Legal Requirements For Accepting Credit Card Payments In New Zealand

Alex Solo
byAlex Solo10 min read
Consumer Law
Contents

If you’re running a small business in New Zealand, accepting credit card payments can feel like a no-brainer. Customers expect it, it speeds up checkout, and it can help you increase sales.

But once you start taking card payments (in-store, online, or over the phone), you’re also stepping into a space with real legal and compliance obligations. And if you charge customers extra for paying by card, you’ll want to be especially careful about credit card surcharge laws in New Zealand and how you disclose them.

In this guide, we’ll walk through the key legal requirements and practical steps to help you accept credit card payments confidently, stay compliant, and avoid common mistakes that can lead to customer disputes or regulatory trouble.

What Laws Apply When You Accept Credit Card Payments In New Zealand?

There isn’t one single “credit card payments law” in New Zealand. Instead, your obligations come from a combination of consumer law, privacy law, and (often) contract terms imposed by your payment provider - plus the security standards your provider requires you to follow.

Here are the main legal and compliance areas that usually matter for small businesses:

  • Consumer protection and advertising rules under the Fair Trading Act 1986 (especially around pricing, surcharges, and how you communicate fees).
  • Commerce Commission expectations and guidance on pricing transparency and surcharging (in practice, this often shapes what regulators consider “fair” disclosure and what could attract scrutiny).
  • Consumer rights around faulty goods/services under the Consumer Guarantees Act 1993 (this affects refunds and chargebacks in real life, even if it’s not “card law” specifically).
  • Customer data handling under the Privacy Act 2020 (especially if you collect names, emails, delivery addresses, or store customer details).
  • Contract terms in your agreements with payment processors, payment gateways, POS providers, and banks.
  • Card payment security requirements such as PCI DSS (Payment Card Industry Data Security Standard), which is usually enforced through your provider contract and can apply even to small businesses depending on how you take payments.
  • Cybersecurity and data security expectations (not always spelled out in one Act, but a big practical risk area with legal consequences if there’s a breach).

Most compliance problems happen when a business assumes “it’s just a payment” and doesn’t treat it like a legal and operational system. Getting it right early is one of those “protected from day one” steps that can save you a lot of headaches later.

Credit Card Surcharge Laws New Zealand Businesses Need To Know

Adding a surcharge for credit card payments is common, particularly in hospitality, retail, and service businesses. The key is doing it in a way that’s lawful, transparent, and consistent with your provider’s rules.

In New Zealand, surcharging isn’t “banned” in a blanket way. However, surcharge practices can create legal and regulatory risk if they mislead customers, result in unclear pricing, or appear excessive compared to the cost of accepting that payment type.

1) Make Sure Your Pricing Isn’t Misleading

Under the Fair Trading Act 1986, you must not mislead customers about the price they’ll pay. That means if you advertise a price (online, on a menu, on signage, in a quote), the customer shouldn’t be surprised at the checkout by extra fees they weren’t properly told about.

As a practical rule, you should make sure your surcharge is:

  • Clearly disclosed before the customer decides to buy (not only after you’ve processed the payment).
  • Easy to understand (for example, “1.5% card surcharge applies” is clearer than vague language like “fees may apply”).
  • Consistently applied in line with what you’ve advertised (inconsistent surcharging can trigger complaints quickly).

2) Be Careful With “Advertised Price” vs “Price At Checkout”

If the surcharge applies to most customers (for example, almost everyone pays by card), regulators may view a low headline price plus unavoidable surcharges as potentially misleading.

This comes up a lot online too: if your website shows a price, but the customer can’t realistically pay without incurring a surcharge, you’ll want to check whether your pricing presentation is fair and transparent.

As a business owner, the safest approach is to treat surcharge disclosure as part of your core pricing communication, not fine print.

3) Don’t Treat Surcharging As “Free Money”

Even if the law doesn’t set a single surcharge cap across all situations, surcharges should be justifiable and defensible (for example, covering the reasonable costs of accepting that payment type). The Commerce Commission has also signalled concerns where surcharges appear excessive, particularly if they’re not linked to the actual cost of card acceptance.

If a customer complains that your surcharge is excessive or wasn’t properly disclosed, the legal issue often becomes less about the percentage itself and more about whether the customer was misled or treated unfairly.

4) Check Your Payment Provider Contract

Separate to the law, your ability to surcharge (and how you do it) may be limited by your agreement with your payment provider or gateway.

Some contracts require you to:

  • disclose surcharges in a specific way;
  • apply them consistently across card types;
  • avoid surcharging above certain levels; and/or
  • avoid surcharging in a way that damages the payment scheme’s reputation.

So if you’re setting up surcharges, it’s worth reviewing your provider agreement carefully, and getting advice if anything is unclear.

What Your Business Must Do To Protect Customer Data When Taking Card Payments

Accepting credit card payments usually means handling customer information. Even if you never see the full card number, you might collect names, email addresses, billing addresses, delivery addresses, and order history.

That data is typically “personal information”, which brings your business under the Privacy Act 2020 obligations.

Have A Privacy Policy And Follow It

If you’re collecting personal information through a website checkout, booking form, or customer account, you should have a clear Privacy Policy that explains:

  • what information you collect and why;
  • how you store it and keep it safe;
  • who you share it with (for example delivery providers, payment platforms, booking software);
  • how customers can request access or correction; and
  • how customers can make a privacy complaint.

It’s important that your policy matches what you actually do. A generic template can create risk if your processes don’t line up.

Only Collect What You Need

A good privacy habit (and often a good compliance position) is to avoid collecting unnecessary personal information. If you don’t need it, don’t collect it.

For example, if you don’t need a customer’s date of birth for the transaction, collecting it “just in case” can create extra privacy risk with no real benefit.

Use Secure Systems And Limit Access

If staff can access your POS system or online order dashboard, you’ll want internal rules around access and security. It’s also smart to use strong password practices and multi-factor authentication where possible.

It’s also worth confirming what your payment setup requires from a card-security perspective. Many providers require you to comply with PCI DSS (for example, by using only approved payment pages/terminals, not storing card numbers, and completing any required self-assessments). The right approach depends on whether you use a hosted payment page, an integrated checkout, a virtual terminal, or take payments by phone.

If you ever experience a breach (for example, someone gains unauthorised access to customer data), you may have obligations around notifying affected individuals and/or the Privacy Commissioner depending on the seriousness of the breach.

This is also a good time to check your website terms, especially if you’re selling online and collecting customer details through your site, such as E-Commerce Terms and Conditions.

Refunds, Chargebacks, And Disputes: What You Need To Know

Chargebacks can be stressful because the money can be clawed back before you’ve properly responded. The best way to manage chargeback risk is to understand the consumer law framework and build good processes around evidence and customer communication.

Consumer Law Still Applies Even If The Customer Pays By Card

Some businesses assume “no refunds” policies prevent chargebacks. In practice, that’s often not true.

If you sell goods or services to consumers in New Zealand, the Consumer Guarantees Act 1993 can require you to provide remedies if something goes wrong (for example goods are faulty, not as described, or services aren’t provided with reasonable care and skill).

Also, under the Fair Trading Act 1986, you must not make misleading claims about products, delivery timeframes, pricing, or refund rights.

Have Clear Customer Terms

Clear customer terms won’t remove legal obligations under consumer law, but they can reduce disputes and make your processes smoother.

In particular, your terms should clearly cover:

  • when payment is taken (immediately, deposit, on delivery, etc.);
  • cancellation policies (especially for bookings or made-to-order items);
  • refund processing timeframes (what’s reasonable in your business);
  • delivery policies and what happens with lost parcels; and
  • how customers can contact you to resolve issues quickly.

If you operate online, it’s often worth having tailored Website Terms and Conditions that match your actual checkout and fulfilment workflow.

Keep Records That Help You Defend A Chargeback

If a cardholder disputes a transaction, your payment provider will usually ask for evidence. Depending on what you sell, this can include:

  • invoices and receipts;
  • proof of delivery (courier tracking, signature, delivery confirmation);
  • customer communications (emails, messages, job completion notes);
  • booking confirmations and cancellation timestamps; and
  • photos of work completed (for trades and service businesses).

Good record-keeping is one of the simplest ways to protect cashflow.

How To Set Up Your Payment Process So It’s Legally Safer (A Practical Checklist)

Once you’ve decided which payment systems you’ll use, the next step is making sure your policies, contracts, and customer communications line up.

Here’s a practical checklist to reduce legal risk when you accept credit card payments in New Zealand.

1) Decide Where And How You’ll Take Payments

  • In-person: POS terminal, tap-to-pay device, or QR checkout.
  • Online: website checkout, booking system, payment link, invoice payment.
  • Over the phone: generally higher risk and needs careful handling (and you should avoid writing down card details).

Your setup affects privacy risk, dispute risk, and what you need in your terms.

2) Write Your Surcharge Disclosure In Plain English

If you surcharge, work out the exact wording you’ll use on:

  • menus or signage (for in-person businesses);
  • checkout pages (for online stores);
  • quotes and invoices (for service providers); and
  • booking confirmation emails.

Consistency matters. It’s also a strong compliance position if a customer ever complains that they weren’t warned.

3) Make Sure Your Staff Apply The Rules Consistently

If you have staff, train them on when surcharges apply, how to explain it politely, and what to do if a customer disputes the fee.

This is also where having a clear Workplace Policy can help, especially if your business has customer-facing staff handling payments and refunds.

