sale

• For Card-Not-Present payments you must display a

Preparing/Submitting vouchers for submission
statement explaining the charges on your website,
You must complete the Merchant Summary Voucher to submit catalogues, advertisements and any order forms
your sale/refund vouchers retaining the top and middle copies
• Any surcharge amount must be included in the transaction
and submitting the bottom copy for processing.
amount and not collected separately
• Fully complete all the information fields on the voucher • You must comply with any legal requirements limiting
including your merchant number and business name the amount you can charge and what you must tell your
• Do not submit more than 200 Vouchers on one merchant customers about the charge. It is your responsibility to
summary voucher check these requirements yourself. Please contact your
local Trading Standards Office or equivalent body if you
• All Vouchers must be posted to First Data at Parseq, need further information.
Lowton Way, Hellaby, South Yorkshire, S66 8RY. This copy
is electronically processed, therefore please do not fold, Split sales and transactions
damage, PIN or staple and ensure the necessary details
There may be occasions when a cardholder will request to
are clearly recorded.
split payments between several cards, or between a card and
• To avoid an increase in your processing charges these must cash or cheque.
be received by us no later than three (3) business days
from the transaction date If several cardholders wish to split the transaction amount
into small amounts in order to pay a proportion of a bill, this is
• If you do not submit your vouchers within this timescale
permitted; for example, in a restaurant when individuals pay
the card issuers may reject the card transactions, even
their own bill or a proportion of the total bill. You are permitted
though you may otherwise have followed the proper
to split the total bill between each cardholder.
authorisation procedures and/or you may be subject to a
surcharge and/or a chargeback

Warning: Do not submit vouchers when the card

transactions have already been processed through an
electronic terminal. If in doubt, please telephone the
Merchant Support Centre on 0345 606 5055.†

Operating Guide 15
However if one cardholder requests you to split a transaction amount between several cards, for example, where the cardholder
may not have sufficient funds on one card you should proceed as follows:

• Only conduct the transaction if you are not suspicious of the transaction or the person presenting the card

• Ensure all cards presented are issued with the same cardholder name

• Follow the normal card acceptance procedures as detailed in Section 3

• First Data recommend you only split a transaction over more than one card when it is a Card-Present Transaction and each
transaction is verified by either Chip and PIN or signature (as requested by the terminal)

Warning – If a sale transaction is declined you should not then split the sale over multiple smaller transactions as this could
indicate fraudulent activity and result in a chargeback.

Terminal fallback
If it is impossible for the terminal to read the chip on the card or the terminal has a malfunction you should contact your terminal
supplier help desk immediately to report the fault. A representative will try to resolve the problem remotely or failing this will arrange
for a new terminal to be sent to your premises on the next working day, provided the fault is reported prior to 16:00. This does not
include premises situated in the Highlands and Islands where replacement may take two (2) to four (4) working days. In the interim
follow the guidelines below:

Card type Revert to chip and Revert to magnetic Revert to pan key Comments
signature strip
Maestro and Visa Electron and Electronic N/A N/A No Seek alternative
Use only Cards payment method
Unable to read magnetic strip

Diners Club and Discover Cards Yes Yes Yes

All Other Card types Chip Cards PIN not N/A Yes No
enabled. Unable to read chip

All Other Card types Chip and PIN Yes No No

enabled Cards. PIN Pad fault. Unable to
accept PIN entry

All Other Card types Magnetic strip Cards N/A N/A Yes
only. Unable to read Magnetic strip

You are liable for swiped or key entered chip Card Transactions that are proven to be fraudulent.

9. Chargebacks A cardholder or the card issuer has the right to question/

dispute a card Transaction. A dispute can normally be raised up
A chargeback occurs when a card issuer raises a disputed to 180 days after the card transaction has been debited to the
transaction on behalf of the cardholder. The following section cardholder’s account, retaining your sales and refund receipts
describes the procedures which you should follow together (see Section 1) will help you respond to this.
with suggestions which will help you reduce the risk of
chargebacks being debited to your Merchant Account. A cardholder disputes a transaction because they do not
recognise the description on their card statement as it may
Remember you may be liable for a chargeback in some not match the name of your business (see Section 4).
circumstances even if you obtained authorisation for a
card transaction.

