Payment cards servicing

Accepting card payments in trading venues

It is a bank service enabling merchants to accept card payments for goods or services via payment terminal. Swedbank offers card payments solutions for most business sectors depending on their needs and point of sale specifics.
See how card payments work

Useful information

• Contactless payments - the fastest way to pay for purchases

  Terminals with the contactless payment feature allow shoppers to pay by:

  • contactless cards;
  • Android smart devices;
  • Apple smart devices;
  • smartwatches and other payment wearables.

  Follow instructions on the terminal – identity check via PIN code may be asked.

  To also make your customers aware of the payment options you offer, put up Apple Pay and contactless payment stickers at your retail outlets. That way your customers will know that contactless payments are available here.

  How to accept contactless payments?

  The contactless payment functionality is already available in your terminal, regardless of whether the terminal is rented from Swedbank or other provider of this service.

  You will appreciate

  • Faster customer service. Thanks to contactless payments, daily purchases will be even faster and more convenient, while at the same time - as secure as purchases with PIN code entry.
  • Increased satisfaction. The contactless payment option will be appreciated by your customers, especially those who prefer easy and fast ways to pay.
  • Less terminal hardware breakdowns.

• Accept UnionPay cards

  Serve more customers by accepting payment cards from UnionPay.

  UnionPay is an association of bank card industry in China and the largest card payment organisation in the world in terms of the number of cards issued. Over 7 billion cards are issued in over 49 countries and regions, among which 100 million are issued outside mainland China. UnionPay cooperates with over 1,800 institutions worldwide and UnionPay cards are accepted in over 170 countries and regions, covering 51 million merchants.

  From 1 January 2019, acceptance of these cards will be activated in all your POS terminals automatically – all you need to do is to prominently display the Point of Sale materials (card scheme logo stickers provided by Swedbank) at the entrance to the shop and by the cash register.

• Accepting American Express card payments

  Swedbank provides services related to American Express card transactions on the basis of a cooperation agreement with American Express.

  Accepting payments with American Express cards brings a range of benefits to your business, giving you access to their loyal high spending cardholders who often actively seek out merchants accepting American.

  Card programme members are attracted to the wide range of rewards, benefits and superior customer service offered by American Express branded products and include both consumer and business clients.

  How to apply?

  • Submit a request for American Express card service. We will then contact you to agree on the terms and sign the agreement.
  • The agreement will be activated after the compliance check by American Express has been finalised with positive results.
  • NB! The Legal Person Questionnaire for the company data needs to be renewed in the internet bank on the date of signing the American Express Card Acceptance Agreement.
  • American Express Card Acceptance Agreement will be signed separately for each point of sale.

  • Terms of American Express card acceptance
  • Apply

Start-ups can get a payment terminal for 6 months at a 50% discount

We help all start-ups take off! We offer the opportunity to rent a payment terminal for 6 months at a 50% discount from the price list.

• Price list

  Servicing payment cards (for merchants)

  Effective as of 24.04.2020

  Commission fee on the transaction amount	as agreed
  smart terminal transaction	1.45%
  Fee for a technical device Minimum rental period for terminal is 3 months. If the terminal rental is terminated before the minimum rental period, the Bank shall have the right to debit the early return fee of terminal.
  rent of a payment terminal in month
  stationary terminal VAT at the rate of 20% will be added to the price.	12,50 €
  mobile terminal VAT at the rate of 20% will be added to the price.	19,17 €
  stationary, mobile terminal VAT at the rate of 20% will be added to the price.	15,83 €
  stationary terminal with bluetooth connection VAT at the rate of 20% will be added to the price.	15,83 €
  installation of terminal within 2 banking days The price is inclusive of VAT at the rate of 20%.	100 €
  installation of terminal starting from agreement signing witin 5 banking days	free of charge
  replacement of card payment terminal at the client’s request The price is inclusive of VAT at the rate of 20%.	25 €
  penalty for failure to return payment terminal on time	cost of terminal according to certificate
  Fee for amendment of payment card service contract	15 €
  Early return fee of terminal	equal to the sum of rental fees still payable for that moment
  Smart terminal purchase fee (Seller: Hansab AS) VAT at the rate of 20% will be added to the price.	104 €

  
  

