Secure Card Processing For Business

Fast, Reliable and Low-Cost Card Processing with dedicated UK based Support and Aftercare.

Payment Solutions

EcomMerchant is a Payment Gateway for businesses that wish to take credit / debit card payments via their website (ecommerce) and/or via the Telephone/Mail Order (Virtual Terminal). A number of solutions exist to allow you to facilitate payments with our service that will suit your requirements. Over 50 shopping carts can be integrated including; WooCommerce, OpenCart, VirtueMart, ECWID and FreeWebstore ( the full list of options can be found here ). A number of card terminal / Point of Sale card processing options are also available.

We are also able to offer a number of payment mechanisms that will facilitate accepting payments for your organisation. These are included at no extra charge to your account and include Pay-Link, Subscription, Pre-Authorisation payments to name a few. See our Add On Services Page for a description of how these operate.

Choose Plan

Ecommerce Online Payments (ECOM)

Just £25 p.m.

Secure Payment Gateway for small to medium sized businesses to accept online payments 24/7.

Includes:
Pay-Link Payments
Repeat Payments
Pre-Auth Payments
Deferred Payments
Subscription Payments
3D Secure V2
Plus other included services
Comprehensive Control Panel
PCI Level 1 security
Support for over 50 Shopping Carts
Includes 500 transactions per month

Apply Now

Mail / Telephone Order Payments (MOTO)

Just £25 p.m.

Virtual Terminal for processing Mail Order/Telephone order card payments securely 24/7 using your online control panel.

Includes:
Repeat Payments
Batch Payments
Pre-Auth Payments
Deferred Payments
Subscription Payments
Anti Fraud mechanism
Plus other included services
Comprehensive Control Panel
PCI Level 1 security
Includes 500 transactions per month

Apply Now

Range Of Card Terminals

From £15 p.m.

We offer a range of card terminals for processing payments face to face. Shop, Restaurant, Garage? We have the solution for you.

Also mobile terminals now available.

Apply Now

Per Transaction

	Up to 500 Monthly Transactions	Above 500 Monthly Transactions
Ecommerce or Mail / Telephone Order Payments or both as there is no additional charge to add one to the other.	£25.00 (per month)	£0.10 (per trans)

Add-on Services

Service Name	Charge	Payment
Multi Merchant Interface	£5.00	Monthly
Tokenization Payments	£20.00	Monthly

Terms & Conditions Apply

Minimum 12 Month Contract applies to all ECOM, MOTO or ECOM & MOTO services. Early termination fee or account remainder will apply for cancellation within the initial 12 month term. Monthly fees are payable via Direct Debit unless agreed in writing. Full Terms & Conditions can be found on our website under the ‘About Us’ section and also via your Merchant Control Panel. For more information please contact the Sales Team.

All new customers will be required to pay for the first 12 months of our service in advance. This will be 12 x the monthly fee for the services that you have requested. We will send you an invoice for the 12 months service once the merchant account setup details have been confirmed to you (and the Direct Debit form received). This payment will need to be made by bank transfer before the account can go live. The 500 transactions per month limit will still apply which means anything above 500 transactions (in any given month) will still be charged to the Direct Debit on a monthly basis. Should you enable any further chargeable services within the initial 12 month period these will be taken via Direct Debit also pro-rata. After the initial 12 month period your account will automatically change to a 1 month notice contract and shall assume monthly billing.

Merchant Account

In order to use our Payment Gateway services it will be necessary for you to have a Merchant Account through one of our acquiring bank partners. If you do not already have a Merchant Account through one of our acquiring bank partners, Total Web Solutions will be able to arrange a no obligation quote on your behalf (rates quoted on this page do not include the acquiring bank charges). We are able to obtain preferential rates and terms when you apply via ourselves. If you already have a Merchant Account that you wish to use please call the Sales team to discuss the switching process.

Features of the Payment Gateway Solutions

PCI compliance

We are PCI (Payment Card Industry) Level 1 accredited and have been scrutinized by Visa and Mastercard and other leading card scheme brands, to ensure that the credit card clearing services we provide our customers are safe and secure.

Supported Card Types

Total Web Solutions is approved for processing all major Credit and Debit cards - including Visa and MasterCard - in a wide range of currencies via four main acquiring banks (Barclaycard, First Data, Global Payments and WorldPay). The following cards can be processed via our ECOM and MOTO services: :

3D Secure Transactions

For merchants wishing to take payments over the Internet (Ecommerce) we include the 3D Secure service as standard. With 3D Secure the card holder will either enrol with their card issuer or be enrolled automatically and any online transactions made will be either authenticated Read More

Support Multiple Shopping Carts

For those customers who use a shopping basket solution on their web site we offer payment plug-ins to facilitate online purchases. The plug-ins enable interaction between the websites shopping basket and the Total Web Solutions payment gateway. Read More

Anti-Fraud Mechanism

Total Web Solutions has developed its own anti-fraud mechanism based on industry knowledge. We have added some unique features that check the purchasers card details during a transaction and makes assessments on whether the transaction poses a risk or not.

