Card Payments

Card payments are an essential payment method for every webstore. The payment is debited either from the buyer's credit or debit account, depending on the type of card and the buyer's choice.

Different types of card payments:

Svea Payments offers the card payments of Visa, Visa Electron, Mastercard and Eurocard.

In addition, Svea Payments can offer American Express card payments through a technical interface, which means that the webstore makes a direct agreement with American Express but Svea Payments offers the payment interface.

Recurring payments, in-app payments and some mobile payments (MobilePay, Masterpass and certain Pivo-payments) are based on card payments and require the registration of a credit or debit card.

PCI DSS Security Standard:

The Payment Card Industry (PCI) sets certain security standards for Payment Service Providers (PSP's) offering card payments. Svea Paymentsis certified to the highest level of these security standards and is PCI DSS Level 1 certified.

Svea Payments is responsible for it's card payment service complying to the PCI DSS data security standard also for the part where the service is outsourced for example to a technical service provider handling card information. The web store is in turn responsible for the data security in the web store according to the PCI DSS data security standard.

Payment process with card payment

  1. The buyer chooses his/her card type either on Svea Payments payment page or on the webstore's checkout page.

  2. The buyer types in his/her card details either on the webstore's checkout page or on a page provided by Svea Payments.
    (3. If the card requires authentication: the buyer's identity is verified either by signing in to his/her online bank or by a separate password or code provided by the card issuer.)

  3. The webstore displays a 'thank you' -page or similar. The order is confirmed.

Card payments and risk management

Card payments involve a certain level of risk for the webstore. The risks in distance sales are different from those in physical trade or commerce. Reliable verification of the buyer is a challenge to the merchant because the debit or credit card and buyer are not physically present. A product or service that can be easily exchanged for money, is valuable and can be quickly resold also attracts criminals. These risks can be managed with the help of Svea Payments risk management tools.

Verification services Verified by Visa and MasterCard SecureCode

Cards are sometimes used in frauds. All webstores that accept card payments through the services of Svea Payments are automatically connected to the verification services of Verified by Visa and MasterCard SecureCode. The verification services are strong authentication services that have been developed by international card companies Visa and MasterCard and improve security. Both parties to the payment are verified at the moment of purchase: the web store and buyer (if the card used by the buyer is connected to the verification services).

The use of verification services reduces the merchant’s risks because a card holder registered for the service can be identified reliably. 3DS Authentication aims to reduce the risk of fraud by requiring the buyer to verify their identity when using a card for payment. Identity can be verified by for example signing in to the buyer's online bank (often used in Finland) or with separate passwords by the issuer of the debit or credit card. Some cards, mainly foreign card or business cards, do not require 3DS Authentication. The fraud risk is higher when 3DS Authentication is not used.

Merchant instructions and terms of Bambora AB and card companies valid at the time shall be applied to the verification services. A fraudulent transaction will not be charged from the merchant if the card holder has been identified in the transaction using the verification services.

Track card transactions

To prevent abuse, the merchant should also critically monitor the quality and quantity of transactions at his or her places of business, as well as the information of card holders related to the transactions. Abnormal data can include abruptly increased sales volumes, sales to a market area in which the merchant did not previously have sales, or unclear and insufficient data of the buyer. If a merchant suspects the misuse of debit or credit cards or card numbers at his or her place of business, Svea Payments must be notified immediately.

Svea Payments sends an email to the merchant about all unverified card payments by default and in addition the information about verification of the card transaction can be seen in the Extranet–service.

Svea Payments risk management tools

The risk management tools provided by Svea Payments enable the reliable and efficient prevention of fraud in distance sales, and help the merchant identify possible cases of fraud even before sending the product or service. The risk management tools are available to all merchants who use Svea Payments credit or debit card payments without additional fees. A merchant can use the data from risk management tools to compare the country code of the issuer of the debit or credit card to the country code of the IP address of the buyer’s browser connection and the country of delivery of the product or service given by the buyer.

If the country code, country code of the IP address of the buyer’s browser connection and the country of delivery of the product or service differ from each other and/or the transaction is not verified, it is a good idea to review the order in greater detail before delivery and consider possibly contacting the buyer. The merchant can reject a transaction if he has justified reason for suspecting misuse. However, it should be noted that there may be a natural explanation for having different country code and delivery country information, for example the buyer may be on an assignment abroad, on student exchange, or be using a debit or credit card issued by a multinational bank.

The traffic lights of Svea Payments in risk management tools are green, orange and red. The green color verifies a card transaction in which no risk alerts have occurred. The orange color code portrays an unverified card transaction in which no other risk signals occurred (for instance all business card payments go to this category or the red category as unverified transactions). The red color code indicates an unverified card transaction in which the country code of the card issuer and the country code of the IP address of the buyer’s browser connection differ from each other.

The following data will be shown about card payments:

  • The country code of the issuer of the credit or debit card

  • The country code of the IP address of the buyer’s browser connection

  • Verification

  • The last 4 digits of the card number

  • The type of card

  • The category of the card

Recurring Payments

Svea Payments supports following functions for recurring payments with credit cards:

  •  Registering a credit card for recurring payments (= saving / tokenizing card for later use)

  •  Registering a credit card while doing a payment

  •  Debiting a credit card without payer's intervention (no-click payments)

  •  Querying information of a registered card

  •  Querying information of a payment done with registered card

  •  All refunding and other functions that are applicable to payments done via Svea Payments


For more information, please contact our sales: