Business Card Payments: UK Legal Requirements, Fees And Compliance

If you run a small business, taking card payments can feel like a no-brainer. Customers expect it, it speeds up checkout, and it can make you look more established from day one.

But “easy to set up” doesn’t always mean “low risk”. Card payments sit at the crossroads of customer rights, data protection, security standards, and your contract with your payment provider.

This guide breaks down what UK SMEs should think about before (and after) you start taking business card payments - including common fee traps, the key legal rules, and practical compliance steps to protect your cashflow and your reputation.

What Counts As “Business Card Payments” (And Why It Matters)?

In simple terms, taking business card payments means accepting payments from customers using a debit card or credit card - whether in-person (card machine), online (checkout page), over the phone, or via payment links.

From a legal perspective, it matters how you take the payment, because different risks and obligations can apply depending on the channel:

• Card-present payments (in-store, chip and PIN, contactless) usually have lower fraud risk and lower processing fees.
• Card-not-present payments (online, phone, mail order) have higher fraud/chargeback risk and sometimes higher fees.
• Recurring card payments (subscriptions, membership billing) raise extra consumer law and cancellation issues.

Even if you outsource most of the payment flow to a provider, you still need to get the “business side” right - like what you promise customers, how you handle refunds, and how you deal with disputes.

Are You The Merchant Of Record?

One key concept is whether your business is the “merchant of record” (the party the customer is paying). In most standard setups, you are - and that means:

• the contract is between you and the customer;
• you’re responsible for delivery and quality; and
• you’ll usually be the first point of contact for refunds and complaints.

This is why getting your terms, policies, and checkout wording right isn’t just “admin” - it’s risk control.

What Fees And Contract Terms Should You Watch For?

Fees are often the first thing business owners look at when choosing a card payment setup. That makes sense - but it’s not just about the headline percentage.

Your contract with a payment provider can affect your margins, your cashflow, and even how easily you can resolve customer disputes.

Common Fees When Taking Card Payments

Depending on your setup, you might see some or all of these fees:

• Transaction fees (a percentage and/or fixed fee per payment).
• Monthly fees (for terminal rental, platform access, support plans).
• Chargeback fees (a fee when a customer disputes a payment, regardless of outcome).
• Refund fees (some providers keep the processing fee even if you refund).
• Cross-border / currency conversion fees (relevant if you sell internationally).
• Payout fees or delays (especially where rolling reserves are used).

Tip: “Cheap” processing can get expensive if your business has lots of refunds, high average order values, or higher fraud exposure (like phone payments or digital goods).

Key Contract Clauses That Can Catch SMEs Out

Before you sign up, it’s worth scanning the terms for:

• Rolling reserves: the provider holds back a percentage of takings for a set period (cashflow impact).
• Termination rights: can you leave easily, or are there minimum terms and exit fees?
• Account freezes: what triggers a freeze (spikes in sales, disputes, certain product categories) and how long can it last?
• Evidence rules for disputes: what documents do you need to “win” a chargeback?
• Data protection roles: are they a processor or controller, and what do they expect you to do?

If you’re negotiating contracts with suppliers (including payment providers) or setting customer-facing terms, getting the basics of what makes a contract legally binding right is a good starting point - even before you get into the finer detail.

What UK Legal Rules Apply To Taking Card Payments?

Card payments aren’t governed by one single “card payments law”. Instead, you’ll usually be dealing with a mix of consumer protection rules, payment regulations, and advertising/price transparency obligations.

Can You Charge A Surcharge For Card Payments?

In most UK consumer transactions, you generally can’t add extra fees just because a customer pays by card. This is often referred to as the “card surcharge ban”. The rule was brought in to stop businesses adding unfair payment fees at checkout.

However, the position can be more nuanced in business-to-business settings (for example, where you only sell to businesses, or you’re dealing with certain commercial payment methods). If you’re thinking about surcharging, it’s important to check what rules apply to your customers, your payment type, and your acquirer/card scheme terms.

In practice, that means if you advertise a price to consumers, you should assume they can pay by card without you adding a separate “card fee” on top.

If you’re unsure how this applies to your setup (for example, business-to-business sales, or where you offer discounted bank transfer pricing), it’s worth getting advice so your pricing stays compliant and clear.

Are Minimum Card Payment Amounts Allowed?

Many small businesses want to set a minimum spend for card payments (for example, “£5 minimum”). There can be commercial reasons for this, but you should be careful - it can create customer friction and, depending on your setup, may conflict with payment network rules.

For a practical breakdown, minimum card payment requirements are something you should think through before putting signage up or training staff to enforce it.

Pricing And Consumer Transparency

Even if your payment processing is fully outsourced, you still control what customers see and what you promise. Under UK consumer protection principles, your pricing should be:

• clear (no hidden extras added late in the checkout process);
• accurate (don’t advertise prices you won’t honour); and
• consistent across channels where possible (online vs in-store policies).

If you use recurring billing (memberships, software subscriptions, regular service retainers), you’ll also want to think about how you describe renewals and cancellation. This comes up a lot for SMEs that rely on predictable revenue, and auto-renewal laws are a common compliance blind spot.

Do You Need To Give Receipts Or Invoices?

There isn’t one universal rule that says you must always issue an invoice for every card transaction - but in practice, most SMEs should have a clear invoicing/receipt process for:

• customer service (proof of purchase for returns, warranty claims, or disputes);
• accounting and tax (especially if you’re VAT-registered); and
• chargeback evidence (providers often ask for receipts, delivery confirmations, or invoice references).

It also helps you avoid messy bookkeeping later. Having a consistent format aligned with UK invoice requirements can save a lot of back-and-forth if a customer disputes a payment - but if you’re unsure about VAT or invoicing obligations for your specific situation, it’s best to get accounting or tax advice.

