Important Account Information
Welcome to EDataPay Merchant Services`
Thank you for choosing EDataPay as your Merchant Services provider. We look forward to servicing your credit card acceptance needs with a host of products
and services that will help your business increase sales and customer loyalty. We encourage you to contact us if you have any questions, comments, or
financial needs.
Help Desk Card Enclosed
Keep the Help Desk card included in your welcome package in a secure, non-public location close by the credit card terminal or computer used for payment processing. Call the toll-free number on the card and reference the account information when you need credit card related assistance.
Please keep your MID readily available for identification purposes when seeking assistance on your account.
Customer Support Numbers
Equipment Help Desks
Help Desk 888-395-9554
TechSupport@edatapay.com
Inquiries and Account Changes
Merchant Support 888-395-9554
Support@eDataPay
Voice Authorization Response Unit (VRU), Referrals, and
Code 10 Operators
(If your account number starts with 5)
Visa & MasterCard Authorization Center 800-228-1122
(24/7)
American Express Authorization Center 800-528-2121 (24/7)
Card Acceptance Policies
Asking for Identification
Although payment network rules do not preclude merchants from asking for cardholder ID, merchants cannot make an ID a condition of acceptance.
Therefore, merchants cannot refuse to complete a purchase transaction because a cardholder refuses to provide ID.
The payment networks do allow merchants to ask for ID as part of their regular card acceptance procedures. Laws in several states also make it illegal for merchants to write a cardholder’s personal information, such as an address or phone number, on a sales receipt.
You may ask for the ID if the card is not signed; you must have the cardholder sign it and check the signature against two other pieces of identification, including one government issued ID.
Taxes
Include required taxes in the total transaction amount. Do not collect taxes separately in cash. This policy reflects the needs of the many Visa,
MasterCard, and Discover Network cardholders who must have written records of the taxes they pay for goods and services.
Split Sales
Prepare one sales receipt per transaction, using the full transaction amount. Merchants are not allowed to split the cost of a single transaction on a single
cardholder account between two more sales receipts in order to avoid authorization limits.
Laundering
Deposit transactions only for your own business. Depositing transactions for a business that does not have a valid merchant agreement is called laundering or
factoring. Laundering is not allowed; it is a form of fraud associated with high chargeback rates and the potential for forcing merchants out of business.
No Cash Refunds
Complete a credit receipt for merchandise returns or adjustments. Do not provide cash refunds for returned merchandise originally purchased with a card.
Visa and Discover Network does not permit cash refunds for any credit or debit card transaction. By issuing credits, you protect your customers from
individuals who might fraudulently make a purchase on their account and then return the merchandise for cash.
Delivery of Goods and Services
Deliver the merchandise or services to the cardholder at the time of transaction. Cardholders expect immediate delivery of goods and services unless
other delivery arrangements have been made. For card-not-present transactions, cardholders should be informed of delivery method and tentative delivery date.
No Transactions on Merchant’s Own Card
Merchants should not use your own card, or one to which you have access, to process a transaction for the purpose of obtaining credit for your own benefit.
Card Processing Procedures
Insert / Swipe / Tap the card to request the transaction authorization.
Hold the card throughout the transaction.
Check the card’s features and security elements while the transaction is being processed. Make sure the card is valid and has not been altered in any way.
Obtain authorization.
Get the cardholder signature on the transaction receipt.
Compare the name, number, and signature on the card to those on the transaction receipt.
Return Card and transaction receipt to your customer.
IF YOU SUSPECT FRAUD, MAKE A CODE 10 CALL
Maintaining Your Account
From time to time, your business may experience changes. Some changes may require updates to your merchant processing account, including
the following:
Bank Account
Ownership or ownership structure
Federal tax identification number
Company DBA and/or legal name
Address, phone number, etc.
Type of business
Additional documentation may be required to update your account. To request account changes, please contact EDataPay Merchant Support at:
Phone: 888-395-9554
Fax: 888-909-0138
Email: Support@eDataPay
Mail: EDataPay, Attn: Merchant Support, 20423 State Road 7, Suite F6-524 Boca Raton, Florida, 33498
Understanding and Avoiding Chargebacks
A chargeback is a reversal of a sales transaction. The following are the top five reasons for which chargebacks are initiated and how you may be able to dispute them if appropriate. All supporting documentation must be provided within twelve (12) business days.
Why Chargebacks Occur
The most common reasons for chargebacks include:
Customer disputes
Fraud
Processing errors
Authorization
Non-fulfillment of copy requests (only if fraud or illegible)
Avoiding Chargebacks
Most chargebacks can be attributed to improper transaction- processing procedures and can be prevented with appropriate training and attention to detail. The following best practices will help you minimize chargebacks.
Chargeback Remedies
Even when you do receive a chargeback, you may be able to resolve it without losing the sale. Simply provide Merchant Services with additional information about the transaction or the actions you have taken related to it.
For example, you might receive a chargeback because the cardholder is claiming that credit has not been given for returned merchandise.
You may be able to resolve the issue by providing proof that you submitted the credit on a specific date. Send this information to Merchant Services in a
timely manner.
