Legal | BlueSnap

COVID-19: Helping your business during the pandemic. Learn More


Legal Documents


Acceptable Use

Acceptable use of a BlueSnap account

Your BlueSnap account and BuyNow links are intended solely for valid sale transactions between legitimate buyers and BlueSnap. Any exception is forbidden including but not limited to fraudulent activity of any type, transfer of funds, virtual currency or any stored value credits.

You are required to have a valid website where the BlueSnap BuyNow links are posted. The website has to include the product(s) description, contact information and a refund policy.

All orders must be placed within the BlueSnap secured BuyNow form and by the payment vehicle legitimate owners themselves. You may not collect credit card / payment information from buyers. You may not store credit card/payment information records anywhere in your BlueSnap account storage space.

BlueSnap BuyNow links should not be included in any spamming activity or communication.

Violations of the BlueSnap acceptable use and prohibited items policy

Please assist us in detecting and reporting violations of this Policy by contacting us at Please include a description of the suspected violation and links with screenshots if possible.


Canada Code of Conduct

BlueSnap supports the Canada Code of Conduct as part of our local processing in Canada. Please visit for more information. If you need to file a complaint, please visit the Disputes and Complaints page.


The purpose of the Code is to demonstrate the industry’s commitment to:

  • Ensuring that merchants are fully aware of the costs associated with accepting credit and debit card payments thereby allowing merchants to reasonably forecast their monthly costs related to accepting such payments.
  • Providing merchants with increased pricing flexibility to encourage consumers to choose the lowest-cost payment option.
  • Allowing merchants to freely choose which payment options they will accept.
  • Disclosure: All disclosures to merchants provided under the Code must be presented in a clear, simple, and non-misleading manner.


The Code applies to credit and debit card networks (referred to herein as payment card networks) and their participants (e.g. card issuers and acquirers)1.
The payment card networks that choose to adopt the Code will abide by the policies outlined below and ensure compliance by their participants (e.g. issuers, acquirers, and their downstream participants). The Code will be incorporated, in its entirety, into the payment card networks’ contracts, governing rules and regulations. The Code will apply within 90 days of being adopted by the payment card networks and their participants.

Enhancements to the Code announced on April 13, 2015 will apply within 9 months of being adopted by the payment card networks and their participants and will apply to all new merchant-acquirer agreements and all new or reissued premium cards after that 9 month period, with the following exceptions:

Element 1: Acquirers will have up to an additional 9 months, for a total of 18 months from the date of adoption, to implement the changes to Element 1. These changes will be applied to all new and renewed merchant-acquirer agreements;

Elements 2 and 3: The measures to facilitate the pass-through of interchange rate reductions to merchants will enter into force immediately for all merchant-acquirer agreements, upon adoption of the Code;

Element 4: The extension of this principle to contactless payments will enter into force immediately for all merchant-acquirer agreements, upon adoption of the Code;

Element 11: This element, which pertains to acceptance of contactless payments, will enter into force immediately for all merchant-acquirer agreements, upon adoption of the Code;

Element 12: The principle that merchants can provide notice of non-renewal at any point during the contract period up to 90 days prior to contract expiry will enter into force immediately for all merchant-acquirer agreements, upon adoption of the Code. Acquirers will have 9 months from the date of adopting the Code to implement the changes addressing fixed-term contracts; these changes will be applicable to all merchant-acquirer agreements; and

Element 13: The complaints handling process will enter into force for all merchant-acquirer agreements, within 60 days of adopting the Code.

To assist entities in adhering to elements of the Code, the following definitions are provided for clarification:

Contactless payment: a payment card-based and/or mobile device enabled payment transaction that is initiated at the payment terminal at a point-of-sale and that does not require contact with the payment terminal at the point-of-sale.

Mobile device: a portable electronic device that may be used by a consumer to facilitate the storage and/or transmission of data electronically for enabling a contactless payment.

Mobile wallet: a graphic user interface (software application) that presents one or more payment applets to a consumer for the purposes of enabling a contactless payment.

Payment applet: a software application on a mobile device, or within a mobile wallet, that enables a contactless payment by linking a single payment credential (e.g. credit or debit) through a specific payment card network.

Payment credential: the data that is required to complete a contactless payment (e.g. identifying information for the specific payment network, issuer, and cardholder) that is stored securely and accessed by a payment applet or token associated with a payment applet.

This Code is overseen by the Financial Consumer Agency of Canada, who is responsible for monitoring the compliance of signatories.

Requirements for payment card networks
By adopting the Code, payment card networks agree to provide any requested information regarding actions taken by themselves or participants to the Financial Consumer Agency of Canada, for the purpose of monitoring compliance with the Code. In addition, payment card networks agree to pay for the fees associated with monitoring compliance with the Code, as determined by the Financial Consumer Agency of Canada.

Payment card networks will regularly review, no less than every 3 years, market conduct practices of all merchant focused agents, registered by acquirers with the payment card networks, in the context of the Code.2 The payment card networks will report the results of these reviews to the Financial Consumer Agency of Canada.

Policy elements
1. Increased Transparency and Disclosure by Payment Card Networks and Acquirers to Merchants.

The payment card networks and their participants will work with merchants, either directly or through merchant associations, to ensure that merchant–acquirer agreements and monthly statements include a sufficient level of detail and are easy to understand.

All merchant-acquirer agreements will include a cover page containing an information summary box that provides key elements of the contract in a consolidated fashion and a fee disclosure box, using the templates in Addendum I.

Acquirers must also disclose all other fees (e.g. monthly minimums, administration fees, etc.) charged to the merchant.

Payment card networks will make all applicable standard interchange rates and acquiring network assessment fees easily available on their websites. In addition, payment card networks will post any upcoming changes to these rates and fees on their websites once they have been provided to acquirers. Payment card network rules will ensure that merchant statements include the following information:

Effective merchant discount rate3 for each type of payment card from a payment card network that the merchant accepts;

Interchange rates and, if applicable, all other rates charged to the merchants by the acquirer;

The number and volume of transactions for each type of payment transaction;

The total amount of fees applicable to each rate; and,

Details of each fee and to which payment card network they relate.

2. Payment card network rules will ensure that merchants will receive a minimum of 90 days’ notice of any fee increases or the introduction of a new fee related to any credit or debit card transactions, or a reduction in applicable interchange rates.4 Payment card networks will provide at least 90 days’ notice to acquirers for rate and/or fee changes and at least 180 days’ notice for structural changes.5

The notice to merchants must describe the nature of the fee change and the change must be clearly identifiable on the merchant’s subsequent monthly statement, to help merchants better understand the impact of the fee change.

Acquirers will also provide an updated fee disclosure box reflecting the impact, upon written request from the merchant, following a new fee or fee increase.

Notification is not required for fee changes made in accordance with pre-determined fee schedules, such as those based on merchant sales volume, provided that the schedules are included in the merchant’s contract.

3. Payment card network rules will ensure that following notification of a fee increase or the introduction of a new fee, or a reduction in applicable interchange rates not passed on to merchants, merchants will be allowed to cancel their contracts without penalty.

By signing a contract with an acquirer, a merchant will have the right to cost certainty over the course of their contract. As a result, in the event of a fee increase or the introduction of a new fee, merchants will be allowed to opt out of their contracts, without facing any form of penalty, within 90 days of receiving notice of the fee increase or the introduction of a new fee.

Merchants will also have the right to provide 90 days’ notice to exit their contracts without penalty in the event that acquirers do not pass-through the full savings from any reduction to payment card networks’ posted interchange rates that are applicable to that merchant, within 90 days of receiving notice of the interchange reduction.

This right includes relief from the application of any penalties on all related service contracts (e.g. terminal lessors, third-party processors) brokered by the acquirer and/or its registered agents, processors or other agents. 6

Merchants may not cancel their contracts in relation to fee increases made in accordance with pre-determined fee schedules, such as those based on merchant sales volume, provided that the schedules are included in the merchant’s contract.

4. Payment card network rules will ensure that merchants who accept credit card payments from a particular network will not be obligated to accept debit card payments from that same payment card network, and vice versa.

Payment card networks will not require merchants to accept both credit and debit payments from their payment card network. A merchant can choose to accept only credit or debit payments from a network without having to accept both.

The same principle applies to credit or debit payment credentials accessed by consumers through a mobile wallet or mobile device. Merchants who accept a credit payment credential from a particular network, which are accessed by consumers through a mobile wallet or mobile device, will not be obligated to accept debit payment credentials from that network or vice-versa.

5. Payment card network rules will ensure that merchants will be allowed to provide discounts for different methods of payment (e.g. cash, debit card, credit card). Merchants will also be allowed to provide differential discounts among different payment card networks.

Discounts will be allowed for any payment method. As well, differential discounting will be permitted between payment card networks.

Any discounts must be clearly marked at the point-of-sale.

6. Competing domestic applications from different networks shall not be offered on the same debit card. However, non-competing complementary domestic applications from different networks may exist on the same debit card. In mobile wallets or mobile devices, debit payment credentials from payment card networks must be represented as separate payment applets.

A debit card may contain multiple applications, such as PIN-based and contactless. A card may not have applications from more than one network to process each type of domestic transaction, such as point-of-sale, Internet, telephone, etc. This limitation does not apply to ABM or international transactions.

7. Payment card networks will ensure that co-badged debit cards are equally branded. All representations of payment applets in a mobile wallet or mobile device, and the payment card network brands associated with them, must be clearly identifiable and equally prominent.

Payment card network rules shall ensure that the payment networks available on payment cards will be clearly indicated. Payment card networks will not include rules that require that issuers give preferential branding to their brand over others. To ensure equal branding, brand logos must be the same size, located on the same side of the card and both brand logos must be either in colour or black and white.

8. Payment card network rules will ensure that debit and credit card functions shall not co-reside on the same payment card and that consumers shall have full and unrestricted control over default settings on mobile devices and mobile wallets to select such debit or credit payment applets.

Debit and credit cards have very distinct characteristics, such as providing access to a deposit account or a credit card account. These accounts have specific provisions and fees attached to them. Given the specific features associated with debit and credit cards, and their corresponding accounts, such cards shall be issued as separate payment cards. Consumer confusion would be minimized by not allowing debit and credit card functions to co-reside on the same payment card.

Credit and debit payment credentials can be stored on, or accessed by, the same mobile device or mobile wallet, provided that they are clearly separate payment applets, and consumers can select which payment applet shall be used for contactless payments.

Credit and debit payment credentials will only be issued to mobile devices or mobile wallets that do not have pre-set default preferences that cannot be changed and that provide consumers with full and unrestricted discretion to establish any default preference(s) for payment options. Selecting default preferences shall only be done by consumers based on a clear and transparent process, clearly accessible through the mobile user interface, and consumers should be able to easily change default settings in a timely manner.

9. Payment card network rules will require that premium credit and debit cards may only be given to consumers who apply for or consent to such cards. Premium cards, and the payment applets that link to premium card payment credentials, should clearly indicate that they are premium products (e.g. display clear and prominent branding used by the payment card networks to identify them as premium products). In addition, premium payment cards shall only be given to a well-defined class of cardholders based on individual spending, assets under management, and/or income thresholds and not on the average of an issuer’s portfolio.

Premium payment cards have a higher than average interchange rate. They must be targeted at individuals who meet specific spending, assets under management, and/or income levels.

For payment card networks that have differential acceptance costs for premium cards, payment card network rules will require issuers to include a statement on all cardholder applications for premium cards disclosing that these premium cards can impose higher card acceptance costs on merchants. This disclosure should be featured prominently on the cardholder application.

