Can the uniform UPI payment method work offline?

Overview of the most popular payment providers on the web

Scoring / Credit Score
“A credit score is a numerical value based on a statistical analysis that represents a person's creditworthiness. With credit scoring, companies try to determine the creditworthiness of customers or partner companies more or less automatically according to a predetermined procedure.

On the basis of borrower characteristics such as “customer since”, “place of residence”, “occupation”, “collateral”, points are assigned, these are weighted and then combined into a single credit rating in order to make it easier to grant loans with this overall score. If the creditworthiness is sufficient, a loan can be granted. However, scores can not only be used to make a credit decision per se, but also to determine interest rates and credit lines.

The motivation is to avoid risks and to receive objectified decisions based on a statistically supported method. The better the underlying scoring model reflects reality, the fewer loan defaults there will be. Scoring models and the characteristics that flow into them must be constantly updated.

The specific rules and algorithms for assigning and weighting points are called "scorecards", after the sporting term with the same name. There are various techniques for developing suitable scorecards, such as logistic regression, discriminant analysis, artificial neural networks and other data Mining methods. (Source: Wikipedia)

The scoring is carried out by different service providers, so-called credit agencies. B. Bürgel or SCHUFA count made. Banks and payment service providers use scoring tables of this type when assessing customers with regard to their solvency.

When buying in an online shop, the buyer can be subjected to such a scoring. The result of this scoring can then e.g. B. have an influence on the payment methods offered. For example, a customer with a low scoring can be denied payment on open accounts.

In order to be able to offer payment by credit card as a retailer in your shop, you need a credit card acceptance contract.

This credit card acceptance agreement acts like a kind of credit agreement that must be concluded with a credit card bank. Banks that issue such credit card acceptance agreements are known as "acquirers".

Visa and Mastercard themselves do not conclude any contracts with merchants. This is what the “acquirer” banks do. They check the dealer's business model and, if necessary, even carry out an on-site visit to the dealer.

There are the following acquirers in Germany:

  • Airplus (Lufthansa)
  • American Express
  • B + S Card Service
  • Concardis
  • Elavon
  • Pago
  • Postbank
  • Wirecard
  • Worldpay

Credit card acceptance contract

A credit card acceptance agreement is basically a type of credit agreement with a bank. In this respect, clear guidelines and criteria also apply here, which are checked in advance by the issuing acquirer. Since this check can sometimes take some time, the shop operator should allow for a certain lead time.

As a rule, acquirers will only conclude a credit card acceptance contract with companies that have already been active on the market for a certain period of time (at least 6 months) and that have appropriate economic evaluations (BWA, balance sheet).

If it is a pure internet business, ideally the internet presentation with other payment methods (direct debit, online transfer, PayPal, Moneybookers, etc.) should be live and prove the viability of the business model - i.e. also withstand a critical examination. It is always an advantage if you are active in the shop and have already made some sales using other payment methods (e.g. online transfer, direct debit or PayPal).

In addition to the discount costs, a number of other points are specified in the credit card acceptance contract: These include in particular the costs for cancellations (refunds) and for chargebacks. The deposit and the payout rhythm play a particularly important role. As a security, a firmly agreed share of the expected sales for the next six months is usually retained. This amount depends on the bank's risk assessment and the underlying business model.

When it comes to the payout rhythm, it can be important whether the credit card sales should be settled and paid out daily or monthly.

To issue a credit card acceptance contract, the acquirer should have the following information:

  • Total sales of the shop
  • Credit card's share of sales (as a first estimate, approx. 20% to 30% of total sales can be assumed)
  • Number of orders
  • Average order value or size of the shopping cart
  • Branch of the shop to define the merchant category code (MCC code)
  • Countries or the respective share of sales in these countries
  • Chargeback quota and sales statistics in the past, if you already offer a credit card

With the conclusion of the credit card acceptance contract, you are a contractual company of the acquirer. You will then receive a contract partner number (VU number) from the acquirer. This VU number is required for the technical integration by the payment service provider.

Credit check
“Information on checking the creditworthiness of a company can be found in numerous sources today. The information required for a reliable credit check can vary depending on the level of risk to be hedged, e.g. B. higher risk trades should be subject to a stricter and more comprehensive scrutiny than low risk trades. In order to avoid providing services to customers / business partners with poor credit ratings, it is advisable to complete the credit check before the service is provided and to adjust the terms of the transaction accordingly to the result of the credit check.

A business report offers a wide range of information. Often you can choose between information products of different depths of information - depending on the degree of risk to be hedged. The information serves as a component in the credit check and it can be useful to combine the information with other sources, such as B. internal data from accounting, information from sales. "(Source: Wikipedia)

3-D Secure
The so-called 3-D Secure procedure is an approach developed by VISA for more secure online payment by credit card, which is operated under the name Verified by VISA. MasterCard also offers such a service under the label “MasterCard SecureCode”. 3-D Secure aims to reduce the risk of fraud and the failure of payments due to card misuse. In addition, the shop operators who use 3-D Secure are guaranteed receipt of payment.

The buyer first enters their VISA or MasterCard credit card number. A connection is then made to the card-issuing office so that the buyer can confirm his identity there by means of a code. If the authentication was successful, the credit card payment is carried out.