16 Operating Guide
It is a Card Scheme requirement that if you are predominantly If the information provided is sufficient to warrant a reversal
trading as a mail or telephone order business, a contact of the chargeback and within the applicable timescale we
telephone number rather than location must be included will attempt to defend the chargeback. However reversal is
in the transaction description (For example, The Mail Order contingent upon acceptance by the card issuer under the
Shop 01234 567890); for e-commerce transactions the applicable Card Schemes guidelines. If the chargeback is
transaction description should include reference to your successfully reversed the card issuer has the right to present
website address and a contact telephone number or email the chargeback a second time and your Merchant Account
address. This provides the cardholder with the ability to verify will be debited again if you have not complied fully with the
the transaction with you rather than disputing it with their card terms of your Merchant Conditions and this Operating Guide.
issuer (see Section 4). We will do our best to help you to defend a chargeback.
However, due to the short timeframes and the supporting
You can change the description that appears on the cardholder
documentation necessary to successfully (and permanently)
statements by contacting our Merchant Support Centre on
reverse a chargeback in your favour we strongly recommend
0345 606 5055.†
the following:
Common causes of chargebacks • Ensure card transactions are completed in accordance
The most common causes for chargebacks are: with the terms of your Merchant Conditions and this
Operating Guide
• A fraudulent mail, telephone or e-commerce transaction
• If you do receive a chargeback send us the requested
• You do not respond in time to a request for a copy of the
documentation within the required timescale
transaction (retrieval request)
• Whenever possible contact the cardholder directly to
• The card was not valid at the time of the transaction (this
resolve the inquiry/dispute but still comply with the request
could be before the valid date or after the expiry date)
for information in case this does not fully resolve the matter
• Authorisation was not obtained
• The signature on the transaction receipt does not match Help Reduce the Risk of Chargebacks
what is on the card To help protect your business against fraud, First Data
• If the goods or services provided were not as described, recommend that you use a Chip and PIN-enabled Terminal.
defective or not received Chip and PIN terminals help establish that a card is genuine
and the person using the card is the owner. The chip makes it
Retrieval requests difficult for a fraudster to counterfeit or copy the card, while
In many cases before a chargeback is initiated the card issuer the PIN makes it harder for a criminal to use a lost or stolen
requests a copy of the sales voucher through a “retrieval card. Because the cardholder authorises a transaction by
request”. Once a retrieval request is received we will respond keying in a four-digit PIN known only by them, the risk from
by sending a copy of the card transaction if available. forgery is greatly reduced.

Where you hold electronic sales receipts or terminal sales • Ensure all card transactions are processed correctly
receipts for electronically processed card transactions it according to the card type
is your responsibility to respond to all retrieval requests • Only accept cards you have an agreement to process
received within 14 calendar days of our initial request. You are • Unless you are aware of the possible risks, do not accept
responsible for retaining and providing copies of sales receipts mail, telephone or e-commerce transactions. If you see an
and any refund receipts for a minimum of 18 months from the increase in these types of transactions, please contact us to
original card transaction date. If First Data does not receive ensure you have the correct Merchant Agreement in place.
a clear legible copy of the sales receipt on time you may be
• Retain copies of all transaction records. You may be asked
subject to the chargeback simply by failing to meet the Card
to provide evidence of a transaction in order to resolve a
Scheme timescale.
dispute. Failure to do so may result in a chargeback. You
Chargeback reversal procedure must keep all receipts for a minimum of 18 months, in the
case of a recurring transaction this increases to 24 months.
When a chargeback is received we will debit the disputed
amount from your account and contact you with details of the To avoid disputes, which could lead to chargebacks, display a
card transaction together with the information/documentation limited returns policy on your receipts and at the point-of-sale.
we require from you and the deadline we require it by.

Operating Guide 17
10. Other services Procedure for completing vehicle rental transaction

Preauthorisation
Vehicle rental services
You can preauthorise the transaction before the car rental
If you are a vehicle rental company or a third-party that accepts
period begins. It allows you to estimate the final transaction
guaranteed rental reservations, using preauthorisation, when
amount, gain authorisation and reserve the funds before the
taking card payments will add additional security, to the
hired vehicle is returned. The estimation should be based on
transactions as the card will be checked before the customer
the intended rental period, rental rate and applicable tax and
takes the vehicle, Please remember that the preauthorisation
mileage rate. Please remember that the estimation cannot
from the card issuer is not a guarantee of payment, it is only
include potential vehicle damage.
a check that the card has not been reported lost or stolen and
that there are sufficient funds at the time of the transaction. Your Terminal User Guide should provide instruction on how
Written agreement from First Data is needed to take this to perform the preauthorisation. Ensure that your customer
transaction type. understands that the preauthorised amount will be deducted
from the available funds on the card. You should process
Please read carefully, the guidelines below to understand
the payment AFTER the vehicle is returned. The payment
regulations and risks associated with taking Vehicle Rental
should not include any additional charges such as vehicle
Service Card payments.
damage, these charges should be processed separately. The
Information to obtain from the cardholder: authorisation code received for an approved preauthorisation
should be used to complete the transaction. If the final bill is
• Name of the person making the reservation
more than the preauthorised amount, you must obtain another
• Telephone number authorisation code for the difference with the exception
• Name of person(s) requiring the vehicle of Visa, where the bill can be within 15 percent of the
• Expected collection date and time authorised amount.

• Number of days of expected vehicle hire Cancellation policy

• Card number
Please note that whilst you may have a cancellation policy
• Card expiry date within your Terms and Conditions (which you must clearly
• Cardholder name communicate to your customer), you must not charge any
• Cardholder billing address cancellation fee, if the cardholder cancelled the reservation in
accordance with the outlined procedures.
• Card security code (only for telephone and e-commerce
transactions) Within your cancellation period, you must not require
You should discuss and agree to the terms of hire, this should cancellation notification of more than 72 hours to the
include, but is not limited to hire rates, cancellation and scheduled collection time and date of the booking without
“no- show” policy and procedures and any additional charges that penalty. If the cardholder makes a reservation within 72 hours
may be applied such as damages or parking tickets. of the scheduled pick-up date the cancellation deadline must
be no earlier than 6 p.m. at the address of the scheduled pick-
Information to give to cardholder in writing (known as up date.
rental agreement):
• Confirmation code If a reservation has been properly cancelled in accordance
with the communicated cancellation policy, you are required
• Your terms and conditions and cancellation policy
to provide the cardholder with a cancellation code and advise
• Currency of the transaction them to retain it for their records. You must then send a
• Reserved vehicle rental rate written confirmation of the cancellation to the cardholder
• Name and the address of the location the vehicle is to be within five business days.
collected from
No show
• Cancellation and ‘No-show’ policy and procedures
If the cardholder does not turn up within 24 hours of collection
• Any additional charges that may be applied such as
time and they did not cancel the reservation in accordance
damages made to the vehicle or parking tickets and so on
with your Terms and Conditions, you may charge the customer
for the maximum value of the one-day rental. To do so, you

18 Operating Guide
will need to perform, Card-Not-Present Transaction and on the A cardholder has the right to raise a chargeback, if the
receipt “No show” and send a copy of a “no show receipt” to agreement is not reached and the additional charges
the billing address provided at the time of booking. are debited.

Refund policy • You need to wait twenty (20) business days before
processing the delayed/additional charges
If you operate a no refund policy, this must be made clear
to the cardholder when discussing the reservation. If you do Car rental damage – Mastercard Cardholders
agree to refunds, you must credit to the same card as used
To apply additional charges to a Mastercard, you must obtain
to make the reservation. When a charge is made to a card in
a separate cardholder signed authority by processing a
error, the reversal must be applied to the card within thirty
Card-Present Transaction. If the charge is disputed at a
(30) calendar days. Do not refund by cash or other payment
later date, this will be required as proof that the cardholder
methods, as this could result in chargebacks.
authorised the additional charge.
Delayed charges
Processing transactions differently may result in a chargeback
For you to process a delayed charge, for example, damage and therefore losses to your company. As in any other cases,
to the vehicle, fuel, insurance fee, parking tickets, excessive we will try to defend a chargeback. We may ask you to
mileage and so on, the cardholder must have given their provide us with:
consent by signing the rental agreement and agreeing to
your Terms and Conditions. Any delayed charges must be • A copy of the rental agreement, stating vehicle rental period
processed within 90 days of the original transaction date and • A copy of the document signed by the cardholder agreeing
you must obtain further authorisation. These charges must be to accept responsibility for the delayed charges
submitted as a separate transaction with “signature on file”
• A copy of the original notification you have sent to the
clearly visible. The cardholder must be notified in writing of
cardholder informing him/her about the charges
any delayed charges.
• A proof of cost estimation
Providing evidence to the cardholder
• A proof of law validation such a parking fine ticket,
Before you process any additional charges, you need to speeding fine ticket and so on
inform your customer and provide evidence to support the
claim. You need to provide: • Any supportive documentation such as police reports,
insurance policy of the rental vehicle and so on
• Details of the violation demonstrating cardholder liability
• Time and place of violation
Not receiving requested documentation in time, may prevent
• The law violated and if applicable, a copy of the us from defending the dispute and may result in a debit to
accident report your account.
• Copy of parking tickets
• The license number of the rental vehicle
Hotels, lodging and accommodation
• The amount of the charge Advanced reservation

• A copy of rental agreement To be able to take advanced reservation, you will need to
have an agreement with First Data to process MOTO and
• Evidence the cardholder read the Terms and Conditions,
e-commerce transactions. Wherever possible, the cardholder
agreeing to responsibility to pay any additional charges
requiring accommodation or lodging should be asked to
• Proof that the car was damaged/shortage of fuel and so on
make the reservation. However, for practical reasons, you
on return
may need to accept reservations from third parties. For
Car rental damage – Visa Cardholders example, secretaries acting on behalf of their managers.
Advanced reservation allows your customers to book a room
• You need to provide written confirmation to the cardholder
in advance. As you will obtain the card detail, you will be able
within ten (10) business days from the return of the vehicle,
to charge the cardholder should they not turn up or do not
advising of the damage and the cost
provide you with sufficient cancellation notice.
• Within ten (10) business days from receiving written
Advanced reservation cannot be completed using Maestro or
confirmation, the cardholder has the right to provide an
Visa Electron Cards.
alternative estimate for the cost of repairing the damage

