Your Acceptance Guide Welcome

From Start to Finish

A Guide to Accepting Payments Acceptance solutions are an essential part of your . As your partner, we want to make accepting payments as simple as possible for you. That’s why we created Your Payments Acceptance Guide. It’s your quick reference to the guidelines for processing transactions. You’ll also find recommendations and tips to help you prevent fraud, reduce , and properly handle payments, refunds, exchanges, and most other situations you’ll encounter in your day-to-day business. If you have questions about processing payments or other aspects of your merchant arrangement, please contact the Merchant Solutions Call Centre on 1800 243 444 where lines are open 24/7.

2 Your Payments Acceptance Guide Contents

I. General...... 4

1. Use of Brands...... 4

2. Validating Card Brands...... 4

3. Merchant Statements...... 4

4. Point-of-Sale (POS) Reminders...... 5

5. Transactions Where the Cardholder is Not Present “Card Not Present (CNP)” Transactions... 5

6. Transaction Guidelines...... 5

7. Security...... 6

II. Gives You Helpful Information and Guidelines for Specific Aspects...... 7

8. Authorisations...... 7

9. EFTPOS Debit Cards and Multi-Network Cards...... 7

10. Special Types of Transactions...... 8

11. Refunds...... 9

12. Chargebacks, Retrievals and Other Debits...... 10

13. Suspect/Fraudulent Transactions...... 13

14. Glossary...... 13

Your Payments Acceptance Guide 3 Part I

• Don’t use the trademarks of any Card Scheme after: I. General Your right to accept the cards of that Card Scheme has ended; or that Card Scheme has notified you to stop Fiserv (through Merchant Solutions using their trademarks Pty. Ltd.) provides processing services to facilitate the passage of your Sales Receipts back to the thousands of • Don’t use the trademarks of Fiserv or of the Card institutions that issue the cards carried by your customers. Schemes in any way that injures or diminishes the This part of the Guide describes the procedures and goodwill associated with the trademarks methods for submitting Card Scheme transactions • Don’t use our trademarks of Fiserv or the Card Schemes for payment, obtaining authorisations, responding to in any manner, including in any advertisements, displays chargebacks and media retrieval requests, and other or press releases, without our prior written consent aspects of the operations of our services. They seek to provide you with the principles for a sound card program. 2. Validating Card Brands They are designed to help you decrease your If you have selected to accept these brands you must liability and to train your employees. honour to accept all cards presented under these brands with the following logos. The content contained in this document focuses primarily on acceptance practices associated with Mastercard, Visa, Australia and UnionPay. In the event Fiserv provides authorisation, processing or settlement of transactions Additionally, Fiserv has made provision for the acceptance involving other Card Scheme brands, you should also and on-forwarding of transactions for ®, consult those independent Card Schemes to acquaint Diners® and JCB. You will need to engage these Card yourself with their rules and regulations. Schemes separately for contractual arrangements which The requirements set out in this Acceptance Guide will will include processing, funding and providing you a apply unless prohibited by law. You are responsible for statement. following any additional or conflicting requirements 3. Merchant Statements imposed by your State or Territory. Each month Fiserv will send you a statement. The first step of a transaction begins before a customer The statement will reflect all activity for the month. even decides to make a purchase. This part of Your The statement will also include a table reflecting the cost Payments Acceptance Guide reviews the steps you’ll need of acceptance of these transactions as required under law. to take to ensure customers are informed of their payment options and understand the terms of sale. • Review your statement carefully and if you have any questions, please contact the Call Centre 1. Use of Card Scheme Brands on 1800 243 444 Do’s • Familiarise yourself with Cost of Acceptance • Do prominently display relevant trademarks of the requirements and guidelines as stipulated by the Card Schemes at each of your locations, in catalogues, Reserve of Australia (RBA) and the Australian on websites and other promotional material Competition and Consumer Commission (ACCC) • Do only use the official trademarks of Fiserv and the Card Schemes as officially instructed to do so

Don’ts • Don’t indicate that Fiserv or any Card Scheme endorses your or services

4 Your Payments Acceptance Guide 4. Point-of-Sale (POS) Reminders Don’ts You must clearly and conspicuously: • Don’t accept card numbers by electronic (email) • Disclose all material terms of sale prior to obtaining an • Don’t exceed the percentage of your total payment authorisation card volume for card-not-present sales, as set out in • At all points of interaction inform cardholders which your application entity is making the sales offer, so that the cardholders • Don’t submit a transaction for processing until after can clearly distinguish you from any other party involved the goods have been shipped or the has been in the interaction provided to the cardholder – the only exception to this • Disclose any surcharge/discount/incentive associated is where the goods have been manufactured to the with the transaction cardholder’s specifications and the cardholder has been advised of the billing details 5. Transactions Where the Cardholder is Not Present • Don’t require a cardholder to complete any documentation “Card-Not-Present (CNP)” Transactions that displays the cardholder’s account number in clear This section applies to any transaction where the view when mailed or send any mailing to a cardholder that cardholder is not present, such as mail/telephone displays personal information in clear view MO/TO), Internet/e-commerce. 6. Transaction Guidelines You may only conduct e-commerce transactions if you Do’s have notified us in advance and received approval to do so. • Do only present for payment valid charges that arise If you accept orders through the Internet, your website must from a transaction with a bona fide cardholder include the following information in a prominent manner: • Do ensure transaction amounts reflect the inclusion of • A complete description of the goods or services offered (GST) • Details of your (i) delivery policy; (ii) consumer data privacy • Do disclose any surcharge to be applied policy; (iii) cancellation policy and (iv) returns policy Don’ts • The transaction • Don’t set a minimum transaction amount for any Card • The customer service contact, including email address Scheme cards including cards bearing the eftpos and telephone number Australia symbol • Your address • Don’t set a maximum transaction amount for any • The transaction security used on your website Card Scheme cards or cards bearing the eftpos • Any applicable export or legal restrictions Australia symbol • Your identity at all points of interaction with the cardholder • Don’t establish any special conditions for accepting a card other than allowable by law (for example, surcharge) Do’s • Don’t make any disbursements or cash advances • Do obtain the card account number, name as it to a cardholder as part of a transaction with the appears on the card, expiration date of the card and the exception of the /savings transactions performed cardholder’s statement address with cards bearing the eftpos Australia symbol • Do notify the cardholder of delivery time frames and • Don’t require a cardholder to supply any personal special handling or cancellation policies information for a transaction (for example, phone • Do ship goods within seven (7) days from the date number, address, driver’s licence number and so on) on which authorisation was obtained. If delays are unless required for the likes of delivery purposes incurred (for example, out of stock) after the order • Don’t submit any transaction representing the refinance has been taken, notify the cardholder and obtain fresh or transfer of an existing cardholder obligation which authorisation of the transaction is deemed uncollectible, for example, a transaction • For e-commerce, do add a “tick box” or acceptance that has been previously charged back, or to cover a confirmation so the cardholder acknowledges the terms dishonoured cheque and conditions of the sale they are entering into prior to fulfilling the checkout

Your Payments Acceptance Guide 5 • Don’t submit transactions on the personal card of an • Do regularly test security systems and processes owner, partner, officer or employee of your business • Do maintain a policy that addresses establishment or of a guarantor who signed your for employees and contractors application form, unless such transaction arises from a • Do restrict physical to cardholder information bona fide purchase of goods or services in the ordinary course of your business • Do destroy or purge all media containing obsolete transaction data with cardholder information 7. Security • Do keep all systems and media containing card account, You are responsible for maintaining the security of your cardholder or transaction information (whether physical POS devices, particularly if the device is the asset of or electronic) in a secure manner, so as to prevent Fiserv and for instituting appropriate controls to prevent access by, or disclosure to any unauthorised party employees or others from submitting (for example, • Do use only those services and devices that have been refunds) that do not reflect bona fide returns or certified as PCI-DSS compliant by the Card Schemes reimbursements of earlier transactions. and other regulatory bodies