  Bank link

  Subscription	65 €
  Transaction fee	1% of the purchase price, no less than 0,13€, but no more than per transaction 3,20 €
  Authentication fee VAT at the rate of 20% will be added to the price.	0,11 € per instance
  Amendment of a Bank link agreement	15 €

  
  

  Swedbank Payment Portal

  ”Package 1”
  Bank Link, commission fee on the transaction amount	as agreed
  Payment card service on the Internet, commission fee on the transaction amount	as agreed
  Transaction processing fee:
  payment card service on the Internet, Swedbank Estonia Bank Link, domestic Bank Links VAT at the rate of 20% will be added to the price.	0,10 €
  Monthly fee VAT at the rate of 20% will be added to the price.	25 €
  Integration setup fee VAT at the rate of 20% will be added to the price.	50 €
  Fee for amendment of agreement	15 €
  ”Package 2”
  Bank Link, commission fee on the transaction amount	as agreed
  Payment card service on the Internet, commission fee on the transaction amount	as agreed
  Transaction processing fee:
  payment card service on the Internet, Swedbank Estonia Bank Link, domestic Bank Links VAT at the rate of 20% will be added to the price.	0,10 €
  Monthly fee VAT at the rate of 20% will be added to the price.	50 €
  Integration setup fee VAT at the rate of 20% will be added to the price.	50 €
  Fee for amendment of agreement	15 €

  
  

  Reports to be ordered - Shopper Profile Report VAT at the rate of 20% will be added to the price.

  Basic	105 €
  Standard	625 €
  Detailed	1300 €

  
  

  E-invoice

  E-invoice sending service VAT at the rate of 20% will be added to the price.
  subscription	30 €
  amendment	10 €
  subscription to domestic e-invoice service The fee will be calculated for each e-invoice sending registration application sent to bank, who is member in crossusage system.	8 €
  The fee for sending a e-invoice (per invoice sent) VAT at the rate of 20% will be added to the price. The monthly fee for e-invoices sent through Swedbank Gateway or the Operator Channel is calculated on the basis of e-invoices sent during the previous month.
  intra-bank invoice	0,19 €
  domestic invoice	0,50 €
  e-invoice credit note	free of charge
  printout and posting of one invoice of one page	0,58 €
  printout of each following page of the invoice	0,11 €
  Implementation of the company’s design template in the Swedbank Internet bank VAT at the rate of 20% will be added to the price.
  the first implementation	32 €
  each subsequent change of the template	28 €
  Agreement about reports (based on e-invoice agreement) VAT at the rate of 20% will be added to the price.
  e-invoice standing order agreements report fee	9,50€/ month
  e-invoice standing order agreements payments report fee	9,50€/ month

• Terms and Conditions for Payment Cards Servicing
• Terms and Conditions for Terminal Rental
• Indicative price component table
• Instruction on security elements and acceptance of payment cards
• Returning payment terminals via a parcel terminal

• Video training

  

  How do card transactions work?

  In this video, you will find out about:

  • the card ecosystem and authorization flow;
  • possible transaction types;

  

  How to start accepting payment cards?

  In this video, you will learn about:

  • available card acceptance solutions;
  • how to obtain the terminal and how to quickly set it up;
  • where to get technical support.

  

  Online card acceptance

  In this video, you will get information about:

  • what is online card acceptance;
  • what are the benefits of online acceptance;
  • how do online payments work;
  • what are the requirements for online merchant;
  • how can the risk be minimized in online environment.

  

  What is chargeback?

  In this video, you will get to know about the chargebacks – the process, timeframe, responsibilities, and solutions to avoid them.

  

  What is card fraud?

  This will explain the key things about fraud:

  • what to do in case of suspected fraud;
  • how to minimize it.

  

  What a merchant needs to do to be compliant?

  This video will explain:

  • what are the main responsibilities of the merchant
  • how to ensure compliance with rules of the international card organizations and the bank.

  

  What is the PCI DSS?

  With this video, you will understand:

  • what is the Payment Card Industry Data Security Standard (PCI DSS);
  • how card data can be stolen;
  • what are the consequences of the merchant not following the PCI DSS rules;
  • what can a merchant do to comply with the PCI DSS.

