Web shop compliance instructions

Introduction

In the next several chapters mandatory requirements for e-commerce are documented, with examples that comply with standards.

It is important to note that every requirement must be fulfilled, otherwise the acceptance of credit/debit card payment is not possible.

1. Web shop required content

1.1 Web shop information

• Full company name

• Commercial court number

• Company tax code

• Company number

• Company headquarters and Webshop address (if it differs from headquarters)

• Phone and e-mail for customer contact

1.2 Card names and titles

• Only put cards that Your Webshop accepts

• Permitted card names are American Express, Mastercard, Maestro, Visa

• During the first card names displaying, American Express, Mastercard i Maestro must be followed by ® sign: American Express®, Mastercard® and Maestro®

• Between Mastercard and Maestro must not be any other card name/names, that is, the order must be Mastercard then Maestro

• On the page where one card name is placed other card names must be equally placed without discrimination

1.3 Card logos

• Logos must be placed on the page where payment mode is chosen.

• It is mandatory to put logos of all cards that Webshop accepts.

• Logos must not be changed, cut or increased in any way; therefore it is not allowed to cut, rectify, reduce or increase any element of any logo

• There must be clear space around logos.

• Between Mastercard and Maestro logos must not be any other logo, that is, the order of the logos must be Mastercard then Maestro.

• On the page where one card logo is placed other logos must be equally placed without discrimination

• Acceptance logos are as displayed:

Logos must be links for the following sites:

• American Express - http://home.americanexpress.com/home/global_splash.html

• Mastercard - www.mastercard.com

• Maestro - https://brand.mastercard.com/brandcenter/more-about-our-brands.html

• Visa - www.visa.com

• Diners – www.dinersclub.com

• Discover – www.discover.com

1.4 Payment security logos

• Payment security logos must be placed on the same page with credit card purchase security payment, as well as on the payment page

• It is recommended to place payment security logos on homepage

• Payment security logo can be used only once per page

1.4.1 Visa Secure

• Choose one of two possible logos

  

  

• The distance between this logo and the acceptance logo must not be less than the height of this logo

• The free space around the logo must not be less than the height of the letter V in the word Visa

• Additionally, where applicable, descriptive text should be added in the form: "your transactions are secure with Visa payment" or "your transactions are secure with Visa"

1.4.2 MASTERCARD® IDENTITIY CHECK™

• Choose one of two possible logos depending on the size of the display

  

• When writing the name on one page for the first time, the ® and ™ marks must be written next to the name - Mastercard® Identity Check ™

• The distance between this logo and other must not be less than half the height of the Mastercard character and

• Select a logo based on the background displayed
  

1.4.3 Diners – SAFE ONLINE SHOPPING

 Text: “Diners secure on-line shopping”

1.4.4 Monri Payments – PSP (Payment Service Provider)

The logo must be displayed with other logos and must have a link to the next page following site: http://monri.com/

1.5 Mandatory texts

This chapter contains examples of mandatory texts which make customer acquainted with Webshop terms and conditions, as well as payment type and conditions.

1.5.1 Credit card purchase security statement

* * * * Credit card purchase security statement

The confidentiality of your data is protected and ensured by using the latest version of TLS encryption. Online billing sites are secured using the Secure Socket Layer (SSL) protocol with 128-bit data encryption. SSL encryption is the process of encrypting data to prevent unauthorized access during its transmission.

This enables a secure data transfer and prevents unauthorized data access during communication between user and Monri WebPay Payment Gateway and vice versa.

Monri WebPay Payment Gateway and financial institutions exchange data by using their virtual private network (VPN) which is also protected from unauthorized access.

Monri Payments is PCI DSS Level 1 certified payment service provider regulated by Visa and Mastercard rules.

Credit card numbers are not stored by Merchant and are not available to unauthorized personnel.

1.5.2 Privacy statement

Webshop must provide customers with the opportunity not to agree to participate in marketing campaigns and not to agree to the disclosure of their personal data for use by third parties.

* * * * Personal data gathering and protection statement

We are committed to provide service of protection of our customer's personal data in a way that we collect only essential basic information about our buyers that are necessary for fulfilling our obligations. We also inform our customers about the way we collect information and regularly give customers an option about how their information will be used, including the possibility to decide whether their name should be included or omitted from the lists used for marketing campaigns.

All user information is strictly guarded and are available only to the employees who need that information for completing the job.

All our employees and business partners are responsible to follow the principles of confidentiality protection.

1.5.3 Terms and conditions

The website should highlight the methods and conditions of payment, as well as an accurate description of the method and deadline for delivery of products or services, as well as the possibility of refunds in case of product complaints or cancellation of services.

Also, Terms of service or Terms of sale can be used.

