Payment cards servicing

Accepting card payments in trading venues

It is a bank service enabling merchants to accept card payments for goods or services via payment terminal. Swedbank offers card payments solutions for most business sectors depending on their needs and point of sale specifics.
See how card payments work

Useful information

• Contactless payment – quickest payment in the market

  Contactless payment-enabled terminals allow customers to make purchases of up to 25 € without having to insert their card into the POS terminal or enter their PIN. This applies to all contactless cards issued in the country or abroad.

  Benefits to your business

  • Faster customer service. Thanks to the new technology, everyday purchases will be even quicker and more convenient, while being just as safe as before.
  • Higher safety. The volume of cash payments (in particular, payments of small amounts) is reduced.
  • Increase in client satisfaction. This is a novelty that will be appreciated by your customers, in particular those who prefer convenient payment methods and like innovation.

  How to accept contactless payments?

  • If your company rents payment terminals from Swedbank, the bank will gradually adapt them to the contactless technology. Old terminals will be replaced with new ones if necessary.
  • If your company rents payment terminals from another service provider, you have to approach your service provider for the implementation of the technology.

  According to the requirements of the international payment card organizations, all payment card acceptance devices must have the contactless payment enabled from 01.01.2020.

• Accept UnionPay cards

  Serve more customers by accepting payment cards from UnionPay.

  UnionPay is an association of bank card industry in China and the largest card payment organisation in the world in terms of the number of cards issued. Over 7 billion cards are issued in over 49 countries and regions, among which 100 million are issued outside mainland China. UnionPay cooperates with over 1,800 institutions worldwide and UnionPay cards are accepted in over 170 countries and regions, covering 51 million merchants.

  From 1 January 2019, acceptance of these cards will be activated in all your POS terminals automatically – all you need to do is to prominently display the Point of Sale materials (card scheme logo stickers provided by Swedbank) at the entrance to the shop and by the cash register.

Start-ups can get a payment terminal for 6 months at a 50% discount

We help all start-ups take off! We offer the opportunity to rent a payment terminal for 6 months at a 50% discount from the price list.

• Price list

  Effective as of 20.08.2018
  1. Bank link
  Subscription	65 EUR
  Transaction fee	1% of the purchase price, no less than 0,13EUR, but no more than per transaction 3,20 EUR
  Authentication fee	0,11 EUR per instance (1)
  Amendment of a Bank link agreement	15 EUR

  2. Servicing payment cards (for merchants)
  2.1 Commission fee on the transaction amount	as agreed
  Smart terminal transaction	1.45%
  A Card Not Presented transaction (transaction on the Internet)	3.45%
  2.2 Fee for a technical device (2)
  rent of a payment terminal in month
  stationary terminal	12,50 EUR (1)
  mobile terminal	19,17 EUR (1)
  stationary, mobile terminal	15,83 EUR (1)
  stationary terminal with bluetooth connection	15,83 EUR (1)
  installation of terminal within 2 banking days	100 EUR (3)
  installation of terminal starting from agreement signing witin 5 banking days	free of charge
  replacement of card payment terminal at the client’s request	25 EUR (3)
  penalty for failure to return payment terminal on time	cost of terminal according to certificate
  2.3 Fee for amendment of payment card service contract	15 EUR
  2.4 Early return fee of terminal	equal to the sum of rental fees still payable for that moment
  2.5 Smart terminal purchase fee (Seller: Hansab AS)	104 EUR (1)

  2.6 Payment card service on the Internet (for merchants)
  2.6.1 Commission on transaction amount	as agreed
  2.6.2 Technical equipment fee
  contract fee	64 EUR
  terminal rental in month	16,67EUR(1)
  2.6.3 Fee for amendment of payment card service on the internet contract	15 EUR
  2.7 Reports to be ordered - Shopper Profile Report (1)
  Basic	105EUR
  Standard	625EUR
  Detailed	1300EUR

  3. E-invoice
  3.1 E-invoice sending service (1)
  subscription	30 EUR
  amendment	10 EUR
  subscription to domestic e-invoice service (4)	8 EUR
  3.2 The fee for sending a e-invoice (per invoice sent) (1)
  intra-bank invoice	0,19 EUR
  domestic invoice	0,50 EUR
  e-invoice credit note	free of charge
  printout and posting of one invoice of one page	0,58 EUR
  printout of each following page of the invoice	0,11 EUR
  3.3 Implementation of the company’s design template in the Swedbank Internet bank (1)
  the first implementation	32 EUR
  each subsequent change of the template	28 EUR
  3.4 Agreement about reports (based on e-invoice agreement) (1)
  e-invoice standing order agreements report fee	9,50EUR/ month
  e-invoice standing order agreements payments report fee	9,50EUR/ month

  (1) VAT at the rate of 20% will be added to the price.

  (2) Minimum rental period for terminal is 3 months. If the terminal rental is terminated before the minimum rental period, the Bank shall have the right to debit the early return fee of terminal.

  (3) The price is inclusive of VAT at the rate of 20%.

  (4) The fee will be calculated for each e-invoice sending registration application sent to bank, who is member in crossusage system.

• Terms and Conditions for Payment Cards Servicing
• Terms and Conditions for Terminal Rental
• Indicative price component table
• Instruction on security elements and acceptance of payment cards

In order to support merchants in payment card acceptance and help avoiding various risks, we have provided useful videos explaining the card acceptance process and principles in a nutshell. If you have any question, please contact the bank or find out more on www.swedbank.lv

• Video training

  

  How do card transactions work?