Please comply with the requirements Don’ts shown below: • Don’t use vendor-supplied defaults for system Do’s passwords and other security parameters • Do install and maintain a secure firewall configuration to • Don’t store or retain card verification codes (three-digit protect data codes printed in the signature panel of most cards) after final transaction authorisation • Do protect stored data, and do encrypt the transmission of data sent across open/public networks, using • Don’t store or retain Chip data, magnetic data or methods indicated in the Industry PIN data – only cardholder account number, cardholder Data Security Standard (PCI DSS) which is available at: name and cardholder expiration date may be retained pcisecuritystandards.org subsequent to transaction authorisation

• Do use and regularly update anti-virus software and For Internet transactions, copies of the transaction records keep security patches up-to-date may be delivered to cardholders in either electronic or • Do restrict access to data by business “need to know” paper format. basis. Assign a unique ID to each person with computer access to data and track access to data by unique ID

6 Your Payments Acceptance Guide Part II

II. Gives You Helpful Card-not-present transactions You will need to obtain the three-digit card verification Information and Guidelines code (reflected on the back of the card) and include this code with each card-not-present authorisation request for Specific Aspects unless the transaction is a recurring transaction.

This part of Your Payments Acceptance Guide For recurring transactions, submit the card verification reviews essential elements of a transaction, including code only with the first authorisation request and not with authorisations, issuing refunds and exchanges, and subsequent authorisation requests. handling special transactions like recurring payments. You’ll also find information about chargebacks and You should not store card verification codes. processes to put in place to help avoid chargebacks. 9. EFTPOS Debit Cards and Multi-Network Cards Feel free to contact the Call Centre with any questions Acceptance that arise as you review this information. EFTPOS Debit Cards are cards that bear the EFTPOS logo 8. Authorisations and can be used for card present transactions in Australia General only. Multi-Network cards are Scheme issued debit cards • You must obtain an authorisation approval code for all but which may also bear the EFTPOS logo and operate transactions as an EFTPOS . These cards can be accepted where properly authorised to do so. If the Debit Card/ • An authorisation approval code only indicates the availability Multi‑Network Card is valid, you must comply with the of funds on an account at the time the authorisation is following general requirements: requested. It does not indicate that the person presenting the card is the rightful cardholder, nor is it a promise or • You must honour all valid Debit Cards and guarantee that you will not be subject to a chargeback Multi‑Network Cards when presented that bear or adjustment authorised network marks and/or the EFTPOS logo • You must not attempt to obtain multiple authorisations • You must treat transactions by cardholders from all for a single transaction. If a sale is declined, do not issuers in the same manner take alternative measures with the same card to obtain • You may not establish a minimum transaction amount approval of the sale from other sources. Instead, for Debit Card acceptance request another form of payment • A signature is not required for debit account (cheque or • If you fail to obtain an authorisation approval code or if savings) transactions you submit a card transaction after receiving a decline • You shall not disclose transaction-related information to (even if a subsequent authorisation attempt results in an any party other than your agent, a debit card network, authorisation approval code), your transaction may result or issuing institution and then only for the purpose of in a chargeback settlement or error resolution • You may be charged for a request for an authorisation • You may not process a Card transaction in order approval code (where applicable), whether or not the to provide a refund on a Debit Card transaction transaction is approved Transaction Processing • For card present transactions, you must use your EFTPOS terminal to obtain an authorisation approval code The following general requirements apply to all Debit Card transactions: • Follow the prompts on the EFTPOS terminal screen, do not deviate from the prompts or ignore the authorisation • All debit transactions must be authorised and processed response received electronically

