The Tyro Blog

2 April 2017 - 8 min read

Online Payments Education

Website Requirements

tyro-merchant-ecommerce-requirement

eCommerce merchants are required to comply with Tyro’s Website Requirements. Here we provide some Frequently Asked Questions to get you started, and more detailed information to assist you in meeting these Requirements.

Frequently Asked Questions

What are Website requirements?

Website requirements are a set of disclosures that need to be made on websites when accepting payments.

Why are Website requirements important?

Website requirements are important to ensure that appropriate information is made available to cardholders when making purchases. Tyro website requirements assist merchants in:

  1. Meeting eCommerce website requirements prescribed by the card schemes;
  2. Protecting themselves from chargebacks and disputes. The chargeback framework provides a mechanism for cardholders to dispute transactions processed by merchants, most commonly because their card was used without their consent (i.e. a fraud chargeback) or the merchant did not provide the goods and services as described (i.e. a non-fraud chargeback). Compliance with Tyro’s website requirements will assist merchants in defending non-fraud chargebacks and managing cardholder disputes, however ultimately chargebacks are managed in accordance with the regulations set by each card scheme (e.g. Mastercard® and Visa) and the card scheme makes the ultimate determination on financial liability. More information on chargebacks can be found in Tyro’s Chargebacks Guide. More information on fraud can be found in Tyro’s Fraud Prevention Guide.
  3. Providing cardholders with information about the merchant’s business and applicable conditions of sale.

How and when are website requirements verified?

Website requirements are verified when eCommerce merchants are onboarded, and website content is monitored on an ongoing basis. At the time of onboarding, Tyro will request details of the website’s URL. If a website is under development at the time of the merchant application, Tyro will request visibility of the development site and may defer approval of the merchant facility until development work is complete.

What if my website changes?

Tyro should be notified if changes are made to the following:

  • The URL of the website;
  • The trading name shown on the website;
  • The nature of goods/services made available for sale;
  • The ACN and/or ABN shown on the website.

Detailed Website Requirements

Before approving an eCommerce facility, Tyro will verify that the connected website contains the information provided below. “Must have” items must be displayed in all cases. “Recommended” items are optional.

Price of goods:

Must have: The total price of goods/services being purchased, including applicable tax and shipping/delivery/installation. Where shipping/delivery/installation prices are estimated, this should be made clear to the cardholder.

Transaction currency:

Must have: A clearly denoted transaction currency against the total price of goods/services being purchased, which in most cases will be Australian Dollars. This may be achieved using text in a prominent place (e.g. “All transactions are processed in Australian Dollars”) and/or by using AUD$ (or the applicable transaction currency) on the checkout/payment page. Where the merchant only sells and ships/delivers/installs in Australia, and this is noted on the website, transaction currency only needs to be denoted using the dollar symbol (i.e. $402).

Recommended: It is recommended that a clear naming convention exists between the URL of the merchant website, the merchant business name, and the name that will appear against the transaction on the cardholder’s card statement/bill.

Shipping/delivery/installation information:

Must have: The cost of shipping/delivery/installation clearly stated, unless shipping/delivery/installation is included in the sale price and clearly noted.

Must have – Liquor merchants only: Where liquor is being sold online, merchants must: (1) display their liquor licence details (2) note that delivery is only made to Australian addresses (3) note that liquor is sold only to persons of 18 years of age or older, and note that age confirmation identification must be presented at the time of delivery.

Recommended: The approximate shipping/delivery/installation time frame and method, as applicable. Where the shipping/delivery/installation time frame is estimated, or delays are possible (e.g. because of the cardholder’s location or potential border controls), or delivery will occur in multiple shipments, or delivery restrictions exist (e.g. delivery is only made to specific countries or states), this should be made clear to the cardholder.

Recommended: It is recommended that shipping/delivery/installation arrangements/conditions are made clear to the cardholder, for example where there is a need for cardholders to sign for parcels or provide identification upon collection or sign for completion of installation.

Recommended: It is recommended that a “click to accept” or other acknowledgement button or checkbox is used, in order to obtain and record the cardholder’s agreement to the information provided.

Contact information:

Must have: An email address or a telephone number or a contact form, via which cardholders may engage with the merchant to seek information or resolve disputes.

Recommended: It is recommended that multiple contact options are provided to maximise the opportunity for contact and minimise the propensity for disputes. It is also recommended that a timeframe for response is noted in order to manage cardholder expectations.

Merchant business information:

Must have: The name of the merchant, mailing or Post Office Box address, and country of domicile.

Must have: The merchant business name on the website must match, or be easy for the cardholder to reconcile with, the name that will appear against the transaction on the cardholder’s card statement/bill. If the connection between the name on the website and the cardholder’s card statement/bill is not strong, then the merchant must place text on the checkout page to explain the name that will appear on the cardholder’s card statement/bill (e.g. “This transaction will appear on your card statement/bill under the name of Business Name Limited”).

Recommended: It is recommended that a clear naming convention exists between the URL of the merchant website, the merchant business name, and the name that will appear against the transaction on the cardholder’s card statement/bill.

Refund/return/cancellation policy:

Must have: A refund/return/cancellation policy, or a no refund/return/cancellation policy, as applicable, which should be prominently disclosed and fair and reasonable. Where applicable, cardholders should be made aware of the conditions that must be met to be eligible for a refund/return/cancellation and any associated fees.

Recommended: It is recommended that a “click to accept” or other acknowledgement button or checkbox is used, in order to obtain and record the cardholder’s agreement to the information provided.

Complete description of goods/services:

Must have: A complete description of goods/services to which the payment relates.

Recommended: It is recommended that goods are noted as new or used, as applicable.

Recommended – Ugg boot sellers only: It is recommended that information is provided to make a clear association with, or disassociation from, the UGG Australia brand owned by Deckers Corporation, as applicable. Buyer confusion can result in chargebacks and brand violations can result in significant card scheme fines.

Details of card types accepted:

Must have: Approved images of the card types accepted (e.g. Mastercard, Visa), either on the website itself or an associated Hosted Payments Page.

Information security policy:

Recommended: It is recommended that details are provided of security capabilities for transmission of payment card details (e.g. “All card information is captured on a Hosted Payment Page and stored in a PCI-DSS compliant environment”).

Recommended: It is recommended that details are provided on what information the merchant collects from its customers, how the merchant stores and secures this information, and whether or not the merchant shares this information with other parties.

Merchant specific:

The following items apply to specific merchant categories/merchant types:

Must have – Liquor merchants only: Where liquor is being sold online, merchants must: (1) display their liquor licence details (2) note that delivery is only made to Australian addresses (3) note that liquor is sold only to persons of 18 years of age or older, and note that age confirmation identification must be presented at the time of delivery.

Recommended – Charities: It is strongly recommended that charity merchants employ CAPTCHA technology to prevent the use of automated scripts for card testing. This form of card testing allows fraudsters to generate approvals/declines on a large volume of cards in a short time period, causing significant disruption to merchants and inconvenience to genuine cardholders. CAPTCHA technology is described as “a type of challenge–response test used in computing to determine whether or not the user is human”, and can be used as a method to limit fraudulent activity. Please note that card testing is most common at charity merchants, however can be found in other merchant contexts.

Recommended – Ugg boot sellers only: It is recommended that information is provided to make a clear association with, or disassociation from, the UGG Australia brand owned by Deckers Corporation, as applicable. Buyer confusion can result in chargebacks and brand violations can result in significant card scheme fines.

Websites must NOT incorporate content that:

  1. Is false and/or misleading.
  2. Constitutes or violates any applicable law in the jurisdiction of the cardholder, merchant, card issuer, acquirer, card scheme, or destination to which goods/services are shipped/delivered/installed.
  3. Is sold on behalf of any other entity or individual, unless approved by Tyro.
  4. Falls outside of what would be considered normal goods/services sold by a merchant in the Merchant Category Code (MCC) approved by Tyro at the time of merchant application.
  5. May be considered offensive.

Mastercard is a registered trademark, and the circles design is a trademark of Mastercard International Incorporated.