The key in this and similar situations is always to send Merchant Services as much information as possible to help remedy the chargeback. With appropriate information, Merchant Services may be able to resubmit, or “re-present,” the item to the card issuer for payment.
Timeliness is also essential when attempting to remedy a chargeback. Each step in the chargeback cycle has a defined time limit during which action can be taken.
If you do not respond during the time specified on the request which may vary depending on Card Association rules — Merchant Services will not be able to remedy the chargeback.
Although many chargebacks are resolved so that the merchant does not lose the sale, some cannot be remedied. In such cases, accepting the chargeback may save you the time and expense of needlessly contesting it.
Point of Sale
Declined Authorization Do not complete a transaction if the authorization request was declined. Do not repeat the authorization request after receiving a decline; ask for another form of payment.
Transaction Amount Do not estimate transaction amounts. For example, restaurant merchants should authorize transactions only for the known amount on the check; they should not add on a tip.
Referrals If you receive a “Call” message in response to an authorization request, do not accept the transaction until you have called the authorization center.
In such instances, be prepared to answer questions. The operator may ask to speak with the cardholder. If the transaction is approved, write the authorization code on the sales receipt, and contact Tech Support (888-395-9554) should you need any assistance capturing your new authorization. If declined,
ask the cardholder for another form of payment.
Expired Card Do not accept a card after its “Good Through” or “Valid Through” date unless you obtain an authorization approval for the transaction.
Fraudulent Card-Present Transaction If the cardholder is present and has the account number but not the card, do not accept the transaction. Even with an authorization approval, the transaction can be charged back to you if it turns out to be fraudulent.
Legibility Ensure that the transaction information on the sales receipt is complete, accurate, and legible before completing the sale. An illegible receipt, or a receipt that produces an illegible copy, may be returned because it cannot be processed properly.
The growing use of electronic scanning devices for the electronic transmission of copies of sales receipts makes it imperative that the item being scanned be very legible.
Avoid Illegible Transaction Receipts
Ensuring legibility of transaction receipts is key to minimizing copy requests and chargebacks.
When responding to a copy request, you will usually photocopy or scan the transaction receipt before mailing or electronically sending it to Merchant Services. If the receipt is not legible to begin with, the copy that the bank receives and then sends to the card issuer may not be useful in resolving the cardholder’s question.
If this occurs, the transaction may be returned to you as a chargeback for an illegible copy. At this point, unless you can improve the readability of the transaction receipt, you may end up taking a loss on the transaction.
Sales-Receipt Processing
One Entry for Each Transaction Ensure that transactions are entered into point-of-sale terminals only once and are deposited only once. You may get a chargeback for duplicate transactions if you:
Enter the same transaction into a terminal more than once Process the same transaction with more than one merchant bank
Voiding Incorrect or Duplicate Sales Receipts Ensure that incorrect or duplicate sales receipts are voided and that transactions are processed only once.
Close your Batches as quickly as possible, preferably
within 24 hours of the transaction date; do not hold on to them. It can save you money on fees to not let batches sit longer than a business day.
Process credit transactions as quickly as possible. If your customer is owed a refund, process it as quickly as possible to prevent them from initiating a chargeback for credit not processed
Ship Merchandise Before Processing Transaction For card-not-present transactions, do not process the transactions until you have shipped the related merchandise.
If customers see a transaction on their monthly card statement before they receive the merchandise, they may contact their Issuer to dispute the billing. Similarly, if delivery is delayed on a card-present transaction, do not deposit the sales receipt until the merchandise has been shipped.
Requests for Cancellation of Recurring Transactions
If a customer requests cancellation of a transaction that is billed periodically (monthly, quarterly, or annually), cancel the transaction immediately or as specified by the customer.
As a service to the customer, advise the customer in writing that the service, subscription, or membership has been canceled and state the effective date of the cancellation.
Disclosing Refund, Return, or Service Cancellation
Policies If your business has policies regarding merchandise returns, refunds,or service cancellations, these policies must be disclosed to the cardholder at the time of the transaction.
Your policies should be pre-printed on your sales receipts, if not, write or stamp your refund or return policy information on the sales receipt near the customer signature line before the customer signs (be sure the information is clearly legible on all copies of the sales receipt).
Failure to disclose your refund and return policies at the time of a transaction could result in a dispute if the customer returns the merchandise.
PCI Compliance Reminder
Please follow the instructions below to avoid PCI non-compliance fees on your merchant statement offering the simplest, most convenient means to 100% PCI DSS compliance
Every merchant who accepts credit/debit card payments is required to comply with the Payment Card Industry Data Security Standard (PCI DSS). The threat to credit and debit card data has never been greater, and the impact on a merchant and its customers can be devastating. Your best protection is ongoing PCI DSS compliance.
EDataPay is committed to maintaining all applicable PCI DSS requirements to the extent of which EDataPay possesses or otherwise stores, processes, or transmits cardholder data on behalf of the customer, or to the extent that it could impact the security of the customer’s cardholder data environment.
