Skip to main content

What rules apply for face-to-face- transactions?

What are face-to-face transactions?

We use the term “face-to-face transactions” for trade where there is an assistant present. This is the case, for example, when a customer makes a payment at the checkout in a supermarket, at reception in a hotel or to the waiter in a restaurant.

There are a number of rules for face-to-face transactions, including security requirements for the terminal and its location, as well as rules governing fee collection and rounding off.

You can see the rules below.

Requirements for terminals

For safety reasons, all payment terminals for face-to-face transactions must be equipped with chip and PIN, unless otherwise agreed with Nets. Do not install or take over a payment terminal that cannot read the chip on a card.

All solutions must satisfy a number of requirements from the international card companies; these are often referred to as “Payment Card Industry (PCI) security standards”.

When you have a Dankort merchant agreement with us and therefore accept Dankort in your store, we require you to have a terminal that satisfies the security standards.

Terminal location

​Place your terminal so it is readily accessible for all customers, including customers with special needs, functional impairment or a disability.

Fees

You cannot collect fees for accepting Dankort. Nor are you permitted to round off amounts if you accept Dankort at your shop.

Rules for rounding off

Rounding off is not allowed for electronic payments.

What rules apply for e-commerce?

E-commerce covers payments where your customers make payments on your merchant website. Your customers pay by providing their Dankort details in an encrypted SSL-based payment module.

There are a number of rules and requirements, which you can read more about below.

Requirements governing e-commerce information

Your merchant name must be clearly visible throughout your website.  It should be clear that you, as the merchant, are responsible for card transactions, for the goods and services sold, customer service, complaints and all other factors connected to the sale.

In addition, the following must be clear and unambiguous on your website:

  • Name (everyday name and legal name), CVR no. and address (a post box number is not enough).

  • Telephone number and e-mail address of a personal contact.

  • Description of the services/goods you and your shop sell – including prices, taxes and fees.

You must also state that your customers can pay using Dankort – you can do this by displaying the Dankort logo.

It must NOT be possible to:

  • Enter unencrypted data. This must be shown by an illustration of a yellow padlock at the bottom of the browser.

  • Enter a PIN

  • Send card information by unencrypted e-mail

See other requirements and recommendations from:

  • Consumer Ombudsman: Here you can read about the rules that must be observed when selling goods over the Internet.

  • National Consumer Agency: See in particular the two documents “Guidelines concerning Distance Selling” and “Position Statement of the Nordic Consumer Ombudsmen on e-commerce and marketing on the Internet”.

  • The e-mark: The e-mark is the Danish labelling scheme for secure online shopping provides guidelines for good practice in online trading and marketing. You can also find more information about how you as a merchant business can become e-marked.

What rules apply regarding cardholder-activated terminals (CAT)?

What are cardholder-activated terminals (CAT)?

A cardholder-activated terminal (CAT) is a terminal that can be operated by the cardholder without the assistance of a staff member, and may or may not require the use of a PIN. Cardholder-activated terminals are used to pay for parking, bridge tolls, petrol, tickets, car washes, etc.

If you have a payment card solution for cardholder-activated terminals, there are a number of requirements that need to be satisfied. You can read more about them below.

Requirements for cardholder-activated terminals (CAT)

For safety reasons, all cardholder-activated terminals must be equipped with chip and PIN, unless otherwise agreed with Nets. Do not install or take over a cardholder-activated terminal that cannot read the chip on a card.

All solutions must satisfy a number of requirements from the international card companies; these are often referred to as “Payment Card Industry (PCI) security standards”.

Are there any special rules and requirements for webshops?

Are there any special rules and requirements for webshops?

The information below must be available in your online shop to enable us to approve your online shop before we create your merchant agreement. Clarifying your online shop’s terms of purchase reduces the risk of complaints and financial losses for your business.Further down the page and at www.forbrugerombudsmanden.dk you’ll find examples of how to formulate the requirements on your site.

Terms and conditions of sale

It is up to the individual merchant to prepare terms and conditions. What matters most is that the content complies with applicable consumer purchase laws, set out in acts including the Danish Sale of Goods Act, the Danish Marketing Practices Act, the Danish Consumer Contracts Act and the Danish e-Commerce Act. The conditions must be in Danish and include at least the following:

  • Terms and conditions of sale and supply: Information must be provided about delivery, shipping and payment, as well as how the order is processed.

  • Conditions for returning the goods: Information about the warranty, complaints and item returns must be provided.

  • Personal data: Information about how personal data is processed.

  • Card details: Information about how card details are processed and by which supplier.

Check box

The card organisations’ rules about how the terms and conditions must be displayed require a check box (“I accept the terms of trade”) where the cardholder can actively confirm acceptance of the terms before proceeding with the purchase.

Visible logo

The merchant must clearly display Dankort logos. The logos must be visible on the shop’s landing page and at the point of payment. The logo must link to www.dankort.dk and the logotype: entry-hyperlink id: 2ctUbtxtow3qPDv0hUKCQd

Merchant and contact details 

The merchant name, CVR number and the country in which the merchant is registered must be clearly stated during the purchase process, and referring the customer to a separate website is not allowed. In addition, where available, the postal address, telephone number, e-mail address and visiting address must be provided.

Product/service information and price

To meet approval, the website must include examples of the goods/services listed when applying, and their prices.  All prices must be stated in Danish kroner and must include VAT and other taxes. The total cost of the purchase must be clearly stated before the order is completed and must include all costs associated with the purchase, including any postage and delivery costs. The merchant is responsible at all times for complying with applicable laws and Dankort rules, and must indemnify Nets in respect of any and all use in accordance with the examples below. Below you will find suggestions for how to formulate the various requirements on your website

Terms and conditions of sale 

  • Receiving an order – <Describe how an order is processed>.

  • Delivery – The item will be sent no later than <insert number of days> working days after receipt of the order. If the item is not in stock, <Describe how the cardholder will be notified>. The service will be performed <Describe when the service is performed> in accordance with the agreement.

  • Shipment – The ordered item will be shipped <Describe how the item is shipped>. Delivery charges are <insert relevant information about the cost of delivery and whether the cardholder has the option to choose from different delivery options>.

  • Payment – The card used at the point of purchase is charged when the product is sent to the cardholder.

  • Cancellation – If you want to cancel an item <Explain what the customer needs to do to cancel the item>. 

  • Right of cancellation – The right of cancellation applies for 14 days from receipt of the goods by the buyer. If you want to cancel the purchase, you must return the item in substantially the same condition, and we will refund the amount you paid for the item, including delivery costs. The buyer pays for the return. The return slip contains detailed information (to be attached to the shipment).

  • Warranty – <Warranty information about the items. The warranty gives the customer rights in addition to the consumer’s statutory rights pursuant to the Danish Sale of Goods Act>

  • Complaints – In the event of faulty goods, you must inform <merchant name> in writing or verbally within a reasonable time after discovering the fault. <Merchant name> will then provide information on how to proceed. The rules governing complaints are set out in the Danish Sale of Goods Act.

  • Personal data – <Merchant name> processes personal data in accordance with the Danish Act on the Processing of Personal Data. Personally attributable information will never be made available to other companies or be linked to other external registers. 

  • Card details– When you shop at <merchant name>, your card details are processed by <terminal vendor>, which is a secure electronic payment solution for Dankort. All card details are handled in accordance with the rules of the card organisations.

  • Cancellation – If you want to cancel an item, <describe what the cardholder needs to do to cancel the item>.

  • Merchant information <The name and CVR number of the merchant must be clearly stated>

  • Contact details <Postal address, telephone number, e-mail address and visiting address, where available>

  • Product/service information <Insert clear product/service information about all items/services. The information should provide the customer with the necessary information about the main characteristics, number, etc.>

  • Price All prices must be inclusive of VAT and other taxes. The total cost of the purchase must be clearly stated before the order is completed and must include all costs associated with the purchase, including any postage and delivery costs. 

What rules apply for mail and telephone orders?

What are mail telephone orders?

Mail and telephone orders cover the type of transaction where your customer pays via an order form sent by post or by providing various information over the phone. 

If you have a merchant agreement for mail and telephone orders, a number of requirements must be satisfied regarding the order form as well as for receiving card details by telephone. You can read more about them below.

Order form requirements

The order form that your customers must complete to shop in your mail order store must satisfy a number of requirements.

The form must contain a clear description of the goods and it must indicate that the customer wishes to pay by card. The form must not be designed as an open postcard, as it contains private card details.

The cardholder must provide at least the following information:

  • Name, address and telephone number + other delivery address if applicable

  • Number and nature of goods/services

  • Amount (both for individual items and total amount)

  • Card type

  • Cad number, expiry date and check digits

  • Date

  • Signature

In addition, the order voucher must include your merchant name and full address (a post box number is not enough). We must approve the order form before we can issue a merchant agreement.

​Requirements for receiving card data by telephone

If your customers purchase goods or services from you by telephone order, always tell your customer about the terms that apply to his or her purchases. Thus, you must always explain:

  • What it costs to ship the item

  • Whether there are any other costs or fees associated with the purchase

  • Your terms of sale and supply - such as your customer's options for returning the item

Conversely, your customer must give you the following information:

  • Name, address and telephone number

  • Card type

  • Card number, expiring date and check digits

What is Dankort scheme rules?