Customisable PayPage

Total Web Solutions offers a secure PayPage held on our own PCI Level 1 compliant Secure Servers for ease of use and security. Using the secure PayPage means that you do not need to worry about the security implications on your business as all card data collection and authorisation will be handled away from your own website. Read More

Comprehensive Control Panel

A comprehensive control panel is provided for you to take full control of your merchant acount. The functions of the control panel include reporting, history, statistics, online payment or refund, configuration and others. Below are some screenshots of the control panel functionalities.

Low Transaction Fee

We offer FREE transaction charges for the first 500 transactions in every month. For monthly transactions over 500, we only charge 10p per transaction - making us one of the lowest priced providers in the UK. Please click here for detailed pricing.

Merchant Accounts and Card Terminals

To receive money into your bank account from credit and debit card payments you will require a Merchant Account. A Merchant Account is separate from your normal business bank account and does not have to be with the same bank. An Merchant account (MA) is an account required to receive payments online using a Payment Gateway / Virtual Terminal / PayLink etc.

Total Web Solutions has relationships with all the major UK acquiring banks who offer merchant services, and due to our buying power as a long-standing and trusted Payment Service Provider, we can obtain preferential Merchant Account rates for your business.

Whether you are new to online card payment processing or looking to switch from your existing provider we can assist you. Total Web Solutions can also obtain preferential rates and terms on card terminals (Countertop/Wireless/Mobile etc). Please click here to receive a quote. Quotes are completely free and there is no obligation to purchase.

Add-on Services

Paylink Payments

For merchants who handle pro-forma orders or wish to give the power to their customer as to when they process the payment for their order, then PayLink Payments is for you. This service, once enabled can generate Pay-Links via your EcomMerchant control panel or can be generated on the fly via an API, both sending an email to your customer containing a web link that will forward them to make a payment against your previously generated order. Pay-Links, once generated can be modified and re-sent to your customer or deleted if required.

Repeat Payments

The repeat payment service is a useful service which enables merchants to take a further payment from a purchasers credit or debit card without having the original credit card details. This feature available through the merchants control panel will enable a further payment to be taken at an amount specified by the merchant. This mechanism uses the industry Credential On File method of allowing a card to be re-used without re-entry into the system, as long as the merchant has obtained permission from the cardholder.

Subscription Payments

For merchants who handle large volumes of subscriptions e.g. Magazine subscriptions or take regular payment amounts from their customers, then this service will meet your requirements. This module, once enabled, will allow merchants to add customers card details to their EcomMerchant account where you can decide the amount and regularity of payment against your customers card. Read More

Pre-Authorisation Payments

The Pre-Authorisation payments module enables you to reserve a payment against a customer card until such time you have the final payment amount and you are ready to authorise the card. This is useful in the travel industry and in particular hotels where a customer might have additional costs such as room service and you want to ensure there are sufficient funds to cover them.

Batch Payments

The Batch Payments service offers Merchants the ability to process payments in a batch as opposed to doing them one at a time. Card data would be collected in a CSV format by you, the merchant and pasted into your EcomMerchant administration tool. This will in turn process all sales and refund transactions and provide feedback as to which cards were successful and which were not. This mechanism requires additional assessment in regards to PCI accreditation as you would be handling the full card data.

Deferred Payments

The Deferred Payments service offers Merchants the ability to have more control over orders by deciding when to release transactions. Some businesses need to allow for items that are out of stock or to modify orders and payments for discontinued products. Whatever the merchants reasons this service enables the merchant to have more control over when their customers' credit or debit card is processed. Another unique feature of this service is the ability to authorize a small amount transaction and reverse it to ensure the card details are valid.

Mobile Phone Payments

Purchases that are made using a mobile phone, smart phone or tablet have been increasing exponentially year on year. To take advantage of this growth, we have now integrated the Pay Page mechanism to allow payments to be taken via these devices. The Pay Page will fit neatly into the designated screen size and allow payments to be processed just like it would be over the web. There are also some customisable features to give your pay page a branded look and feel to your mobile customers.

Tokenization Payments

For merchants who historically have handled card data and wish to relieve themselves of the burden of PCI may wish to implement this service. Tokenization allows the merchant to authorize cards without the need to store or transmit card data. Instead the merchant manages tokens supplied by the EcomMerchant service which can be used once to process a transaction whereby a new token is issued which the merchant must store for a subsequent transaction. This abstraction means merchants can essentially absolve themselves of the burden of having to secure card data and any associated PCI compliance.

