Frequently asked questions about payment technology, regulation and processes.

If you haven’t found your answers here, feel free to send us your questions: info@pay4one.com.

This is not so confusing. For credit card processing in a stationary or online shop, the so-called disagio fee is incurred, which is made up of three components:
The interchange fee is the fee paid by the acquirer (merchant bank) to the issuer (card-issuing bank) for each card transaction. The amount of this fee depends on several factors (regulated/non-regulated card, card origin, quality/security level of the transaction, etc.) and is clearly defined by the schemes.
(Since 2016, fees for standard cards have been set at 0.30%).

The card organisation fee is a fee payable by the acquirer (merchant bank) to the schemes (card organisations) for the use of their networks and depends on several factors. (Card organisations you know: Visa, Mastercard, American Express, etc.)

This is charged by your payment provider for processing the transaction – usually as a percentage of the card turnover.

In stationary trade, the costs for purchasing or renting the terminal are also incurred. In addition, a transaction fee is charged. In the case of retail shops, the network operator receives this fee; in the case of online shops, the PSP (payment service operator) receives it. Unfortunately, for businesses that operate both stationary and online trade, both fees are charged.

In order to calculate a fee rate (disagio, interchange plus or interchange ++), the acquirer needs the following information:
1 Sales volume:
Not the company turnover, but the card turnover is meant.

2 Bon size:
This is the average transaction amount.

3 Transaction type:
Through which channel will I be contacted by the cardholder?

o MoTo (MailOrder or TelephoneOrder)

o POS (Point of Sales) Card acceptance via a terminal

o E-Comm: Products are purchased in the shop and the cardholder’s card details are then recorded via the checkout

4 Card origin:
Where do the cardholders come from? Is the card-issuing bank national, Intera ( European bank ) or International
(USA and/or Asia)

5 Details of the products for sale
Important, e.g. if a risk surcharge becomes necessary for certain products or services

That’s a lot of information at first, but don’t worry – if the merchant can’t answer all the questions, the acquirer will estimate according to his experience and calculate with these components.
And if something turns out differently than expected, ask the acquirer in the following year and readjust the conditions. It’s worth it! And don’t hesitate to contact us if you want to know more.

The security requirements are deemed to be met if all points of the 12 chapters from the PCI DSS rules and regulations are implemented and demonstrably complied with. It is mandatory for all merchants to provide proof of implementation of the PCI DSS standards. Depending on the volume of annual card transactions, merchants must carry out or have carried out different internal and external audits (certifications):
We are happy to help you.
The PCI DSS portal will guide you through the entire process.
If you have any further information about your PCI DSS compliance, please do not hesitate to contact us Monday to Friday from 08:00 – 18:00: Germany: +49 69 – 348 740 25-0
What needs to be done?
In order to ensure compliance with the PCI DSS requirements, we reserve the right – depending on the size of the company and the sales channel – to conduct regular surveys or audits with the corresponding certification, if necessary with the support of partners specialising in this area.
We recommend the following procedure:
Familiarise yourself with the PCI DSS requirements on the relevant information pages of the card products.
Only store card data if it is absolutely necessary. Especially in e-commerce, use the secure pages of a service provider that is PCI Level 1 certified. Get proof of certification. Our Internet Payment Gateway (IPG) complies with these requirements.
Train your staff and implement the security regulations in your company.
Prepare and implement the measures to be taken for the certification process.
Ensure PCI DSS compliance after certification.
Fix any identified security gaps or vulnerabilities as quickly as possible.
Renew your PCI DSS certificate at the specified intervals and send it to us regularly.

If you have any further questions in connection with the certification process, please do not hesitate to contact us.

As with any business, there are a few things you should keep in mind when making card payments to ensure a smooth process. To avoid subsequent complaints from cardholders, you should follow the suggestions below. Please bear in mind that complaints can involve financial risks for you. You can avoid many cardholder complaints in advance if you follow the procedures and authorisation processes described in our Terms and Conditions. Be sure to train your staff so that they too can help to avoid complaints and invalid transactions by behaving correctly.