10. Payment card network rules will ensure that negative option acceptance is not allowed.

If payment card networks introduce new products or services, merchants shall not be obligated to accept those new products or services. Merchants must provide their express consent to accept the new products or services.

11. Payment card network rules will not require that merchants accept contactless payments at the point-of-sale, or to upgrade point-of-sale terminals to enable contactless payments.

If a merchant chooses to accept contactless payments at the point-of-sale, the merchant shall be able to cancel the contactless acceptance on their terminal for each payment card network, with thirty days’ notice, while maintaining all other aspects of their existing contract without penalty.

Should fees set by a payment card network in respect of contactless payments made from a mobile wallet or mobile device increase relative to card-based contactless payments, the payment card network will develop the technical specifications to ensure that merchant acceptance of contactless payments made from a mobile wallet or mobile device can be cancelled at the point-of-sale without disabling other forms of contactless payment acceptance. Merchants shall be able to opt out of accepting contactless payments made from a mobile wallet or mobile device by giving 30 days’ notice to their acquirer (or applicable registered agent), while maintaining all other aspects of their existing contract without penalty.

12. Payment card network rules will require that information about merchant-acquirer agreements, including cancellation and renewal terms and conditions, will be disclosed in a way that is clear, simple and not misleading.7

Merchants may provide notice of non-renewal at any point during the contract period up to ninety days prior to contract expiry.

Fixed term contracts will not be automatically renewed for the full initial term, but may convert to automatically renewable contract extensions of no longer than six months. Merchants may provide notice of non-renewal at any point during the extension period, up to ninety days prior to the end of each term.

This element applies to both the merchant-acquirer agreement and to any related service contracts with service providers. In situations where there is a business connection between the participant and the service providers, services are considered related and as a single service package.8

13. Payment card network rules will require that merchants have access to a clear dispute resolution process that provides for an investigation and timely response of complaints pertaining to the Code.

If a merchant believes that its service providers’ conduct is contrary to the Code, they may report the issue to their acquirer.9 Service providers include, but are not limited to, acquirers, processors, independent sales organizations, and referral agents.

The acquirer will review the issue with the merchant, undertake an investigation, and respond to the merchant within ninety days.

If the acquirer’s complaint process is exhausted and a satisfactory resolution not achieved, the merchant may submit the complaint to the payment card networks.

To facilitate the exchange of information, payment card networks will develop a common template and information requirements to facilitate the submission of a complaint by a merchant.

Payment card networks will investigate any complaints received from the acquirer, FCAC, or directly from a merchant and will work with their participants to find an appropriate resolution, and communicate the outcome of its investigation directly to the merchant, with a copy to the acquirer, within forty-five days of receiving the complaint.

Acquirers will establish an internal complaints handling process and make information on their process easily available to merchants.10 At a minimum, the complaints handling process must adhere to the following standards:

Acquirers will provide merchants with a summary of the complaint handling process and post it prominently on their website (a link to the website is to be included in the information summary box).

Acquirers must acknowledge receipt of the merchant complaint within five business days.

Acquirers must investigate all complaints and provide a substantive response to merchants that consists of either: (a) an offer to resolve the complaint; or (b) denial of the complaint with reasons.

Acquirers must provide their final decision within 90 days of receiving the merchant complaint, along with:

A summary of the complaint;

The final result of the investigation;

Explanation of the final decision; and

Information on how to further escalate a complaint in the event of an unsatisfactory outcome, along with the complaint handling form.

If acquirers cannot provide a response within 90 days, the merchant must be informed of the delay, reason for the delay, and the expected response time.

With the exception of the response time, each of these standards also applies to the payment card networks for investigating and responding to merchant complaints.

Payment card networks must be informed in writing of the aggregate number of any Code-related complaints received by acquirers, the nature of the merchant complaints, and the outcomes on a semi-annual basis. The payment card networks will also share the above information with the Financial Consumer Agency of Canada, as well as aggregate information on complaints resolved by the payment card networks.

Nothing in the above process restricts the merchant from directly filing complaints with the Financial Consumer Agency of Canada, or a payment card network, to investigate non-compliance with the Code.


Footnote 1
“Acquirers” are entities that enable merchants to accept payments by credit or debit card, by providing merchants with access to a payment card network for the transmission or processing of payments.
Footnote 2

Registered agent refers to any merchant focused sales actor that requires registration by an acquirer with a payment card network, either directly or through the sponsorship of an acquirer.

Footnote 3
The effective merchant discount rate is calculated as the total fees paid by the merchant to an acquirer, related to the processing of a specific type of payment card from a payment card network, divided by the total sales volume for that type of payment card.

Footnote 4
For greater clarity, “applicable” means only those categories of interchange rates that apply to the transactions originated by an individual merchant. For example, if rates for a specific industry program are reduced, but the transactions originated by the merchant do not qualify for those program-specific rates, then the merchant would not be entitled to pass-through of those program-specific reductions.

Footnote 5
Structural changes are significant changes to the fee structure for a payment card network. This includes the introduction of new types of interchange or other fees, a change to the interchange rate structure or the introduction of a new type of credit or debit card.

Footnote 6
The FCAC has released guidance that provides additional clarification on the extension of this element to multiple service provider contracts.

Footnote 7
The intention is to limit this element to standard-form contracts, i.e. those contracts that have not been custom negotiated between the parties with benefit of legal counsel.

Footnote 8
See FCAC Commissioner’s Guidance 10 for additional information on the interpretation of this clause.

Footnote 9
For the purposes of this element, acquirer is defined as the payment processing company (“processor”). Therefore, in cases where processing companies are sponsored by acquiring banks, the obligation for establishing the complaints handling process in the first step of the process will rest with the processor, not the acquiring bank.

Footnote 10
FCAC Commissioner’s Guidance 12 includes additional information on best practices for establishing an internal complaints handling process.