  In this video, you will find out about:

  • the card ecosystem and authorization flow;
  • possible transaction types;

  

  How to start accepting payment cards?

  In this video, you will learn about:

  • available card acceptance solutions;
  • how to obtain the terminal and how to quickly set it up;
  • where to get technical support.

  

  Online card acceptance

  In this video, you will get information about:

  • what is online card acceptance;
  • what are the benefits of online acceptance;
  • how do online payments work;
  • what are the requirements for online merchant;
  • how can the risk be minimized in online environment.

  

  What is chargeback?

  In this video, you will get to know about the chargebacks – the process, timeframe, responsibilities, and solutions to avoid them.

  

  What is card fraud?

  This will explain the key things about fraud:

  • what to do in case of suspected fraud;
  • how to minimize it.

  

  What a merchant needs to do to be compliant?

  This video will explain:

  • what are the main responsibilities of the merchant
  • how to ensure compliance with rules of the international card organizations and the bank.

  

  What is the PCI DSS?

  With this video, you will understand:

  • what is the Payment Card Industry Data Security Standard (PCI DSS);
  • how card data can be stolen;
  • what are the consequences of the merchant not following the PCI DSS rules;
  • what can a merchant do to comply with the PCI DSS.

• Payment Card Industry Data Security Standards (PCI DSS)

  Payment Card Indrustry Security Standarts Council (PCI SSC) had been established by the leading international cards organisations Visa, MC, Amex, Diners, Discovery, JCB. PCI SSC had been worked out as PCI DSS rules and documents to regulate and define card security principles and policies. Payment security guidance must be applied to all entities (including banks, merchants, payment processors) who store, process or transmit cardholder data. These rules set the technical and operational requirements for organizations accepting or processing payment transacton.

  Please see the latest version of requirements and standards here

  All merchants that store, process or transmit cardholder data must be PCI DSS compliant.

  Card data and sensitive authentication data elements:

  	Data Element	Storage Permitted	Render Stored Data Unreadable
  Cardholder Data
  	Primary Account Number (PAN)	Yes	Yes
  	Cardholder Name	Yes	No
  	Service Code	Yes	No
  	Expiration Date	Yes	No
  Sensitive Authentication Data
  	Full Track Data	No	Prohibited
  	CVV2/CVC2	No	Prohibited
  	PIN/PIN Block	No	Prohibited

  How to be sure that you are compliant with PCI DSS requirements?

  Bank informs merchants once per year what kind of action must be taken to comply with PCI DSS . Requirements are presented in the table in below.

  Merchants are categorized into 4 levels based on the annual number of card payment transaction by one card brand (i.e., MC, VISA, Amex etc.). Level 1- Level 3 merchants are required to report their compliance status and Level 4 merchants are required to report filled SAQ directly to their acquiring bank.

  Merchant level	Merchants transaction criteria	Required actions from merchants	Frequency
  Level 1	Merchants with 6 mln and more annual transactions in total by Mastercard or VISA	External security audit made by Qualified Security Assessor(QSA)	once per year
  		Network Scan conducted by an Approved Scanning Vendor (ASV) or Qualified Security Assessor (QSA)	once per quarter
  Level 2	Merchants with 1 to 6 mln annual transactions in total by Mastercard or VISA	QSA or Internal Security Assessor (ISA)	once per year
  		Network Scan conducted by an Approved Scanning Vendor (ASV) or Qualified Security Assessor (QSA)	once per quarter
  Level 3	E-commerce merchants with 20 000 to 1 mln annual transactions in total by Mastercard or VISA	Compleating annual self-assessment (SAQ) form required by the bank	once per year
  		Network Scan conducted by an Approved Scanning Vendor (ASV) or Qualified Security Assessor (QSA)	once per quarter
  Level 4	All other merchants	Annual self-assessment (SAQ) at merchant discretion	Recommended once per year
  		Network Scan conducted by an Approved Scanning Vendor (ASV) or Qualified Security Assessor (QSA)	Recommended once per year

  Keep in mind, that you’ll need to perform:

  • Security audit, that is made by a certified auditor acting as Qualified Security Assessor (QSA) at the legal entities, who are presented on the PCI DSS official web-site.
  • Scanning of the network, that is made by a qualified net scanning vendor acting as Approved Scanning Vendor (ASV) or Qualified Security Assessor (QSA). ASV can conduct a scanning procedure for physical and online merchants but have no rights to perform an annual audits.
  • Internal audit, during which questions in SAQ (Self Assessment Questionnaire) have to be answered. The questionnaire content depends on technical solution.

  PCI DSS requirements and goals

  The 12 requirements and goals in the table below will help you to understand what important actions must be performed to be compliant wiht PCI DSS rules.

  Goals	PCI DSS Requirements
  Build and maintain a secure network and system	1. Install and maintain a firewall configuration to protect cardholder data. 2. Do not use vendor-supplied defaults for system passwords and other security parameters.
  Protect cardholder data	3. Protect the stored cardholder data. 4. Encrypt transmission of cardholder data across open public networks.
  Maintain a vulnerability managemenet program	5. Protect all systems against malware and regularly update anti-virus software or programs. 6. Develop and maintain secure systems and applications.
  Implement strong access control measures	7. Restrict access to cardholder data under business need-to-know. 8. Identify and authenticate access to system components. 9. Restrict physical access to cardholder data.
  Regularly monitor and test networks	10. Track and monitor all access to network resources and cardholder data. 11. Test security systems and processes on a regular basis.
  Maintain an information security policy	12. Maintain a policy that addresses information security for all personnel.

  For more information please visit https://www.pcisecuritystandards.org/