THIRD PARTY PAYMENT PROCESSOR AGREEMENT
Exhibit 10.46 |
PORTIONS OF THIS AGREEMENT HAVE BEEN OMITTED AND FILED SEPARATELY WITH THE SECURITIES AND EXCHANGE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS, WHICH ARE MARKED BY ASTERISKS (“***”).
THIRD PARTY PAYMENT PROCESSOR AGREEMENT
THIS THIRD PARTY PAYMENT PROCESSOR AGREEMENT (the “Agreement”), dated as of the Effective Date, is entered into by and among JPMorgan Chase Bank, N.A., a national banking association (“Member”), Paymentech, LLC, a Delaware limited liability company (“Paymentech”, “we”, or “us”), and USA Technologies, Inc., an entity duly organized under the laws of the Commonwealth of Pennsylvania (“TP3”, “you”, or “your”).
WHEREAS, Member is a member of the Payment Brands and, through Member, Paymentech is authorized to process the Payment Brand Transactions; and
WHEREAS, TP3 is (or will be prior to the submission of any Transaction) registered as a third party service provider with the applicable Payment Brands; and
WHEREAS, TP3 wishes to submit Transaction Records for itself and on behalf of certain business enterprises meeting the qualifications and restrictions set forth herein (including in Schedule B) (referred to herein individually and collectively as a “Merchant”) in accordance with the terms and conditions of this Agreement and the Payment Brand Rules (the “Program”).
ACCORDINGLY, in consideration of the mutual promises made and the mutual benefits to be derived from this Agreement, Paymentech, Member, and TP3 agree to the following terms and conditions intending to be legally bound:
1. Acceptance of Payment Instruments. Regardless of whether a Transaction Record is generated by TP3 or by Merchant, all Transaction Records processed pursuant to this Agreement shall be deemed TP3’s Transactions. Only Transaction Records generated within the United States shall be submitted under this Agreement.
1.1 Exclusivity. Paymentech shall be TP3’s exclusive provider of Transaction processing services (including, without limitation, the authorization, conveyance, and settlement of Transactions) in the United States for at least 250,000,000 million transactions per year throughout the pendency of this Agreement, including all transactions made by Customers making a purchase with a Payment Instrument issued by Chase. TP3 will tender to Paymentech all Transaction Records generated from the Merchants’ Transactions via electronic data transmission according to Paymentech’s formats and procedures.
1.2 Certain Payment Acceptance Policies.
(a) Each Transaction must be evidenced by its own Transaction Receipt completed in accordance with Payment Brand Rules. All Transaction Receipts must comply with Payment Brand Rules and, at a minimum, contain (i) the Transaction date; (ii) a brief description of the goods or services sold, returned. or cancelled; (iii) the price of the goods or services, including applicable taxes, or amount of any credit or adjustment; (iv) the Customer name; (v) the Merchant’s name in a manner recognizable to Customers; (vi) TP3’s name in conjunction with the Merchant’s name (e.g., “TP3 * Merchant”); (v) the Merchant’s address; (vi) the Merchant’s customer service telephone number; (vii) any applicable terms and conditions; and (viii) any other information required by the Payment Brand Rules or local law. TP3 shall ensure that each Merchant provides a complete copy of the Transaction Receipt to the Customer, as required by the Payment Brand Rules. A Merchant shall offer the Transaction Receipt in paper format to the extent required by applicable law, and may also offer the Transaction Receipt in electronic format; provided that such electronic Transaction Receipts must comply with all applicable provisions of the Payment Brand Rules.
(b) Neither TP3 nor Merchant shall require the Customer to pay the fees payable by TP3 under this Agreement.
(c) Neither TP3 nor Merchant shall issue Refunds for Transactions by cash or a cash equivalent (e.g., check) unless required by law or permitted by the Payment Brand Rules.