The most frequent complaints

The cardholder does not recognise the transaction.
The cardholder may not be able to clearly identify the transaction based on the merchant information printed on the cardholder statement.
You can prevent this by ensuring that the customer can clearly trace the card transaction on their cardholder statement. Make sure that the name of your shop as well as the corresponding merchant branch appear correctly and clearly on the card statement.
We recommend:
Please always keep the sales documents carefully as proof in case of a complaint.
The following applies in face-to-face business:
Always compare the signature on the sales slip with the signature on the card. Different signatures can lead to chargebacks. For card transactions made with card and PIN, the PIN entry replaces the signature.
The turnover was charged to the cardholder more than once.
The transaction was probably submitted to us for settlement more than once by mistake.
This happens when the chip or magnetic strip of the card is read repeatedly. Please only reinsert the card into the terminal when the terminal prompts you to do so. If, in exceptional cases, you submit the transactions by non-electronic means, please make sure that the individual transactions are not listed more than once.

In e-commerce:
This can happen under certain circumstances if the card data is entered into the payment gateway more than once. If, in exceptional cases, you submit the transactions by non-electronic means, please ensure that the individual transactions are not listed more than once.
If you are not sure whether you have already submitted a transaction to us, simply ask our customer service on +49 69-348 740 25-0.
The customer has not (yet) received the goods/service.
It is possible that the turnover was submitted to us for settlement before the goods were dispatched.
Your customer sees the turnover on his card statement although he has not yet received the corresponding service for this. This can lead to complaints that are easily avoidable.
We recommend:
Submit the transaction only after the service has been rendered, e.g. after the goods have been shipped, and keep any proof of delivery safe.

Checklist for IPG customers

For you as a merchant, a possible task arises due to the Strong Customer Authentication (“SCA”) requirements based on the second EU Payment Services Directive (PSD2) if you accept e-commerce credit card payments.

In this case, you should implement 3-D Secure 2.0 by 15 March 2021 so that
credit card payments in your online shop meet the requirements for Strong Customer
Authentication requirements.

No action is required for Mail Order Telephone Order (MOTO) payments.
Even if you accept direct debit payments, you do not need to do anything because these payments are outside the scope of SCA.

For PayPal and Sofort Bank Transfer, no action is required on your part .
Do you accept e-commerce credit card payments, either in your online shop, via the Payment Link or via another connection to our Payment Gateway?
Credit card payments are basically subject to SCA requirements and must be
be processed via 3-D Secure 2.0 in the future.

Check in the Virtual Terminal (www.ipg-online.com) whether you accept e-commerce credit card payments.
accepted. Log in and call up the menu item Reports > Transactions. By clicking on the order number of a transaction (1st column / Order#) you get to the “Order Details” view of a transaction.

At the bottom of the “Order Details” you will find the item “Card Data Origin”. If the
If “Electronic Commerce (Internet)” is displayed as the origin, it is an e-commerce credit card payment. Please check your transactions randomly to see whether they are e-commerce payments or mail order payments.

With the changes on 14 September 2019, 3-D Secure is generally mandatory for e-commerce credit card payments. It is best to first check whether you are already using 3-D Secure, because then you do not have to do anything else if it is 3-D Secure 2.0.

The easiest way to see is to use the “Transactions” report in the Virtual Terminal. If you see entries such as “Authenticated” or “Attempted” in the “PayerAuth” column for credit card payments, you are already using 3-D Secure.

If you are not yet using 3-D Secure, you must check which interface you are using.
you are using. You can recognise this by the UserID:

The ways you can accept credit card payments via
Mail Order Telephone Order (MoTo)
This is where you enter the card details when making a payment, e.g. in the Virtual Terminal or your ticketing software. If you accept MoTo payments and use the Virtual Terminal for this purpose, you do not need to make any specific changes because these types of transactions are exempt from SCA.

Payment URL
If you use “Payment URL” via our Virtual Terminal, there is no need for you to take any action.
If the Payment URL is triggered via the SOAP API to identify the cardholder, the merchant should simply use the following element: element ‘AuthenticateTransaction’ = true in the paymentURL creation message:


Connect connection

If you are using our Connect solution, check in your webshop or plugin whether you have
have deactivated 3-D Secure there. 3 D Secure must be activated. The IPG and the shop module will do the rest for you.

Application Programming Interface (API)
If you use the API, the programming must be adapted in any case, even if you are currently already using 3-D Secure via the API interface!
To do this, please follow the instructions in the SOAP API manual: https://docs.pay4one.com/org/gateway/node/389

Contact points & Information:

For questions regarding the adaptation of the implementation: support@amys-it.com<script>” title=”<script>
For general questions on PSD2 SCQA & 3-D Secure 2.0: support@amys-it.com<script>.

Do you have any further questions?