What are the location requirements for ECOM businesses?

Location requirements

If you're processing online payments, you need to use your principal place of business as the merchant outlet location for card-absent transactions. This is the fixed location where your executive officers direct, control, and coordinate your entity’s strategy, operations, and activities. You can only have one principal place of business for your business and its group subsidiaries. 

Additional location (subsidiary)

You may only use the country/region of a subsidiary if that country/region qualifies as an additional Merchant location. You must meet ALL of the following location criteria: 

  • You have a permanent physical location (office or co-working space) where you conduct business activities and where those accountable for the sale or distribution of the goods or services purchased in the specific transaction decide how products are sold or distributed. Typical functions that are relevant: Marketing, Sales, Business development, HR, Compliance, Risk, Legal, Tax, Finance, etc. 
    • It’s important that the employees on the ground have decision-making power related to the transactions in that country/region. For example, a marketing department having the ownership of the marketing strategies in the country/region. If you have some functions locally outsourced or if you have presence of employees from other entities from the same business group on the ground, both could also count as local presence.
  • The following are not sufficient to satisfy these criteria: 
    • A post office box, a mail-forwarding address, the address of the merchant’s law firm, agent, or vendor, a warehouse without business activities, or an email address.
    • The location of a payments function, customer service function, servers or URL, or the presence of a director or investor. 
  • You assess sales taxes on the transaction activity (assessed on the total amount of the sale of the goods and services). This means that you have a Tax ID.
  • You permits to operate locally (under all applicable laws and regulations)
  • You are subject to local consumer laws and courts (visible in the T&Cs).
  • You must disclose the location of the merchant outlet (and, therefore, of the transaction) to the cardholder at the time of the transaction. It must be displayed on the check-out screen or on a page immediately prior to the check-out screen, and should not be solely accessible via a hyperlink. 

The PCI DSS compliance guide

Find a handy glossary and all PCI DSS rules in Adyen Docs.

View compliance guide