This Site Uses Cookies

BlueSnap employs cookies. A cookie is a small text, graphic or flash file that our web servers place on a user’s computer hard drive or other web-based device to act as a unique identifier. Cookies may also enable BlueSnap to automatically log a user back in to our services, as long as the user chooses to enable such option. BlueSnap cookies do not have an expiration date. Our cookies may collect personal, identifiable information, including a user’s username and password to support optional automatic logon. Cookies may also be used to identify and track transactions introduced by recognized BlueSnap affiliates and also to support optional choices by users to save and make available for reuse certain payment information for future transactions. Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our site, but your ability to use some features or areas of our site may be limited.

Technologies such as: cookies, beacons, tags and scripts are used by BlueSnap and our marketing partners, merchants, affiliates, or analytics or service providers, including online customer support providers and online transaction processors. These technologies are used in analyzing trends, administering the site, tracking users’ movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.

Third parties with whom we partner to provide certain features on our site or to display advertising based upon your Web browsing activity use Local Shared Objects (LSOs) such as HTML 5 or Flash to collect and store information. Various browsers may offer their own management tools for removing HTML5 LSOs. To manage Flash LSOs please click here.

As is true of most web sites, we gather certain information automatically and store it in log files. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We may link this automatically collected data to other information we collect about you.

We may from time to time partner with a third party to either display advertising on our web site or to manage our advertising on other sites. Our third party partners may use technologies such as cookies to gather information about your activities on this site and other sites in order to deliver relevant advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here (or if located in the EU/EEA click here). Please note, this does not opt you out of being served all ads. You will continue to receive generic ads.

Click here for our Privacy Policy

Note: How Google uses data when you use our partners’ sites or apps:

Cookie Settings


Disputes and Complaints Resolution

Shoppers and smaller merchants known as microbusineses (generally businesses with less than 10 employees), based in the EEA/EU have additional statutory rights concerning the handling of complaints concerning services rendered directly by BlueSnap (see below).

In Canada, merchants have additional rights according to the Canada Code of Conduct (see below).

Shoppers please note:

  • Issues and complaints regarding the actual services and/or products purchased from a merchant that uses BlueSnap to process the payment should first be addressed to the relevant merchant supplier directly. BlueSnap does not provide product support.
  • If the matter cannot be solved with the merchant you may then contact BlueSnap Shopper Support using our support form and we will do our best to assist.
  • If you are a Shopper and your issue relates to BlueSnap’s provision of payment services rather than the product or service purchased from the merchant, you are encouraged to raise the matter with us using the support form.

Merchants with complaints concerning BlueSnap’s provision of payment services are advised to email our Merchant Support team.


EU Shoppers’ Additional Statutory Rights – Dispute Resolution Services

  • EU-based shoppers have the right to seek redress for unresolved complaints and disputes through EU certified Alternative Dispute Resolution schemes and also the EU Online Dispute Resolution service.
  • This free EU-wide service is available for EU-based consumers to use at the following address.
  • This service is intended to help resolve disputes arising out of any purchases made either domestically or across EU state borders.

EU/EEA Shoppers’ and EU/EEA Small Merchants’ Additional Statutory Rights – Provision of Payment Services

  • BlueSnap is a regulated provider of payment services, supervised by the UK’s Financial Conduct Authority.
  • Complaints relating to BlueSnap’s provision of payment services that we cannot settle can be referred to the UK’s Financial Ombudsman Service.
  • An online leaflet providing information about the Financial Ombudsman Service is available from this link:

Canada Code of Conduct Complaints

In Canada, merchants have additional rights according to the Canada Code of Conduct (see below). If there is a potential violation of the Code of Conduct you want to bring to our attention, please complete the support form and reference the element your complaint relates to.  Following receipt of your complaint we will:

  • Acknowledge receipt within five business days.
  • Provide our final decision within 90 days of receiving the complaint, along with:
    • A summary of the complaint;
    • The final result of the investigation; and,
    • Explanation of the final decision;

If we cannot provide a response within 90 days, you will be informed of the delay, the reason for the delay, and the expected response time.


DMCA Notice

Procedure for making copyright infringement claims

If you believe that your copyrighted work has been copied in a way that constitutes copyright infringement and is accessible through BlueSnap, you may notify our copyright agent, as set forth in the Digital Millennium Copyright Act of 1998 (DMCA). For your complaint to be valid under the DMCA, you must provide the following information when providing notice of the claimed copyright infringement:

  • A physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
  • Identification of the copyrighted work claimed to have been infringed, or, if multiple copyrighted works at a single online site are covered by a single notification, a representative list of such works at that site.
  • Identification of the material that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled, and information reasonably sufficient to permit BlueSnap to locate the material.
  • Information reasonably sufficient to permit BlueSnap to contact the complaining party, such as an address, telephone number, and, if available, an electronic mail address at which the complaining party may be contacted.
  • A statement that the complaining party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law.
  • A statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

The above information must be submitted as a written notification to the following Designated Agent:
VP Legal Services, BlueSnap Inc. ATTN: Claim Infringement Department

Address of Designated Agent:
BlueSnap, Inc., 800 South Street, Suite 640, Waltham, MA 02453, USA
Telephone Number of Designated Agent: +1(781) 790-5013
Facsimile of Designated Agent: +1(781) 609-2009

Email Address of Designated Agent:

Please note that under federal law, if you knowingly misrepresent that online material is infringing, you may be subject to heavy civil penalties and including monetary damages, court cost and attorney fees incurred by BlueSnap, or by any copyright owner, or copyright owner licensee that is injured as a result of our relying upon the misrepresentation. You may also be subject to criminal prosecution for perjury.


Best Practices Relating to EU and UK Legislation

There are a various EUand UK laws and regulations affecting your use of BlueSnap services in connection with the online sale of goods and services.

