Online Payments Regulations and Fiscal Compliance

Card network regulations

  • Requesting information on the parties involved in the payment: cardholder name, number, email address, and three-letter CVS code on the card
  • Using additional verification tools, such as Address Verification Service
  • Monitoring their order details and state of transactions
Card network regulations

PCI DSS compliance

4 levels to PCI compliance
  • Network and systems security. Firewalls should be employed when collecting user payment data and authentication data, such as passwords or PINs, and the eCommerce store should not resort to default value stored by the merchant.
  • Cardholder data protection. All personal user data, identifying or payment, must be secured through encryption and transmitted via encrypted protocols.
  • Vulnerability management programs and network tracking. In order to safeguard data against malicious attempts, merchants should employ security programs (anti-spyware, anti-malware), monitor vulnerabilities and their corresponding level of threat, and, overall, instill a security- enabled software development culture in their organization.
  • Controlled and restricted access to system information. Cardholder data needs to be protected electronically or physically, access to data must be tightly controlled, and all systems linked to the system must have unique identification names or numbers.
  • Use of an information security policy. Merchants need to have a security policy in place, accessible to all parties involved in an online transaction.

Know Your Customer Processes

Know Your Customer Processes
  • Customer identification procedures
  • Transaction monitoring
  • Risk management

Anti-Money Laundering

NACHA Operating Rules

  • The per-day transaction dollar limit for same-day ACH transactions was increased to $100,000 from $25,000 per transaction, effective since March, 2020.
  • Better differentiation for unauthorized return reasons, with the introduction of new reason return codes, effective since April, 2020.
  • Additional data security requirements, for non-financial institution originators to encrypt deposit account information, when stored electronically, effective since June, 2020.

Payment Service Directive 2 (PSD2) requirements

  • Knowledge — something the customer knows, such as a password or a PIN.
  • Ownership — something the customer has, for example a token or a mobile device
  • Identity — something the customer is, for example their fingerprint or face recognition
Strong Customer Authentication (SCA) mechanism
  • Low volume transactions, under €30. If the online payment transaction value is lower than this amount, then the transaction is exempt from SCA verification. However, if a specific customer has had five previous transactions without SCA verification, or if the sum of recent transactions without a SCA challenge has reached €100, then the sixth transaction or the next one in line will have to undergo SCA verification by default.
  • Fixed-amount subscriptions. In case of subscriptions which incur a fixed price for each billing interval, then only the first transaction must be SCA verified, and subsequent ones are exempt.
  • Merchant-initiated transactions. Some cases, when the merchant has the card on file and initiates the transaction, are exempt from the SCA challenge. These are called use cases where the issuer decides on the application of the exemption. This may apply to recurring subscriptions (even of variable amounts, such as in pay-per-use models) or to buy-now, pay-later models, but even in these cases the card has to be authenticated either when it is stored or during the first payment.

Fiscal compliance

Fiscal compliance


2Checkout Global Tax and Financial Services

2Checkout (now Verifone) is the leading all-in-one monetization platform for global businesses built to help clients drive sales growth across channels.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

RAILGUN Weekly Update, March 14, 2022

Bridging your FTM to Fantom Opera

Cross-Contract Reentrancy Attack

SQLi INJECTION — Medium — Advanced

{UPDATE} Legends & Heroes Hack Free Resources Generator

How Yandex Drive robs its users: car sharing, Russian way

{UPDATE} Slime+ Hack Free Resources Generator

{UPDATE} Scream Knight - Yayahati Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
2Checkout (now Verifone)

2Checkout (now Verifone)

2Checkout (now Verifone) is the leading all-in-one monetization platform for global businesses built to help clients drive sales growth across channels.

More from Medium

Dr. Ashwini Zenooz, Commure, on building a more open operating system for health systems

Top Blockchain Trends That Will Impact Your Business in 2021

Blue Startups Alumni Spotlight — Johnston Harris & Appsurify

Blog 31: The difference between a profit-first business and a Employee-First business