Operating Guide 19
Disputed transactions. • Cardholder name

Processing transactions differently may result in chargeback • Cardholder billing address

and therefore losses to your company. As in any other case, • Card security code (only for telephone and e-commerce
we will try to defend chargeback. We may ask you do provide transactions)
us with: • If the booking is for corporate purposes, you should also
collect the following information:
• A copy of the rental agreement, stating vehicle rental
period –– The caller’s name and position in the
company/organisation
• A copy of the document signed by the cardholder agreeing
to accept responsibility for the delayed charges –– The name of the company/organisation
• A copy of the original notification you have sent to the –– The company/organisation switchboard telephone
cardholder informing him/her about the charges number
• A proof of cost estimation
You should discuss and agree on the room rate and obtain
• A proof of law validation, such a parking fine ticket,
cardholder consent to your cancellation and “No show”
speeding fine ticket and so on
policy. This must be clearly explained to the customer.
• Any supportive documentation, such as police reports,
insurance policy of the rental vehicle and so on Ensure that cardholder agrees to the agreement (for example
demonstrating cardholder liability signing the agreement or ticking a checkbox for e-commerce
Not receiving requested documentation in time, may prevent transaction).
us from defending the dispute and may result in a debit to
Information to give to cardholder (in writing):
your account.
• The cardholder’s name as it appears on the Card
Common reasons for a disputed transaction include:
• Confirmation code for guaranteed reservation
Vehicle reservations made using a card obtained by a • Your terms and conditions and cancellation policy
fraudster who never arrives to collect the vehicle. In this
• Currency of the transaction
instance, it is likely that the fraudster is only using your
reservation system to check that the card they are using • The room rate (including tax)
is valid with funds available. Therefore, it is likely that the • The hotel’s address
cardholder will only become aware of this when they receive • Cancellation and ‘No-show’ policy and procedures
their statement with your No Show charge included.
Advanced deposits
Not replying to card issuer requests for information. The Please note, if you take advanced deposits for a room
card issuer is entitled under Card Scheme Regulations to reservation, under Card Scheme regulations, this is the only
request details of any Transaction. This may include copies of amount you can debit the customer. You will also forfeit
the final transaction, showing that the card was present and your right to charge one night’s “No show” payment. If you
authorised by the cardholder. Please ensure that you reply operate a “No refund” policy you must make it perfectly clear
to card issuer requests within 14 days. Failure to do so may to the cardholder at the time of the reservation. Any refunds
result in a chargeback. must be made to the card used for the original booking. You
must not Refund by cash, cheque or other means.
Information to obtain from the cardholder:
Once you and the cardholder have agreed on the deposit,
• Name of the person making the reservation
please inform the cardholder of the following:
• Telephone number
• Name of person(s) who will be using the room • Room rate (including tax)

• Expected arrival date and time • Amount of advanced deposit that will be billed on the
• Number of days of expected to stay card (which must not exceed the cost of 14 nights of
accommodation)
• Card number
• Card expiry date

20 Operating Guide
• Explain that the deposit will be deducted from the final bill Express check-out

• Explain that the accommodation will be held for the period You may want to offer your customer the option to leave the
covered by the advance deposit key and check-out without waiting for the bill. If you decide
to offer your guest an express/priority checkout service (the
No show or invalid cancellation
card is no longer present), be aware that we may not be able
If the reservation is not done in accordance with your to defend you from a chargeback, if a cardholder later denies
cancellation policy (late cancellation) or the customer does any transactions.
not show up, you may charge one night’s stay. To do so, you
will need to perform a Card-Not-Present Transaction and send If the cardholder requests priority check-out, at check-in
a copy of the final bill to the billing address provided at the you must:
time of booking.
• Record the card number, expiry date and cardholder name
Guest arrival/check-in • Inform the cardholder of your policy regarding any charges
Upon arrival of your guest, request to see the card that discovered after check-out
the booking was made with and ask them to complete a
• Give the cardholder a priority check-out agreement to
registration form. If you wish to charge additional services/
complete. When the cardholder returns the agreement,
items to the guest’s room such as newspapers and bar
ensure that:
charges, your registration form must clearly show this.
– It is signed
Pre-authorisation
– It includes the mailing address
Pre-authorisation allows you to estimate the final bill and
– The card number on the check-out agreement matches
reserve funds on the card for that amount whilst your guest is
the card number on the preauthorisation
staying with you. We recommend that you obtain full payment
upon check-in for the expected number of night’s stay. The Upon check-out, you must complete the transaction for the
cardholder’s total charges can be estimated based on: total charges incurred during the cardholders stay. If the
final bill is more than the preauthorised amount, you must
• Expected length of stay obtain another Authorisation code for the difference with the
• Room rate (including tax) exception of Visa where the bill can be within 15 percent of
the authorised amount.
• Estimated miscellaneous charges

Please advise the cardholder how much you have Extended stays
preauthorised, as this will reduce the amount of funds Those requiring longer stays should be asked to pay the
they have available on their account. The preauthorisation current total due. You can ask for their card, or you can use
helps protect you from fraudulent card use and confirms the card details provided during check-in. However, please be
if the cardholders account is valid and has sufficient aware that there is a risk that this amount could be disputed
funds available. Authorisation from the card issuer is not a at a later date, if no signature or PIN is obtained.
guarantee of payment.
Pre-authorisations are not supported for Maestro
Departures/Check-out
Cards. We recommend that you obtain full payment for
When the cardholder wishes to check out calculate the final the expected number of nights stay. If the cardholder
bill amount and compare this with the preauthorisation. If the decides to checkout early, simply provide a refund.
final bill is more than the pre-authorised amount you must
obtain another authorisation code for the difference with the If the bill is more than 15 percent above the preauthorized
exception of Visa where the bill can be within 15 percent of amount or Mastercard is being used, you must obtain another
the authorised amount. authorisation code for the remainder of the stay.