Your Payments Acceptance Guide 7 • You may not complete a Debit Card transaction that • If you are not now offering this service, your terminal has not been authorised. If you cannot obtain an may require additional programming to begin offering authorisation at the time of sale, you should request cash out another form of payment from the customer or process the transaction as a Store and Forward or Resubmission, Adjustments in which case you assume the risk that the transaction An adjustment is a transaction that is initiated to correct fails to authorise or otherwise decline a Debit Card/Debit Account transaction that has been • For a declined transaction, the cardholder should be processed in error. You will be responsible for all applicable instructed to contact the issuer to find out why adjustment that may be charged by. • Debit Card transactions must be completed either with a There are several reasons for adjustments being initiated: Personal Identification Number (PIN) and by the cardholder • The cardholder was charged an incorrect amount, either or through means of a contactless “tap and go” method too little or too much • Where a PIN must be entered, it must be entered into • The cardholder was charged more than once for the the PIN pad only by the cardholder. You cannot accept same transaction the PIN from the cardholder verbally or in written form • A processing error may have occurred that caused the • You must provision for and offer to issue a receipt to the cardholder to be charged even though the transaction cardholder upon successful completion of a transaction did not complete normally at the POS • The cardholder account number will be masked so that only the part of the account number (for example, the All parties involved in processing adjustments are regulated first six and last three digits) will appear. The masked by time frames that are specified in the operating rules digits will appear as a non-numeric character such as an of eftpos Australia Limited, ePayments Code and other asterisk. This is referred to as PAN truncation applicable laws.

• You may not manually enter the account number. The 10. Special Types of Transactions account number must be read electronically from either Payment by Instalments the Chip or the magnetic stripe which is used in the If a cardholder makes a deposit toward the full amount event of “technical fallback” when the EFTPOS terminal of the sale and pays the balance on delivery, please cannot interact with the Chip follow the procedures set out in this section. • If the magnetic stripe is also unreadable, you must request another form of payment from the cardholder Do’s • Any applicable tax (for example, GST) must be included • Do execute two separate transactions and obtain an in the total transaction amount for which authorisation is authorisation for each on each transaction date requested. Tax may not be collected separately in cash • Do submit and seek authorisation of each delayed delivery • You are responsible to secure your terminals, terminal transaction under the same merchant identification passwords and change to its default passwords and number and treat deposits on the card no differently than to institute appropriate controls to prevent employees you treat deposits on all other payment products or others from submitting refunds and voids that do • Do obtain proof of delivery upon delivery of the services/ not reflect bona fide returns or reimbursements of merchandise purchased prior transactions • You must not store any PIN and you must securely store Don’ts any account information so as to prevent unauthorised • Don’t submit a final transaction to us relating to the access, use or disclosure “balance” until the goods have been completely delivered or the services fully provided Cash out from purchase • You have the option of offering cash out to your Recurring transactions customers when they make a debit account purchase If you process recurring transactions and charge a • You may set a minimum and maximum amount of cash cardholder’s account periodically for goods or services out that you will allow (for example, yearly subscriptions, annual membership fees and so on) please follow the procedures set out in this section.

8 Your Payments Acceptance Guide Do’s Do’s • Do obtain written cardholder approval for goods or • Do include the appropriate data values when a payment services to be charged on a recurring basis to the credential is being stored for the first time cardholder’s account. Approval must at least specify: • Do include the appropriate data values when a − The cardholder’s name, address, account number and payment credential is being used to initiate a stored expiration date credential transaction − The transaction amounts • Do include the appropriate data values when a payment − The timing or frequency of recurring charges credential is being used to identify an unscheduled credentials on file transaction − The duration of time for which the cardholder’s approval is granted • Do submit a valid authorisation if an amount is due at the time the payment credential is being stored • Do obtain an authorisation for each transaction • Do submit an authorisation verification if no payment is • Do include the recurring payment indicator in each due at the time the payment credential is being stored authorisation request, and as applicable, each batch submission entry Don’ts

Don’ts • Don’t store a payment credential if either the first payment transaction or account verification is declined • Don’t include partial payments for goods or services purchased in a single transaction 11. Refunds • Don’t impose a charge in connection with the Do’s recurring transaction or preauthorised order • For e-commerce, do add a “tick box” or acceptance • Don’t complete a recurring transaction after receiving a confirmation so the cardholder acknowledges the terms cancellation notice from the cardholder or card issuing and conditions of the sale they are entering into prior to bank or after a request for authorisation has been denied fulfilling the checkout

It is highly recommended that you obtain the three-digit • Do provide clear instructions to your customers card verification code on the back of the card and include regarding returns, including the following: the number with the first authorisation request. This is not − Customer service telephone number required for subsequent authorisation requests. − Reference number for the return

You should not store card verification codes. − Expected processing time for the credit − Return address, preferably on a pre-formatted A positive authorisation response for one recurring shipping label (if applicable) transaction is not a guarantee that any future recurring transaction authorisation request will be approved or paid. • Do document your cancellation policy as applicable to local laws If the recurring transaction is renewed, you must obtain • Do provide full refunds for the exact dollar amount of from the cardholder a new written request for the the original transaction including goods and services tax continuation of such goods or services to be charged to and in no circumstances provide a refund amount for the cardholder’s account. more than the original sale amount If you or Fiserv have terminated your right to accept Don’ts cards, you must not submit authorisation requests or transactions for recurring transactions due after the date of • Don’t provide a refund amount for more than the original such termination. sale amount • Don’t credit an account that differs from the account Stored payment credentials used for the original transaction If you store information (including, but not limited • Don’t give cash, cheque or other consideration for card sales to, an account number or payment token) to process • Don’t intentionally submit a sale and an offsetting credit future purchases on behalf of the cardholder, follow the at a later date solely for the purpose of debiting and procedures set out in this section. crediting your own or a customer’s account • Don’t process a refund after a chargeback has been received

Your Payments Acceptance Guide 9 Your website must communicate your refund policy to Upon receipt of a transaction documentation request, your customers with the prudent practice of seeking you must immediately retrieve the requested transaction your customers to select a “click-to-accept” or another receipt/sales draft(s) using the following guidelines: affirmative button to acknowledge the policy. • A legible copy

Display the terms and conditions of the purchase on the • If applicable, make copies of a hotel folio, car rental same screen view as the checkout screen that presents agreement, mail/phone/Internet order form or other the total purchase amount, or within the sequence form of receipt of website pages the cardholder accesses during the • Submit supporting documentation in accordance with checkout process. the instructions provided

12. Chargebacks, Retrievals and Other Debits If the information you provide is both timely and, in our Chargebacks sole discretion, sufficient to warrant a re-presentment of the transaction or reversal of the chargeback we will do so Both the cardholder and the card-issuing bank have the on your behalf. A re-presentment or reversal is ultimately right to question or a transaction. If such questions contingent upon the card-issuing bank and/or cardholder or disputes are not resolved, a chargeback may occur. accepting the transaction under applicable Card Schemes You are responsible for all chargebacks, our chargeback guidelines. Re-presentment or reversal is not a guarantee fees and related costs arising from your transactions. that the chargeback has been resolved in your favour. As a result, we will debit your settlement account for the amount of each chargeback. If we do not receive a clear, legible and complete copy of the transaction documentation within the time frame Due to the short time frames and the supporting specified on the request, you may be subject to a documentation necessary to successfully (and chargeback for “non-receipt” for which there is no recourse. permanently) reverse a chargeback in your favour, we strongly recommend that: If you do not dispute the chargeback within the applicable • You adhere to the guidelines and procedures outlined in time limits as set by the Card Schemes rules and this guide regulations, you will forfeit your reversal rights. • If you do receive a chargeback, investigate and if If we reverse the chargeback and re-present the you dispute the chargeback, submit the appropriate transaction to the card-issuing bank, the card issuing documentation within the required time frame bank, at its sole discretion, may elect to submit the matter • Whenever possible, contact the cardholder directly to for before the applicable Card Scheme. The resolve the dispute Card Scheme may charge a filing and a review fee. • If you have any questions, call the Call Centre Whether or not a decision is made in your favour, you will be responsible for all such fees and charges and any You must not process a credit transaction (also known other applicable fees and charges imposed by the Card as a refund) once a chargeback is received, even with Scheme. Such fees and charges will be debited from your cardholder authorisation, as the credits may not be settlement account in addition to the chargeback. recoverable and you may be financially responsible for the credit as well as the chargeback. Instead, the card-issuing Sample chargeback reasons bank will credit the cardholder’s account. The following outlines the most common types of chargebacks. This list is not exhaustive. We have Chargeback process included recommendations on how to reduce the risk of If the card-issuing bank submits a chargeback, we will chargebacks. These are recommendations only and do not send you a chargeback notification, which may also guarantee that you will eliminate chargebacks. include a request for transaction documentation. Due to the short time requirements imposed by the Card Chargebacks due to authorisation description Schemes, it is important that you respond to a chargeback Proper authorisation procedures were not followed and notification request promptly and within the time frame set valid authorisation was not obtained. out in the notification.