Multi-Merchant Management Interface

The Multi-Merchant Management interface provides merchants with the ability to manage additional merchant accounts for organisations that have either many outlets or divisions. Some organisations may have multiple branches that require separate merchant accounts and separate user accounts to manage them.

Multi-currency

For those businesses wishing to take payments in different currencies then we have a facility to enable multi-currency payments. This service will require a new merchant number for each currency you wish to take payments in. Should you wish to take payments in a particular currency but have the payments settled in another then this is also possible.

Extended Data Elements

With our payment mechanisms we provide merchants with the ability to pass through a limited amount of information to record along side each transaction. This is sometimes not sufficient for some merchants who require additional information to be stored with each transaction such as product purchased, store purchased from, etc etc.

Multi-Lingual Payment Page

The Pay Page mechanism is very flexible and allows you, the merchant, to decide which language to display the pay page in. We support several languages and new ones can be added should a customer have a specific requirement.

Once this service is enabled the merchant just passes in the language to the pay page as a parameter and the pay page is then displayed in that language. We currently support: English; French; German; Spanish.

Service Enablement

In order to use any of the services above you will need to ask Technical Support to enable them. You can contact Technical Support via your EcomMerchant Control Panel. All services are free except those listed on the Services and Price page.

Supported Shopping
Carts and Integration Platforms

Merchants who will be taking card payments through their website are likely to want to integrate the EcomMerchant Payment Gateway service using a shopping cart. A shopping cart provides purchasers with the ability to purchase more than one product or service and provides an easy flow from selecting products for purchase to completion of payment.

For those merchants who use a shopping cart solution on their website we offer a variety of payment plug-ins or payment modules to facilitate this. The list of shopping carts and integration platforms we support is growing and we are happy to work with any platform providers to integrate our payment mechanism to their solution (See Developer/Integrator section). Below is a list of some of the Shopping Carts and Integration Platforms we support in alphabetical order. Shopping cart plugins and modules can be downloaded by clicking on the logo (for most) or by contacting the Technical Support team. If your chosen shopping cart is not shown here please contact our Sales team as we may still be able to offer integration.

Bespoke integration can be achieved using our interface specification document and test account. Contact the Sales team if you wish to discuss a bespoke/one-off integration.

Featured Shopping Carts for Total Web Solutions Payment Gateway

Supported Shopping Carts and Integration Platforms for Total Web Solutions Payment Gateway

Please note: It is the customer’s responsibility to make sure any plug-in or module downloaded through the links on this page (or received from our Technical Support team) is compatible with the version of the shopping cart they are using. Total Web Solutions cannot guarantee that the modules listed will be compatible with future versions of the shopping cart that maybe released. Total Web Solutions will, where possible, update the modules or request amendments/updates from the shopping carts. Any cost relating to modifications or updates may be passed on to the customer where applicable.

Important changes to
the EcomMerchant service

Recent changes in the law with the introduction of the Payments Services Directive 2 (PSD2), has meant we will now need to incorporate 3D Secure into all online payments. For this to occur we will need to add the 3D Secure service to all merchants who process card payments online through our EcomMerchant gateway. This change will be at no extra charge to the merchant and instead will be included in their monthly charges. The changes will mean a reduction in online fraud and will enable merchants who process online transactions to obtain a liability shift resulting in your acquiring bank underwriting any potential losses you experience through online fraud. It will also mean you avoid ‘non-secure’ fees for ECOM transaction levied by your acquiring bank (typically between 0.5% to 0.85%). This changes does not affect merchants who use our service for MOTO only transactions.

What is PSD2 ?

By now, you should have received contact from your acquiring bank (who supply your Merchant Account) regarding this new directive. Payments Services Directive 2 (PSD2) follows on from Payment Services Directive (PSD), which was imposed by the EU in 2007. This legislation established a single market for EU payments to champion the creation of more secure and advanced payment services. One of the key aims of PSD2 is the introduction of SCA (Strong Customer Authentication).

What is SCA ?

SCA (Secure Customer Authentication) will have a significant impact on how all merchants take card payments online from their customers (purchasers). In order to make an online payment, transactions will need to be processed and authenticated in line with the new Regulatory Technical Standards (RTS). This means that 3D Secure version 2 must be used during the payment process.

What is 3D Secure ?

3D Secure (version 1) has been around for over ten years and is a mechanism set up by the card brands and banks (e.g. Verified by Visa, MasterCard SecureCode, American Express Safekey) to provide additional online security for online transactions. With 3D Secure the card holder will either enrol with their card issuer or be enrolled automatically and any online transactions made will be either authenticated automatically by the card issuer (using risk assessment based on purchase price, transaction history, spending patterns etc) or by password authentication by the cardholder.
The new version of 3D Secure (version 2) is now in operation and has superceded the previous version. It makes authentication stronger and more secure by imposing a two-factor authentication requirement. This means that it all online payments will require two out of three possible security checks before a payment can be authorised. This new version uses over 100 data points to help determine if a transaction is deemed valid or not. In principle, the authentication would be two out of three of the following:
Something you own (Mobile phone, wearable tech, Smart card/keypad etc)
Something you know (Password, passphrase, PIN, security question etc)
Something you are (Facial recognition, fingerprint, iris scan etc)

Will I automatically be upgraded from 3D Secure version 1 to version 2 ?