How Do You Stay Compliant With Data Protection And Payment Security?

When you accept card payments, you’re dealing with sensitive data - and sometimes personal data too (names, email addresses, delivery details, IP addresses, device identifiers, etc.).

Even if you never see the full card number, you’re still running a process that collects and uses personal data. That brings UK GDPR and the Data Protection Act 2018 into the picture.

UK GDPR: What Does Your Business Need To Do?

For most SMEs, the most realistic approach is:

• map what you collect (customer details, transaction records, support tickets);
• be transparent (tell customers what you collect and why);
• only collect what you need (don’t hoard data “just in case”);
• secure it (limit access, use strong passwords and 2FA, lock down admin accounts); and
• set retention periods (keep what you must for tax/accounting, delete what you don’t need).

Most customer payment journeys will also require a clear Privacy Policy - especially if you take payments online, collect emails for receipts, or store delivery addresses.

PCI DSS: The Security Standard You Can’t Ignore

When people talk about “PCI compliance”, they’re referring to the Payment Card Industry Data Security Standard (PCI DSS). It’s not a UK law, but it’s an industry standard that payment providers typically require you to follow as part of your merchant terms.

What this means in practical SME terms:

• If you use a hosted checkout or an approved terminal, compliance is usually lighter (but not “zero”).
• If you take card payments over the phone and write card details down (don’t do this), your risk jumps dramatically.
• If you store card details yourself, you’ll likely be stepping into a high-compliance (and high-liability) setup.

A good rule of thumb: design your process so your business never handles raw card numbers. Use secure providers, tokenisation, and approved payment pages/terminals.

Policies And Staff Training (Yes, This Is A Legal Risk Issue)

A surprising number of payment problems come from internal process issues - a staff member processing refunds incorrectly, sending payment links to the wrong person, or falling for social engineering attempts.

Having a simple internal policy on how to take payments, when to refund, and what staff should never do (like taking card details by email) can be a big risk reducer. If staff use workplace devices to manage payment systems, an Acceptable Use Policy can also help set clear boundaries and reduce security mistakes.

How Do You Handle Refunds, Chargebacks And Customer Disputes?

Taking card payments can increase sales - but it can also increase the pace and volume of disputes. Refunds and chargebacks are where many SMEs feel the pain, because they affect both cashflow and admin time.

The key is to set expectations clearly and have a process that’s legally compliant and workable in real life.

Refund Rights: Don’t Make Promises You Can’t Keep (Or Deny Rights Customers Have)

In the UK, consumer transactions are heavily influenced by the Consumer Rights Act 2015 and (for online/distance sales) the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013.

Depending on what you sell, customers may have:

• short-term rights to reject faulty goods;
• repair/replacement rights (or price reduction/final right to reject);
• cooling-off cancellation rights for online/distance contracts (with some exceptions).

On top of the “whether” of refunds, there’s also the “when”. Customers often ask how quickly a refund should hit their account, and delays can create complaints (or chargebacks). A practical benchmark is covered in how long a refund should take.

If you sell online, having returns wording that matches your actual operational ability (and the law) matters. For many SMEs, a properly drafted Returns Policy is one of the simplest ways to reduce disputes and support tickets.

Chargebacks: What They Are And How To Reduce Them

A chargeback is when a customer disputes a card payment through their bank/card issuer. Even if you did everything right, chargebacks can happen - and they often come with strict deadlines and evidence requirements.

Common chargeback triggers include:

• “Item not received” (delivery disputes, unclear delivery times, wrong address);
• “Unauthorised transaction” (fraud or friendly fraud);
• “Not as described” (misleading marketing, unclear product descriptions);
• confusing transaction descriptors (the customer doesn’t recognise your name on their statement).

To reduce chargebacks, focus on:

• clear product/service descriptions and transparent pricing;
• delivery proof (tracking, delivery confirmation, signed delivery for higher value items);
• fast customer support (customers are less likely to dispute if you respond quickly);
• easy cancellation pathways for recurring payments; and
• documented policies (returns, refunds, cancellations) that you follow consistently.

Cancellation Fees, No-Shows And Non-Refundable Payments

If your business takes card payments upfront (for bookings, appointments, events, made-to-order goods), you may want to rely on deposits, cancellation fees, or “non-refundable” terms.

This can be lawful - but the wording and the fairness of the term matters, particularly where you sell to consumers. For service businesses, it’s worth understanding when refusing a cancellation fee could cause problems (for example, if the fee looks excessive or the customer wasn’t told clearly upfront).

As a general rule, you’ll want your booking terms to be:

• prominent (not buried);
• reasonable (reflecting genuine loss, not a penalty); and
• operationally enforceable (staff know what to do, and you can evidence what was agreed).

Key Takeaways

• Taking business card payments is more than a tech decision - it affects your contracts, customer rights, disputes, and data compliance.
• Don’t just compare headline processing rates; check for cashflow impacts like reserves, payout delays, refund fees, and chargeback fees.
• In most consumer scenarios, you generally can’t add extra “card surcharges”. If you mainly sell B2B, check whether different rules (and card scheme/acquirer terms) apply before adding any payment fees.
• UK GDPR and good privacy practice still apply even if you outsource payments - if you collect customer details, you’ll likely need a clear Privacy Policy and a secure process.
• Reduce chargebacks by tightening your delivery proof, product descriptions, customer support response times, and customer-facing refund/returns wording.
• If you take deposits or enforce cancellation fees, make sure the terms are clear, fair, and properly documented - vague “non-refundable” wording can backfire.

If you’d like help reviewing your payment terms, customer policies, or booking/refund wording so you’re protected from day one, you can reach us at 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat.