Legal Considerations for Card Payment Machines in the UK

Card payments have become the default for many customers - in cafés, salons, trades, pop-ups, and online brands doing in-person events. If you’re running a small business, having reliable card payment machines (and a process that supports them) can make it easier to get paid quickly, reduce cash handling, and improve customer experience.

But there’s a legal and compliance side to taking card payments that’s easy to overlook when you’re focused on costs, fees, and speed of setup.

From customer refunds and chargebacks to handling personal data and setting clear terms, using card payment machines comes with responsibilities. Getting it right upfront helps you avoid disputes, complaints, and awkward conversations at the till.

Below, we break down the key legal considerations for UK merchants using card payment machines, in plain English, with practical steps you can apply straight away.

What Do We Mean By “Card Payment Machines” (And Why Does It Matter Legally)?

When most small businesses talk about card payment machines, they mean a terminal that takes debit/credit card payments in person (including contactless). That might be:

• Countertop terminals in a fixed location (e.g. retail stores, clinics, hospitality venues)
• Portable terminals used around a venue (e.g. restaurants)
• Mobile card readers paired with a phone/tablet (e.g. market stalls, trades, events)
• Virtual terminals or card-not-present systems (e.g. taking payments over the phone)

The legal issues shift depending on how you take payment. For example:

• If you take payments in person, you’ll often deal with “instant” transactions, but still need a fair refund process.
• If you take payments over the phone or online, distance selling rules and higher fraud risk can increase disputes and chargebacks.
• If you store customer details (even indirectly through receipts, bookings, or order histories), data protection becomes a bigger deal.

So while “card payment machines” sounds purely operational, the way you use them impacts your customer terms, privacy compliance, and how you manage complaints.

Are There Any Rules On Minimum Spend Or Card Surcharges In The UK?

This is one of the most common questions small businesses have when setting up card payment machines: “Can I set a minimum card payment?” or “Can I charge extra for card?”

Minimum Card Payment Amounts

Some merchants want a minimum spend because card transaction fees can make small purchases feel unprofitable. While minimum spend policies aren’t generally banned by law, they’re often restricted by card scheme rules and/or your agreement with your payment provider - so it’s important to check what your provider allows.

From a consumer compliance and customer-experience perspective, the key is clear communication before the customer commits. Surprising someone at the point of payment is where complaints tend to start.

If you’re unsure where the line sits, it’s worth reading up on minimum card payment requirements so you can set your checkout policy in a way that’s transparent and defensible.

Card Surcharges

In the UK, there is effectively a ban on surcharging consumers for paying by card (and other popular payment methods). Since 2018, businesses generally can’t charge consumers extra for paying by credit or debit card.

From a risk-management perspective, a safer approach is usually to:

• price your goods/services in a way that accounts for your typical payment costs; and
• make sure your pricing and payment methods are transparent.

If you’re considering any fee linked to card payment (even if it’s described as an “administration” or “payment” fee), get advice first - because this is an area where small businesses can get caught out.

Refunds, Chargebacks, And Returns: What Are Your Legal Obligations?

Once you start taking card payments, you’ll likely see more refund requests - partly because customers expect card refunds to be quick and straightforward. The legal side depends on what you sell, how you sell it, and whether your customer is a consumer or a business.

Refund Rights Under UK Consumer Law

If you sell to consumers, you need to comply with the Consumer Rights Act 2015. In simple terms, consumers have rights when goods are faulty, not as described, or not fit for purpose. For services, they’re entitled to services carried out with reasonable care and skill.

If your business sells online or at a distance, there may also be cancellation rights (for example, a cooling-off period in many cases).

This is where your internal processes matter. If you’re using card payment machines in-store and selling online, your returns approach needs to be consistent and legally compliant across channels. Many merchants set this out in a written Returns Policy so staff and customers know where they stand.

How Long Should A Refund Take?

Customers often ask: “How long will the refund take to show up?” While you can’t control bank processing times, you can control how quickly you authorise the refund on your side - and you should do it promptly once you’ve accepted that a refund is due.

It helps to set expectations clearly at the point you process the refund (for example, “Refunds usually appear within X working days”). For more detail on timing expectations, refund timeframes are worth understanding so your customer comms are accurate.

Chargebacks: The Practical Risk For Merchants

A chargeback is when a customer asks their card provider to reverse a card payment (for example, claiming they didn’t authorise it, goods weren’t delivered, or the service wasn’t provided as agreed).

Even if you think the customer is being unreasonable, chargebacks are a real commercial risk because they can:

• tie up your cashflow;
• create admin time gathering evidence; and
• increase your risk profile with your payment provider.

Tip: The best “chargeback defence” is good paperwork and good processes. That includes clear customer terms, clear receipts/invoices, delivery proof where relevant, and a documented complaints/refunds process.

What Should You Put In Your Terms And Customer Notices When Taking Card Payments?

When you accept card payments, you’re entering into a transaction that can be disputed more easily than cash - so it’s worth tightening up your customer-facing documents.

For many small businesses, the goal is simple: avoid misunderstandings. That means being clear about what the customer is buying, how cancellations work, what happens if they change their mind, and when you’ll offer refunds.