10 Your Payments Acceptance Guide Likely scenario: Chargebacks due to fraud description • Authorisation not obtained Transactions that the cardholder claims are unauthorised; • Authorisation was declined the account number is no longer in use or is fictitious, or the merchant was identified as “high risk.” • Transaction processed with an expired card and authorisation was not obtained Note: For Visa transactions, to ensure that you preserve • Transaction processed with an invalid account number your chargeback rights, you must: and authorisation was not obtained • Complete a retrieval request and provide a sales slip that Recommendations to reduce risk of chargeback: contains all required data elements; and • Obtain valid authorisation on the day of the transaction. • Respond to all retrieval requests with a clear legible − If you receive a decline response, request another copy of the transaction document that contains all form of payment required data elements within the specified time frame

Chargebacks due to cancellation and returns description Likely scenario: Credit was not processed properly or the cardholder has • Multiple transactions were completed with a single card cancelled or returned items. without the cardholder’s permission • A counterfeit card was used and proper acceptance Likely scenario: procedures were not followed • Cardholder received damaged or defective merchandise • Authorisation was obtained; however, full track data was • Cardholder continued to be billed for cancelled recurring not transmitted transaction • The cardholder states that they did not authorise or • Credit transaction was not processed participate in the transaction

Recommendations to reduce risk of chargeback: Recommendations to reduce the risk of chargeback • Issue credit to the cardholder on the same account as card present transactions: the purchase in a timely manner • Obtain an authorisation for all transactions • Do not issue credit to the cardholder in the form of • For recurring transactions ensure customers are fully cash, cheque or in-store/merchandise credit as we may aware of the conditions not be able to recoup your funds if the transaction is • Cancel recurring transactions as soon as notification is charged back received from the cardholder or as a chargeback, and • For recurring transactions ensure customers are fully issue the appropriate credit as needed to the cardholder aware of the conditions: in a timely manner − Cancel recurring transactions as soon as notification • If you are utilising an EFTPOS terminal to capture card is received from the cardholder or as a chargeback, data, present all card transactions through your EFTPOS and issue the appropriate credit as needed to the terminal to capture cardholder information cardholder in a timely manner • You should avoid keying the card data into your EFTPOS • Provide proper disclosure of your refund policy for terminal unless you have been given /Telephone returned/cancelled merchandise, or services to the Order (MO/TO) access and permission to do so cardholder at the time of transaction. Card present, cardholder signed the sales draft containing disclosure Recommendations to reduce the risk of chargeback card-not-present transactions: • For e-commerce, provide disclosure on your website on the same page as checkout • Ensure delivery of the merchandise or services ordered to the cardholder • Ideally have the cardholder to click to accept prior to completion • Participate in recommended fraud mitigation tools: − Verified by Visa Program − Mastercard SecureCode

Note: While transactions utilising these tools may still be disputed; the service may assist you with your decision to accept certain cards for payment.