1.5.3.1 General sales example

* * * * Terms of sale (example)

These conditions determine the procedure for ordering, payment, delivery, and reclamation of products offered on this site. COMPANY_DOMAIN.com Website may be used for your private use without any fees for use, and according to the following terms and conditions.

The seller is COMPANY d.o.o., and the buyer is a visitor to this site who fills in an electronic order, sends it to the seller and makes payment by credit card or cash on delivery.

ORDERING

The customer orders the product or products via the electronic order form.

A customer is considered to be any person who electronically orders at least one product, fills in the required information and sends the order.

All prices are expressed in Croatian national currency, Croatian Kuna (kn) with included VAT. The buyer additionally has the option of displaying prices in US dollars and euros.

Goods are ordered electronically, by clicking on a specific product and storing it in the cart.

The goods are considered ordered at the moment when the buyer chooses and confirms the method of payment.

PAYMENT

Ordered products or services are paid online with one of the credit cards: Mastercard, Maestro or Visa.

DELIVERY

Ordered products are packaged in such a way that they are not damaged during normal handling. When picking up, the buyer is obliged to check the condition of the shipment and in case of damage to immediately point out and show the product to the delivery person (employee of the company that performs delivery). The seller disclaims all liability for damage that may occur during delivery.

If the buyer does not receive the goods, or the delivery notice, after it has been sent, within the expected time, the buyer has the right to inform the seller in order to take action to find the shipment or to send a replacement shipment.

If the buyer refuses to receive the goods he has ordered from the seller, the seller has the right to demand from the buyer reimbursement of all costs related to delivery.

The seller is obliged to send the shipment to the buyer at the time of receipt of confirmation of approval of the online transaction. Upon receipt of this confirmation, the seller is obliged to send the shipment within 5 (five) working days.

Once the courier (the delivery company) receives the shipment from the seller, the seller is no longer responsible for the further course of delivery and any delays and problems that may arise in connection with further handling and delivery of goods.

If the buyer decides to download the product instead of delivery, the seller is obliged to send the buyer a notice exclusively in the form of e-mail containing download links and instructions. Upon receipt of the e-mail (download notification), the customer can download the product immediately.

COMPLAINTS

The seller is obliged to deliver a product that is technically correct and corresponds to the product description listed on www.COMPANY.com. The image illustrating the product on the website does not have to correspond to the actual appearance of the product and the customer cannot make complain about this segment.

In the event of a technical malfunction of the audio recordings stored on the audio transmitter, the seller assumes full responsibility. In case of technical malfunction, the buyer is obliged to advertise the product within 4 (four) working days. After the technical defect had been reported, the buyer is obliged to return the technically defective audio transmitter by mail, along with the invoice, after which the seller will send the buyer a replacement product within 3 (three) working days, free of charge. In the case of the above, the customer has no right to request a refund, but only a replacement product.

The seller is not responsible for any damage and other obligations that are in the domain of the delivery company (the company that performs the delivery of products).

If the customer chooses the download option and the customer is unable to download due to technical problems caused on the seller's server, the seller agrees to send an email with a new download option for which the buyer does not bear any costs.

In case the buyer is still unable to download due to technical problems on the seller's server, the buyer is obliged to contact the seller's sales department who will offer an adequate solution that will not include any fees and further costs by the buyer. The buyer has no right to request a refund in this situation.

In case the buyer cannot download the product and the technical problems are not related to the seller, but are caused by the buyer, operator or third party, the seller is not responsible and is not obliged to allow the buyer to download or deliver goods free of charge.

The customer is obliged to download the product within 5 (five) working days, after which he will no longer be able to download the product, regardless of the fact that he has made the payment. In this case, the buyer waives of any complaint.

COPYRIGHT PROTECTION

All rights of the publisher and the holder of the program on the recorded and printed work are reserved. The publisher is COMPANY d.o.o. The buyer is obligated not to unauthorizedly reproduce, perform, use for broadcasting purposes, and sell the seller's products or any part of these products.

GENERAL

COMPANY d.o.o. reserves the right to change these terms and conditions. All changes will be applied to the use of COMPANY.com pages. The buyer is responsible for the accuracy and completeness of the data entered during the purchase.

The services provided by COMPANY.hr Internet store do not include the costs you incur using computer equipment and services to access our site. COMPANY d.o.o. is not responsible for telephone costs, Internet traffic or any other costs that may be incurred.

Although the COMPANY d.o.o. strives to provide the best possible offer of services, COMPANY d.o.o. cannot guarantee that the services on COMPANY.hr will meet your needs, nor can it guarantee that the service will be error-free. If an error occurs, please report it to our Contact Centre or e-mail info@COMPANY.com in order to eliminate it as soon as possible.