Operating Guide 21
Disputes and Chargebacks Additional charges
If a transaction is later disputed, it is important for you Please remember that any additional charges following check
to show that the card was present and authorised out must be processed within 90 days from the date of
(where required). departure. You will need to write on the transaction receipt
“Signature on File” and send a copy to the cardholder’s
The most common reasons for a disputed transaction are:
address given to you during reservation.
• Reservations made using a card obtained by a fraudster
who never arrives at the hotel Additional checks

• In this instance, it is likely that the fraudster is only using In some circumstances (depending on country-specific
your reservation system to check that the card they are scheme processing regulations), you will be required to ask
using is valid with funds available. It is therefore likely the cardholder for secondary proof of identification.
that the cardholder will only become aware of this when • Ask the cardholder to provide a second form of identification.
they receive their statement with your “No Show” charge This should be a passport or a full driving licence
included.
• Check that the photograph of the document resembles
• Not replying to requests for information person who presented it to you and that there are no
• Under Card Scheme regulations, the card issuer is entitled visible changes to the picture that may indicate the
to request details of any transaction. This may include document is not genuine
copies of the final transaction, showing that the card was • Check that the second identification document is not out of
present and authorised by the cardholder. Please ensure date and that it shows the cardholder’s signature
that you reply to Card issuer requests within 14 days.
• On the front of the receipt, you record the description of
Failure to do so may result in a chargeback.
the identification that is driving licence, passport and so on
Requests for Information and Notification of Chargebacks Include the serial number displayed on the identification.
• If we advise that a cardholder is disputing a charge, always Additionally, if a photo is present also annotate the receipt
ensure you supply the correct information to help us with “photo card presented” which proves the cardholder’s
defend the dispute identity was verified by photograph.

• If the dispute is over an express/priority check-out where • The first four-digits of the card number (if present) are
no signature was obtained, please send: printed immediately below the card number. These first
four-digits must be recorded on the front of the transaction
• A copy of the transaction receipt captured at check-in,
receipt to validate they have been checked
proving the card was present and preauthorisation was
carried out Remember:
• A copy of your registration showing the cardholder’s • Never process Maestro Cards
signature and acceptance of the charge for the agreed • You must always obtain an authorisation
length of stay and so on
• Never progress taking a transaction, if the cardholder is
If the dispute is over charges levied since the cardholder unable to provide an acceptable second form of ID as
checked-out, for example mini-bar charges or breakfast on these transactions may be charged back to you and debited
their last day, please send a copy of the transaction receipt from your account
with “Signature on file” written in the cardholder signature
• Any fees to be charged must be included within the total
box. Please also send a copy of your registration showing
transaction value and disclosed to the cardholder prior to
the cardholder’s signature and their acceptance of additional
completing the transaction
charges that may be made to their account.
• It is your responsibility to undertake the additional
identity checks

22 Operating Guide
Dynamic Currency Conversion (DCC) • There is a permanent establishment through which
transactions are completed. In the absence of a permanent
DCC provides you with the ability to offer overseas Visa
establishment, a merchant that provides only digital
and Mastercard Cardholders the option to pay for goods or
goods must use the country where the principals of the
services in the currency their card is issued. The price of goods
company work
and services will be shown to the cardholder in GB Pounds (£)
and in their own currency along with the exchange rate used. • Merchant holds a valid business license for the
Exchange rates held in your terminal are updated automatically. merchant location

You must • Merchant has a local address for correspondence and

legal process
• Inform the cardholder that DCC is optional
• Not impose any additional requirements on the cardholder • The merchant outlet pays taxes relating to the sales activity
to have the transaction processed in the local currency
Available funding and settlement currencies
• Not use any language or procedures that may cause the
Transactions can be accepted in any currency and settled to
cardholder to choose DCC by default
you in Great British Pound (GBP), Euro or U.S. Dollar (USD).
Receipt requirements You can also receive settlement in any of the currencies
below, provided the transaction currency is the same:
DCC transaction receipts must show the following:
• GBP
• Currency symbol of the local currency of your outlet
• Euro
• The transaction amount of the goods or services purchased
in the local currency of your outlet • USD

