FAQ Fridays: My Payment Processor Has Website Compliance Requests
confused by website compliance

FAQ Fridays: My Payment Processor Has Website Compliance Requests

Why do some PSPs make website compliance requests before you go live while others wait until after you start processing?


Q: Hello! My high-end electronics and gadgets online store processes 30,000 euros a month. That is the maximum sales we can accept. So, recently I applied to a second payment processor to take more orders.

If I get approved I will have more room for more sales, as I have limited cap at my current processor. But, the new provider I applied to just told me that I can’t be approved for this account unless I update my website.

They’re asking me to put my business address, my phone number and even remove some products from my catalogue. I don’t want to do that for personal reasons.

As a result, they’re not allowing me to accept credit card orders through them if I don’t make these changes, because my website isn’t compliant. How is this possible when my first payment processor never asked me for any of these requests whatsoever?

I’m thinking I might just decline and go somewhere else. But, I heard good things about high-risk processor and they have really good rates. What should I do?


A: Thanks for your question. Website compliance is a necessity when selling online. We’ve already written about it extensively here.

All online businesses must undergo underwriting and follow rules in order to be approved to accept credit card orders on their website. As you know, credit card and customer data is very sensitive information. If that gets in the wrong hands someone will be held liable. I don’t think you want that responsibility.

Furthermore, some payment service providers or PSPs can accept more risk than others. So, if you’re being asked to remove a product, it’s because it violates your provider’s lists of acceptable items that can be sold.

The reason the card companies ask for various rules and regulations to be followed is to reduce the level of liability. Part of limiting liability from a PSP’s end is screening merchants, which can include a few things.

For example, an acquiring bank or other payment provider may perform checks on you as an owner. They may look into your credit history, any other businesses you own, as well as the contents of your website. The application process can also include vetting your company’s and residential physical location.



    Card companies and PSPs alike want the customer user experience to be safe and seamless when they transact online. Consumers need to know who they’re buying from. It’s an experience similar to when a customer buys from a physical store. The functionality of your website should be extremely secure and super simple. The language cannot mislead potential buyers, because you could get into trouble with consumer groups and federal government agencies.

    It sounds like your first PSP may have not done all their due diligence. Or, perhaps you made changes along the way and they were not verified for website compliance. This could be problematic down the road, but we’ll get to that in a moment.

    Your second high-risk payment processor is asking for more website compliance changes, because these are rules that must be followed so you don’t get on Visa and Mastercard’s bad side.

    You’re a high-risk merchant. The opportunity to accept credit card orders is harder than for other traditional business models. This means you kind of have to follow the rules or you don’t get the opportunity to trade online with their help.

    Here’s a snapshot of some website compliance requests the card networks have:

    • Displaying your company’s legal names, addresses and phone numbers in your footer so customers can easily identify you
    • Having Visa and Mastercard logos on your home page and at checkout
    • Clear product descriptions and pricing
    • Clear list of ingredients in any ingestible or topical products (e.g. like food, skin creams, oils, supplements)
    • A clear refund policy description in your terms and conditions page
    • A clear privacy policy and terms and conditions page

    And that’s not all. There’s more website compliance requirements a merchant may need to undergo depending on their business category.

    This all may sound really boring, but it’s part of the process for accepting credit card orders online. Your first payment processor may have not fully reviewed your website. Or, perhaps you made changes and they haven’t reviewed your content as of late. If your first payment processor signed you up without proper vetting and underwriting, that doesn’t mean you’re off the hook.


    Consequences of not adhering to website compliance

    A lot of these providers simply sign up merchants for an account then allow them to process orders. However, one or two months later you may get the request to update your website. And that may affect your business if you don’t comply with those belated website compliance requests. This could result in serious inconveniences or account suspensions.

    Being non-compliant could result in a suspended merchant account and your funds being held. Therefore, if you don’t have a backup, you will need to hold off on taking online orders until you make the updates. (Many Stripe and PayPal merchants can attest to the hassles that come with a frozen account.)

    In another non-compliant scenario, your payment provider could withhold your money until you finally do make the changes. If you rely on those funds to buy goods, you’ll have a difficult time with restocking your store.

    Finally, a non-compliant website plus chargebacks could spell big trouble. If Visa and Mastercard notice you’ve had consecutive months of risk and high chargeback rates, you may be shut down entirely. It’s bad enough that your terms of service didn’t include a refund policy or that your phone number was disconnected. High chargeback rates only makes the situation worse.

    As a website owner, you need to decide. Do you want to follow the rules at the beginning before your business goes live? Or do you prefer get screened later after you’re already processing and making money?

    My recommendation to you would be to adhere to your second PSP’s requests and make the upgrades before you go live with processing more orders. You said yourself, that the rates are good. Why deny your business the opportunity to scale?

    Do you have a payment or business question for our FAQ Fridays segment?

    Email DirectPayNet and let us know how we can help you avoid mistakes. Send your question to our team here.