Your Payments Acceptance Guide 11 • Obtain authorisation for all transactions • If unable to provide services or merchandise, issue a • Ensure merchant descriptor matches the name credit to the cardholder in a timely manner of the business and is displayed correctly on the • Accept only one form of payment per transaction. cardholder statement Ensure the cardholder is only billed once per transaction • Ensure descriptor includes correct business address and • Do not bill cardholder for loss, theft or damages unless a valid customer service number authorised by the cardholder • Ensure that a description of the service or merchandise Chargebacks due to cardholder disputes description provided is clearly defined Goods or services not received by the cardholder, merchandise defective or not as described. Chargebacks due to processing errors description Error was made when transaction was processed or it was Likely scenario: billed incorrectly. • Services were not provided or merchandise was not received by the cardholder Likely scenario: • Cardholder was charged prior to merchandise being • The transaction was not deposited within the Card shipped or merchandise was not received by agreed Scheme specified time frame upon delivery date or location • The cardholder was issued a credit however the • Cardholder received merchandise that was defective, transaction was processed as a sale damaged, or unsuited for the purpose sold, or • The account number or transaction amount used in the did not match the description on the transaction transaction was incorrectly entered documentation/verbal description presented at the time • A single transaction was processed more than once to of purchase the cardholder’s account • Cardholder paid with an alternate means and their card • The cardholder initially presented the card as payment was also billed for the same transaction for the transaction. However, the cardholder decided to • Cardholder cancelled service or merchandise and their use an alternate form of payment. card was billed • Cardholder billed for a transaction that was not part of Recommendations to reduce risk of chargeback the original transaction document • Process all transactions within the Card Scheme • Cardholder claims to have been sold counterfeit goods specified time frames • Cardholder claims the merchant misrepresented the • Ensure all transactions are processed accurately and terms of sale only one time • If a transaction was processed more than once, Recommendations to reduce such risk of chargeback: immediately issue voids, transaction reversals or credits • Provide services or merchandise as agreed upon • Ensure that credit transaction receipts are processed and described to the cardholder; clearly indicate the as credits and sale transaction receipts are processed expected delivery date on the sales receipt or invoice as sales • Contact the cardholder in writing if the merchandise • Ensure all transactions received a valid authorisation or service cannot be provided or is delayed, and offer approval code prior to processing the transaction the cardholder the option to cancel if your internal • Do not alter transaction documentation or make any policies allow adjustments unless the cardholder has been contacted • If the cardholder received defective merchandise or the and agrees to modifications of the transaction amount merchandise received was not as described; resolve the • Retain copies of all transaction documentation for issue with the cardholder at first contact the required time frame that is specified by each • If the merchandise is being picked up by the cardholder, Card Scheme have them sign for the merchandise after inspecting • Develop efficient methods to retrieve transaction that it was received in good condition documentation to maximise ability to fulfil requests