• Exchange rate used to determine the cardholder currency • Australian Dollars

transaction amount • Canadian Dollars
• Total transaction amount charged by you in the transaction • Swiss Franc
currency, followed by the words, “Transaction Currency” • Japanese Yen
• A statement, easily visible to the cardholder, that specifies • Norwegian Krone
the following:
• Swedish Krona
– The cardholder has been offered a choice of currencies
• Denmark Krone
for payment, including the local currency of your outlet
• Hong Kong Dollar
– That the currency selected by the cardholder is the
• New Zealand Dollar
transaction currency
• South African Rand
– Indicate that the DCC is conducted by you. Written
agreement from First Data is needed to take this If you are interested in expanding your business by offering
transaction type. this service to your customers, please contact our Merchant
Support Centre on 0345 606 5055.†
Multicurrency and cross-border transaction
acceptance Payment of debt
This functionality allows you to operate across several You may accept Visa Debit, Visa Electron and Mastercard
European countries and centralise your payment card Cards for the payment of mortgages and loans. However,
processing arrangements. Written agreement from First Data during the transaction you must:
is needed to take these transaction types. • Obtain authorisation, providing additional data. For more
information, please contact our Merchant Support Centre
Permitted merchant location countries
on 0345 606 5005†
The merchant location is either the physical premises where
• Complete the transaction as a purchase flagged as
a transaction is completed, or an e-commerce or MOTO
instalment payment
transaction where all of the following occur:
• Write the type of payment made on the receipt,
for example, “Loan” or “Mortgage”
• On the signature line of the receipt, write
“Instalment Transaction”

Operating Guide 23
11. Payment Card Industry Data 15. Track and monitor all access to network resources and
cardholder data
Security Standard (PCI DSS) 16. Regularly test security systems and processes
This standard is managed by the Payment Card Industry 17. Maintain an information security policy
Security Standards Council set up by the Payment Card
18. Maintain a policy that addresses information security for
brands (That is, Mastercard, Visa, American Express,
all personnel
Discover and JCB). PCI DSS outlines the minimum security
requirements to help businesses handle payment information Implications of not complying with the PCI DSS
securely. The card brands require that any business accepting
Not being compliant with the PCI DSS can leave your
cards for payment of goods or services must be compliant
business at risk of a data breach and related costs. Most
with the PCI DSS.
people don’t realise that these can be quite substantial and
can include Card Scheme fines and card replacement costs.
Becoming PCI compliant
To report your PCI DSS compliance for your business, Other factors include loss of customer confidence and
you need to identify and complete the appropriate damage to the reputation of your business, not to mention
Self-Assessment Questionnaire. Securing your your business being open to lawsuits and audits. You may
business requires the following steps: also be subject to non-compliance fees.
• Analyse your business practice and processes
Third-Party obligations
• Research the appropriate security solutions for
You are responsible for making sure that all third-party
your business
service providers that come into contact with your customers
• Implement and maintain security solutions cardholder data are compliant with the PCI DSS at all
times. This may include any web hosting provider, software
Central to this, is that you protect your customers’ payment
application provider, PSP, processing bureau, vendor and so
card data. You must make sure that you have security controls
on used by your business. If these third parties could impact
in place at all times to maintain your compliance. Your
the ways that you process card payments then they must be
customers trust you to keep their information safe; you need
compliant with the PCI DSS. Remember, their compliance
to repay that trust with at the very least compliance.
status directly impacts your compliance status.
PCI DSS requirements as set out by the Card Schemes:

1. Build and maintain a secure network

Secure data storage
It is potentially much easier for a hacker to break into a
2. Install and maintain a firewall configuration to protect
business network than it is for a burglar to break into a
cardholder data
business premises. Any stored payment card data must be
3. D
 o not use vendor-supplied defaults for system
encrypted, as set out by the PCI DSS. Storing unencrypted
passwords and other security parameters
card data electronically is strictly prohibited. If you have to
4. Protect cardholder data store data to process card transactions, then you must do
5. Protect stored data so securely. This could relate to any stored data, be it paper
6. Encrypt transmission of cardholder data across open copies, digital or electronic files, audio or voice recordings.
public networks
If you can demonstrate that storing your customer’s card data
7. Maintain a vulnerability management program is necessary for your business, then you must have a process
8. Use and regularly update antivirus software or programs in place to do so securely. The only data that you are allowed
9. Develop and maintain secure systems and applications to store includes:

10. Implement strong access control measures • The long card number and expiry date
11. Restrict access to cardholder data by business • Passwords, pass phrases and any other unique card data
need-to-know supplied as part of the card payment
12. Assign a unique ID to each person with computer access • The name, address, description of the purchase, amount
13. Restrict physical access to cardholder data and any other detail that may identify the customer and
14. Regularly monitor and test networks their purchases

24 Operating Guide
You may not, under any circumstances store certain types of data, this includes:

• The CVV2, also called the Card Security Code (CSC) which is printed on the back of the card, located in or next to
the signature panel
• The CVV number contained in the magnetic strip
• The CVV number contained in the chip
• The contents of the magnetic strip – also called track-two data
• The customers PIN contained in the magnetic strip (PIN Verification Value PVV)

Demonstrating compliance with PCI DSS

You must show that you are compliant – By reporting annually. To make reporting your compliance as easy as possible, we
have provided you with the First Data PCI DSS Compliance Program. You will receive your personal access details by letter and
instructions for logging in.