1.5.3.2 Hotel reservation example

* * * * Reservation conditions (example)

HOTEL NAME

HOTEL ADDRESS, ZIP CODE CITY, OIB: 12345678901

Requests and reservations are accepted via our web pages (e-mail or registration form), by post, telephone, fax or personally at the hotel reception.

As the reservation would be valid the user needs to pay the advanced payment in the minimum amount of €100,00, or the amount agreed with the Sales department of the hotel

The advanced payments can be effectuated ONLINE/BY CREDIT CARDS or OFFLINE via bank remittances, and personally at the hotel reception.

The final account is carried out at the hotel reception prior departure.

Specified prices are informative and the hotel reserves the right to make changes. The change of the reservation is possible only in writing.

For additional information the Sales department of the hotel is at your disposal:
phone +385 XX XXXXX, fax: +385 XX XXXXX, e-mail: INFO@HOTEL-DOMAIN.COM

Cancellation conditions

The reservation is valid from the date the advanced payment, or the reservation fee is paid and kept until 24:00 hrs at the day of arrival to the hotel.

The reservation can be cancelled in writing, by e-mail of by fax 30 days prior arrival latest i.e., before using the ordered and reserved services. The hotel reserves the right to keep the amount of €100,00 per room for reservation expenses.

In case the reservation prepaid in full amount is cancelled within 1-30 days prior arrival i.e., before using the ordered and reserved services, the hotel has no obligation to return

30% of the prepaid amount, the exception being illness or vis major. In case of no show the hotel keeps 100% of the prepaid advanced payment or reservation fee.

1.5.4 Currency conversion

All payments will be affected in EUR. The charged amount on your credit card account is converted into your local currency according to the exchange rate of credit card associations.

2 Product showcase

2.1 Product description

• Correct name and key product/service properties

• Product picture (if existing)

• Product retail price, including various taxes and fees, and currency

2.2 Cart layout

• Link to cart must be visible and available to customers the whole time while browsing

• Product name must be clearly visible, along with price, picture (if existing) and full order price

3 Ordering steps

Order process must contain the following information:

3.1 Shipping and delivery information

• must contain information about shipping fee, custom regulations, a statement of known export restrictions and any other provisions if applicable

3.1.1 Delivery address options

3.1.2 Delivery methods

3.1.3 Payment type

3.2 Order confirmation

Before confirmation, customer must be presented with all items that are being paid, as well as final cost for which his/her card will be charged:

• Product/service price

• Delivery price

• Discount/special prices (if existing)

• Base price

• VAT

• Total amount paid by the buyer (base + VAT)

• Customer's agreement with the purchase rules (active selection e.g., checkbox)
  Also know as ‘click to accept’

It is also necessary to highlight associated services (servicing, spare parts), product guarantee, consumer protection (conditions for cancelling the purchase of goods or services) and complaints and refunds policy.

4 Card data entry

This chapter covers additional rules for merchants using WebPay Direct API, that is, when card data is entered on merchant's page.

Merchant must ensure possibility as well as to insist from the customer to enter all the data mentioned further in text on his site as well as direct that data to authorization request. It is recommended that the customer be instructed on how to enter the data correctly.

4.1 Notes

• It is strongly forbidden to save card data (card number, expiration date, Card Verification Value), as well as displaying it on any pages following data entry (e.g., order confirmation page)

• It is only allowed to save and show the first 6 (six) and last 4 (four) digits of card number, the rest must be masked (e.g., using asterisks, *)

• Navigation to card data entry page, either using browser navigation or navigation in page, must be set to disable card data view

4.2 Card number

• Must be sent as digit string without spaces or hyphens

• Check card number validity using Luhn algorithm before sending authorization request and inform customer if card number is invalid

4.3 Card validity (expiration date)

• Enable expiration date entry in MM/YY format

• Check for entered expiration date and inform customer if card has expired

4.4 Card Verification Value

Depending on the card, the entry should be disabled if the CVV is shorter or longer as follows:

• American Express - 3 (three) or 4 (four) digits

• Mastercard – 3 (three) digits

• Maestro – some don't have it, some have 3 (three) digits

• Visa - 3 (three) digits

3 (three) digit number is printed on the back of the card in the signature area and presents last 3 (three) numbers on the right.

4 (four) digit number is printed on the front page of American Express card above card number. It can be positioned on left or right side.

4.5 First name, last name

Exact data must be entered as shown on the card, without our regional diacritic symbols

4.6 Address, city, zip code, country

Exact data must be entered as shown on bill that card issuer sends to the customer, without Croatian diacritic symbols

If Web shop offer sending goods/services to the address different than the aforementioned address, they are required to be more careful and check order with the customer.

5 Contact

Contact us at support@monri.com for any questions You may have.