FAQs
Answers to many of our FAQs are provided here below.
Data Privacy
PCI DSS is the Payment Card Industry Data Security Standard and is a set of standards in place to ensure the correct and secure handling of card details.
Any Merchant, Financial Institute or Entity who stores, processed, or transmits cardholder data should comply with the appropriate certification.
The accreditation required to be PCI DSS certified depends on a number of factors, such as the services you provide, the reasons for handling cardholder details and the volume of transactions you process in a year.
You can find more information and guidance on the PCI DSS Website, but you should always consult a Qualified Security Assessor (QSA) if in any doubt around your conformance to the PCI Standard.
General
If you are an existing customer, you can contact our Client Services team free on 0333 123 1248 or alternatively email client.services@paya.group, from Monday 09:00 – Friday 17:00.
New customers, please contact our Sales team on freephone 0333 123 1248 or email its.sales@paya.group, from Monday 09:00 – Thursday 17:30 and Friday 09:00 – 16:00.
A Merchant ID (MID) is the unique number provided to you by your Acquirer to identify you as a Merchant and is a fundamental part of being able to accept card payments.
Your MID is then set-up against your payment solution in the ITS system which gives you the front-end functionality to accept card payments. The ITS system then knows how to process transactions to your nominated Acquirer with your MID to identify your account.
A Virtual Card is a card but without the physical plastic card. It still has a Card Number, Expiry Date and Security Code, but these are often issued as a temporary card or an ‘embedded card’ as a card that is provided by the buyer to a single supplier on which that supplier can process all card payments.
An Acquirer (sometimes referred to as the Merchant Bank or Acquiring Bank) is a financial institution who facilitate the movement of money in a card transaction. It is the Acquirer who provides your Merchant ID (MID) for use with your payment solution.
B2G stands for business-to-government and much like B2B (business-to-business) describes the relationship between buyer and supplier, with the buyer in B2G being Government or Local Authority and the supplier being the business that provides goods or services.
In many B2G arrangements, there is a requirement from the buyer for the supplier to accept payment via Purchasing Card.
Find out how you can start accepting Purchasing Cards HERE.
Industry Updates
The BIN, which is used to identify the institution that issued the card, has traditionally composed the first six digits of the Primary Account Number (PAN). The International Organization for Standardization (ISO) standard1 that specifies how PANs are structured now also defines a format for the use of 8-digit BINs as an alternative to 6-digit BINs. Some payment brands have already started using the first eight digits as the BIN instead of the first six.
3D Secure provides extra fraud protection, requiring cardholders to complete an additional verification step with the card issuer, when using an ecommerce solution.
SCA or Strong Customer Authentication implements a stronger form of authentication which consists of more than just a static password. An example of an SCA authentication could be a One Time Passcode being sent to a user’s device for them use as authentication for their online purchase.
Whilst both versions will provide extra fraud prevention, 3D Secure Version 2 is an enhanced version which will take additional card holder data into account when deciding what level of authentication should be used and if Strong Customer Authentication is needed?
ITS Portal
Please send an email to our Business Development team on its.sales@paya.group with the following information:
- Username
- Number of Additional Users required
The team will subsequently contact you to advise on costings and will then send you an order form.
Please send an email to client.services@paya.group with the following details:
- Username
- Old Address
- New Address
We will then make the changes and email you a confirmation. Please ensure that you have also advised your Acquiring Bank of the address change. If you are unsure who this is, please contact us and we will be able to give you this information.
Our Card Alias solution provides a secure way to store cardholder’s card details on our system to assist with the PCI compliance regulations. If you have the Card Alias solution and would like to add more to your account, simply contact our Business Development team on its.sales@paya.group for more information about fees and set up.
Please verify if the selected Transaction Type in the dropdown menu is correct, i.e. MSAL or MREF etc. Alternatively, if you leave the Transaction Type set to Select (Default Settings), you will see all your transactions.
You can reset your password by following the “Forgotten My Password” link on the log-in page. Fill in your username, email address and submit. You will receive an email with your temporary password for you to connect and reset your log-in details.
Payment Processing
All ITS payment solutions have the ability to process Amex, Visa and Mastercard transactions, although you may require an additional MID.
Contact Us to find out how to start accepting all card schemes in your business.
Indeed, you can. Once you have applied for and received the new Merchant ID (MID) from your new acquirer, please forward it on to our Client Services team via client.services@paya.group stating the details below. Our team will then agree a date/time for the switch with you.
- Username
- Old Merchant Number
- New Merchant Number
N.B Please see below the list of acquirers that we currently work with. This information can also be found on our website www.interactivets.com.
- AIB
- Barclaycard
- American Express CPC
- American Express Retail
- Firstdata (Lloyds)
- Globalpay (HSBC)
- Bank of Scotland
- Worldpay
A Merchant may wish to store card details for subsequent transactions.
Every business that accepts card payments is required to meet certain data security standards, the Payment Card Industry Data Security Standard (PCI DSS), in order to protect the card data of customers and to reduce the risk of a data security breach. By complying with these data security standards, you help protect your business and your customers.
Conformance to the PCI Standard ensures that merchants meet minimum levels of security when storing, processing and transmitting cardholder data.
To help reduce your PCI scope, card details can be stored in the ITS PCI DSS certified secure environment and assigned with a Card Alias Name for use with future transaction against that card.
No. When utilising the ITS eCommerce PayPage solution, 3D Secure will also be included at no extra charge.
For Virtual Terminal, on the first screen just under where you add the Card Number, you will see Sale and Refund. The system automatically defaults to Sale, so you need to change that to Refund.
If you click on Refund, you may be prompted for a Refund Password. If you cannot remember this, please contact us on 0333 123 1248. You will be asked for your Username and your Merchant number. Please ensure you have your Merchant ID (MID) as we will be unable to provide your password without it.
Settlement normally takes approximately four working days from submission to the banking authority but may vary for certain retail solutions.
Our standalone solutions are typically delivered within two to five working days.
Due to the nature of our integrated solutions, the standard delivery is anywhere between four to twelve weeks depending on your in-house IT skills. You must ensure that you are set up with a merchant ID (MID) with an acquiring bank before placing an order.
ITS work with all major Acquirers in the UK and France, many of which offer ability to accept a wide range of currencies;
- UK: AIB, Amex, Barclaycard, Clover/Fiserv (formally FirstData), Global Payments, Lloyds Cardnet, RBS, WorldPay (FIS).
- France: Amex, BNP Paribas, Caisse D’Epargne, Crédit Mutuel.
All our products have the ability to process Visa, Mastercard & Amex schemes (both Retail & Purchasing Card). Please contact our Client Services on client.services@paya.group for more information.
Unfortunately, we at ITS, do not see the reason for the decline. We advise you to contact your customer (cardholder) so they can obtain the reason for the decline from their bank, or for you to obtain another card number or an alternative means of payment.
This is the status of the transaction. Please note that depending on which of our products you are using, you may not see all of the below statuses:
- Awaiting Settlement – This means the transaction authorised and is awaiting settlement
- Referred – The bank is unable to provide an authorisation code for the transaction, the merchant must contact their acquiring bank for an authorisation code
- Declined – The transaction has been declined by the bank and not been authorised
- Matchhold – The transaction is set to a status of 'Matchhold' and is awaiting Level 3 data to be settled
- Settled – The transaction has been settled and is now awaiting submission to the bank
- Submitted to Acquirer – The transaction has been submitted to the bank for processing
- Cancelled – The transaction has been cancelled and will not be submitted to the bank
- Settlement Failed – The transaction has failed settlement
- On Hold – The transaction has been put on hold
- Reversed – The transaction has been reversed. This can happen when you do not accept the authorisation.
Please note: There are two parts to the transaction, the Authorisation and the Settlement. The Authorisation, where the transaction is approved or declined by the card issuer or an acquirer - Typically to ensure funds are available. And the Settlement, where the transaction is 'completed' and will therefore be submitted to the bank. This will in turn action the exchange of funds.
A Purchasing Card (sometimes referred to as a P-Card, Procurement Card or Corporate Purchasing Card) is a type of business credit or charge card that allows organisations to pay for their business-to-business purchases electronically.