Step 1 Step 2 Step 3

• Log into the online portal • We will help you to understand how • You will be asked to confirm and
to protect your business validate all of your responses and any
• We will ask you a few questions
tasks that you may have to undertake
• This will help you understand and
• These questions are focused around
identify areas of your business might • PCI DSS refer to this as your
how your business is set up to handle
be at risk Attestation of Compliance (AoC)
credit and debit card payments
• You will be taken through the security
• Using dynamic profiling, we will only
assessment that matches your
ask questions that are relevant to your
business type including any scanning
business to figure out your security
if needed
risk level

Make sure that you answer the questions accurately as this determines the method of validation you must undertake.
Whether you need to self-evaluate using our online portal or if you need to submit a Report on Compliance (ROC) which
requires a Qualified Security Assessor, First Data Compliance Program will direct you through both methods. Once you
have finished your reporting, remember as PCI DSS compliance is an ongoing process in order to maintain compliance,
maintenance task reminders may be sent to you throughout the year. You must make sure that you validate your
compliance on an annual basis; we will send you reminders in advance of your renewal date.

12. Keeping your Point-of-Sale (POS) fitted with data capture devices or insert a pinhole camera to
photograph card and PIN detail. They may even try to replace
device safe the whole device with one that is already equipped with data
Chip and PIN has significantly reduced fraud; however, POS capture equipment.
devices will continue to be targeted by criminals wanting to
commit fraud. You must take care to ensure that no one, other Please note, a legitimate engineer will never visit
than an authorised engineer, has the opportunity to tamper your premises without contacting you first. This may
with your POS device. be through the terminal vendor or an employee from
First Data. Never disclose your merchant number or
Criminals use stolen Card and PIN details to produce fake your terminal details to anyone else.
magnetic swipe cards for use abroad, where Chip and PIN is
not used or to use in cash machines. A criminal may pose as
an engineer to gain entry to your POS device, they may try to
replace certain components of your device with bogus parts

Operating Guide 25
Recommendations: • A non-qualifying transaction rate may be applied when:

• Do not allow anyone other than a legitimate engineer or a • Your customer pays with a Visa Business Debit Card
direct employee of First Data to remove your terminal from • A transaction is taken as CNP
your premises
• In the event you suffer a communication failure in your Processing method – Transactions taken in
premises, the terminal will store up to five transactions until a face-to-face environment and/or mail and
it is next able to go online. Although this poses minimal risk, telephone order
a criminal may try to steal your POS device to extract any Qualifying transactions are face-to-face Chip and PIN and mail/
data stored. A PINstand secured to your countertop is a good telephone transactions that capture the card’s CSC number,
deterrent against theft, although these must allow access in which are submitted for processing within two business days
accordance with the Disability Discrimination ACT 1995 of the transaction.
• A criminal may try to force or bribe a staff member to allow
A non-qualifying transaction rate may be applied for mail/
them access to the POS device in order to add a data
telephone transactions when:
capture device
• Your customer pays with an EU or International Mastercard
• Your staff should be trained regularly on POS security and
or Maestro Card
must report any incident they feel is a threat to the device
• You should carry out some simple checks on a daily basis to • Your customer pays with an International Visa Card
ensure that your POS device has not been tampered with • Your customer pays with a Debit Mastercard Card
• Check that your device is not damaged • Your customer pays with a U.K. issued Reward, World Elite
• Check that no additional stickers are on the device that or World Card
were not attached at the time of installation • A transaction does not capture the card’s CSC number
• Ensure your POS device has not been modified and there
are no additional components that were not there previously
Processing method – transactions taken in an
e-commerce environment
If you detect anything suspicious with your POS device,
do not use it and report it immediately to our Merchant Qualifying transactions are 3D secure enabled e-commerce
Support Centre on 0345 606 5055.† transactions submitted for processing within two business
days of the transaction.
Positioning your POS Device • A non-qualifying transaction rate may be applied to:
You must consider cardholder privacy when positioning your
• Mail/telephone transactions
POS device:
• ‘Face-to-face’ transactions
• The POS should be placed in a position where the cardholder
cannot be overlooked whilst entering their PIN details • Recurring Transactions

• The POS must not be positioned directly in view of • Visa consumer charge cards
CCTV cameras • Mastercard World Signia and World Cards
• If a PIN-shield is provided with your POS, it should be used Interchange rates for Visa and Mastercard
Interchange rates are available on the Card Scheme Website
13. Qualifying/Non-Qualifying as shown below:

Transactions Interchange for Visa U.K. www.Visaeurope.com

Interchange for Mastercard U.K. www.Mastercard.com
As shown in your Merchant Agreement Fee schedule,
transactions may incur a non-qualifying charge. Depending on
the processing method you use and the type of card used, 14. Voicing your concerns
the transaction will be categorised as either a qualifying or
non-qualifying transaction. First Data is authorised and regulated by the Financial Conduct
Authority (FCA). If you have reason to complain, we will take
Processing method – transactions taken a balanced and fair view of the situation and whatever action
exclusively in a Face-to-face environment is necessary to resolve your complaint. The Financial Services

• Qualifying transactions are face-to-face chip, contactless

and swiped transactions which are submitted for
processing within two business days of the transaction

26 Operating Guide
and Markets Act 2000 set a standard procedure, which we Business Track®/ClientLine®
follow to handle all complaints and you can contact our Client For queries regarding, please call the Help desk on
Service Team as follows: 01268 567128 (Open 8 a.m. – 9 p.m. Monday–Saturday)
Complaints team
Dynamic currency conversion
First Data Complaints, Janus House, Endeavour Drive,
For queries regarding DCC, please call the Merchant
Basildon, Essex SS14 3WF or Telephone: 0345 606 5055†
Support Centre on 0345 606 5055† (Open 8 a.m. – 9 p.m.
Monday–Saturday, 8 a.m. – 9 p.m. or contact us at
Monday-Saturday)
UKSolutionsHelp@firstdata.com.

We take all complaints seriously and whilst many can be dealt American Express
with straight away, some take more time to investigate. The FCA For queries regarding American Express, please call
gives us 35 days to resolve all complaints. If you are not happy the American Express Help desk on 01273 675533
with the outcome, please contact us explaining what you think (Open 8 a.m. – 6 p.m. Monday–Friday and 9 a.m. – 5 p.m.
we can do to put it right. If you remain dissatisfied after we have on Saturday)
tried to put things right, you can ask The Financial Ombudsman
to look at your case for free and they can be contacted at:
Stationery
Stocks of stationery, for example, Sales, Refund and Merchant
• Address: The Financial Ombudsman Service Exchange Tower, Summary Vouchers and deposit envelopes can be ordered by
London E14 9SR calling the Merchant Support Centre on 0345 606 5055.†
• Telephone: 0800 023 4567/0300 123 9123
Point-of-Sale and Display material
• Email: complaint.info@financial-ombudsman.org.uk
Point-of-Sale material is available by telephoning the Merchant
• Website: financial-ombudsman.org.uk
Support Centre on 0345 606 5055†

15. Useful contact information 16. Changes to your business

Authorisation service It is vital that you keep us updated with any material changes
Tel: 0344 257 9400 or 01268 823 130 (Open 24 hours, to your business, including (but not limited to):
7 days a week)
• Bank details (that is Account Number, Sort Code and
Merchant support centre Branch address)
For any queries about your First Data service, please call
• Contact Names; Phone Numbers, (Landline and Mobiles);
0345 606 5055† (Open 8 a.m. – 9 p.m. Monday–Saturday).
Email Addresses; and Website Addresses
Alternatively write to us at: First Data, Janus House,
Endeavour Drive, Basildon, Essex SS14 3WF • Legal entity of the business and/or trading name
• Business closure (including outlets) or change of ownership
PCI DSS compliance program
(for example, changes to the directors or directors names;
For queries regarding your PCI DSS compliance status
changes to voting control or shareholding)
please call the PCI DSS Help desk on 0330 808 1606†
(Open 9 a.m. – 5 p.m. Monday–Friday) • Products or services your business provides and/or take
card payments for
First Data global leasing • Methods you take card payments by
For queries regarding your Terminal Lease please call First Data
• New and/or additional outlets
Global Leasing on 0345 841 2442† (Open 9 a.m. – 5 p.m.
Monday–Friday) or email FirstDataGlobalLeasing@firstdata.com • Any Insolvency event affecting your business; arrangement
with creditors; or if you experience any financial difficulties
Terminal manufacturers
Please notify us immediately of any changes by writing to
Clover Support Tel: 0345 605 0615 (Open 7 Days a week First Data, Janus House, Endeavour Drive, Basildon,
8 a.m. – 9 p.m.) or email UKCloverSupport@firstdata.com Essex SS14 3WF.
Spire, Verifone, Ingenico and First Data Terminal Help desk
Tel: 0345 606 5055† (Open 8 a.m. – 12 p.m. Monday–Saturday
and 9 a.m. – 5 p.m. on Sunday and Bank Holiday)

Operating Guide 27
 This Operating Guide forms part of your Merchant Agreement, so please read it carefully and keep it in a safe
place for future reference. All capitalised terms used in this Operating Guide and not otherwise defined in this
Operating Guide shall have the meanings set out in the Merchant Conditions.

Merchant Support Centre:

†
0345 606 5055
Lines open 8 a.m. – 9 p.m. Monday–Saturday
†
Telephone calls may be recorded for security purposes and monitored under the quality control process.

FirstData.com
© 2020 Fiserv, Inc. or its affiliates. Fiserv is a registered trademark. Other products referenced in this
material may be trademarks or registered trademarks of their respective companies. 584554 2020-2

Operating Guide 28