Payment Policy
This Payment Policy describes how Tenerife World Tickets processes payments on tenerifeworldtickets.org, the security measures we apply, the fees the Customer can expect, and the remedies available in case of payment incidents. The policy is part of our Terms of Service.
1. Accepted payment methods
1.1. Card schemes: Visa, Mastercard, American Express, Maestro, JCB, Discover, Diners Club International, China UnionPay (where the issuing region is supported).
1.2. Wallets: Apple Pay, Google Pay, Samsung Pay (subject to device support).
1.3. Bank transfer (SEPA): available on request for Orders ≥ EUR 500. The Order is issued only after the funds have credited our account (typically 1 business day for SEPA Instant, 1-3 business days for standard SEPA).
1.4. "Buy now, pay later": Klarna or PayPal "Pay in 3" where displayed on the checkout. The Customer enters into a separate credit agreement with the BNPL provider; we are not a party to that agreement.
1.5. We do not accept cash, cheques, cryptocurrencies, or wire transfers from non-EU/EEA banks.
2. Currency
2.1. All transactions on tenerifeworldtickets.org are settled in EUR. The card-issuing bank converts the EUR amount to the card's billing currency at the bank's own spot rate plus its foreign-transaction margin.
2.2. We do not levy a separate foreign-exchange surcharge on top of the bank's rate.
3. Pricing transparency
3.1. The price displayed on the price-summary screen before the Customer clicks "Pay" is the final price including:
- the Park's gate-price for the selected Ticket;
- our Service Fee for sourcing, support and delivery;
- VAT where applicable, calculated according to the place-of-supply rules of EU Council Directive 2006/112/EC.
3.2. No additional fee is charged by us at the moment of payment. Card-issuer surcharges, foreign-transaction fees and BNPL provider fees are governed by the agreement between the Customer and that financial institution and are outside the scope of Tenerife World Tickets.
4. Strong Customer Authentication (PSD2 / SCA)
4.1. Where required by Articles 97-100 of Directive (EU) 2015/2366 (PSD2), the issuing bank triggers a 3-D Secure 2.x challenge: a one-time SMS code, an in-app push notification, biometric verification (fingerprint, FaceID), or a hardware token.
4.2. The transaction is authorised only when the bank has validated the SCA challenge. Failed challenges return an automatic refusal — no funds are charged. The Customer can retry from the same browser session or contact the bank if the SCA flow is interrupted.
5. Card-data security
5.1. Card numbers, expiry dates, CVV / CVC codes and 3-D Secure responses are processed exclusively by our PCI-DSS Level 1 Payment Service Provider (the highest tier of the Payment Card Industry Data Security Standard) under a tokenised flow.
5.2. The Operator stores only the masked PAN (last four digits), card brand, expiry month/year, country of issue, and a non-reversible token. The full PAN, the CVV/CVC and any track-data are never available on the Operator's servers.
5.3. The Operator's website operates over TLS 1.2+, with HSTS preload, with encryption at rest of the customer-database, application-level firewalling, continuous logging, and yearly penetration tests by an external CREST-certified provider.
6. VAT, invoices and receipts
6.1. A VAT-compliant receipt is sent by e-mail immediately after payment. The receipt contains the Operator's identification, the Customer's identification, the Order date, the description of the service supplied, the taxable amount, the VAT rate and amount, and the total.
6.2. Customers acting in a B2B capacity may request a VAT-compliant invoice with the Customer's company name, VAT number and full address. Send the request to support@tenerifeworldtickets.org within 30 days of the Order Confirmation.
7. Failed payments and authorisation holds
7.1. If the issuing bank declines the transaction (insufficient funds, expired card, country restriction, fraud rule, failed SCA), the payment screen shows the error code returned by the bank.
7.2. Where an authorisation hold has been placed on the funds despite the failed transaction, the bank automatically releases the hold within 3-7 business days. Should the hold persist beyond that period, contact the issuing bank with the transaction reference shown on the declined-payment screen.
8. Refunds
8.1. Refunds are sent back to the original payment instrument and are governed by the Refund Policy. Crediting time is 5-10 business days from the moment we issue the refund order to the PSP.
8.2. Where the original card has expired or is closed, the bank routes the refund to the replacement card or, where no replacement exists, holds the funds in a transitory account from which the Customer can claim repayment by contacting the bank.
9. Chargeback procedure
9.1. Customers who dispute a transaction should first contact us at support@tenerifeworldtickets.org. We aim to resolve any payment-related dispute within 5 business days, which is faster and less costly than a formal chargeback.
9.2. Where a chargeback is raised through the issuing bank, we cooperate fully with the bank's investigation. We provide: Order Confirmation, IP address, user-agent, 3-D Secure response, e-mail trail, and ticket-validation logs from the Park where the Ticket was used. Bad-faith chargebacks (where the Ticket was demonstrably used) are escalated through the card-scheme's dispute-resolution mechanism.
10. Anti-fraud measures
10.1. tenerifeworldtickets.org runs a real-time fraud-detection layer that scores each transaction against indicators such as card BIN country, IP geolocation, velocity of attempts, device fingerprint and historical patterns of the e-mail/phone supplied.
10.2. Transactions scored as high-risk are either declined automatically or held for manual review by a human analyst. Where additional verification is requested, the Customer is asked to provide a copy of an ID document and a recent utility bill — these are deleted from our systems within 30 days after the verification is closed.
11. Liability for unauthorised transactions
11.1. Under Article 74 PSD2 the Customer's liability for unauthorised payment transactions caused by the use of a lost or stolen payment instrument is capped at EUR 50, and falls to zero once the Customer has notified the bank of the loss/theft, except in cases of fraud or gross negligence by the Customer.
12. Out-of-court dispute resolution
The Customer can seek out-of-court resolution of payment disputes through the European Commission's Online Dispute Resolution platform (ec.europa.eu/consumers/odr), through the consumer-mediation body recognised in the Customer's country, or through the financial ombudsman of the country of the issuing bank.