An ordinary credit card statement contains only very simple information. This level of detail may not be enough for business purchases and so invoices are typically also required when a standard business credit card is used. Purchasing Card statements, however, contain the line-item/invoice detail (known as Level 3 payment data) that would typically be included on an invoice (including description of goods, quantity, unit cost etc). This enables businesses to make greater use of the card statement and do away with the need to receive separate invoices.
Using Purchasing Cards offers businesses a way of significantly reducing the administrative cost of purchasing goods and services.
Merchants that accept purchasing cards as payment may not be required to issue VAT invoices to their customers. Instead, the invoicing is carried out by the customer’s card company, or bank, on the suppliers’ behalf, using transaction information (including the Level 3 Payment Data) which has been transmitted through the purchasing card system.
In the UK (and some other markets in Europe), the cards are designed to be fully compatible with VAT accounting requirements. HMRC publishes guidance on their website regarding how to account for VAT if you accept Purchasing Cards.
Products
Solutions such as Virtual Terminal can be set-up in 2-3 working days once you have a Merchant ID (MID). Other more integrated payment solutions require testing and additional set-up so require longer to implement.
To accept card payments online, you need an eCommerce PayPage that your site calls during the checkout process.
The PayPage allows your customer to enter their own card details and will also prompt for any additional validation checks such as Visa Secure, Mastercard SecureCode or Amex Safekey.
The result of a transaction is then passed back to your site to allow you complete your order process i.e to redirect your customer to an ‘order completed’ page.
The ITS PayPage also allows for Purchasing Cards to be accepted online with Level 3 Line Item Detail being submitted separately in an XML ‘Settlement Request’.
The ITS PayPage also offers a number of other functions, including split Authorisation and Settlement to allow you to control when payment is taken, and secure storage of card details should you need these retained for subsequent transaction.
Card payments do not always require a physical card terminal or PDQ.
The simplest way to start accepting card payments remotely is with a Virtual Terminal. This is a simple online tool that is accessed via a secure portal, using any browser.
For more integrated payment solutions for accepting payments remotely, see our range of ITS Connect products or contact us to discuss your requirements.
Some business processes require the ability to run a batch of payments in bulk perhaps at the end of the day, week or month, rather than processing separate transactions in real-time.
ITS Batch Payments allows merchants to upload CSV or XML extracts containing all transactions to be processed in bulk. Results for all transactions are then available either in a response file passed back or in the ITS Portal.
Batch Payments can also be used alongside our Card Alias function allowing the secure storage of card details directly into the ITS system meaning that your Batch Payment files do not need to contain card details, helping to reduce your PCI compliance scope.
Purchasing Cards
A corporate card is a broader description of a business card and can be a Credit, Debit or Purchasing Card. For a definition of a Purchasing Card please see 'What is a Purchasing Card' above.
Level 3 Line Item Detail is simply invoice data that you will have in your ERP/order processing system.
To be able to capture and process a Level 3 transaction you will need the ability to extract the Invoice details that would already exist in your ERP or back-office system.
For simple solutions such as Virtual Terminal this could be a manual process of copying details across. For more integrated solutions this typically involves the submission of a CSV or XML file which includes this additional Level 3 data.
There are 3 types of payment data;
- Level 1: which includes basic transaction details such as total value and merchant name.
- Level 2: which includes basic transaction data + Summary VAT.
- Level 3: which includes basic transaction data + full Invoice Line Item Detail and in many cases can replace a conventional paper invoice.
Level 3 payment data (sometimes referred to as Line Item Detail or Addendum Data) is full invoice data that flows with a Level 3 Purchasing Card payment. Whereas a Level 1 transaction only provides basic transaction data (i.e. transaction amount and Merchant details), a Level 2 transaction only provides Summary VAT, and a Level 3 transaction allows Merchants to flow full invoice detail, including individual line detail such as Product Description and VAT Rate which will be accessible by the Buyer/Card Holder through their statement and/or reporting tools provided by their card Issuer as an HMRC approved Invoice.