ECommerce Merchant Accounts & Website Compliance

eCom Merchant Accounts: What’s Required for Website Compliance?

If you operate an eCommerce or online business and want to accept credit cards, you will need to satisfy several requirements on your site in order to be compliant with Visa and MasterCard’s standards for these types of businesses. Most of these items are simple and can be done easily by you and with the help of a qualified gateway or merchant account specialist. Not only are these required by most processors, but having them in place makes for a professional and welcoming experience for your customers. After all, getting the customer to your site is only half the battle; keeping them there throughout the checkout process is the other half!

Below we will discuss all of the things that need to be in place to meet the standards set forth by Visa and MasterCard and the credit card processing banks. The things you will need to have on your website if you are accepting credit cards on it are:

Contact Information

The website must have good contact information for your business which would include at a minimum: a Mailing Address, Monitored Telephone Number(s), and a Customer Service Email Address. A physical address and multiple points of contact as far as telephone and email are also recommended.

Terms and Conditions of Sale

The Terms and Conditions of Sale (T&C’s), are especially important to protect you and your business and also to make sure the end consumer understands their rights. It’s important to have sufficient legal language to protect your specific business, but don’t get to verbose on the legalese as it may scare customers away. A search engine query for “Generic Ecommerce Terms and Conditions of Sale” will turn up a bevy of samples and templates to use.

Privacy Policy

Once again the Privacy Policy is important to your eCommerce store as it legitimizes your business. A professional privacy policy helps your customer understand what privacy they have when doing business with you and what privacies they may give up to do business with you. You can find Durango’s Privacy Policy here as an example.

Refund Policy

A clear Refund Policy not only is required for online sales of products or services, but once again it helps legitimize the business. The policy should be concise and clear about the rights that the customer has, or does not have, in regards to a refund, if any. If you have a No Refund Policy, be sure and specifically state this. It is also recommended to have a TOS (terms of service) checkbox on your checkout page, that forces the customer to agree to the refund policy. This may prove a deciding factor in potentially winning a chargeback dispute with a customer who states that they were never made aware of your refund policies.


While a FAQ page isn’t required per se, we’re including it here as a recommendation, since most consumers these days have become accustomed to searching for a FAQ link that quickly summarizes (or links to) the pertinent info (refund & return policies, shipping policies, etc)

Secure Checkout

This simply means that all transactions being processed in an eCommerce fashion need to be encrypted in order to not only meet the visa and MasterCard guidelines, but also to make sure your customer knows that their payment card information is safe and secure with your business.

This means using a qualified processor or processing bank, payment gateway and shopping cart provider. The checkout pages should always be encrypted via a “https” connection, instad of the checkout page only being “http.” To encrypt your checkout page with https (where the little “lock” appears on your website broser) you will need to either:

  • Use a secure/encrypted “hosted” checkout page from your gateway or shopping cart provider (where the shopping cart or payment gateway host the checkout page on their server). Click here to read about Durango’s hosted checkout service: QuickClick.
  • If you are instead hosting the transaction on your server, then you are responsible for encrypting the checkout page(s). You will need to purchase a “SSL Certificate” which will be installed on your server to enable webpages to be turned https. There are many popular SSL certificate providers out there (Verisign, Comodo, GlobalSign, etc), but often the cheapest (and easiest!) option is to ask your webhost who they use by default for SSL certificates and sign up with them (honestly, even if it’s $20 more a year, you’ll find that registering your site with a 3rd party SSL certificate provider can take several days of effort).

You can secure every page on your entire website if you would like, but remember encrypting a page will slow the download times for the content, which may make consumers abandon their cart prematurely; that is why most ecommerce stores only encrypt the actual checkout pages where sensitive data is passed by the consumer.

That sums up the bulk of what processing banks will be looking for from your site from an underwriting perspective for approval. As well, these are the standard features most savvy internet consumers expect to see from a trustworthy website these days, and importantly, these features will help to safeguard your business. If you have any questions about these policies or the services we offer to help you implement these requirements, please don’t hesitate to inquire with us.

Security Smartphone

Get Started Now

Call to talk to one of our account managers today!

Apply Today

Scroll to Top