Page 1 of 35 |
(d) Unless permitted by the Payment Brand Rules, neither TP3 nor Merchant shall engage in any practice that unfavorably discriminates against or provides unequal treatment of any Payment Brand relative to any other Payment Brand.
(e) Except where expressly permitted by law or the Payment Brand Rules, TP3 nor Merchant shall set a dollar amount above or below which Merchant refuses to honor otherwise valid Payment Instruments.
(f) If applicable, TP3 or Merchant shall examine each Payment Instrument physically presented at the point of sale to determine that the Payment Instrument presented is valid and has not expired. If applicable, TP3 shall exercise reasonable diligence to determine that the authorized signature on any Payment Instrument physically presented at the point of sale corresponds to the Customer’s signature on the Transaction Receipt.
(g) With respect to any Transaction for which a Customer is not physically present at the point of sale, such as in any on-line, mail, telephone, pre-authorized, or recurring Transaction, TP3 or Merchant must (i) have notified Paymentech on its Application or otherwise obtained Paymentech’s prior written approval of TP3’s or Merchant’s intention to conduct such Transactions; and (ii) have appropriate procedures in place to ensure that each Transaction is made to a purchaser who actually is the Customer. TP3 acknowledges that under certain Payment Brand Rules, neither TP3 nor Merchant can rebut a Chargeback where the Customer disputes making the purchase and TP3 does not have an electronic record (e.g., “swiping” or “tapping” a Payment Instrument) or physical imprint of the Payment Instrument.\
(h) TP3 and Merchant agrees to accept all categories of Visa and MasterCard Payment Instruments (i.e., debit and credit cards), unless TP3 or Merchant has notified Paymentech on its Application or otherwise in writing of its election to accept one of the following “limited acceptance” options: (i) all Visa and MasterCard consumer credit cards and Visa and MasterCard commercial credit and debit cards; or (ii) Visa and MasterCard debit cards only (but no credit cards). Notwithstanding the election of one of the foregoing limited acceptance options, TP3 and Merchant must honor all foreign bank-issued Visa or MasterCard Payment Instruments. If TP3 or Merchant elects one of the limited acceptance categories: (Y) appropriate signage must be displayed to indicate the limited acceptance category; and (Z) Paymentech, at its option, may process any Transactions submitted to Paymentech outside of the limited acceptance category, in which case such Transactions will be assessed the applicable interchange fees plus any additional fees/surcharges assessed by Paymentech or the Payment Brands.
(i) Neither TP3 nor Merchant shall split a single Transaction into two or more Transactions to avoid or circumvent authorization limits or monitoring programs.
(j) Neither TP3 nor Merchant shall accept Payment Instruments for the purchase of scrip.
(k) Neither TP3 nor Merchant shall require a Customer to complete a postcard or similar device that includes the Customer’s Payment Instrument account number, expiration date, or any other account data in plain view when mailed.
(l) Neither TP3 nor Merchant shall add any tax or surcharge to Transactions, unless applicable law expressly requires a TP3 or a Merchant be permitted to impose the tax or surcharge. If any tax or surcharge amount is allowed, such amount shall be included in the Transaction amount and shall not be collected separately.
(m) Neither TP3 nor Merchant shall request or use a Payment Instrument account number for any purpose except as payment for its goods or services, unless required by the Payment Brand Rules in order to support specific services offered by the Payment Brands.
1.3 Payment Brand Rules; Compliance with Laws. TP3 agrees to comply, and to ensure that all Merchants comply, with all applicable Payment Brand Rules, and such other procedures as Paymentech or the Payment Brands may from time to time prescribe with respect to TP3 (or payment service providers), Merchants, Transactions, or the Program. TP3 shall take all actions necessary throughout the term of the Agreement to insure its (and, as necessary, each Merchant’s) compliance with applicable federal, state and local laws, statutes, ordinances, governmental rules and regulations, as they may be enacted or amended from time to time relating to the Program and the Transactions submitted to Paymentech.
