Website Requirements for E-Commerce

It can be a challenge to develop and maintain a hemp, CBD, or other e-commerce web store that is compliant with the requirements of your financial institution, but it’s important to master this skill so that your merchant processing account remains open and operational at all times.  This avoids the embarrassment and cost of a major business interruption.  In order to be compliant, all e-commerce merchants must ensure that all websites on which they will process payments meet the following minimum requirements for selling goods and services via electronic commerce (e-commerce).

A compliant online store MUST:

  • Display their consumer data privacy policy on its website.
  • Display the security method used for the transmission of payment data on its website.
  • Offer Cardholders a secure transaction method and a data protection method, such as Secure Sockets Layer (SSL), 3-D Secure and/or Verified by Visa.
  • Attempt to obtain a Visa Card expiration date and submit it as part of the Authorization Request.
  • Include on their website(s) all of the following:
    • Customer service contact, including email address or telephone number.
    • The address, including the country, of Merchant’s permanent establishment, either:
      • On the same screen view as the checkout screen used to present the final Transaction amount; or
      • Within the sequence of web pages the Cardholder accesses during the checkout process.
    • Policy for delivery of multiple shipments.
    • Security capabilities and policy for transmission of payment card details.
  • Acknowledge that its Electronic Commerce Transactions are not eligible for Chargeback protection from Chargeback reason codes 75 (Transaction Not Recognized) and 83 (Fraud Card-Absent Environment) if If Merchant is a Verified by Visa Merchant and either:
    • The Merchant is classified with one of the following M.C.C.s:
      • MCC 4829 (Wire Transfer Money Orders);
      • MCC 5967 (Direct Marketing Inbound Teleservices Merchant);
      • MCC 6051 (Non-Financial Institutions Foreign Currency, Money Orders [not Wire Transfer], Travelers’ Cheques); or
      • MCC 7995 (Betting, including Lottery Tickets, Casino Gaming Chips, Off-Track Betting, and Wagers at Racetracks); or
    • Merchant has been identified in the Merchant Chargeback Monitoring Program or Risk Identification Service Online. Merchant remains ineligible while it is in either program, and for an additional 4 months after exiting the program. This condition also applies if Merchant enabled Verified by Visa while identified in either program.
  •  Include the following in its transaction receipts:
    • Customer service contact;
    • Merchant country; and
    • Conditions of sale, including return and cancellation policy.

Additionally, online / e-commerce merchants must not:

  • Transmit Authentication Data specific to one Transaction with another Transaction, except when either:
    • Two transactions are related due to delayed delivery; or
    • All items of an order cannot be shipped at the same time.
  • Display the full Account Number to the Cardholder online.

If Merchant limits its acceptance of returned merchandise or is an Electronic Commerce Merchant, Merchant must ensure that its return policies are clearly indicated to a Cardholder on the Transaction Receipt or on Merchant’s website, as follows:

Disclosure Location Required Disclosure To be used for the following Merchant Policies
Transaction Receipt (all copies, near the Cardholder signature area or in an area easily seen by the Cardholder)  

“No Refund”

“No Exchanges”

“All Sales Final”

Merchant does not:

Accept merchandise as a return or exchange

Issue a refund to a Cardholder

“Exchange Only” Merchant accepts merchandise in exchange for merchandise of equal value to the original Transaction amount
“In-Store Credit Only” Merchant accepts merchandise in exchange for an instore credit document that both:

Equals the value of the returned merchandise

Must be used at the Merchant location

Website (on checkout screen or in sequence of webpages before final checkout) “Click to accept” or other positive acknowledgement button or checkbox All return/refund policies and other purchase terms and conditions


Special Requirements for Hemp/CBD Merchants:

In addition to the provisions above, hemp and CBD e-commerce merchants must make sure their sites comply with the following additional requirements:

  • Must note on the website that all products consist of 0.3% or less THC.
  • Must provide website access to the certificates of analysis (COA) regarding THC testing products and suppliers
  • Must not offer any edible products on the website.
  • Must not offer to ship to areas where the product is illegal.
  • Must not make express or implied claims that products are intended to cure, mitigate, prevent, or treat a disease
  • Must not make false, misleading, or deceptive claims in verbiage, packaging, and advertisements.
  • Must include Terms & Conditions, Privacy Policy, and Refund Policy on the website
  • Must ensure website can be manually and automatically monitored to ensure these guidelines are followed.