Payment cards servicing

Accepting card payments in trading venues

It is a bank service enabling merchants to accept card payments for goods or services via payment terminal. Swedbank offers card payments solutions for most business sectors depending on their needs and point of sale specifics.
See how card payments work

Useful information

• Contactless payments - the fastest way to pay for purchases

  Terminals with the contactless payment feature allow shoppers to pay by:

  • contactless cards;
  • Android smart devices;
  • Apple smart devices;
  • smartwatches and other payment wearables.

  Follow instructions on the terminal – identity check via PIN code may be asked.

  To also make your customers aware of the payment options you offer, put up Apple Pay and contactless payment stickers at your retail outlets. That way your customers will know that contactless payments are available here.

  How to accept contactless payments?

  The contactless payment functionality is already available in your terminal, regardless of whether the terminal is rented from Swedbank or other provider of this service.

  You will appreciate

  • Faster customer service. Thanks to contactless payments, daily purchases will be even faster and more convenient, while at the same time - as secure as purchases with PIN code entry.
  • Increased satisfaction. The contactless payment option will be appreciated by your customers, especially those who prefer easy and fast ways to pay.
  • Less terminal hardware breakdowns.

• Accept UnionPay cards

  Serve more customers by accepting payment cards from UnionPay.

  UnionPay is an association of bank card industry in China and the largest card payment organisation in the world in terms of the number of cards issued. Over 7 billion cards are issued in over 49 countries and regions, among which 100 million are issued outside mainland China. UnionPay cooperates with over 1,800 institutions worldwide and UnionPay cards are accepted in over 170 countries and regions, covering 51 million merchants.

  From 1 January 2019, acceptance of these cards will be activated in all your POS terminals automatically – all you need to do is to prominently display the Point of Sale materials (card scheme logo stickers provided by Swedbank) at the entrance to the shop and by the cash register.

• Accepting American Express card payments

  Swedbank provides services related to American Express card transactions on the basis of a cooperation agreement with American Express.

  Accepting payments with American Express cards brings a range of benefits to your business, giving you access to their loyal high spending cardholders who often actively seek out merchants accepting American.

  Card programme members are attracted to the wide range of rewards, benefits and superior customer service offered by American Express branded products and include both consumer and business clients.

  How to apply?

  • Submit a request for American Express card service. We will then contact you to agree on the terms and sign the agreement.
  • The agreement will be activated after the compliance check by American Express has been finalised with positive results.
  • NB! The Legal Person Questionnaire for the company data needs to be renewed in the internet bank on the date of signing the American Express Card Acceptance Agreement.
  • American Express Card Acceptance Agreement will be signed separately for each point of sale.

  • Terms of American Express card acceptance
  • Apply

Start-ups can get a payment terminal for 6 months at a 50% discount

We help all start-ups take off! We offer the opportunity to rent a payment terminal for 6 months at a 50% discount from the price list.

• Price list

  Effective as of 20.08.2018
  1. Bank link
  Subscription	65 EUR
  Transaction fee	1% of the purchase price, no less than 0,13EUR, but no more than per transaction 3,20 EUR
  Authentication fee	0,11 EUR per instance (1)
  Amendment of a Bank link agreement	15 EUR

  2. Servicing payment cards (for merchants)
  2.1 Commission fee on the transaction amount	as agreed
  Smart terminal transaction	1.45%
  A Card Not Presented transaction (transaction on the Internet)	3.45%
  2.2 Fee for a technical device (2)
  rent of a payment terminal in month
  stationary terminal	12,50 EUR (1)
  mobile terminal	19,17 EUR (1)
  stationary, mobile terminal	15,83 EUR (1)
  stationary terminal with bluetooth connection	15,83 EUR (1)
  installation of terminal within 2 banking days	100 EUR (3)
  installation of terminal starting from agreement signing witin 5 banking days	free of charge
  replacement of card payment terminal at the client’s request	25 EUR (3)
  penalty for failure to return payment terminal on time	cost of terminal according to certificate
  2.3 Fee for amendment of payment card service contract	15 EUR
  2.4 Early return fee of terminal	equal to the sum of rental fees still payable for that moment
  2.5 Smart terminal purchase fee (Seller: Hansab AS)	104 EUR (1)