1.4 Registration Requirements; Registered Services.
TP3 acknowledges that it must register with all applicable Payment Brands prior to entering Transactions into Interchange. Paymentech shall facilitate such registration, subject to the following terms and conditions:
(a) TP3 agrees to fully cooperate with Paymentech with respect to all applicable Payment Brand registration requirements, to provide all information required in connection with such registration, and to update Paymentech promptly (but in any event within five (5) Business Days) in writing of any subsequent change in such information, including any change in TP3’s principals or owner(s), any changes to TP3’s business structure, corporate name, any trade name(s) or “doing business as” name(s) being used by TP3, or any changes in TP3’s use of Service Providers with access to Payment Instrument Information. TP3 shall pay all initial and subsequent fees and costs associated with such registrations and any renewals. TP3 agrees and understands that its ability to provide services to Merchants involving the storage, processing, or transmission of Payment Instrument Information is subject to TP3’s continued valid registration with the Payment Brands and TP3’s compliance with the Payment Brand Rules and Security Standards as set forth in this Agreement. TP3 understands and agrees that registration is specific to Paymentech and the Member only, and a separate registration is required (at separate cost) for any other relationship(s) TP3 may have.
Page 2 of 35 |
(b) To become registered, TP3 must deliver the following documentation to Paymentech, as applicable, prior to signing any Merchant to the Program or submitting any Transactions into Interchange: (i) applicable registration forms from Visa and MasterCard; (ii) supporting documentation to assist Paymentech in performing (or evidence in support of the fact that Paymentech has already conducted) a comprehensive risk and financial review of TP3; (iii) a comprehensive list of all existing Merchants, if applicable, in an electronic format specified by Visa and MasterCard; and (iv) Security Standards Compliance Validation Documentation.
(c) With respect to registration, TP3 represents and warrants that it performs only those services it has identified in its Security Standards Compliance Validation Documentation. TP3 further represents and warrants that it will immediately, or within three (3) Business Days at the latest, notify Paymentech in writing if it performs any services in addition to those identified in the Security Standards Compliance Validation Documentation. Upon the Effective Date, TP3 shall provide Paymentech with a list of all its current Service Providers. “Security Standards Compliance Validation Documentation” encompasses the following Security Standards Compliance Validation Documents, to be provided by TP3 to Paymentech: (i) Report on Compliance (ROC), (ii) Executive Summary of the ROC, (iii) Attestation of Compliance form, (iv) Self-Assessment Questionnaire (SAQ), and/or (v) any other documentation which Paymentech may reasonably request or require in order to validate TP3’s registration and compliance with the Payment Brand Rules and/or the Security Standards.
1.5 Requirements for Certain Transactions. With respect to each Transaction submitted to us for processing, (i) TP3 shall ensure that TP3 and each Merchant meets each of the following requirements, and (ii) TP3 represents and warrants that, to the best of its knowledge, each of the following requirements is met:
(a) The Transaction Record represents payment or refund of payment, for the bona fide sale or lease of the goods, services, or both, which Merchant or TP3 has provided in the ordinary course of business.
(b) The Transaction Record represents an obligation of the Customer for the amount of the Transaction.
(c) The Transaction Record does not involve any element of credit for payment of a previously dishonored Payment Instrument or for any other purpose than payment for a current transaction. The Transaction does not represent payment for a previous Transaction or charge incurred at the Merchant or a Transaction that was previously charged back by the Customer, irrespective of Customer consent or approval.
(d) Except in the case of approved installment or pre-payment plans, the goods have been shipped or provided (or made available) or the services have been actually rendered to the Customer.
(e) The Transaction Record is free from any material alteration not authorized by the Customer.
(f) The amount charged for the Transaction is not subject to any dispute, setoff, or counterclaim.
(g) Neither TP3 nor the Merchant nor any of their employees has advanced any cash to the Customer (except as authorized by the Payment Brand Rules) or to TP3 or to any of its representatives, agents, or employees in connection with a Transaction, nor has TP3 or Merchant accepted payment for effecting credits to a Customer.
