Print this page

Merchant Services Questions

General Questions

What is a Merchant Account?
A Wells Fargo Merchant Account enables you to process credit cards, debit cards, gift cards, and electronic check transactions. These payment methods are convenient for your customers, and they may help you get paid faster. If you have a Wells Fargo deposit account, you can receive your funds as soon as the next business day when funding to a Wells Fargo Checking or Savings account.
Why do I have to fill out an application? Why do you have to check my credit?
We review your credit to assist us in determining the risk associated with sponsoring your transactions into the card processing networks. You send us your transactions for processing, and we credit your business checking or depository account. Those funds are available for you to use as you wish. The transaction is posted to your customer's credit card statement, and they have the right to dispute any charges posted. If the customer disputes a transaction, a chargeback may be generated, which would be debited against your business' account. In order to assess the risk of you having the funds to cover any potential chargebacks, we require a credit check.
Can internationally based merchants open a Wells Fargo merchant account?
No. Merchants physically located outside of the U.S. cannot process transactions with a Wells Fargo Merchant Account. Currently, only merchants with a physical business address in the U.S. and a U.S. checking account may process transactions with a Wells Fargo Merchant Account. The only exception is for foreign subsidiaries of U.S.-based merchants processing with Wells Fargo Merchant Services. Wells Fargo Merchant Services can support subsidiaries in Canada, Europe, Australia, and Hong Kong.
What kind of credit cards can I accept?
Common cards that can be accepted are: Visa, MasterCard, Discover Network, American Express, and JCB. AmEx and JCB are subject to processing network approval.
I am opening up another location and would like to accept credit cards. What do I do next?
If the legal ownership of the new store is the same as your existing account with us, and it is also the same type of business, we can open an additional location under your current account, unless you are opening an eCommerce location. If the business type of your new store is different, you will need to set up a new Merchant Account for the new location. If you are planning to open another location, or if you have questions or need assistance, please contact our client service representatives at 1-800-451-5817
When will my equipment arrive?
New terminal deployments are shipped overnight delivery on the day following the approval of a new merchant account.
Will the equipment be programmed and tested?
Yes, new equipment deployments are shipped programmed and tested.
I want to accept a different card type other than Visa®, MasterCard®, and Discover® Network. How do I get set up?
Please refer to the directions below for the preferred card type you wish to accept. If you have additional questions, please contact our client service representatives at the number provided on your statement.

  • American Express OnePoint®: If you would like to begin accepting American Express cards, please contact us at 800-451-5817 for more details.
  • JCB: If you do not have a entitlement number which is assigned by JCB, contact JCB at 1-800-366-4522.
For other card types not mentioned please contact us at 1-800-451-5817 for more details.

Fees & Pricing

What is a discount rate or discount fee?
The discount rate or discount fee is the amount that we charge to accept card payments. For most merchants, the greater part of the discount is made up of fees called the “Interchange” and “Assessments.” Wells Fargo pays these fees on its customers’ behalf, directly to issuing banks (the card companies that issues payment cards to your customers) and the card associations such as Visa®, MasterCard®, Discover Network® and American Express®, in compensation for facilitating the exchange of information and funds between your bank and your customer’s bank.
How does Wells Fargo determine my discount rate?
The discount rate you pay is determined by a variety of factors such as:
  • Your payment processing methods (face-to-face with your customers, online, by phone or mail)
  • The type of cards your customers use to pay you
  • How quickly you settle transactions
  • How your merchant services account is set up, and more


Please contact your Wells Fargo Merchant Services Consultant to design a solution that best meets your needs.
How are my fees collected?
The fees are collected, usually on a monthly basis, by an automatic deduction from the checking or savings account you specified.

Transaction Process

How does the credit card process work?
Step 1: Consumer places an order with the merchant through any number of sales channels: website, phone call, in person etc.

Step 2: Merchant submits the order/transaction via their payment service (terminal, gateway, software, telephone). The system securely forwards the authorization request to the card issuing bank to verify the consumer's credit card account and funds availability at the time of the transaction

Step 3: The authorization (or decline) response is returned via the system to the merchant. This process typically averages around two seconds.

Step 4: Upon approval, the merchant fulfills the consumer's order.

Step 5: The merchant settles the batch and the Point of Sale (POS) system sends the settlement request to Wells Fargo.

Step 6: Wells Fargo deposits transaction funds into the merchant's business checking or deposit account.
What is an authorization?
An authorization is a validation that the cardholder number is valid for an approval on a cardholder account for a sale amount. Approval of an authorization request by the issuing bank is confirmation that the cardholder has funds available to make the purchase. It is not a guarantee of payment.
What information is included on my statement from Wells Fargo Merchant Services?
Your statement will include a summary of your transaction processing information received, processed, and funded to your checking account. The statement can be used to determine if the deposits and funding records balance. The recap statement is used for merchants with multiple locations. Learn more about How to Read Your Statement.
How do I collect the proceeds from a sale?
Your customer provides you with their credit or debit card information to pay for a purchase and you process the transaction. Ever wonder how the proceeds from the sale get to your bank account?

Here's how it works:
The transaction information is sent automatically to your merchant account provider — that's us, and then we send it along to the card issuing bank for authorization and settlement.

If the customer's account is in good standing:
  • An approval is sent back to you.
  • The authorization is processed within seconds. (Please note that the authorization is not a guarantee of payment.)
  • You submit your transactions for settlement.
  • Wells Fargo Merchant Services then deposits the funds to your account. If you have a Wells Fargo deposit account, you can receive your funds as soon as the next business day.1

The customer of course won't have to pay the card issuer until he or she receives their monthly statement.

1 For Discover® Network, next day funding is only available for full service transactions (i.e., the authorization, processing, and settlement is performed through Wells Fargo Merchant Services). Next day funding is not available for merchants to whom Wells Fargo Merchant Services provides authorization services only (not processing and settlement) for Discover Network cards. For American Express®, next day funding is only available for customers enrolled in American Express OnePoint® program.

Virtual Terminals

What is a virtual terminal?
A Virtual Terminal is a browser-based application to process payments over the Internet. This feature allows you to accept cards from customers over the phone, fax, or mail. Orders are placed by manually entering card transaction data into the Virtual Terminal.
Does Virtual Terminal check AVS and/or CVV on the authorization
Not automatically. Merchants must initiate AVS checks and ask customers for their Card Verification Value (CVV), Credit Card Validation (CCV), Card Verification Value2 (CVV2), etc. values.
Can you import or export transaction data with Virtual Terminal?
Yes. Gateways permit for individual batches (files) to be downloaded or uploaded.

eCommerce Processing

What is a payment gateway and how does it work?
The payment gateway is a link between your website (or the website hosting your goods or services) and your Payment Processor
(Wells Fargo). When your customer makes an online purchase, the information from your Web site must be sent through a payment gateway to obtain an authorization and for a payment card transaction to be completed.
What is the difference between a payment gateway and a shopping cart?
A payment gateway takes the place of a card-swipe terminal machine. It captures the customer's card data from the merchant's Web site or Internet browser and securely sends it to Wells Fargo for payment processing. A Shopping Cart is a software program that allows customers to collect multiple products prior to the purchase (checkout) process. Wells Fargo does not sell nor resell shopping carts. You will want to obtain a shopping cart which is compatible with your gateway.
Why do you ask an Internet-only merchant to have a business phone number listed in the local directory assistance?
Wells Fargo recommends that all of our merchant accounts have a business telephone number listed in a local directory assistance. We want to ensure your customers can reach you by phone in case they cannot reach you by email. Having easily accessible contact information can help to minimize chargebacks, since a customer may be able to more quickly and effectively resolve any billing concerns.
Why do I have to post a refund/service return policy?
We want to make sure your customers understand fully the product/service they're purchasing and any courses of action should they be unhappy with their purchase. By including your refund/service/return policy on your Web site, you help reduce the likelihood of chargebacks from your customers. Visa®, MasterCard® and Discover® Network also require a refund/service/return policy.
I already have a shopping cart, why do I need a payment gateway?
The shopping cart collects items from your customer, adds up the item's costs, calculates taxes and shipping costs, and provides a total amount to the customer. A payment gateway's function is to collect the purchaser's name, address, credit card number, and expiration date. The payment gateway securely sends this information and verifies that the purchaser has enough funds in their account at that time to pay for products ordered.
Can I manually process transactions?
Yes. You can manually process transactions with the Virtual Terminal feature included in all gateways we offer.

