Safely accept recurring card payments.
Help protect your business against fraud when accepting recurring payments by credit card and debit card.
What is a recurring payment facility?
If you have an ongoing relationship with your customers and would like to regularly bill them for goods or services (e.g. a weekly gym membership), you can apply for a recurring facility.
How does a recurring payment facility work?
Your customers authorise your business to charge their account automatically at regular intervals so that you can provide the goods and services to them on an ongoing basis. You’ll need to check whether your payment gateway offers a recurring facility, your business will need to meet our qualifying criteria and you'll need to choose how you want to set it up.
If you deal with your customers over the phone, you'll need a recurring facility with an online MOTO facility, or if you want the ability to sign up your customers online you'll need an e-commerce recurring facility.
Tips to help keep your payment facility secure.
Take the following steps to help protect your payment facility and reduce the risk of an account data compromise.
What to do |
When to do it |
Who is responsible? |
Ensure your facility and service provider are PCI DSS compliant. You can check any provider's compliance status by asking for their Certificate of Compliance (COC). This will provide the validation date and expiry date of their PCI DSS compliance |
At set up, and annually thereafter |
Merchant / Service provider |
Change default password to system, application and devices |
At set up |
Merchant |
Create a unique user ID and password for each staff member that has access to your system |
At set up |
Merchant |
Ensure controls are in place to identify who has accessed your payment system and create a plan for when you detect unauthorised access |
At set up, and annually thereafter |
Merchant |
Establish a complex password policy*. If a user has attempted to log in unsuccessfully more than six times, lock their account and reset password after 30 minutes. This will give you time to investigate whether they are an authorised user |
Passwords should be changed every 90 days |
Merchant |
Only allow authorised staff to process payments |
Daily. |
Merchant. |
Don't store any card information such as the cardholder PIN or card verification code (three digits on the back of the card) |
Daily. |
Merchant. |
Conduct staff background check |
At the start of employment. |
Merchant. |
Establish staff security awareness training |
At the start of employment, and annually thereafter. |
Merchant. |
Develop an Incident Response Plan |
Annually. |
Merchant. |
*For example passwords must be seven characters in length and contain a capital and lower-case letter, number and symbol.
Tips to help prevent card fraud & payment disputes (chargebacks).
MOTO (Mail or Telephone Order)
- Make sure you have consent from the cardholder before the transaction is processed.
- Only accept card information over the phone (not by email or any other channel) and process transactions immediately while the customer is on the phone.
Online
- Enable 3D Secure. This is a way to combat fraudulent transactions by verifying your cardholder. Contact your payment gateway provider to set this up.
- Talk to your payment gateway provider about tokenisation. This replaces card details with a randomly created, custom alphanumeric ID that means you don’t have to capture sensitive information, keep it in internal databases or transmit it through your systems. Your payment gateway provider will need to set this up.
Learn more about chargebacks here.
What's the difference between an account data compromise (ADC) and card fraud?
An ADC is when an unauthorised person gains access to your business or payment environment to steal valuable information (like card payment data) with the intention to commit fraud.
Card fraud is when stolen card payment data is used to make a fraudulent transaction.
Get in touch.
New customers
Call the Westpac Merchant Services team on 0800 888 066 (option 1), weekdays from 8:30am to 5pm, or email merchant@westpac.co.nz
Existing customers
Contact your Westpac Relationship Manager, or contact our Merchant Services team on 0800 888 066 (option 2), weekdays from 8.30am to 5pm, or email merchant@westpac.co.nz
0800 888 066
- Option 1. New or additional merchant facilities, or to change ownership of an existing facility.
- Option 2. General enquiries on your existing merchant facility including suspicious transactions.
- Option 3. Westpac Get Paid on-the-go or Westpac Get Paid in-store technical support.
- Option 4. Westpac Get Paid online technical support.
- Option 5. Terminal faults that aren't related to Westpac Get Paid.
What’s the best payment solution for my business?
Things you should know.
The information on this page is intended as a guide only. We make no warranty or representation, express or implied, regarding the accuracy of any information, statement or advice contained on this page. We recommend you seek independent advice before acting or relying on any of the information on this page. All opinions, statements and analysis expressed are based on information current at the time of writing from sources which Westpac believes to be authentic and reliable. Westpac issues no invitation to anyone to rely on this material.
Links to other sites are provided for convenience only and Westpac accepts no responsibility for the availability or content of such websites.