Key Areas To Cover

Depending on your business model, your customer terms (whether on your website, booking page, printed signage, or emailed confirmations) may need to address:

• Pricing (including whether VAT applies and what’s included)
• Payment timing (upfront, deposit, staged payments, pay-on-completion)
• Cancellations and no-shows (especially for bookings and appointments)
• Refund rules (faulty goods vs change-of-mind, and any legal exceptions)
• Delivery/collection terms (where relevant)
• Proof of purchase expectations (receipts, order confirmation emails)

If you run subscriptions or memberships (common in gyms, studios, and service businesses), make sure any auto-renewal is clearly explained and cancellation is straightforward. UK rules are tightening in this area, so it’s smart to check your approach against auto-renewal laws.

Deposits And Cancellation Fees

If you take deposits via card payment machines (or send a payment link and take a deposit by card), be careful with words like “non-refundable”. Whether you can keep a deposit often depends on:

• what was agreed up front;
• whether your terms are fair and transparent; and
• whether keeping the deposit reflects a genuine estimate of loss (rather than a punishment).

Having a written service agreement (or booking terms) is especially helpful for appointment-based businesses.

GDPR And Data Protection: What Happens To Customer Data When You Use Card Payment Machines?

Many merchants assume GDPR only applies to “big tech” or online businesses. In reality, most small businesses using card payment machines will handle some personal data - even if you never see full card numbers.

Common examples include:

• customer names on receipts or booking confirmations;
• email addresses for digital receipts;
• phone numbers for booking and payment confirmations;
• transaction references that can be linked back to individuals; and
• any stored customer profiles (e.g. loyalty programs or saved invoices).

Your Key GDPR Obligations (In Plain English)

Under the UK GDPR and the Data Protection Act 2018, you generally need to:

• tell customers what you do with their data (usually via a Privacy Policy);
• only collect what you need and use it for legitimate purposes;
• keep data secure (including device security, access controls, and secure Wi-Fi practices);
• not keep data longer than necessary; and
• handle data requests (like subject access requests) appropriately.

If you collect customer data via bookings, online forms, Wi-Fi signups, or email receipts, having a compliant Privacy Policy is usually a must-have.

Also remember: your payment provider may be a third party processing personal data in connection with your business. You’ll want to understand what they do with it, where it’s stored, and what contractual terms apply.

Staff Handling And Security Practices

GDPR compliance isn’t just a document - it’s also day-to-day behaviour. If your team uses card payment machines, consider basic policies and training around:

• not writing down card details;
• keeping terminals physically secure;
• spotting suspicious transactions; and
• handling customer receipts responsibly (especially if they include personal details).

Separately to data protection law, businesses that accept card payments are also expected to follow their payment provider and card scheme requirements - including security standards such as PCI DSS. If you’re not sure what applies to your setup, it’s worth checking your provider’s guidance and your merchant agreement.

If you want your data protection documents and processes to match how your business actually operates, a structured approach like a GDPR package can be a sensible next step as you grow.

Payments, Invoices, And Record-Keeping: What Should Small Businesses Do In Practice?

Card payments can simplify your bookkeeping, but they don’t remove your obligations to keep accurate records - especially for tax and dispute purposes. (This section is general information only and isn’t tax advice.)

Receipts And Proof Of Purchase

From a customer dispute perspective, it helps to have a consistent approach to receipts, whether that’s printed or digital.

From a business compliance perspective, you’ll also want to keep transaction records that allow you to:

• reconcile daily takings;
• identify refunds clearly;
• respond to chargebacks or complaints with evidence; and
• support your tax reporting.

Invoices And Payment Terms

If you invoice customers (common for trades, B2B services, and staged projects), you should still be clear about payment terms even if you also accept card payments on completion.

For example, are you expecting payment:

• immediately on receipt of invoice;
• within 7/14/30 days;
• in instalments; or
• only after sign-off of the work?

Getting this right reduces late-payment disputes and helps with cashflow. If you want a simple compliance baseline, it’s worth checking invoice requirements so your invoices include the right information and don’t create ambiguity.

“Imagine This” Scenario: A Payment Dispute You Could Prevent

Imagine you run a small renovation business. Your customer pays a deposit via a card payment machine, then later argues the scope wasn’t clear and refuses to pay the balance. If your quote, scope, and payment milestones weren’t documented properly, you may struggle to enforce payment - and the customer might try a chargeback on the deposit too.

This is why it’s worth having solid written terms (even for small projects) and a consistent process for approvals and variations.

Key Takeaways

• Card payment machines are convenient, but they increase your exposure to refunds and chargebacks - good terms and good record-keeping make a big difference.
• Be careful with minimum spend rules and avoid surprise policies at the till; clear upfront communication is essential (and your payment provider/card scheme may restrict what you can do).
• Make sure your refund and returns approach aligns with the Consumer Rights Act 2015 and (if you sell at a distance) the relevant cancellation rules.
• Card payments often still involve personal data (receipts, bookings, digital receipts), so you should take GDPR compliance seriously and have a clear Privacy Policy.
• Keep clean payment records and invoices so you can reconcile income, handle disputes, and support your tax reporting.
• If you’re unsure whether your customer terms, refund process, payment security compliance (including PCI DSS), or data handling is legally watertight, getting tailored advice early can save you a lot of time and stress later.

If you’d like help setting up your terms, policies, or contracts so you’re legally protected when using card payment machines, you can reach us at 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat.