1. Sing Up
Fill out the questionnaire
2. Prepare the legal documents
Following information have to be clearly specified on the website:
- Protection of Personal Data
- General Terms and Conditions (read more)
Terms and Conditions must contain:
- The Merchant’s name and titles of trademarks used
- Types of accepted payment cards
- Detailed description of the Merchant’s goods /services
- Terms of purchase and sales/service provision, terms and conditions for terminating the agreement
- Price of goods/services, currency, other fees, charged by the Merchant (separate from the price), and the date of payment
- Goods/services delivery terms and conditions
- Goods/services refund terms and conditions
- Money-back terms and conditions
- Personal data processing rules
- Descriptions of security and data transmission means used by the Merchant
- The use of 3-D Secure Standard by the Merchant must be marked with “Verified by VISA” and “MasterCard SecureCode” signs
- Contacts of the Merchant’s customer service staff – e-mail and customer service phone number
- The Merchant’s permanent residence address
- Other information specified by PayWiser and payment card organisations
We suggest you to download the sample T&C Specification and change it accordingly.
3. Technical implementation
4. Sign the agreement with the acquiring bank
5. Webpage has to contain following elements:
- Footer of the website has to contain company name and address
- Link to general terms and conditions, available from all the pages
- Link to general terms and conditions, available from checkout page
- MasterCard and Visa logo (and Moneta if using), available from checkout page and at the main page of the webshop (please see below)
6. Sign the Contract for using PayWiser system
7. Production tests
If merchant is using API or own payments form the ThreatMatix snippet should be implemented in the payments form. ThreatMatix code is provided by PayWiser.
8. Become PCI compliant
PCI security standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The standards apply to all entities that store, process or transmit cardholder data – with guidance for software developers and manufacturers of applications and devices used in those transactions. The Council is responsible for managing the security standards, while compliance with the PCI set of standards is enforced by the founding members of the Council, MasterCard, Visa etc.
The PCI DSS documents represent a common set of industry tools to help ensure the safe handling of cardholder data. The standard itself provides an actionable framework for developing a robust security process—including preventing, detecting, and reacting to security incidents. To reduce the risk of compromise and mitigate the impact if it does occur, it is important for all entities that store process, or transmit cardholder data to be compliant. The chart below outlines the tools in place to help organizations with PCI DSS compliance and selfassessment. These and other related documents can be found at www.pcisecuritystandards.org.
The Self-Assessment Questionnaire (SAQ) is a validation tool for eligible organizations who self-assess their PCI DSS compliance and who are not required to submit a Report on Compliance (ROC). Different SAQs are available for various business environments; more details can be found on this PCI DSS web site.
All merchants must comply with PCI DSS self-assessment questionnaire (SAQ), keep it in paper form and renew it annually.
- if you accept payments thru PayWiser WebPayments form, you must comply with PCI DSS level A
- if you accept payments thru on your web-page using PayWiser API key you must comply with PCI DSS level D
- if you accept payments thru MiniPOS you must comply with PCI DSS level C (or PCI DSS P2PE-HW)
- if you accept a combination of payments you must comply with appropriate SAQ