• Payment Card Industry Data Security Standards (PCI DSS)

  Payment Card Indrustry Security Standarts Council (PCI SSC) has been established by the leading international cards organisations Visa, MC, Amex, Diners, Discovery, JCB. PCI SSC had been worked out as PCI DSS rules and documents to regulate and define card security principles and policies. Payment security guidance must be applied to all entities (including banks, merchants, payment processors) whitch store, process or transmit cardholder data. These rules set the technical and operational requirements for organizations accepting or processing payment transacton.

  Please see the latest version of requirements and standards here

  All merchants that store, process or transmit cardholder data must be PCI DSS compliant.

  Card data and sensitive authentication data elements:

  	Data Element	Storage Permitted	Render Stored Data Unreadable
  Cardholder Data
  	Primary Account Number (PAN)	Yes	Yes
  	Cardholder Name	Yes	No
  	Service Code	Yes	No
  	Expiration Date	Yes	No
  Sensitive Authentication Data
  	Full Track Data	No	Prohibited
  	CVV2/CVC2	No	Prohibited
  	PIN/PIN Block	No	Prohibited

  How to be sure that you are compliant with PCI DSS requirements?

  Bank informs merchants once per year what kind of action must be taken to comply with PCI DSS . Requirements are presented in the table in below.

  Merchants are categorized into 4 levels based on the annual number of card payment transaction by one card brand (i.e., MC, VISA, Amex etc.). Level 1- Level 3 merchants are required to report their compliance status and Level 4 merchants are required to report filled SAQ directly to their acquiring bank.

  Merchant level	Merchants transaction criteria	Required actions from merchants	Frequency
  Level 1	Merchants with 6 million and more annual transactions in total for Mastercard or VISA	External security audit made by Qualified Security Assessor(QSA)	once per year
  		Network Scan conducted by an Approved Scanning Vendor (ASV) or Qualified Security Assessor (QSA)	once per quarter
  Level 2	Merchants with 1 to 6 million annual transactions in total by Mastercard or VISA	QSA or Internal Security Assessor (ISA)	once per year
  		Network Scan conducted by an Approved Scanning Vendor (ASV) or Qualified Security Assessor (QSA)	once per quarter
  Level 3	E-commerce merchants with 20 000 to 1 million annual transactions in total by Mastercard or VISA	Completing annual self-assessment (SAQ) form required by the bank	once per year
  		Network Scan conducted by an Approved Scanning Vendor (ASV) or Qualified Security Assessor (QSA)	once per quarter
  Level 4	All other merchants	Annual self-assessment (SAQ) at merchant discretion	Recommended once per quarter
  		Network Scan conducted by an Approved Scanning Vendor (ASV) or Qualified Security Assessor (QSA)	Recommended once per year

  Keep in mind, that you’ll need to perform:

  • Security audit, that is made by a certified auditor acting as Qualified Security Assessor (QSA) at the legal entities, who are presented on the PCI DSS official web-site.
  • Scanning of the network, that is made by a qualified net scanning vendor acting as Approved Scanning Vendor (ASV) or Qualified Security Assessor (QSA). ASV can conduct a scanning procedure for physical and online merchants but have no rights to perform an annual audits.
  • Internal audit, during which questions in SAQ (Self Assessment Questionnaire) have to be answered. The questionnaire content depends on technical solution.

  PCI DSS requirements and goals

  The 12 requirements and goals in the table below will help you to understand what important actions must be performed to be compliant wiht PCI DSS rules.

  Goals	PCI DSS Requirements
  Build and maintain a secure network and system	1. Install and maintain a firewall configuration to protect cardholder data. 2. Do not use vendor-supplied defaults for system passwords and other security parameters.
  Protect cardholder data	3. Protect the stored cardholder data. 4. Encrypt transmission of cardholder data across open public networks.
  Maintain a vulnerability managemenet program	5. Protect all systems against malware and regularly update anti-virus software or programs. 6. Develop and maintain secure systems and applications.
  Implement strong access control measures	7. Restrict access to cardholder data under business need-to-know. 8. Identify and authenticate access to system components. 9. Restrict physical access to cardholder data.
  Regularly monitor and test networks	10. Track and monitor all access to network resources and cardholder data. 11. Test security systems and processes on a regular basis.
  Maintain an information security policy	12. Maintain a policy that addresses information security for all personnel.

  For more information please visit https://www.pcisecuritystandards.org/