If you need to contact us then you should use the secure ticketing system located in your control panel.

This reduces the security checks we have to perform to ensure the authenticity of your request and so will speed up the reply to your query.

Should you not have access to your control panel then you can use the contact form located here. We may have to perform additional security checks before we can deal with your enquiry, and this can slow down our response.

In all instances we will acknowlege receipt of your query within one working day. If the nature of your enquiry is straightforward we aim to provide a resolution to your query within one working day from when we acknowledge receipt of your initial enquiry.

In some instances we may require further information to assist us in resolving your enquiry. For more complex enquiries we may need more time to investigate but we will let you know if this is the case.

Please refrain from submitting multiple requests for the same query, as this can impede our response times. If you wish to provide us with additional information to your initial query, then this acceptable.

Add some £'s to your piggy with our Referral Scheme!

You may be a web design company or a marketing agency supplying design services to your customers and it makes sense to want to form partnerships with organizations such as Total Web Solutions that can process payments on behalf of your customers.

At Total Web Solutions we want to reward this arrangement by providing an incentive for any customers that are referred directly to Total Web Solutions and not through a third party such as bank or buying group and successfully achieve a live merchant for the EcomMerchant service.

The referral scheme is also open to existing Total Web Solutions customers. The referral fees can either be paid in cash or added as credit to your Total Web Solutions account. A hard-coded application tracker and marketing flyer can be provided on request.

We will pay a one-off referral fee of £50+VAT for any clients that achieve a live account on EcomMerchant and successfully complete three months of trading on their account. The EcomMerchant account must remain active for a minimum period of six months or Total Web Solutions reserves the right to claw back the referral fee. As a reseller you must invoice Total Web Solutions after three months of your customer being live before payment will be made.

To discuss our Referral scheme offering in more detail please contact our Sales team using the enquiry form

Developers and Integrators

We will work with developers to ensure a seamless integration to our Payment Gateway as well as offering bespoke solutions to those who require specialist data from our systems. Typically we engage with Shopping Basket Developers, Web Developers, MIS developers and Account Package Developers and have a number of API's and Supporting documentation to facilitate those developers with disparate requirements. All our interfaces are developed to the highest specifications and are securely developed in line with OWASP standards.

We are happy to discuss possible integration avenues with developers who believe that there could be mutually beneficial projects that require development. These can range from specific interface requirements (such as SOAP) to Automated Telephone System payment requirements. Please contact us should you wish to discuss specific products.

For businesses looking for development services, we are already working with developers who can assist businesses in achieving a successful web presence. Below is a list of business who can assist in this area:

Recommended Integrators / Developers

Glossary


Terms	Definitions
Merchant	A merchant is effectively you, the customer. In this information the term customer and merchant will be used interchangeably.
Purchaser	This will be your customer who purchases from you (The cardholder).
API	Application Programming Interface - This will allow website developers to call specific functions on our Gateway servers to perform specific tasks such as to confirm a payment has been successful.
Pay Page	A secure web page that can be access over the Internet that asks the purchaser for their card details to purchase goods or services from the merchant. Each Pay Page is customizable to the merchants requirements and therefore are different for each merchant.
Merchant Account	MA - This is a merchant account specifically for use for authorising payments with an acquiring bank.
MOTO	Mail Order / Telephone Order. Any orders taken over the telephone or via Mail Order by a merchant and processed through their Merchant Account is classed as a MOTO transaction. MOTO transactions are carried out using the virtual terminal mechanism in an EcomMerchant account.
3-D Secure	This is the protocol (stands for 3-domain, those being: purchaser; merchant and bank) used to establish that the payment being made is by the cardholder and not someone who has found or stolen the card. This is achieved using a one time password (OTP) that is sent to the cardholder during purchase.
Payment Gateway	A generic term to describe a business (such as Total Web Solutions) that links the Internet network to the banking network in order to facilitate payments.
Shopping Cart/ Basket	This is a program that runs on a web server that collects information about products or services a purchaser wishes to acquire before passing them purchaser to our payment gateway. There are literally thousands of shopping baskets out there and Total Web Solutions supports a number of these however if your shopping basket is not listed we will work with developers to integrate it into our payment gateway.
Control Panel	This is an administration tool that is available over the Internet that offers secure management of your Internet Merchant Account.
PCI	Payment Card Industry - Is a standard setup to improve security of payments using credit and debit cards. The standard is very stringent and Total Web Solutions is accredited to the highest Level 1 standard. For more information about the standard please visit the PCI councils' web site.
PSD	Payments Services Directive - The Payment Services Directive is an EU Directive adopted in 2007, administered by the European Commission to regulate payment services and payment service providers throughout the European Union and European Economic Area. A new version of the directive (PSD2) aims to enhance security through SCA (Strong Customer Authentication) criteria. See here for more information.
OTP	This is a One Time Password that is sent to the purchasers' mobile phone during an authorisation. This is to ensure that the person making the purchase is teh cardholder and not someone who has stolen the card.