The following summary is intended for guidance purposes only to help our BlueSnap merchants comply with such laws and regulations. It is not intended as legal guidance or comprehensive advice. As BlueSnap has a UK-based subsidiary serving the EU we are concentrating on the UK perspective in this outline.

General Consumer Legislation

There are various laws and regulations in the EU and UK that affect sales to end customers and add implied conditions relating to the goods sold or services provided, that are deemed to govern the terms of contract between merchants and their customers. These terms and conditions cannot be excluded.

Consumer Rights Act 2015

The primary UK legislation is embodied in the Consumer Rights Act 2015.

Supply of Digital Content

The Act specifically covers contracts between trader and consumer for supply of digital content, in addition to goods and services. Digital content includes computer system software, mobile apps, textual media, video and audio material as well as mobile phone applications. The law also recognizes that some sales may include a mix of digital content, goods and/or services.

A trader is any person(s) or company acting for purposes relating to a trade, business, craft or profession, and includes charities, non-profits, governmental and local authorities.

A trader based outside the EU selling to consumers within the EU will be covered by such legislation.

A consumer is any person not acting for the purposes of a business. It is up to a trader to demonstrate that a person is not a consumer.

Under the Consumer Rights Act certain basic standards are applied to every transaction for the supply of digital content. The content supplied must be:

  • Of satisfactory quality
  • Fit for its purpose
  • As described.

The standards also extend to content that is given free together with other paid elements of a transaction.

In the event of breach a consumer usually has the right of repair or replacement and price reduction. Other remedies may include a claim for damages, the right to a full refund or to enforce fulfillment of the contract.

As regards any pre-contractual information that is given by the trader, the provisions of the Consumer Contracts Regulations 2013 are also applicable (see below).

Supply of Services

The 2015 Act applies the following standards to every contract for the supply of services:

  • The service must be carried out with reasonable care and skill
  • Information given to the customer is binding where the customer relies on it
  • Price must be reasonable
  • The service must be carried out within a reasonable time

If services are supplied together with goods, then the standards relating to goods will usually apply.

In the event of breach of contract the consumer is entitled to repeat performance or a price reduction.

Other remedies in addition to the legislation include the right to claim compensation or have remedial work carried out by another trader.

Supply of Goods

The following standards apply to transactions for the sale and supply of goods (including hire purchase, hire, part-exchange and contracts for works and materials):

  • Satisfactory quality including, safety, durability, and freedom from defects
  • Fitness for purpose
  • Match description
  • Correct installation (where appropriate)

If the contract is breached statutory remedies include the right to reject (usually up to 30 days), repair or replacement, and price reduction, in addition to other remedies such as a claim for compensation for losses that have occurred.

Additional legislation covers the use of misleading and aggressive selling practices, extension of protection to recipients where products are purchased as gifts and this was known to the trader.

If a trader fails to disclose that it is a limited company and there is a breach of contract then the consumer may be able to claim directly against the directors of the business as individuals.

Unfair Contract Terms

The Consumer Rights Act 2015 updates past legislation dealing with unfair contract terms and notices relating to the exclusion and/or limitation of liability for consumer transactions.

Provisions that seek to exclude liability for death or personal injury caused by negligence are not to be used in consumer contracts and may give rise to enforcement action as unfair commercial practice by the Competition & Markets Authority or other regulatory bodies. Terms that seek to exclude liability for faulty or misdescribed goods or digital content are also nullified and may result in enforcement action. Exclusion of the statutory rights of a consumer is also forbidden.

Other terms of exclusion and limitation of liability will be generally subject to a test of fairness and transparency. A term is likely to be deemed unfair if it causes a significant imbalance in the parties’ rights and obligations to the detriment of the consumer. Contracts should be drawn up in a way that respects consumers’ legitimate interests.

Terms likely to be deemed unfair include:

  • Denial of full redress
  • Tying consumers into the contract beyond what would normally be expected
  • Trader not having to perform its obligations
  • Consumers unfairly losing prepayments
  • Trader being able to arbitrarily vary terms
  • Consumers being subject to disproportionate financial sanctions

Consumer Contracts (Information, Cancellation & Additional Charges) Regulations 2013

These UK regulations came into force on 13 June 2014 and replace the Distance Selling Regulations 2000 and Doorstep Selling Regulations 2008. The new regulations enforce EU Consumer Rights Directive 2011. The regulations cover transactions between a trader and a consumer. The likelihood is that these provisions will be deemed to also cover foreign traders selling to UK consumers and well as UK merchants.

  • It must be clear who is selling the product along with details of the geographical (physical premises) and email address. PO boxes are insufficient.
  • If the merchant is selling on behalf of another party then that party’s full geographical address and contact information must be disclosed.
  • A merchant can no longer charge online for addition items added by a pre-ticked box.
  • An online service contract can be cancelled within 14 clear days after being entered into.
  • The 14 days is a legal minimum and can be extended by the merchant.
  • For online purchase of goods the right to cancellation starts from the date of ordering and ends 14 days after receipt of the goods. There is then a further 14 days to return the goods.
  • The button for payment should be clearly marked with Pay Now or a similar clear designation.
  • A refund should be made with 14 days of cancelling or 14 days of return of goods to the merchant.
  • If the right to cancel is not properly provided then the cancellation period is extended to 12 months.
  • A merchant needs to provide an accurate description of goods and services, plus relevant information regarding the length of time of any commitment on the part of the consumer.
  • Total price of goods and services must be made clear.
  • Relevant information must be provided about compatibility of digital content with hardware and relevant software.
  • Cost of delivery should be made clear as also who bears cost of return of products if the right of cancellation is exercised. If this is not made clear then merchant must bear cost of return.
  • If digital content is downloaded within the 14 day cancellation period consumer must agree to waive cancellation rights.
  • If contract for goods is cancelled then merchant has to bear the initial delivery costs in any event.
  • There is no right to cancel in respect of CDS, DVDs, software with a broken seal, perishable, tailor-made or personalized items.
  • With respect to downloadable products these should only be supplied with the 14 day period if the consumer has given express consent to downloading within that period. Customer must acknowledge that once the download starts they will lose their right to cancel.
  • With respect to services, these should not be supplied within the 14 day cancellation period unless a consumer has requested this. If the service is provided in full within the 14 days then the right to cancel will be lost.
  • There is no statutory cancellation period for hotel bookings, flights, care hire, concerts and other event tickets or urgent repairs/maintenance.
  • Goods must be provided within the agreed time frame and no more than 30 days after the date of contract.
  • Merchant must bear the cost of the return of faulty goods.
  • It is forbidden to charge more than basic call rates for calls by existing customers to merchants about products that have been purchased.
  • The regulations include model cancellation instructions –
  • Note The Consumer Protection (Amendment) Regulations 2014 extend references to goods and services to also cover digital goods.

