Website Compliance


Policies are required on every website regardless of what the merchant does, they are preferred to be on the homepage,
however as long as the cardholder is able to view them prior to checkout they can be located anywhere on the site. Below
are the required policies and Visa’s explanation of what should be communicated in the policy.
Privacy – To allay customer concerns about providing personal data, your privacy policy should define:
 What customer data is collected and tracked
 With whom this information is shared, and
 How customers can opt out
Refund/Return/Cancellation – Establish a clear, concise statement of your refund/return policy:
 Make this statement available to Web site visitors through links on your homepage.
 Provide full explanation of steps consumer must take to obtain refund.
 This policy must be listed even in the case of “no refunds”
Shipping/Delivery (not required on Fast Food/Pizza) – Develop a clear, comprehensive shipping policy and make it
available to customers through a link on your home page and at the time of the online purchase:
 Explain shipping options and expected delivery.
 Provide full disclosure of all shipping and handling fees.
Security – Explain how card information is protected:
 During Transmission
 While on your Server, and
 At your physical work site
 Make the page available to visitors through lists on your home page.
Merchants are not required by Heartland to possess SSL Certificates, however if a merchant does have one it may take
the place of the security policy so long as it has your merchants name and a valid expiration date.
It is required that the DBA listed on the website matches the DBA listed on the application (Do not change application to
match website)
Visa requires a merchant to have their Contact Information listed on their website, i.e. Physical Address (P.O. Box can
only be utilized for home-based businesses) and/or Customer Service phone number (Make sure it matches your
individual merchant)

Cardholder Associations)
This statement should tell the consumer how the merchant will be using the personal data they have collected.
“We respect and are committed to protecting your privacy. We may collect personally identifiable information
when you visit our site. We also automatically receive and record information on our server logs from your
browser including your IP address, cookie information and the page(s) you visited. We will not sell your
personally identifiable information to anyone.” (And so on…)
Or, if they do pass along personal information for whatever reasons, they would state this instead. This policy
should be tailored to how the merchant intends to use the information they are given.
This statement should tell the consumer how their personal information is kept secure during the transmission of
“Your payment and personal information is always safe. Our Secure Sockets Layer (SSL) software is the
industry standard and among the best software available today for secure commerce transactions. It encrypts
all of your personal information, including credit card number, name, and address, so that it cannot be read
over the internet.” (Etc.)
This policy should be clearly and specifically spelled out to avoid disputes with cardholders.
“We offer 30 Money Back Guarantee on almost every product we offer. Please call customer service at 800-
000-0000, in advance to obtain an RMA number (Return Merchandise Authorization) within 30 days of
purchase date.”
Another example:
“All refunds will be provided as a credit to the credit card used at the time of purchase within five (5) business
days upon receipt of the returned merchandise.”
Cancellation example:
The deadline to receive a refund for your registration is 30 business days before the event. Registration
cancellations received prior to the deadline may be eligible to receive a refund less a $ service fee.
Note – It could be that all sales are final or No Refunds. If this is the merchant’s policy, it should be stated on
the website and should also be noted on the footer of the merchant receipt or invoice

Shipping Policy/Delivery Policy:
This policy should clearly define the merchant’s shipping policy.
“Please be assured that your items will ship out within two days of purchase. We determine the most efficient
shipping carrier for your order. The carriers that may be used are: U.S. Postal Service (USPS), United Parcel
Service (UPS) or FedEx. Sorry but we cannot ship to P.O. Boxes. If you’re trying to estimate when a package
will be delivered, please note the following:
Credit card authorization and verification must be received prior to processing. Federal Express and UPS
deliveries occur Monday through Friday, excluding holidays. If you require express or 2 day shipping, please
call us at 800.000.000 for charges.
1 item (boots not included) $9
2 or more items, including boots $15
PLEASE NOTE: Out of state orders WILL NOT be charged sales tax. In state orders will be charged 7.8% sales

Age Verification Policy:
This policy should clearly define the merchant’s Age Verification Policy for order/shipping alcoholic
“You must be at least 21 years of age to order or receive alcoholic beverages. Any shipments containing
alcoholic beverages are sent with an “Adult Signature Required” sticker. All carriers who deliver alcoholic
beverages are required to ask and check for identification upon delivery. This means that you or someone over
the age of 21 will need to be present at the time of delivery to sign for your shipment. We highly recommend
having your wine shipped to a business to avoid any potential delays.” (Etc.)