PCI DSS Compliance for Merchants

If you are a merchant that accepts (or plans to accept) Credit and/or Debit cards then you will need to become PCI (Payment Card Industry) compliant. Chances are at some point you will have or will shortly receive communication from your acquiring bank (the organisation that provides you with your merchant account) requesting you to confirm that your business is PCI compliant.

Failure to confirm compliance, or being in breach of PCI rules, can result in fines and / or suspension of your merchant account so it is imperative that you understand the procedure to becoming compliant. These fines can be substantial depending on the breach and could also result in you or your business being prohibited from using merchant services in the future. We have laid out some guidelines for you, as a merchant, to becoming compliant.

The information contained in this guide is provided without warranties and is purely for helping you to understand the compliance requirements. The exact requirements for your compliance level can only be determined by your acquiring bank or the card brands themselves. Your acquiring bank should also have their own compliance guide either on their website or available on request from the banks merchant services department.

What is PCI DSS?

PCI DSS (Payment Card Industry Data Security Standards) is a set of requirements enforced by the PCI Security Standards Council, created specifically to protect Credit and Debit card data as well as enhancing and encouraging awareness of the standards.

How does PCI compliance work?

Depending on how you process your card payments and the size / type of your business you will either need to become PCI compliant yourself by completing an annual Self-Assessment Questionnaire (SAQ) to show that you use a compliant solution, or instruct a QSA (Qualified Security Assessor) to assist in attaining PCI compliance status.

What is an SAQ (Self-Assessment Questionnaire)?

The Self-Assessment Questionnaire is a validation tool that can be used by merchants to show to their acquiring bank that their business is PCI compliant (or at least demonstrate that the business is working towards compliance). There are several different questionnaires to complete, all of which can be downloaded here.

Which SAQ should I be completing?

The exact requirements for your own compliance level will need to be determined by your acquiring bank but the following table will give you an idea based on how you process card payments:

SAQ Type	Description
A	Card-not-present merchants (e-commerce or mail/telephone-order) that have fully outsourced all cardholder data functions to PCI DSS validated third-party service providers, with no electronic storage, processing, or transmission of any cardholder data on the merchant’s systems or premises. Not applicable to face-to-face channels.
A-EP*	E-commerce merchants who outsource all payment processing to PCI DSS validated third parties, and who have a website(s) that doesn’t directly receive cardholder data but that can impact the security of the payment transaction. No electronic storage, processing, or transmission of any cardholder data on the merchant’s systems or premises. Applicable only to e-commerce channels.
B	Merchants using only: • Imprint machines with no electronic cardholder data storage; and/or • Standalone, dial-out terminals with no electronic cardholder data storage. Not applicable to e-commerce channels.
B-IP*	Merchants using only standalone, PTS-approved payment terminals with an IP connection to the payment processor, with no electronic cardholder data storage. Not applicable to e-commerce channels.
C-VT	Merchants who manually enter a single transaction at a time via a keyboard into an Internet-based virtual terminal solution that is provided and hosted by a PCI DSS validated third-party service provider. No electronic cardholder data storage. Not applicable to e-commerce channels.
C	Merchants with payment application systems connected to the Internet, no electronic cardholder data storage. Not applicable to e-commerce channels.
P2PE-HW	Merchants using only hardware payment terminals that are included in and managed via a validated, PCI SSC-listed P2PE solution, with no electronic cardholder data storage. Not applicable to e-commerce channels.
D	All merchants not included in descriptions for the above SAQ types.

What is a QSA (Qualified Security Assessor)?

A QSA is an Information Security Consultant who has been certified (and trained) by the PCI Security Standards Council to carry out onsite security assessments for larger businesses (or businesses that process credit and debit cards directly from their website).

What do I do when I have completed the SAQ?

Once you have completed your required assessment it will be up to your acquiring bank (or their chosen compliance provider) to determine if you meet the compliance requirements or not. Most will have an online tool (Compliance Management Service) for you to submit your SAQ and / or network scanning results so that you can get instant confirmation on whether you have passed or not (or an email address to send these to).

What if I fail PCI compliance or don't complete the SAQ?