E-Commerce (EC Directive) Regulations 2002

(These regulations are still in force and there is some overlap with the 2013 regulations set out above). The regulations relate to sales by Internet, mobile and email, and cover business and consumer transactions. They apply to a UK-based merchant whether servicing just UK or any other member state.

Merchants must disclose the following:

  • Full name of the business and indication if a limited company, partnership or individual along with relevant names of partners/individual.
  • Geographic address at which business is established
  • Contact details, including email address
  • Details of any publicly accessible trade or similar register where business is registered
  • If service is subject to an authorization scheme or if a member of a professional body, details of the relevant supervisory authority or body
  • Details of any code of practice to which the merchant subscribes
  • VAT registration number
  • When referring to prices, a clear and unambiguous indication of those prices and whether the prices include taxes and delivery costs
  • Details of stages involved in the ordering process, including any costs involved in distance communication if the cost is anything other than a standard rate.
  • It is important to explain fully how contracts are formed and the relevant procedure for taking and refunding payment from customers’ credit cards.

Online order forms should make it easy for users to correct and clear incorrect data.

Customers must be told the steps involved in completing an online contract prior to or at the start of the process.

Provision of Services Regulations 2009

The regulations apply to UK providers of charged services and to individuals or organizations in an EU country that use a relevant services. The regulations cover B2B and B2C services and relate primarily to the provision of information. The provisions are similar to the two previous sets of regulations.

Regulation 8(1) of the POS Regulations requires the following information be made available to all customers:

  • Contact details, including a postal or email address or fax number, a telephone number, and the service provider’s official address;
  • Name;
  • Legal status and form of trading entity;
  • Geographic address of where the service provider is established;
  • Details of any registration on a public register;
  • Details of any authorization scheme to which the service provided is subject;
  • VAT number;
  • Details of any professional title granted, if carrying on a regulated profession;
  • General terms and conditions;
  • Any contractual terms, if any, regarding the governing law applicable to the contract;
  • The existence of any after-sales guarantee that is not legally required;
  • The price of the service;
  • The main features of the service; and
  • Any professional liability insurance or guarantee the service provider is required to hold.

Some additional information has to also be provided if requested pricing, price estimate, reference to any professional rules applicable in the relevant EU state, any steps to be taken to avoid conflict of interest.

Such information is to be given or made available prior to contract and can be by digital means.

There are further regulations against discrimination due to place of residence.

The 2009 Regulations also require merchants to respond to consumer complaints as quickly as possible and to use best efforts to resolve such complaints.

Data Protection Act 1998

This legislation will apply to merchants having a presence in the UK or collecting information onto UK-based servers. The Act lays down a number of principles of which the following are particularly relevant.

  1. Merchants must have legitimate grounds for collecting and using personal data and should not use the data to the detriment of individuals. Merchants need to be transparent about how data is used and must ensure nothing unlawful is done with the data. Data usage should covered in merchant’s privacy policy.
  2. Individuals have a right to view the information held on them, and have a right not to be marketed to.
  3. There are requirements regarding the release/transfer of data outside the EU.

Merchants should note that the European Union is set to make significant reforms to the area of data protection through the General Data Protection Regulation due to come into effect in early 2018. Many businesses are already taking active preparations to be able to conform with the new Regulation which demands greater focus on data privacy.


EU Alternative Dispute Resolution (ADR) Directive & Online Dispute Resolution (ODR) Regulation

The ADR directive and ODR regulation are covered in the UK by the Alternative Dispute Resolution for Consumer Disputes Regulations 2015 and the Alternative Dispute Resolution for Consumer Disputes (Amendment) Regulations 2015.

Businesses are required to inform consumers that they have the right to seek redress for unresolved complaints and disputes through certified Alternative Dispute Resolution schemes and the EU Online Dispute Resolution service.The free EU service that will be available for consumers to use as from February 15th, 2016 at the following address: This service is intended to help resolve disputes arising out of any purchases made either domestically or across EU state borders.


GDPR Compliance

The General Data Protection Regulation came into final force on 25th May 2018. This far-reaching regulation replaces the various regulations and national laws that were in place across the European Economic Area (EEA) over the last twenty years. The regulation increases the level of control EEA citizens and residents have over their personal data in the new digital age and presents a more unified environment for international business across Europe.

The Regulation impacts any business that receives, processes, stores or transfers personal data of EEA-based individuals, regardless of its location. Personal data is defined broadly and typically includes information relating to an individual such as name, email, location, online identifier, IP address, home address etc., whether in a work or domestic setting. New rights are given to individual data subjects concerning the personal data being stored, including the right prior notification of what data is being used for, how it will be processed and when it will be deleted. As a result, most businesses dealing the European market have had to review and update their data practices and privacy policies. High punitive fines can be levied for businesses that do not comply.

BlueSnap & the GDPR

BlueSnap has been focused on completing its General Data Protection Regulation (GDPR) compliance efforts.

During the final implementation period, BlueSnap has updated merchant agreement terms, privacy policy and cookie usage to be in line with GDPR requirements, as well as ensuring that our systems and third-party services were in compliance.

New BlueSnap Data Protection Addendum

To enable BlueSnap merchants to continue accepting orders from individuals based in the European Economic Area (EEA) from that date onwards, the GDPR compels us to put into effect a Data Protection agreement containing mandatory provisions for all merchants wherever they are based.

We therefore issued a Data Protection Addendum effective for BlueSnap and all merchants as from 25th May 2018. Review the new Data Protection Addendum                                                                                                                             here:

In addition to containing detailed provisions relating to BlueSnap’s handling and processing of personal data and the enforcement of data subject rights, it also requires our merchants to adhere to the GDPR and related law particularly with respect to notifying and obtaining any required consent of your customers for the processing of their personal data and transmission to BlueSnap.

Updated Privacy Policy 

BlueSnap also updated its Privacy Policy to cover new requirements introduced by the GDPR.  This automatically came into effect on 25th May and replaces the previous version on our Privacy Policy page at

These efforts are the continuation of BlueSnap’s commitment to comply with global privacy and security standards. For example, in order to cover the aspect of data transfer from the European Economic Area (EEA) to the US, BlueSnap has been certified on Privacy Shield since Q3 2016. We also added certification under the Swiss-US Privacy Shield scheme in 2017 and are currently finalizing updated data processing agreements with relevant parties involved in the processing, receipt, and storage of personal data.

We strongly advise merchants that receive shopper details from EEA-based individuals to take immediate steps to ensure their own data management practices are in compliance with the GDPR, and that other third party services used in addition to BlueSnap, are also compliant.

Useful resources for merchants are available in English from the UK’s Information Commissioner’s Office website:



The California Consumer Privacy Act (CCPA) will become effective on January 1st 2020 and it’s important that BlueSnap merchants are ready to comply from day one.

The legislation also applies to businesses based inside and outside California that deal with the data of Californian consumers and residents.

New Consumer Privacy Rights

The CCPA gives Californian consumers new privacy rights over their personal information.

Including the right to:

  • Request information.
  • Opt out fo any sale of personal information.
  • Have personal data deleted.
  • To be informed if personal data is being disclosed or sold.
  • Non-discrimination when exercising one of these rights.

Which Companies Must Comply?

Businesses that fall within just one of the following criteria must be in compliance:

  • Receive, buy or sell the data of more than 50,000 California-based residents, households or internet connected devices per annum.
  • Have an annual global turnover of over $25 million.
  • Generate 50% of revenue from dealing in sales of data.

Business Obligations

Some main matters to address under the CCPA:

  • Merchants covered by the CCPA will need to update their privacy policies to explain precisely how personal data is managed and provide links to online forms that consumers can use to submit requests exercising their statutory rights. Details of data categories, sources of data, purpose and sharing/transfer must also be listed.
  • Businesses that sell personal data will need to provide a clear opt-out process and a ‘do not sell’ button.
  • Significant fines can be expected from the regulator in the event of non-compliance as well as the added threat of civil litigation including class actions in the event of data breach.

Further Information

CCPA Fact sheet California Office of the Attorney General 

Useful resources and tools to manage CCPA & Privacy compliance.


Additional Legal Entities

Other Offices:

BlueSnap Payment Services Ltd

1 Fore St.

London, United Kingdom EC2Y 9DT

Authorized by the UK’s Financial Conduct Authority under the Payments Services Regulations 2017 reference no. 629580, for the provision of payment services.


BlueSnap Enterprise Canada ULC

2200 HSBC Building

885 West Georgia Street

Vancouver, British Columbia, V6C 3E8, Canada


BlueSnap Australia Pty Limited

37 Bligh Street

Suite 12 Level 12

Sydney NSW 2000 Australia


More Information:

UK VAT ID: 213 8035 39

US VAT ID: EU826002156


No Spam Guidelines

BlueSnap does not allow the use of any BlueSnap links and products in any type of spam activity.

The following guidelines can assist you in making sure your electronic marketing messages are not considered spam and are compliant with the CAN-SPAM Act.

These guidelines are taken from an official Federal Trade Commission CAN-SPAM web page.

Please note that spam is expressly against the terms of the BlueSnap Sellers agreement, and any spam communications relating to your BlueSnap account may lead to your account suspension, hold back of funds, indemnity claims and financial penalties. We appreciate your cooperation in keeping your account fully compliant with the CAN-SPAM Act.

The CAN-SPAM Act, a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations. Despite its name, the CAN-SPAM Act does not apply just to bulk email. It covers all commercial messages, which the law defines as any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service, including email that promotes content on commercial websites. The law makes no exception for business-to-business email. That means all email, for example, a message to former customers announcing a new product line must comply with the law.

Each separate email in violation of the CAN-SPAM Act is subject to penalties of up to $16,000, so non-compliance can be costly. But following the law isn’t complicated. Here’s a rundown of CAN-SPAM’s main requirements:

  • Don’t use false or misleading header information.Your From, To, Reply-To, and routing information including the originating domain name and email address must be accurate and identify the person or business who initiated the message.
  • Don’t use deceptive subject lines. The subject line must accurately reflect the content of the message.
  • Identify the message as an ad.The law gives you a lot of leeway in how to do this, but you must disclose clearly and conspicuously that your message is an advertisement.
  • Tell recipients where you’re located.Your message must include your valid physical postal address. This can be your current street address, a post office box you’ve registered with the U.S. Postal Service, or a private mailbox you’ve registered with a commercial mail receiving agency established under Postal Service regulations.
  • Tell recipients how to opt out of receiving future email from you.Your message must include a clear and conspicuous explanation of how the recipient can opt out of getting email from you in the future. Craft the notice in a way that’s easy for an ordinary person to recognize, read, and understand. Creative use of type size, color, and location can improve clarity. Give a return email address or another easy Internet-based way to allow people to communicate their choice to you. You may create a menu to allow a recipient to opt out of certain types of messages, but you must include the option to stop all commercial messages from you. Make sure your spam filter doesn’t block these opt-out requests.
  • Honor opt-out requests promptly.Any opt-out mechanism you offer must be able to process opt-out requests for at least 30 days after you send your message. You must honor a recipient’s opt-out request within 10 business days. You can’t charge a fee, require the recipient to give you any personally identifying information beyond an email address, or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request. Once people have told you they don’t want to receive more messages from you, you can’t sell or transfer their email addresses, even in the form of a mailing list. The only exception is that you may transfer the addresses to a company you’ve hired to help you comply with the CAN-SPAM Act.
  • Monitor what others are doing on your behalf. The law makes clear that even if you hire another company to handle your email marketing, you can’t contract away your legal responsibility to comply with the law. Both the company whose product is promoted in the message and the company that actually sends the message may be held legally responsible.

Report Spam

If you believe that a BlueSnap link was used in spam activity please submit a report to and include the relevant link/s and message/s.


BlueSnap Prohibited Items

If you are uncertain as to whether your business is a Prohibited Business, or have questions about how these requirements apply to you, please contact us.

By registering for BlueSnap, you are confirming that you will not use the Service to accept payments in connection with prohibited businesses, business activities or business practices.

List of Prohibited Items:

I. You may not sell or promote any items or services prohibited by law in the jurisdiction of transaction.

II. You may not sell any of the items listed below:

  • Any illegal or unlawful goods or services or that encourage, promote, facilitate, or instruct others to engage in illegal activity.
  • Escort & Bride catalogs, sexual services, mail order brides, prostitution
  • Financial consulting services
  • Resellers – if you are a reseller of a product or service you must obtain the appropriate reseller certificate or permission.
  • Foreign Currency Exchange services or software, binary options
  • Live animals, Human body parts/fluids/remains (excluding hair pieces)
  • Items that include computer viruses, worms, trojan horses, dishonest adware, crimeware, unauthorized rootkits, and other malicious and/or illegal software.
  • Medical Benefit Packages, discount medical cards, Medical/ therapy services, medical consultation services, dental plans
  • Unapproved drugs, and devices mimicking illegal drugs
  • Phone unlock services, Jail breakers
  • Pornography and adult content featuring children and/or individuals under the age of 18 years; and/or featuring rape/violence/bestiality and/or all other illegal sexual content. This includes products or content on your web site where BlueSnap BuyNow links are placed.
  • Products that infringe or violate copyright, trademarks, privacy, IP rights
  • Rape/Violence
  • Replica, branded name knock-off products, stolen/recalled property, Counterfeit goods
  • Satellite, Cable signal decoders/cards
  • Selling social media activity, Twitter followers Facebook Likes, YouTube reviews
  • Sites promoting hatred, racism, religious persecution or contain offensive content
  • Virtual Credit
  • Virtual gaming chips, credits, penny auctions, auctions with non-refundable bid or participation fees
  • Weapons, Firearms, ammunition, explosives, hazardous materials, combustibles, knives
  • Crowdfunding


PCI-DSS Compliance

PCI-DSS Responsibilities of BlueSnap and Merchants

BlueSnap complies with Level 1 Payment Card Industry Data Securities Standards (PCI-DSS), which is the highest standard of PCI compliance.

Whenever shopper’s cardholder payment data is transmitted, processed, or managed through the BlueSnap platform, BlueSnap takes responsibility for the proper security of the data entrusted to us in accordance with PCI-DSS requirements.

Merchants that use BlueSnap’s hosted secure order pages benefit from having the main burden of PCI compliance covered by BlueSnap. Nevertheless, as Merchants have access to transaction invoices they must carefully manage the administration of such data in line with relevant privacy legislation and Card Association rules. We recommend that such Merchants take steps to ensure their compliance by benefitting from free enrolment with our PCI specialist partner Security Metrics.

Merchants that host their own order pages and use BlueSnap Payment APIs are required to be fully PCI-DSS compliant and are responsible to securely manage all shopper’s payment data. Such Merchants are encouraged to simplify such compliance obligations and to protect and secure their business and customer data through the PCI security programs BlueSnap has established with Security Metrics

Further general information about PCI-DSS can be found here:


Refund Policy

Refund policies are determined and implemented by the individual merchant. If you have a refund, return or exchange request for an order placed with your merchant, please contact them directly. Each merchant should clearly state their refund policy under terms and conditions on their website in order to ensure the shopper fully understands those terms prior to completing their purchase.

If you have a refund, return or exchange request for an order you placed with BlueSnap (acting as an authorized reseller for the merchant), please contact BlueSnap via email at no later than thirty (30) days after you submitted the order to BlueSnap. BlueSnap may grant an extension to the 30 days at their discretion. In certain cases, such as services already utilized or the download of digital goods, these cancellation or return rights may be conditioned or for a shorter period. Please view Terms & Conditions at

Subscriptions and recurring charges

Ongoing subscriptions and recurring charges may be canceled at any time. The cancellation will take place from the next billing period. A cancellation will only cancel future billings.

Dispute resolution procedures

The BlueSnap dispute system is designed to facilitate polite and amicable communication between merchants and shoppers and to assist them in resolving any issues that may arise.

Reasons for cancellation

BlueSnap reserves the right to cancel a transaction in order to comply with credit card industry regulations, payment processor, and banking rules, or the need to comply with legal requirements, intellectual property rights, court orders and law enforcement agencies. In addition, BlueSnap may cancel transactions it reasonably considers to be potentially fraudulent, unlawful, or in breach of BlueSnap’s prohibited items & DMCA policy or privacy policy.

Interested in learning more?