How to Keep Your Website Compliant with Card Brand Rules

At Braintree, we’re focused on helping our merchants offer payment experiences that are not only more seamless, but also more secure. One important aspect of making your checkout more secure is ensuring that your website, app, or other platform where you accept payments complies with applicable card brand rules. If you’d like to know more about some of these rules -- and how to help make sure your business is compliant -- keep reading.

Card brand rules generally require that merchants on all platforms (web pages, apps, invoices, or contracts) have clear and concise policies that disclose certain business information as well as cardholder rights before accepting payments. The specific requirements may vary depending on the country or countries where you operate, the card brands you accept, and your business model.

Following these requirements may help prevent chargebacks and provide your business with some of the necessary items to deal with potential cardholder disputes.

To help ensure that our merchants maintain the required policies, Braintree performs periodic reviews of our merchants’ websites. In order to avoid being flagged by our Risk team, please ensure the following policies are clearly disclosed to your customers:

  • Contact information
  • Pricing
  • Refund or cancellation policies
  • Privacy/personally identifiable information policies

Here are some frequently asked questions about these requirements:

What are sufficient forms of contact information?

  • A listed email address
  • A listed phone number
  • A physical mailing address
  • 2+ social media accounts

What does not qualify as a sufficient form of contact information?

  • Blank email forms
  • Mail-to links
  • Pop up email message boxes
  • P.O. boxes
  • Chat interfaces

What if my pricing is determined on a case-by-case basis?

If your pricing is only available in a custom contract or once an invoice has been drafted, please ensure that customers agree to pricing and have access to your contact information, privacy policy (how you use their information), and a refund/cancellation policy, all made available in the contract or invoice.


What if my prices and policies are only available to members?

That’s perfectly fine, as long as you make it clear that pricing is available upon login. Additionally, it is generally good business practice to make at least your contact information, refund/cancellation policy, and privacy policy easy for potential and current customers to find from the main page of your website.

It may also be helpful to include a “Terms & Conditions” checkbox or other similar electronic verification to confirm that customers acknowledge your terms before completing payment.

What if I don’t list pricing because I take donations?

A donation page with preset donation amounts, as well as custom donation options, is acceptable for non-profit organizations.

What if I accept payments on a mobile or web app?

In order to adhere to applicable card brand rules, your app will need to have your contact information, pricing, refund/cancellation policy, and privacy policy available in-app, or at the very least linked from your website in your app.

What does a refund/cancellation policy need to cover at a minimum?

  • Whether or not you provide refunds
  • If you do provide refunds, which conditions must be met
  • Whether there are any fees associated with refunds or cancellations

What does a privacy policy need to cover at a minimum?

  • What information you will be collecting
  • How the information will be stored
  • How you will be using the information you collect
  • Whether or not you share that information with anyone else

For examples of acceptable formats for these requirements, check out this support article.

Note: The content of this blog post and any examples provided are not to be construed as legal advice. These are simply general industry practices shared by Braintree to help guide you. As requirements vary by country and by industry, you should always obtain independent legal advice for your business.

Diamond Hawkins A born and raised Chicagoan whose passions include equal amounts technological advancement and all things whimsical. I aspire to demystify computers, and the work that they do, for the everyday user. More posts by this author

You Might Also Like