4) Put The Right Customer Terms In Place

Your customer terms are one of the best ways to reduce misunderstandings and avoid “he said, she said” disputes.

Depending on your business, that could mean:

  • online store terms;
  • booking and cancellation terms;
  • service terms (scope, variations, deposits, milestones); and
  • returns and exchanges policies.

If you provide services (rather than selling products), it’s often worth having a tailored Service Agreement that clearly sets out payment terms, late payment steps, and what happens if the customer cancels.

5) Check Your Supplier And Contractor Setups Too

If you’re taking card payments from customers but paying contractors or suppliers, make sure your back-end contracts match your cashflow realities.

For example, if you rely on subcontractors to deliver a service, you may want a clear Contractor Agreement so you’re not stuck paying for work that wasn’t delivered properly (which can then flow into customer refunds and disputes).

6) Have A Plan For Payment Disputes

Don’t wait until your first chargeback to work out what to do. Set up a simple internal process, such as:

  • who receives and responds to payment disputes;
  • where evidence is stored;
  • the timeframe for responding (providers often have strict deadlines); and
  • when you escalate to legal advice.

This can be especially important if your business is growing quickly or you’re processing high transaction volumes.

Key Takeaways

  • Credit card surcharge laws in New Zealand are closely tied to transparent pricing and avoiding misleading conduct under the Fair Trading Act 1986, along with any relevant Commerce Commission guidance and your payment provider’s contract terms.
  • If you charge a card surcharge, make sure it’s clearly disclosed before purchase, presented consistently, and not likely to mislead customers about the true price (and ideally, it should be defensible by reference to your reasonable cost of acceptance).
  • Accepting card payments often involves collecting personal information, so you should comply with the Privacy Act 2020 and have a tailored Privacy Policy that matches what your business actually does.
  • Many businesses also need to meet PCI DSS requirements through their payment provider arrangement, especially if they take payments online, use a virtual terminal, or take card details over the phone.
  • Chargebacks and refund disputes are easier to manage when you have clear customer terms, good record-keeping, and a process for responding within provider deadlines.
  • Getting the legal foundations right early (customer terms, privacy compliance, staff procedures, and properly drafted agreements) helps you protect your revenue and reputation as you grow.

If you’d like help setting up your customer terms, reviewing your surcharge disclosures, or getting your online store legally sorted, you can reach us at 0800 002 184 or team@sprintlaw.co.nz for a free, no-obligations chat.

Alex Solo
Alex Solo

Alex is Sprintlaw's co-founder and principal lawyer. Alex previously worked at a top-tier firm as a lawyer specialising in technology and media contracts, and founded a digital agency which he sold in 2015.

Need legal help?

Get in touch with our team

Tell us what you need and we'll come back with a fixed-fee quote - no obligation, no surprises.

Keep reading

Related Articles

Legal Requirements For Free-to-Enter Competitions In New Zealand

Legal Requirements For Free-to-Enter Competitions In New Zealand

Free-to-enter competitions can be a great way to build your brand, grow your email list, drive foot traffic, and reward loyal customers. But even when you’re not charging an entry fee, you...

16 May 2026
Read more
Legal Options For Fake Google Reviews In NZ Businesses

Legal Options For Fake Google Reviews In NZ Businesses

Few things are more frustrating for a small business owner than waking up to a sudden drop in your star rating - especially when you suspect the reviews aren’t genuine. Fake Google...

15 May 2026
Read more
Late Payment Fees In New Zealand: What Businesses Can Legally Charge

Late Payment Fees In New Zealand: What Businesses Can Legally Charge

Late payments are one of the quickest ways to turn a profitable month into a stressful one. You’ve done the work, delivered the product, paid your suppliers and staff - and then...

12 May 2026
Read more
How To Charge And Enforce Cancellation Fees Lawfully In New Zealand

How To Charge And Enforce Cancellation Fees Lawfully In New Zealand

You’ve booked staff, set aside stock, blocked out your calendar, and turned away other work - then the customer cancels at the last minute. If you’re running a small business, this isn’t...

23 Apr 2026
Read more
How NZ Businesses Can Respond To Bad Online Reviews

How NZ Businesses Can Respond To Bad Online Reviews

Bad online reviews can feel brutal when you’re a small business owner. One negative comment can pop up at the top of search results, scare off new customers, and put your team...

19 Apr 2026
Read more
How Long Should A Refund Take Under New Zealand’s CGA & Fair Trading Act?

How Long Should A Refund Take Under New Zealand’s CGA & Fair Trading Act?

Refund requests are one of those “day-to-day” moments that can quickly turn into a bigger issue for a small business. A customer might be perfectly reasonable - or they might be frustrated,...

18 Apr 2026
Read more
Need support?

Need help with your business legals?

Speak with Sprintlaw to get practical legal support and fixed-fee options tailored to your business.

Get StartedBook A Call