12 Your Payments Acceptance Guide 13. Suspect/Fraudulent Transactions We also recommend that you are vigilant for any If the card being presented or the behaviour of the person cardholder who behaves as follows, specifically in relation presenting the card appears to be suspicious or you to prepaid cards: otherwise suspect fraud, you must immediately contact • Frequently makes purchases and then returns the goods the Call Centre on 1800 243 444. for cash While not proof that a transaction is fraudulent, the • Uses prepaid cards to purchase other prepaid cards following are some suggestions to assist you in preventing • Uses large numbers of prepaid cards to make purchases fraudulent transactions that could result in a chargeback. 14. Glossary Does the cardholder: • Application: The agreement between the Merchant • Appear nervous/agitated/hurried? and First Data Merchant Solutions Australia Pty Ltd. • Appear to be making indiscriminate purchases (Fiserv) comprising the Merchant Application and any (for example, does not care how much an item costs, supporting documents each as amended from time the size and so on)? to time • Make purchases substantially greater than your usual • Authorisation: The confirmation by the card issuer customer (for example, your average transaction is $60, that the card number exists and that enough funds are but this transaction is for $360)? available to allow the transaction to go ahead • Insist on taking the merchandise immediately (for • Authorisation approval code: A number issued to a example, no matter how difficult it is to handle, is not participating merchant which confirms the authorisation interested in delivery, alterations and so on)? for a sale or service • Appear to be purchasing an unusual amount of • Card: A payment card or any form factor that can be expensive items or the same items? used to initiate a payment transaction as specified on • Talk fast or carry on a conversation to distract you the Application from checking authorisation code obtained or where • Cardholder: Means the individual whose name is applicable, the signature? embossed on a Card and any authorised user of • Take the card from a pocket instead of a ? such Card • Repeatedly come back, in a short amount of time or • Card Scheme: Any entity formed to administer and right before closing time, to make additional purchases? promote Cards, including without limitation Mastercard International, Inc, Visa International, Inc, eftpos Australia • Cause an unusual, sudden increase in the number and Limited, UnionPay International average sales transactions over a one to three-day period? • Card scheme rules: The rules, regulations, releases, Does the Card: interpretations and other requirements (whether • Have characters the same size, height, style and all contractual or otherwise) imposed or adopted by any within alignment? Card Scheme • Appear to be re-embossed (the original numbers or • Card validation : A three-digit value printed in the letters may be detected on the back of the card)? signature panel of most Cards. Visa’s Card Validation • Have a hologram? Does it look damaged? Never accept Code is known as CVV2; Mastercard’s Card Validation a card without the hologram Code is known as CVC2. Card Validation Codes are used to deter fraudulent use of an account number in a non-face-to-face environment, for example, MOTOs and Internet orders), which must not be stored after Authorisation • Chargeback: The reversal of a sales transaction • Have a Chip? (or other indicia of a Card transaction) and reversal • Have a magnetic stripe on the back on the card? of any associated credit to your funding/settlement • Have an altered signature panel (for example, appear account because a cardholder or card issuer disputes discoloured, glued or painted, or show erasure marks on the transaction or can be reversed under associated the surface)? operating procedures • Have “valid from” (effective) and “valid thru” (expiration) dates consistent with the sale date?

Your Payments Acceptance Guide 13 • Chip: An microprocessor embedded Cards which stores • Issuer: Cardholder’s bank, or the bank which has issued and protects cardholder data a Card to an individual • : A valid Card bearing the service mark of Visa, • Magnetic stripe: A stripe of magnetic information Mastercard (and any other card agreed by the parties), the affixed to the back of a plastic Card use of which accesses the cardholder’s credit facility or a • Merchant: The party identified as “Merchant” on debit facility through one of the Card Schemes the Application. The words “you” and “your” refer • Credit receipt: A document evidencing the return of to Merchant merchandise by a cardholder to a merchant or other • Refund: The reversal of a sales Transaction in refund made by the merchant to the cardholder accordance with the Operating Procedures • Debit card: A valid Card the use of which accesses the • Transaction: Includes a sales Transaction (being cardholder’s cheque or facility made the supply of goods or services or both), a cash out available by the cardholder’s issuer Transaction, Refund or Cash-Related Transaction in which • EMV: Chip technology standards originally developed by a Card or Card number is used and which is processed by Europay, Mastercard and Visa where data is stored on the Merchant either manually or electronically integrated circuits rather than a Magnetic Stripe • ePayments code: The ePayments Code developed by the Australian Securities and Investment Commission

Fiserv, Inc. 30th Floor 100 Mount Street, North Sydney NSW 2060, Australia

© 2020 Fiserv, Inc. or its affiliates. All rights reserved. Fiserv is a registered trademark of Fiserv, Inc. Tel: 1800-243-444 Other products referenced in this material may be trademarks or registered trademarks of their [email protected] respective companies. 626186 2020-6