The following information applies if you have an eCommerce merchant facility and is to be read together with the EFTPOS Merchant Agreement Terms and Conditions.
Our Website Requirements are a list of minimum requirements that eCommerce merchants must follow when accepting card payments. These requirements and standards must be maintained throughout the lifetime of the facility.
Adherence to website requirements enables merchants to comply with card scheme requirements, provide important information to cardholders about the merchant’s business and conditions of sale, and obtain some protection from non-fraud chargebacks.
Website Must Display
You must display the following on your website:
a) contact information that’s readily accessible, either an email address or telephone number or contact form. Multiple contact methods increase options for cardholders;
b) a complete description of all goods and services you offer on your website;
c) a clear explanation of shipping practices and delivery policy (where applicable);
d) transaction currency (BankSA merchants can process and settle in AUD currency only);
e) total costs of the goods or services offered including all appropriate shipping/handling charges and taxes (such as GST). Where the total cost of the transaction cannot be determined in advance, you must include a statement to that effect and provide a description of the method that will be used to calculate it;
f) delivery timeframe information (if applicable) – including delivery arrangements when the order cannot be fulfilled in the expected timeframe;
g) wherever you present payment options, display images of card scheme logos that we supply you (only approved eftpos, Mastercard®, Visa, American Express®, JCB, and UnionPay logos should be used on your websites. Contact our Merchant Helpdesk for logo specification guides);
h) export restrictions (if applicable) – including countries you do not ship to;
i) a clear refund/return policy;
j) if you provide a currency converter, a disclaimer providing advice to cardholders that the converter provides an approximation of the currency only and the transaction will be processed in AUD;
k) any additional disclosures or age verification requirements or trading restrictions required by a license to operate, for example the online sale of liquor, online gambling, and the online sale of financial or insurance products.
Website Must Not Display
You must not display the following on your website:
a) anything that constitutes or encourages a violation of any applicable law or regulation, including but not limited to the sale of illegal goods or the violation of export controls, obscenity laws, gambling laws or copyright/trademark laws;
b) any adult or pornographic content;
c) offer for sale goods or services, or use to display materials, which may be considered by a reasonable person to be obscene, vulgar, offensive, dangerous, or are otherwise inappropriate.
Payment pages on your website are monitored by BankSA using an accredited service provider (of BankSA’s choosing). You should not change the types of goods or services sold through your merchant facility without first providing BankSA with a written notice, and then receiving written consent from BankSA confirming the change has been approved.
Website and Domain Requirements
Your Domain must be substantially similar to your trading name and your website must be designed in such a way that a reasonable Cardholder is able to readily identify it as your website without any confusion. Cardholder confusion may lead to unnecessary chargebacks.
If the Domain name does not match your business’ trading name, then your business’ trading name must be clearly noted on the payment/check-out page, such that the cardholder has clear visibility of your business’ trading name before completing a payment and can clearly make the connection between your business’ trading name and the name that appears on their card statement. This arrangement has a higher propensity for cardholder queries and chargebacks.
As a merchant you should own the Domain name used by your business or be in a position to provide confirmation that the owner of the Domain has provided consent for its use.
Website Requirement Applicability
Website requirements are applicable where you as the merchant sell goods and services online and take payment for the goods/services sold on a merchant website.
Website requirements are not applicable where you as the merchant take payments for goods/services after issuing an invoice or an electronic bill payment request. Details of the transaction and any terms and conditions should be captured/referred to in the invoice or request for payment.
Website Recommendations
Our website recommendations provide eCommerce merchants with “best practice” guidance on information that is recommended, by regulatory bodies, to be conveyed to your consumers.
| Recommendation | Guidance |
|---|---|
| Merchant Choice Routing (MCR) Online Notification | Merchants who have activated MCR and are processing eCommerce transactions in an online environment are expected to provide reasonable notification to new and existing cardholders advising them that their multi-network debit card transactions may be routed through the eftpos network. You may display the notification as an online text box/pop-up on your website; add a statement to your customer terms and conditions; and add an explanation to your website’s ‘frequently asked questions’ section. Refer to the example wording provided in the Suggested Policy Text section of this page. |
| A security policy | Refer to the example wording provided in the Suggested Policy Text section of this page. |
| A consumer data policy | Merchants may wish to include a consumer data policy specifying what cardholder information merchants will store, how the information will be used and information about the use of cookies. |
| Inclusion of ABN/ACN details | This information provides confidence to the cardholder and a mechanism for validating the credentials of your business. |
| Adopt methods to avoid card testing | Merchant websites are sometimes used to test the validity and currency of card data that has been stolen by criminals, most commonly by way of scripted/robotic attacks that cause a sudden and unexpected spike in transaction volume. Merchants are recommended to consult with their web designers and employ technology to deter such attacks, for example challenge-response tests, restrictions on web session times/transactions per web session, fraud monitoring solutions, or authentication. |
Suggested Policy Text
Set out below are examples of policies and practices. These examples have been provided for information purposes only and do not constitute legal, professional, or commercial advice.
Any policies referred to on merchant websites should reflect actual underlying policies and practices.
| Shipping Practices/Delivery Policy Example Only |
|---|
| We deliver products using [shipping company]. Shipping costs are influenced by the size and weight of the product and your location. Exact shipping costs are calculated in the shopping cart and will be added to the order total before checkout. Orders are dispatched within (x) business days. Shipping times are estimated at between (x) and (y) business days depending on your location. |
| or |
| We deliver our products using [shipping company]. Shipping costs are a flat rate of $x and will be added to the order total before checkout. Orders are dispatched within (x) business days. Shipping times are estimated at between (x) and (y) business days, depending on your location. |
| Shipping Destinations Example Only |
|---|
| (Business Name) ships goods Australia-wide and internationally. |
| or |
| (Business Name) ships goods Australia-wide however, currently, we do NOT accept international orders through our website. Please contact us on (phone number) to enquire about a special order. |
| Refund Policy Example Only |
|---|
| Please choose carefully. We do not normally give refunds if you simply change your mind or make a wrong decision. You can choose between a refund, exchange, or credit where goods are faulty, have been wrongly described, are different to the product purchased on the website or don’t perform as advertised. |
| Security Policy Example Only |
|---|
| When purchasing from (Business Name), card details are transmitted through a secure server using (name of product). Card data is not hosted by (Business Name) after processing. |
| or |
| When purchasing from (Business Name), card details are transmitted through an application programming interface. Card details are hosted by (Name of Company) after processing. |
| Merchants processing Multi-Network Cards online (Example Only) |
|---|
| Please note, if you are using a card displaying two networks (i.e. Visa and eftpos OR Mastercard and eftpos) we may process your payment through either of these networks. Please talk to your Card Issuer if you have any concerns. |