Manage Risk and Fraud

Address Verification Service (AVS), Card Verification Value 2 (CVV2), Card Validation Code (CVC2), and Card Identification (CID), are designed to help you manage fraud exposure and help businesses avoid taking on unnecessary risk or turning away legitimate buyers.
What is Address Verification Service (AVS) and why is AVS important?
Most credit card disputes result in losses that are absorbed by businesses. When dealing with fraud, businesses often lose more than just the value of the stolen goods: they may also be obligated to refund the full purchase price and shipping costs to the cardholder. Card not present businesses can benefit from the Address Verification Service (AVS) available with our card not present solution. In fact Discover® Network requires businesses to use AVS on all card not present transactions. AVS allows businesses to compare the billing address provided by the customer with the billing address on file for the credit card. AVS may play a significant role as the first-line defense for all fraud detection tools. Download the VISA AVS Guide (PDF*) for additional information.

Online and mail order and telephone order businesses are more vulnerable because fraudsters are able to make faster purchases, sometimes over multiple locations in rapid succession. Businesses with excessive chargebacks are also likely to be hit with further action by card acquirers or associations, such as being charged higher transaction fees, having funds held in reserve, or even facing termination of payment processing services. Using an effective fraud prevention and management tool can result in lower losses due to fraud.

AVS is a fraud prevention feature that checks your customer's address used for the purchase against the address used for their credit card statements. AVS is only an indicator of potential fraudulent activity, since there are many reasons a customer's billing and shipping address could differ. It is up to the merchant to decline or accept a customer's payment if the AVS code indicates conflicting addresses.

AVS response codes and meanings
The following is a list of possible AVS response codes and their corresponding meanings. Each code is unique and no AVS code will ever overlap in meaning:

A = Street Address: Match — First 5 Digits of ZIP: No Match
This response code signifies a perfect match between the street address entered by the customer and the billing address on file with the credit card Issuing bank and a mismatch between ZIP codes.

B = Address information not provided for AVS Check
This response code signifies that the transaction was submitted without address information, so the AVS check could not be performed.

E = AVS error
This response code signifies that an error occurred on the processing network while processing the AVS request, so AVS information not available for this transaction.

G = Non U.S. Card Issuing Bank
The credit card Issuing bank is of non-U.S. origin and does not support the AVS system.

N = Street Address: No Match — First 5 Digits of ZIP: No Match
Neither the street address nor the ZIP code provided by the customer matches the billing address and ZIP code on file with the card Issuing bank.

P = AVS not applicable for this transaction
This response code is returned when address information is not checked against the AVS system. Examples of this would be eCheck transactions, credits, voids, prior authorization capture transactions, capture only transactions, declines and other transactions that do not include address checking.

R = Retry, System Is Unavailable
AVS was unavailable on the processing network or the processor did not respond.

S = AVS Not Supported by Card Issuing Bank
The card Issuing bank does not support AVS.

U = Address Information For This Cardholder Is Unavailable
Address information is not available for the customer's credit card at the processor.

W = Street Address: No Match — All 9 Digits of ZIP: Match
The nine-digit ZIP code provided matches the billing ZIP code on file with the card-Issuing bank, but the street address provided does not match.

X = Street Address: Match — All 9 Digits of ZIP: Match
The nine-digit ZIP code and street address provided matches the billing ZIP code and street address on file with the card Issuing bank.

Y = Street Address: Match — First 5 Digits of ZIP: Match
The five-digit ZIP code and street address provided matches the billing ZIP code and street address on file with the card Issuing bank.

Z = Street Address: No Match — First 5 Digits of ZIP: Match
The five-digit ZIP code provided matches the billing ZIP code on file with the card Issuing bank, but the street address provided does not match.

* You need Adobe® Reader® to read PDF files. Download Adobe Reader for free.
What should an online merchant do?
Examine your AVS settings via your Gateway to ensure the levels of matching criteria make sense for your business. Settings which are too lax may result in fraudulent transactions. Settings which are too stringent may result in lost sales.

Card Code Verification (CCV)
CCV – Card Code Verification also known as CVV 2– Card Verification Value 2, CVVC, Card Verification Value Code etc. is the three to four digit code printed on the front of back of a credit card. It is a good practice for merchants conducting eCommerce or Mail Order / Telephone sales to ask for this code to be provided. The purpose for asking for this code is to obtain further assurance that the customer has the card in her or his possession. One key item to note is that a Merchant may not store the CCV after completion of the original transaction.

Chargebacks and Retrievals

What is a chargeback?
When a credit card transaction is disputed (either at the request of the Cardholder or by a card Issuer), you may receive a chargeback. If a chargeback occurs, the amount of the original sale and a chargeback fee will be deducted from the checking or savings account you provided.
What is a retrieval request?
A retrieval request occurs when your customer requests more information about a transaction that appears on his or her credit card statement.
How does a retrieval request occur?
A customer contacts his or her credit card issuer to initiate the request.
Are any funds deducted from my bank account as a result of a retrieval request?
No, a retrieval request is just a request for information. The amount of a retrieval request is not deducted from your bank account.
What are some of the reasons for chargebacks?
Some of the reasons for chargebacks may include:

  • Merchandise is damaged in transit and arrives broken
  • A cardholder returns the merchandise but has not received a refund
  • A cardholder disputes a transaction as a fraudulent use of their card
What should I do if I receive a chargeback?
If you receive a chargeback, read the chargeback carefully and see if you are able to provide the requested information. For example, for a "credit not issued" chargeback, the cardholder is stating they are entitled to a refund, but have not received one. In this case, if you receive a "credit not issued" chargeback but have already sent a refund check to the customer, you can provide a copy of the front and back of the cancelled check.
How do I manage chargebacks?
To ensure safe receipt of merchandise, use a form of shipping that provides proof of delivery. For higher ticket items, require a signature for delivery. If a buyer contacts you with a complaint about a purchase, work with that buyer to resolve the dispute. If you can't resolve the dispute to their mutual satisfaction, instruct the buyer how to return the merchandise and what form of shipping they should use. Once the merchandise has been returned to you, issue a credit to the same credit card used to make the purchase. Pay attention to the AVS (Address Verification Service) response received. Don't accept numbers and information that don't match and use common sense in shipping to an address other than the buyer's billing address. International purchases involve a higher risk, in part because address verification is only available for U.S. transactions.
How does a chargeback take place?
A chargeback begins when a buyer contacts their card issuer to dispute a transaction. The chargeback is passed through the applicable payment network to the seller. Your account will be charged at the time the chargeback is received. When the seller receives the chargeback, it will include a "respond by" date. Since the payment networks only allow a limited amount of time to respond to a chargeback, it is critical that any response be provided by this date.

In some cases, chargebacks can be "re-presented," in other words information can be presented back to the cardholder's card issuer disputing the chargeback. Below are the most common scenarios where re-presentment is feasible. The ultimate decision of whether or not to accept the re-presentment rests with the cardholder's bank. Potential re-presentment scenarios include:

  • If the chargeback reason is "non-receipt of merchandise" and signed proof of delivery is available, the chargeback can be re-presented with a copy of the delivery confirmation including the signature and the complete address that the item was delivered to.
  • If the chargeback reason is "credit not processed" and the customer has already received a refund, the chargeback can be represented along with a copy of the cancelled check or the credit card refund information.
  • If the chargeback reason is "fraud" and proof of delivery to the buyer's billing address is available and a complete address verification match was received, the chargeback can be re-presented with a copy of the proof of delivery.
  • If the chargeback reason is quality-related, e.g. "not as described" or "defective merchandise" and the seller has not received the merchandise back, the chargeback can be represented with the statement that the merchandise has not been returned.
Where can I learn what the specific Reason Codes stand for?
Go to the Resolve Chargeback Tool for a complete list of all chargeback and retrieval request codes for Visa®, MasterCard®, and Discover® Network.