By entering an agreement of issuing or acquiring Dankort you become subject to and must at all times comply with the Dankort scheme rules. Besides the general scheme terms and conditions, a number of requirements from international card organizations, PCI Security Standards Council and national law are included in the Dankort scheme rules. Any holder of a Dankort license who is subject to the scheme rules is required to ensure that possible subcontractors are familiar with and comply with the Dankort scheme rules. Moreover, internal work instructions, agreements and systems must be in compliance with the Dankort scheme rules.

Find the Dankort scheme rules here (in Danish)

How do I accept ecom payments with Dankort in Apple Pay?

When you add a Visa/Dankort card from Danske Bank in Apple Pay the card has both a Dankort and a Visa part. For merchants that accept both Dankort and Visa, EU regulation requires that cardholders can choose between the two when making a purchase. That includes when the payment is made with Apple Pay.

So if you have a webshop or an app which offers payment with Apple Pay, you must make sure to set both Dankort and Visa as supported payment networks.

For cardholders, it will be the same user-friendly Apple Pay payment that they know. The only difference is that if they open the card selector, both parts of the card (Visa and Dankort) are available. As a merchant, you decide which of the networks is preselected.

Please see our mini-guide for technical information about how to include Dankort in Apple Pay checkout.

Which solutions are approved for Dankort?

Below you’ll find an overview of the solutions approved for Dankort. The list is continuously updated as new solutions are approved.

Being approved does not imply that Nets can be hold responsible for the product, payment solution, supplier, etc., including the responsibility for functionality, usability, quality, legality or compliance with third party rights.

Inquiries regarding these must be addressed directly to the individual supplier.

See the list of approved solutions for Dankort

How do I make an offline transaction on my terminal?

If there are issues where the payment terminal cannot connect online to Nets, it may be necessary to complete the transaction offline. Setting terminals into offline mode for transactions varies depending on the terminal on which the transaction is executed. The links below show how to set terminals to offline mode. If your terminal is from Nets you can go to Nets' website to see the offline procedure for terminals. 

The offline procedure for Verifone terminals can be found here. If your terminal is integrated into a till system, your till system supplier will need to advise you on how to complete offline transactions.

Dankort Automatic Card Updating

Dankort Automatic Card Updating (“DAK” in Danish) is a service for apps and online stores that rely on card-on-file. Using this service, the merchant may request card updates, freeing the customer from the hassle of entering new card information when a replacement is issued after card expiration.

Technically, the service must be implemented by the merchant’s PSP, since the card information must be stored by an approved PSP. The service only provides card updates if the issuer participates in the update program*, and only if the cardholder has given to consent to the issuer.

The service supports all types of Dankort i.e., Visa/Dankort, Mastercard/Dankort and pure Dankort.

Contact your PSP if you are interested in Dankort Automatic Card Updating.

See Dankort terms here and prices here.

* From 1 October 2024 all issuers

What is SCA and what types of payments are covered?

Strong customer authentication (SCA) came into force on 15 September 2019 and your online shop may therefore be at risk of purchases being rejected if it has not implemented the Dankort Secured by Nets security solution. You must therefore make sure, through your PSP, that the solution is activated on your online shop.

Below, we have compiled the most important points you need to know about SCA.

What is SCA and what types of payments are covered?

Fraud in online payments is becoming increasingly sophisticated. To address this, new strong customer authentication (SCA) rules were introduced in the EU Payment Services Directive 2 (PSD2).

The vast majority of consumer payment card payments require SCA. The exceptions will be described further down this page. Strong customer authentication pursuant to PSD2 means customers are asked to perform two-factor authentication (2FA) to identify themselves in the payment process. The two factors must be independent of each other and must be from the following categories:

  • KNOWLEDGE: something the consumer knows = a password or PIN

  • POSSESSION: something the consumer has = a token or a mobile device

  • BIOMETRICS: something the consumer is = a biometric fingerprint or facial recognition

Today, card payments are often completed online by entering the card number, after which you are asked to identify yourself through Dankort Secured by Nets using a one-time password sent by text message. The consumer’s bank (card issuer) is ultimately responsible for securing SCA, but the implementation of SCA also requires the involvement of payment service providers (PSP) and card acquirers in the case of card payments.

Not all payments are covered by SCA

Certain types of payments are exempt from the requirement for SCA:

  • Transactions initiated by the payee are not considered to have been triggered by the payer and are therefore exempt from SCA (this is a complex area of PSD2, so we have a special section on it later).

  • MOTO (mail and telephone orders) is not considered to be electronic and is therefore not covered by SCA.