• Complete the Appropriate PCI Self-Assessment
Questionnaire (SAQ). All merchants are required to complete the SAQ annually. There are five variants of the questionnaire (A, B, C, C-VT, and D) that reflect the controls necessary to secure various payment technologies. PCI Compliance’s online portal efficiently directs you to the appropriate questionnaire, and an extensive knowledge base helps you accurately answer each question.
• Schedule and complete quarterly vulnerability scans (if applicable). If your payments solution communicates payment card data over a computer network (versus a phone line), a quarterly scan is required to determine if vulnerabilities would allow a hacker to compromise your network and cardholder data.PCI Compliance provides a self-service external vulnerability scanning solution that meets all quarterly PCI DSS security scan requirements.
• Enhance security through employee awareness.
Keeping your business secure and compliant requires ongoing awareness. PCI Compliance provides eLearning courses and a knowledge base for you and your employees to foster that awareness and help keep you safe.
While participation in the PCI Compliance Service Assistance Program helps to reduce the risk of a security breach or data compromise that could prove catastrophic to your business, PCIDSS compliance does not guarantee or prevent a security breach or compromise.
To get started, call PCI Compliance toll-free at 866-949-9777. You may also email PCI Compliance at helpdesk@pcicompliancellc.com.
You can also contact EDataPay Customer Service at 888-395-9554 if you have any questions.
If you have validated compliance with another provider, you must supply proof of validation to EDataPay by submitting your compliance certificate to Support@eDataPay
Payment Card Industry Data Security Standard
Requirements for Protecting Transaction Data
Combating fraud is the shared responsibility of all parties involved in payment card transactions. Visa, MasterCard and Discover Network are reaching out to merchants, acquires and other partners to minimize risk and share requirements for safeguarding transaction data.
Below are the 12 requirements included in the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS can be viewed in its entirety at: www.pcisecuritystandards.org
Information regarding the EDataPay PCI DSS compliance program is sent directly to the merchant following account opening. Any merchant or service provider that stores, processes, or transmits cardholder information must comply with these standards.
All eligible merchants and service providers, regardless of size (or in the case of service providers, whether they support issuing or merchant activity) must comply with the 12 basic requirements outlined next.
1. Install and maintain a firewall configuration to protect data. Firewalls are computer software devices that control traffic in the company’s network. This includes unauthorized access from the Internet, as well as access to sensitive areas from company’s internal networks.
2. Avoid vendor-supplied defaults for system passwords. Hackers attempt to identify these passwords & settings and use them to compromise systems. You should always change these defaults before installing a system on the network.
3. Protect stored transaction data. Keep transaction storage to a minimum and never store sensitive authentication data after authorization. Take precautions to make stored transaction data unreadable through encryption or some other secure and robust approach.
4. Encrypt transaction data when transferred over networks. Sensitive information should always be encrypted during transmission over wireless networks or the Internet, as it is often easy to divert or intercept data while in transit. Never send encrypted transaction information via email.
5. Utilize anti-virus software or programs. Install these mechanisms on all systems that can be affected by viruses and ensure that these systems are current, running, and capable of generating audit logs.
6. Develop and maintain secure systems and applications. As a participating merchant or service provider, you must ensure that all components have the latest vendor security and software patches to protect against external hackers and viruses. Develop standard system development processing and secure coding techniques.
7. Restrict access to data. Limit access to resources and cardholder information to employees who need access to the information to do their jobs and limit access only to what is needed. Establish a mechanism for systems with multiple users that restrict access based on an individual’s need to know.
8. Assign a unique username and password to each person with computer access to transaction data. This allows for all actions taken on the system to be identified and tracked. Take necessary precautions to protect user identification and immediately revoke access by terminated users.
9. Restrict physical access to transaction data. Use appropriate facility entry controls and monitor access. Develop procedures to help personnel easily distinguish between employees and others. Destroy media containing transaction information when it is no longer needed.
10. Track and monitor access to network resources and transaction data. Logging mechanisms and tracking user activity is critical to uncovering unauthorized illegal activity.
11. Regularly test security systems and processes. New vulnerabilities are continually being discovered. Consistent testing ensures security maintenance.
12. Maintain an information security policy. A strong security policy sets the security tone for the entire company.
If You Have a Security Breach
Contact EDataPay immediately and no later than 24 hours after discovery of a suspected breach.
If you experience a suspected or confirmed security breach, you should:
Immediately Contain and Limit the Exposure
- To prevent further loss of data, conduct a thorough investigation of the suspected or confirmed loss or theft of account information within 24
hours of the compromise. - Do not access or alter compromised systems. Do not log on to the machine or change passwords.
- Do not turn off the compromised machine. Instead, isolate compromised systems from the network by unplugging their cables.
- Preserve logs and electronic evidence.
- Log all actions taken.
- If using a wireless network, change the service set identifier (SSID)–or network name– on the access point (AP) and on other machines that may be
using this connection (with the exception of any systems believed to be compromised). - Be on HIGH alert and monitor all payments systems.
Alert All Necessary Parties
- Your internal information security group, incident response team and legal department.
- Your merchant bank: EDataPay at 888-395-9554.