The 3-D Secure Code or the password is not stored or noted on the card itself, but is issued by the cardholder. It should not be confused with the often asked 3-digit (sometimes 4-digit) check digit on the back of the credit card.

As an advantage for the customer with this procedure, it can be stated that the improper use of tapped card data in e-commerce is severely restricted, since the password is set by the customer himself during registration and is only known to him.

The advantage for the retailer is that the verification of the password provides proof of an authorized purchase. This limits his liability for any chargeback by the customer. Without 3-D Secure, the operator of the web shop is always liable for improperly used credit cards. If a web shop offers 3-D Secure, what is known as a liability reversal is used, with which the card-issuing bank is liable for any damage and protects the merchant from default.

PCI certification
“The Payment Card Industry Data Security Standard, usually abbreviated to PCI, is a set of rules in payment transactions that relates to the processing of credit card transactions and is supported by all major credit card organizations.
Retail companies and service providers who save, transmit or process credit card transactions must comply with the regulations. If you do not adhere to them, very sensitive fines can be imposed, restrictions imposed or you can ultimately be prohibited from accepting credit cards.

The regulations consist of a list of twelve requirements for the computer networks of companies that store and process credit card data:

  • Installation and maintenance of a firewall to protect the data
  • Changing passwords and other security settings after leaving the factory
  • Protection of the stored data of credit card holders
  • Encrypted transmission of sensitive data from credit card holders in public computer networks
  • Use and regular updates of virus protection programs
  • Development and maintenance of secure systems and applications
  • Restricting data access to what is necessary
  • Allocation of a unique user ID for each person with computer access
  • Restricting physical access to credit card holder data
  • Logging and checking of all access to data from credit card holders
  • Regular reviews of all security systems and processes
  • Introducing and complying with information security guidelines

PCI is based on the Visa Account Information Security Program (AIS and its sister program CISP), the MasterCard Site Data Protection Program (SDP), the American Express Security Operating Policy (DSOP), the Discover Information Security and Compliance (DISC) and the JCB security rules.


Compliance with the rules is usually checked depending on the company's sales volume: Merchants or service providers who process more than 6 million credit card transactions per year, have already succumbed to an attack, have been classified as "Level 1" by another card company or have compromised card data have to have their computer network checked quarterly by means of an external security scan by a MasterCard-approved scan vendor (ASV) and, in addition, once a year an on-site inspection (audit) by an independent, VISA-approved company (QSA) or a specially appointed security officer have it carried out.

Merchants who process between 20,000 and 6 million credit card transactions per year must also have their computer network checked quarterly using an external security scan by an Approved Scanning Vendor (ASV) approved by MasterCard and a PCI questionnaire (Self-Assessment Questionnaire) once a year , SAQ).

E-commerce merchants who process less than 1 million credit card transactions per year (level 3 and 4) must commission a PCI DSS-certified service provider with the processing of all credit card transactions or their acquirer their own PCI DSS from October 1, 2009 - Prove certification by completing the PCI Self-Assessment Questionnaire (SAQ) and, if necessary, performing a quarterly security scan by an Approved Scanning Vendor (ASV) approved by the PCI Security Standards Council. "(Source: Wikipedia)

For this reason, credit card payments should always be processed by a payment service provider who has the appropriate PCI certification.

The deposit is a security deposit on the cleared credit card transactions. In the case of credit cards, this value ranges between 5% and 15%, which are retained over a period of 6 months.
This security deposit is intended so that these funds could be used in the event of any chargebacks or reclaims. The deposit is also intended to serve as a protective instrument against the potential for fraud of a merchant or to be able to service fines in the event of violations of the Visa / Mastercard regulations.

A so-called chargeback is the cancellation of a credit card payment by the card holder at the issuer bank or the credit card company within a specified period. The chargeback period is the period, calculated in days, that extends from the day of the signature on the transaction receipt to the day on which the issuer can exercise his chargeback right for the last time.

The chargeback is possible if the owner of the credit card objects to debiting the account with a credit card payment. In e-commerce in particular, the retailer usually hardly has a chance to take action against the revocation, as there are no written contracts and no actual examination is possible.

The cost of the chargeback, the so-called chargeback fee, is usually borne by the person who has given the goods or services in exchange for credit card payment - i.e. the merchant. Due to the considerable administrative effort, the chargeback costs are usually in the range of 20 - 60 €. Here it is also irrelevant whether the actual purchase was less. As an online retailer, you can insure yourself against the chargeback fee, which is quite common and means a certain level of security.

In the case of a secured chargeback, the insurer reimburses the retailer for the canceled goods or services as well as the chargeback fee. This coverage is of course not free of charge, but takes place against an insurance amount. For the retailer, the whole thing is a calculation example of the costs for protection and the expected chargeback rate in relation to sales.

A chargeback rate that is too high (made chargebacks / number of transactions) can result in the merchant being forbidden by the credit card company to continue accepting credit cards as a means of payment, or severe penalties may be due. In such cases, it may well happen that the merchant's account with the bank or the credit card issuing agency is closed. In this respect, it is of course always advisable from the retailer's point of view to keep the chargeback rate as low as possible.