  2.6 Payment card service on the Internet (for merchants)
  2.6.1 Commission on transaction amount	as agreed
  2.6.2 Technical equipment fee
  contract fee	64 EUR
  terminal rental in month	16,67EUR(1)
  2.6.3 Fee for amendment of payment card service on the internet contract	15 EUR
  2.7 Reports to be ordered - Shopper Profile Report (1)
  Basic	105EUR
  Standard	625EUR
  Detailed	1300EUR

  3. E-invoice
  3.1 E-invoice sending service (1)
  subscription	30 EUR
  amendment	10 EUR
  subscription to domestic e-invoice service (4)	8 EUR
  3.2 The fee for sending a e-invoice (per invoice sent) (1)
  intra-bank invoice	0,19 EUR
  domestic invoice	0,50 EUR
  e-invoice credit note	free of charge
  printout and posting of one invoice of one page	0,58 EUR
  printout of each following page of the invoice	0,11 EUR
  3.3 Implementation of the company’s design template in the Swedbank Internet bank (1)
  the first implementation	32 EUR
  each subsequent change of the template	28 EUR
  3.4 Agreement about reports (based on e-invoice agreement) (1)
  e-invoice standing order agreements report fee	9,50EUR/ month
  e-invoice standing order agreements payments report fee	9,50EUR/ month

  (1) VAT at the rate of 20% will be added to the price.

  (2) Minimum rental period for terminal is 3 months. If the terminal rental is terminated before the minimum rental period, the Bank shall have the right to debit the early return fee of terminal.

  (3) The price is inclusive of VAT at the rate of 20%.

  (4) The fee will be calculated for each e-invoice sending registration application sent to bank, who is member in crossusage system.

• Terms and Conditions for Payment Cards Servicing
• Terms and Conditions for Terminal Rental
• Indicative price component table
• Instruction on security elements and acceptance of payment cards

• Video training

  

  How do card transactions work?

  In this video, you will find out about:

  • the card ecosystem and authorization flow;
  • possible transaction types;

  

  How to start accepting payment cards?

  In this video, you will learn about:

  • available card acceptance solutions;
  • how to obtain the terminal and how to quickly set it up;
  • where to get technical support.

  

  Online card acceptance

  In this video, you will get information about:

  • what is online card acceptance;
  • what are the benefits of online acceptance;
  • how do online payments work;
  • what are the requirements for online merchant;
  • how can the risk be minimized in online environment.

  

  What is chargeback?

  In this video, you will get to know about the chargebacks – the process, timeframe, responsibilities, and solutions to avoid them.

  

  What is card fraud?

  This will explain the key things about fraud:

  • what to do in case of suspected fraud;
  • how to minimize it.

  

  What a merchant needs to do to be compliant?

  This video will explain:

  • what are the main responsibilities of the merchant
  • how to ensure compliance with rules of the international card organizations and the bank.

  

  What is the PCI DSS?

  With this video, you will understand:

  • what is the Payment Card Industry Data Security Standard (PCI DSS);
  • how card data can be stolen;
  • what are the consequences of the merchant not following the PCI DSS rules;
  • what can a merchant do to comply with the PCI DSS.

• Payment Card Industry Data Security Standards (PCI DSS)

  Payment Card Indrustry Security Standarts Council (PCI SSC) has been established by the leading international cards organisations Visa, MC, Amex, Diners, Discovery, JCB. PCI SSC had been worked out as PCI DSS rules and documents to regulate and define card security principles and policies. Payment security guidance must be applied to all entities (including banks, merchants, payment processors) whitch store, process or transmit cardholder data. These rules set the technical and operational requirements for organizations accepting or processing payment transacton.