  • Purchases under EUR 30 (up to a maximum total of EUR 100).

Dankort Secured by Nets as a method of SCA - what you should do as a webshop owner

Dankort Secured by Nets must be enabled for online Dankort payments

The requirement for strong customer authentication under PSD2 means that strong authentication of payers is no longer a choice. SCA must be performed for most payments – i.e. the cardholder must be authenticated to the issuer. This means card payments must be approved via Dankort Secured by Nets (or equivalent for payment cards other than Dankort).

What is Dankort Secured by Nets?

Dankort Secured by Nets is a security solution designed to protect cardholders online through an additional security check on payments. SCA via Dankort Secured by Nets requires consumers to authenticate themselves as the cardholder via a one-time password sent by text message. Dankort Secured by Nets will no longer be optional

Some online shops regard SCA as cumbersome and as something that could adversely affect their conversion rate. However, the SCA rule makes Dankort Secured by Nets a requirement for Dankort payments online, with the exception of some scenarios that we will review below. The good news is that payment service providers (PSPs) are responsible for the activation of Dankort Secured by Nets on behalf of merchants. So, you don’t necessarily have to do much yourself.

What should I know about SCA?

Are “saved-card-transactions” covered by SCA?

“Save card” is when the consumer’s card details are stored to make purchasing again easier the next time they shop. Consumers are usually asked if they want to save their card number, expiry date and CVC code so they can easily skip this step for their next purchase from the same online shop. The fact that card details are stored makes no difference to the classification of the transaction. If it is a consumer-initiated one-off payment, then it remains a one-off payment in terms of SCA. Therefore, it should not be marked as a “recurrent” transaction. Where “Save card” is used for consumer-initiated purchases, Dankort payments must go through Dankort Secured by Nets.

What is a merchant-initiated transaction?

Merchant-initiated transactions (MIT) are:

  • Based on an agreement between the merchant and the consumer for the supply of goods/services

  • Payments based on a recurrent payment agreement

  • Payments where the consumer is not required to use SCA for subsequent payments

  • Agreements signed by the payer using SCA, after which SCA is not necessary

Examples of merchant-initiated transactions include music or streaming subscriptions and mobile phone bills.

Do customers have to reconfirm all existing agreements?

The short answer is: No.

Existing agreements for recurrent payments and MIT do not require further SCA. However, a payment service provider (PSP) must be able to refer to previous transaction ID in the chain in order to validate the status of recurrent transactions/MIT.

Exceptions to Strong Customer Authentication (SCA)

Many are concerned that SCA may adversely affect conversion rate. To accommodate this, it has been decided that there are cases where exceptions can be made to SCA requirements. The consumer’s bank (card issuer) is ultimately responsible for SCA and therefore also for exceptions to SCA. The exceptions are not binding on banks, and they can decide for themselves whether they wish to offer their customers these exceptions.

Examples of exceptions to SCA described under PSD2:

  • Amounts of less than EUR 30: When a consumer makes an online purchase of up to EUR 30, this payment can be made without SCA. However, SCA must be used again when the aggregate of such payments reaches EUR 100 (for Dankort).

  • Transaction risk analysis (TRA): If the issuer or acquirer performs TRA and considers that the payment carries low risk of fraud, the payment may be exempted from SCA.

  • Trusted recipients of the payer (consumer): Where consumers have identified an online shop they trust, and provided that identification of the online shop takes place through the bank with SCA, subsequent transactions with that online shop will not require SCA. These rules are a new practice under PSD2, and we expect it may be some time before these SCA exceptions are widely implemented.

What is Dankort fraud notification service?

If a Dankort used in a webshop is subject to fraud, the cardholder's bank can make a chargeback and have all or parts of the amount refunded from the webshop. If the purchase is of physical goods, and the webshop already has shipped the goods by the time the chargeback is made, the goods will be lost and the webshop will lose revenue. Dankort Fraud Notification Service will give webshops the opportunity to hold back goods in case there is a strong suspicion of fraud.

With Dankort Fraud Notification Service you as a webshop owner will receive an e-mail from Nets if a Dankort related to fraud has been used in your webshop. That way, you get the opportunity to check the order further, hold back the purchased goods and thereby avoid losses. More specifically, as a webshop owner, you will automatically receive an email from Nets if a Dankort related to fraud has been used in your webshop during the previous 96 hours. The e-mail is triggered if the cardholder's bank has blocked the Dankort, and thereby confirmed to Nets that the Dankort is subject to fraud.

All customers with a Dankort eCom agreement are automatically registered for Dankort Fraud Notification Service, at no additional cost.

Read more about Dankort Fraud Notification Service