Payment Card Industry (PCI) Data Security Standards

What are the Payment Card Industry (PCI) Data Security Standards?
The PCI Data Security Standards are payment card network (Visa®/MasterCard®) and industry mandated requirements for handling of credit card information, classification of merchants, and validation of merchant compliance. Merchants are responsible for the security of cardholder data and must be careful not to store certain types of data on their systems or the systems of their third party service providers. Merchants are also responsible for any damages or liability that may occur as a result of a data security breach or other non-compliance with the PCI Data Security Standards. The information security principles contained within these standards are based on ISO 17799, the internationally recognized standard for information security practices.
Do I need to comply with Payment Card Industry Data Security Standards?
Yes. The program encompasses all merchants and third party service providers that store, process, or transmit cardholder data.
What are the benefits of being in compliance with the Payment Card Industry Data Security Standards?
It is good business practice to adhere to the PCI standards and protect cardholder information. Additionally, Visa, MasterCard, American Express, and Discover® Network may impose fines on their member banking institutions when merchants do not comply with PCI Data Security Standards. You are contractually obligated to indemnify and reimburse us, as your acquirer, for such fines. Please note such fines could be significant, especially if your business is compromised and you have not been validated as compliant.
What is "cardholder data"?
Cardholder data is any personally identifiable data associated with a cardholder. This could be an account number, expiration date, name, address, social security number, etc. The PCI Data Security Standards apply to all cardholder data stored, processed, or transmitted.
What is a Compliance Classification Level and how is a merchant's compliance classification level determined?
A merchant's compliance classification level is determined by annual transaction volume. The volume calculation done for you will be based on the gross number of Visa, MasterCard or Discover Network transactions processed through your merchant account.
What is an IP-based POS environment?
The point of sale (POS) environment is the environment in which a transaction takes place at a merchant location (i.e. retail store, restaurant, hotel property, gas station, supermarket, or other point of sale location). An Internet protocol (IP) -based POS environment is one in which transactions are stored, processed, or transmitted on IP-based systems, or systems communicating via TCP/IP.
Could my compliance requirements change?
Yes. As your transaction volume changes, and as association and industry rules change, your compliance requirements may change. It is your responsibility to be continuously aware of the data security requirements that currently apply to you.

Data Storage Protocol

What customer payment information can be retained?
The following individual data elements may be securely retained subsequent to transaction authorization:
  • Cardholder Account Number
  • Cardholder Name
  • Card Expiration Date
When is it acceptable to store magnetic stripe data?
It is never acceptable to retain magnetic stripe data subsequent to transaction authorization. Visa, MasterCard, American Express, and Discover Network prohibit storage of the contents of the magnetic stripe.
What rules apply if a merchant does not store cardholder data?
If a merchant does not store cardholder data, the PCI Data Security Standards still apply to the environment that transmits or processes cardholder data. This includes any service providers that a merchant uses.
What processing software/applications are currently known to be compliant?
Below you will find a link to the card processing software programs that Visa has validated to be compliant with the PCI Data Security requirements, including the requirement that after authorization, Security Data will be purged from the records and systems. Security Data is certain security information, including the full contents of any track of the magnetic stripe from the back of a card and the cardholder validation code (the three or four digit value printed on the signature panel of the card). Copies of these software programs that have version numbers older (those with a lower version number) than those indicated must be either upgraded, have a special security patch installed, or be replaced with compliant software to ensure that you do not store Security Data in violation of Visa, MasterCard or Discover Network's rules. If you are using any software programs different than the programs indicated, you must confirm with your software vendor that the version you are using is compliant with current security requirements.

To access this list of card processing software programs, click here and choose "Payment Application Best Practices" under the "Visa recommendations" section.