  Please see the latest version of requirements and standards here

  All merchants that store, process or transmit cardholder data must be PCI DSS compliant.

  Card data and sensitive authentication data elements:

  	Data Element	Storage Permitted	Render Stored Data Unreadable
  Cardholder Data
  	Primary Account Number (PAN)	Yes	Yes
  	Cardholder Name	Yes	No
  	Service Code	Yes	No
  	Expiration Date	Yes	No
  Sensitive Authentication Data
  	Full Track Data	No	Prohibited
  	CVV2/CVC2	No	Prohibited
  	PIN/PIN Block	No	Prohibited

  How to be sure that you are compliant with PCI DSS requirements?

  Bank informs merchants once per year what kind of action must be taken to comply with PCI DSS . Requirements are presented in the table in below.

  Merchants are categorized into 4 levels based on the annual number of card payment transaction by one card brand (i.e., MC, VISA, Amex etc.). Level 1- Level 3 merchants are required to report their compliance status and Level 4 merchants are required to report filled SAQ directly to their acquiring bank.

  Merchant level	Merchants transaction criteria	Required actions from merchants	Frequency
  Level 1	Merchants with 6 million and more annual transactions in total for Mastercard or VISA	External security audit made by Qualified Security Assessor(QSA)	once per year
  		Network Scan conducted by an Approved Scanning Vendor (ASV) or Qualified Security Assessor (QSA)	once per quarter
  Level 2	Merchants with 1 to 6 million annual transactions in total by Mastercard or VISA	QSA or Internal Security Assessor (ISA)	once per year
  		Network Scan conducted by an Approved Scanning Vendor (ASV) or Qualified Security Assessor (QSA)	once per quarter
  Level 3	E-commerce merchants with 20 000 to 1 million annual transactions in total by Mastercard or VISA	Completing annual self-assessment (SAQ) form required by the bank	once per year
  		Network Scan conducted by an Approved Scanning Vendor (ASV) or Qualified Security Assessor (QSA)	once per quarter
  Level 4	All other merchants	Annual self-assessment (SAQ) at merchant discretion	Recommended once per quarter
  		Network Scan conducted by an Approved Scanning Vendor (ASV) or Qualified Security Assessor (QSA)	Recommended once per year

  Keep in mind, that you’ll need to perform:

  • Security audit, that is made by a certified auditor acting as Qualified Security Assessor (QSA) at the legal entities, who are presented on the PCI DSS official web-site.
  • Scanning of the network, that is made by a qualified net scanning vendor acting as Approved Scanning Vendor (ASV) or Qualified Security Assessor (QSA). ASV can conduct a scanning procedure for physical and online merchants but have no rights to perform an annual audits.
  • Internal audit, during which questions in SAQ (Self Assessment Questionnaire) have to be answered. The questionnaire content depends on technical solution.

  PCI DSS requirements and goals

  The 12 requirements and goals in the table below will help you to understand what important actions must be performed to be compliant wiht PCI DSS rules.

  Goals	PCI DSS Requirements
  Build and maintain a secure network and system	1. Install and maintain a firewall configuration to protect cardholder data. 2. Do not use vendor-supplied defaults for system passwords and other security parameters.
  Protect cardholder data	3. Protect the stored cardholder data. 4. Encrypt transmission of cardholder data across open public networks.
  Maintain a vulnerability managemenet program	5. Protect all systems against malware and regularly update anti-virus software or programs. 6. Develop and maintain secure systems and applications.
  Implement strong access control measures	7. Restrict access to cardholder data under business need-to-know. 8. Identify and authenticate access to system components. 9. Restrict physical access to cardholder data.
  Regularly monitor and test networks	10. Track and monitor all access to network resources and cardholder data. 11. Test security systems and processes on a regular basis.
  Maintain an information security policy	12. Maintain a policy that addresses information security for all personnel.

  For more information please visit https://www.pcisecuritystandards.org/