If you have completed the SAQ and / or internal assessment and have not met the required compliance level then you will be given the opportunity to rectify any deficiencies in your systems so that you can continue the certification process or apply again. Your assessor or compliance provider will advise you on the areas that you have failed in and give you advice on how to improve your systems in order to become compliant.

What level PCI compliance do I require?

Below are examples of various types of card processing, which should help you ascertain which category you fall into:

Q.The website collects and stores card data for me to put into my countertop/portable/mobile card terminal at a later time. Do I need to become compliant?

A.If you store or handle card data directly as a merchant then you will need to become PCI compliant and as such you will need to undergo internal security assessments and scans on a regular basis.

Q.I use Total Web Solutions to handle my website payments for me. Do I need to become compliant?

A.If you are using the Total Web Solutions PayPage to handle your card transactions and nothing else (i.e. countertop / portable / mobile terminal / virtual terminal or API) then you should not need to undergo PCI compliance but instead inform the acquirer (or their chosen compliance provider) that you outsource all card processing to Total Web Solutions. However, depending on the requirements of your acquirer they may still ask you to complete a Self Assessment Questionnaire (SAQ).

Q.I use Total Web Solutions to handle my MOTO (Mail Order / Telephone Order) card payments for me. Do I need to become compliant?

A.If you only process transactions via the Total Web Solutions Virtual Terminal - when a customer either calls, faxes or posts their card details to you - then you will need to complete Self Assessment Questionnaire C-VT (SAQ) – if you also use Total Web Solutions to process your website payments then Self Assessment Questionnaire C (SAQ) should be completed instead.

Q.I use an API to collect and pass through card data in order to process payments. Do I need to become compliant?

A.If you are using an API for direct card data processing you will need to undergo a formal onsite security assessment. This will need to be carried out by a Qualified Security Assessor (QSA). You will also require quarterly network / server scans by an Approved Scanning Vendor (ASV) as well as an annual SAQ. A list of ASV’s can be found here. Proof of your PCI compliance level will need to be provided before access to the Total Web Solutions API Suite is granted. See Corporate Services for more details.

To avoid the expense and time of having to become high level compliant yourself we would recommend using the Total Web Solutions PayPage and / or Virtual Terminal for your card processing needs.

How can Total Web Solutions help me with PCI compliance?

Total Web Solutions was one of the first UK companies to achieve and maintain PCI Level 1 accreditation and as such we have many years experience in this area. If you are struggling to complete any of the questionnaires, Total Web Solutions may be able to assist you by providing some of the information needed. Please contact the Sales team if assistance is required. Alternatively, you can use a PCI Compliance provider to conduct your requirement level checks and carry out your SAQ.

Frequently asked questions

What is a Payment Gateway ?

A Payment Gateway is a mechanism used for collecting, authorising and storing card data on behalf of merchants. Typically it is connected to a website via an Ecommerce shopping cart or payment module (e.g. WooCommerce, OpenCart, Shopify, Freewebstore). The purchaser enters their credit or debit card details encrypted into a secure PayPage on the Payment Service Provider’s servers who in turn sends the data through to the card clearing bank for authorisation. Total Web Solutions’ EcomMerchant Payment Gateway is one of the lowest priced secure online payment processing systems in the UK.

What is a Merchant Account ?

A Merchant Account is a service provided by an acquiring bank (e.g. Barclaycard, First Data, WorldPay) to enable business to accept card payments. Transactions are processed using a merchant ID for authorisation but no money is held in a Merchant Account, instead the money is settled via the acquiring bank into the merchant’s chosen bank account (normally a business bank account). A standard Merchant Account would be used for a physical card terminal (chip&pin) so for online payment processing (via a Payment Gateway) an Internet Merchant Account is required. Total Web Solutions is able to obtain favourable rates and terms for Merchant Accounts / Internet Merchant Accounts / Card Terminals via a number of leading acquiring banks due to our buying power.

What is a Virtual Terminal ?

A Virtual Terminal is a mechanism for processing credit and debit card transactions, as provided to the merchant by the purchaser, via MOTO (Mail Order / Telephone Order). The merchant would enter card details and associated billing details into a secure online control panel for instant authorisation via the clearing bank. Any mail order forms containing card data would need to be stored secured in line with PCI Compliance requirement.

How do I apply for a merchant account with a bank and what is the procedure ?

In order to use the Total Web Solutions Payment Gateway you will need to have or be able to obtain a Merchant Account. If you do not already have one we will be able to forward your application to one of the acquiring banks we work with so that they can contact you to provide a quote. Please complete our online application form by click the "Apply Now" link which is located in the menu bar.

Do I need a bank account to use the EcomMerchant service with Total Web Solutions ?

It will be necessary for you to have a bank account for us to pay your transaction payments into. Without an account the funds would not be able to be credited to you. In most cases this will need to be a UK Business bank account.

If I want to take online card payments on my web site in one currency but have it paid into an account of another currency would this be possible?

Yes, this is possible for currency transactions. You may have a Pound Sterling Bank account yet your customer base wants to pay in Japanese Yen. This is possible by setting up a Sterling to Yen Merchant number with the Bank. Total Web Solutions supports some many currencies with the option for more through agreed testing with the banks. We will always investigate currency requests by our customers.

I already have a merchant account for processing cards in my shop, so why do I need another merchant account ?

Your account will be for retail or a customer present merchant account. There are different types of merchant account depending on how you take your payments. In this case you require an Internet Merchant Account (for Internet transactions) or a MOTO Account (for Mail Order/Telephone Order transactions) which will allow you to process cards through a registered and PCI compliant Payment Gateway like Total Web Solutions.

How long will it take to set-up an Merchant account with the bank?

This depends on which bank you have decided to set-up a merchant account with. Typically this should take two to four weeks however this could take longer depending on how quickly you can provide any necessary documentation so please take this into consideration in your project time scales. Typically, the quicker you respond to the banks quotation the quicker the account can be activated.

Once I have a merchant account where do I go from here ?

Once Total Web Solutions is in receipt of your merchant number (if you receive your merchant number direct from the bank it is wise to forward this to Total Web Solutions as soon as possible) they can setup your EcomMerchant account. A test EcomMerchant account will be setup to enable you to test your account prior to enabling your account on the live system. A test script is provided to each customer and once Total Web Solutions is satisfied that you are processing credit cards correctly it will switch you over to the live system. Documentation is provided to facilitate the testing and integration of the service with your web site. For MOTO accounts no testing is necessary as all transactions are carried out through a virtual terminal in your provided EcomMerchant control panel.

How will I know how many credit cards and what amounts my site has processed during a trading day ?

The EcomMerchant account comes with an extensive control panel that allows you to produce End Of Day Reports for all transactions and should allow you to perform other functions also including card refunds. Many features are available through the control panel including Anti-fraud, statistics, Pay Page look and Feel, account security and many many more.

How long does it take to pay funds into my account after a credit card payment has been processed ?

This largely depends on the terms agreed with your acquiring bank for the Merchant Account. Typically it takes one to three working days. In the unlikely event of any problem, missed transactions get batched in the following day so you will always get your funds deposited to your account. All transactions are reconciled daily for each EcomMerchant account.

What happens if your system is not working and is unable to process cards for whatever reason. Do you have any form of backup system or mechanism to ensure my site can still process card transactions ?

We have various mechanisms in place to protect us from such an event. We have an identical backup system in place that can be activated within seconds of a major server failure. Our Card Processing System comprises of multiple servers and network devices and we have at least two of everything running at all times to ensure reliable and available service. Often the customer who is making the purchase will not be aware there has been a problem.

How secure is your network and servers as I have heard that credit card databases have been hacked on the Internet and I would not want my customers card details being exposed by purchasing products through my site ?

We take security very seriously. So much so that we are now externally audited by VISA and MASTERCARD to ensure our security meets their requirements plus some of Total Web Solutions own. We currently have redundantly deployed firewall and intrusion detection systems in place along with the secure storage of credit card data by storing in an encrypted format. Total Web Solutions is a PCI Level 1 Certified payment service provider and was one of the first accredited Companies in the world for this standard. We have worked with a number of security consultants to ensure our systems are as secure as possible and endeavour to introduce new features where practical to maintain the high levels of security our customers expect.

What cards will my EcomMerchant account accept when I go live with the service and is it possible to accept other cards ?

The EcomMerchant account supports VISA, VISA DEBIT, MASTERCARD, MASTERCARD DEBIT, JCB, MAESTRO by default. We can also support both American Express and Diners Club but these have to be applied for separately either via the acquiring bank or directly. Adding further card types is subject to acceptance and testing with the acquiring bank.

I am concerned that I may be subject to fraud on the Internet as I have heard that security is not very good on the Internet. What protections are in place to prevent fraud and stop us from getting charge backs from the acquiring bank ?

At Total Web Solutions we specialise in providing services that work and work well for our customers. Part of the service we provide to our customers using the EcomMerchant facility is the provision of an Anti-fraud feature in your control panel. This Anti-fraud allows you to perform up to 15 unique checks against possible fraud with some of those checks configurable by the customer. Features such as which countries to accept card transactions from, what level of security you would like purchasers to experience when making a payment to you. These features are all explained within the control panel to facilitate its use. This feature is also provided free of charge to EcomMerchant customers.

I know that as a Payment Gateway you will charge a transaction fee for each transaction I put through but are there any other charges I should be aware of ?

Firstly, when you use Total Web Solutions we aim to provide a cost effective payment processing solution to you the merchant. With this in mind we charge No Setup Fee and provide 500 transactions free of charge for a low monthly fee. Total Web Solutions are confident that we provide one of the most cost effective payment services in the UK with no compromise on service or security. With EcomMerchant accounts each transaction above the initial threshold is chargeable and Total Web Solutions will bill for these transactions monthly in arrears. As well as this transaction charge the aquiring bank will also charge you for processing cards and their transaction charges will be quoted directly at the Merchant Account application stage. The majority of our customers are charged less than 2% for Credit Cards and less than 1% for Debit Cards (subject to approval - Business card rates may be higher). Please take both the Total Web Solutions charges and the bank charges into consideration when determining your products/services prices on your web site as these cannot be passed on separately to the end customer by law.

Is there any set-up charges with Total Web Solutions or the bank when applying for a merchant account ?

There are no setup charges from Total Web Solutions but we do require the first 12 months of service in advance as detailed in our terms. The acquiring banks do typically charge a setup fee if you approach them directly. However, when you apply via ourselves we will generally be able to get this waivered for you due to our partnerships and buying power. Full rates and terms would be quoted directly by the acquiring bank once you have started an application with us

Are there any other charges I should be aware of when setting up a Merchant Account ?

Please see the link to Services and Price to understand all charges. For low volume customers an EcomMerchant account can cost as little as £25+VAT per month which I am sure you will agree is very reasonable indeed, especially when you get so many services included in the price.

Why do I need to use Total Web Solutions, can I not just go direct to a bank ?

We have agreements in place with several UK banks to provide payment services to our customers. These services are based on the bank providing us with favourable rates so that we can pass those onto our customers. Customers would not be able to realise those rates if they had gone directly to the bank.

What is PCI accreditation and do I need to be PCI Accredited ?

PCI stands for Payment Card Industry and is a standard born out of the card schemes (such as Visa) requirement to make payment services more secure. Total Web Solutions is a level 1 PCI accredited company which is the highest level accreditation. We have become accredited so you do not have to and by using our Pay Page mechanism card details are seamlessly taken on our secure system which has been rigorously tested to the highest standards in security. There are scenarios where accreditation is required for a customer but this is usually at a much lower level (Level 4) whereby basic security principles must be upheld. Your bank will usually contact you about this to ensure your compliance in this regards.

Does Total Web Solutions benefit financially from providing acquiring services for certain acquirers ?

Total Web Solutions are remunerated by Acquiring banks such as BarclayCard for successful introductions that result in the Acquirer providing merchant acquiring or gateway solutions to a merchant.

PCI Level	Description
1	Merchants processing over 6 million Visa transactions annually (all channels) or Global merchants identified as Level 1 by any Visa region
2	Merchants processing 1 million to 6 million Visa transactions annually (all channels)
3	PCI Compliance Level 3 - Merchants processing 20,000 to 1 million Visa e-commerce transactions annually
4	PCI Compliance Level 4 - Merchants processing less than 20,000 Visa e-commerce transactions annually and all other merchants processing up to 1 million Visa transactions annually

Secure Card Processing For Business

Payment Solutions

Choose Plan

Per Transaction

Add-on Services

Features of the Payment Gateway Solutions

Merchant Accounts and Card Terminals

Add-on Services

Service Enablement

Supported Shopping
Carts and Integration Platforms

Featured Shopping Carts for Total Web Solutions Payment Gateway

Supported Shopping Carts and Integration Platforms for Total Web Solutions Payment Gateway

Important changes to
the EcomMerchant service

What is PSD2 ?

What is SCA ?

What is 3D Secure ?

Will I automatically be upgraded from 3D Secure version 1 to version 2 ?

Add some £'s to your piggy with our Referral Scheme!

Developers and Integrators

Recommended Integrators / Developers

Glossary

PCI DSS Compliance for Merchants

Frequently asked questions

Company

Hosting

Join Our Newsletter

Social Media

Secure Card Processing For Business

Payment Solutions

Choose Plan

Per Transaction

Add-on Services

Features of the Payment Gateway Solutions

Merchant Accounts and Card Terminals

Add-on Services

Service Enablement

Supported Shopping Carts and Integration Platforms

Featured Shopping Carts for Total Web Solutions Payment Gateway

Supported Shopping Carts and Integration Platforms for Total Web Solutions Payment Gateway

Important changes tothe EcomMerchant service

What is PSD2 ?

What is SCA ?

What is 3D Secure ?

Will I automatically be upgraded from 3D Secure version 1 to version 2 ?

Add some £'s to your piggy with our Referral Scheme!

Developers and Integrators

Recommended Integrators / Developers

Glossary

PCI DSS Compliance for Merchants

Frequently asked questions

Company

Hosting

Join Our Newsletter

Social Media

Supported Shopping
Carts and Integration Platforms

Important changes to
the EcomMerchant service