Compliance Assessment

What is a security assessor (QSA)?
A QSA is an auditing company that specializes in information security. They use payment card network developed criteria (the PCI Data Security Standards) to evaluate a merchant's processing environment.
Is it a common practice for security assessors to perform a re-assessment?
Yes, assessors frequently are asked to revalidate any issues identified at the time of the initial review and provide an updated Report on Compliance.
Where can the PCI Data Security Standards Compliance Questionnaire be found?
The PCI Self-Assessment Questionnaire is available for download on the PCI Data Security Standards Council website. If a business chooses to enroll with one of the PCI Security Standards Council Qualified Security Assessors to perform the system perimeter scan, they may complete the approved assessor's Compliance Questionnaire in lieu of the version posted on the PCI Council website.
What is a System Perimeter Scan?
A System Perimeter Scan involves an automated tool that checks a merchant's or service provider's systems for vulnerabilities. The tool will conduct a non-intrusive scan to remotely review networks and Web applications based on the external-facing Internet protocol (IP) addresses provided by the merchant or service provider. The scan will identify vulnerabilities in operating systems, services, and devices that could be used by hackers to target the company's private network. The tool will not require the merchant or service provider to install any software on their systems, and it will not perform any denial-of-service attacks.
Who needs to conduct a System Perimeter Scan?
The System Perimeter Scan is applicable to all merchants and service providers with external-facing IP addresses. Even if an entity does not offer Web-based transactions, there are other services that make systems Internet accessible. Basic functions such as e-mail and employee Internet access will result in the Internet-accessibility of a company's network. These paths to and from the Internet can provide unprotected pathways into merchant and service provider systems if not properly controlled. If a merchant or service provider does not have any external-facing IP addresses, they will only be required to complete the Report On Compliance or the Compliance Questionnaire, as applicable.
How much does a System Perimeter Scan compliance validation cost?
The cost of a System Perimeter Scan depends on the number of IP addresses to be scanned, the frequency of the scans, and the chosen assessor, and the degree to which the merchant is already in compliance when the review commences. As a courtesy to its merchants, Well Fargo has negotiated preferred pricing with TrustWave for its merchants. For more information go to: http://www.wellsfargo.trustkeeper.net/
Is the merchant responsible for compliance if they have outsourced the storage, processing, or transmission of cardholder data to a service provider?
Merchants should deal only with PCI Data Security Standards compliant service providers. If there are service providers handling cardholder data on a merchant's behalf, the merchant is still responsible for the security of this data and must ensure that contracts with these service providers specifically include PCI Data Security Standards compliance as a condition of business. Per association rules, you must inform Wells Fargo if you are using a service provider. Click on this link for a list of PCI Compliant Service Providers.
Do merchants need to include their service providers in the scope of their PCI Data Security Standards Review?
Yes. Merchants are responsible for the compliance of their service providers.
Can a merchant be considered compliant if they have outstanding non-compliance issues, but provide a remediation plan?
No. Lack of full compliance will prevent a merchant from being considered compliant. Wells Fargo encourages merchants to complete the initial review, develop a remediation plan; complete items on the remediation plan, and revalidate compliance of those outstanding items in a timely manner.

Penalties for Non-Compliance

Are there fines associated with non-compliance of the PCI Data Security Standards?
Yes. Visa, MasterCard, American Express, and Discover Network may impose fines on their member banking institutions when merchants do not comply with PCI Data Security Standards. You are contractually obligated to indemnify and reimburse us, as your acquirer, for such fines. Please note such fines could be significant.
Are there fines if cardholder data is compromised?
Yes. If cardholder data that you are responsible for is compromised, you may be subject to fines and other liabilities, including the following:

  • Potential fines of up to $500,000 (in the discretion of Visa, MasterCard, American Express, Discover Network or other card companies).
  • All fraud losses incurred from the use of the compromised account numbers from the date of compromise forward.
  • Cost of re-issuing cards associated with the compromise.
  • Cost of any additional fraud prevention/detection activities required by the card associations (i.e. a forensic audit) or costs incurred by credit card issuers associated with the compromise (i.e. additional monitoring of system for fraudulent activity).

Other PCI Compliance Resources

Who can I speak to if I have questions?
If you have questions, please contact our Client Service Representatives at 1-800-451-5817.