(h) The Merchant is free to sell the goods or services related to each Transaction.
(i) All refunds shall be in accordance with all applicable return/cancellation policies, which have been previously submitted to Paymentech in writing as provided in Section 3, and which are available to the Customer and not subject to any other representations or agreements.
(j) Any Transaction submitted to credit a Customer’s account represents a refund or adjustment to a Transaction previously submitted to Paymentech.
(k) Neither TP3 nor Merchant has knowledge or notice of any information that would indicate that the enforceability or collectability of the subject Transaction Record is in any manner impaired. The Transaction Record is in compliance with all applicable laws, ordinances, and regulations. The Transaction Record is originated in compliance with this Agreement and applicable Payment Brand Rules.
(l) For a Transaction where the Customer pays in installments or on a deferred payment plan, a Transaction Record has been prepared separately for each installment or deferred payment on the date(s) the Customer agreed to be charged. All installments and deferred payments, whether or not they have been submitted to Paymentech for processing, shall be deemed to be a part of the original Transaction.
Page 3 of 35 |
(m) Neither TP3 nor Merchant knows or should have known the Transaction to be fraudulent, illegal, damaging to the Payment Brand(s), unauthorized by the Customer, or otherwise in violation of any provision of this Agreement or any Payment Brand Rule.
(n) For recurring Transactions, TP3 or Merchant must (i) obtain the Customer’s consent to periodically charge the Customer on a recurring basis for the goods or services purchased; (ii) retain this consent for the duration of the recurring services and provide it upon request to Paymentech or the issuing bank of the Customer’s Payment Instrument; and (iii) retain written documentation specifying the frequency of the recurring charge and the duration of time during which such charges may be made. TP3 shall not submit any recurring transaction after receiving: (i) a cancellation notice from the Customer; or (ii) notice from Paymentech or any Payment Brand (via authorization code or otherwise) that the Payment Instrument is not to be honored. TP3 shall include in its Transaction Data the electronic indicator that the Transaction is a recurring Transaction.
1.6 Requirements for Merchants. TP3 agrees that Paymentech shall have the right at any time, in its sole discretion: (i) to refuse to process Transactions for any Merchant and to require TP3 to decline, or terminate immediately, such Merchant’s participation in the Program if Paymentech reasonably believes the Merchant is acting in violation of the Payment Brand Rules or applicable law, or in the event there is a material increase in anticipated risk presented by such Merchant; (ii) to condition continued processing for any Merchant upon TP3 establishing, funding, and maintaining a Reserve Account, in an amount specified by Paymentech, specific to each Merchant; and (ii) to take or require TP3 to take any other measures as may be reasonably required by Paymentech in order to minimize the risk associated with any Merchant, comply with applicable Payment Brand Rules, or comply with any applicable legal or regulatory requirements. With respect to each Merchant, TP3 shall enter into a legally binding contract that satisfies the requirements set forth in the Payment Brand Rules and this Agreement regarding the processing of Transactions. Paymentech hereby reserves the right to review and audit the TP3-Merchant Processing Agreement to ensure compliance with Member and Paymentech policies, this Agreement or other agreements between you and us, Payment Brand Rules, the Security Standards, and any other applicable legal or regulatory requirements, or otherwise to ensure that we have no liability under such agreement. Without limiting the generality of the foregoing, each such agreement shall specify that TP3 is collecting and processing Transactions and Transaction Records on behalf of and as agent for such Merchant and shall require Merchant to (i) comply with the applicable Payment Brand Rules and Security Standards, (ii) comply with any applicable state, federal, and local laws, ordinances, governmental rules, and regulations relating to the Program and/or the Transactions submitted to Paymentech.
1.7 Requirements for TP3. TP3 shall comply with all requirements and agreements outlined in Schedule B. Schedule B, including its attachments, may be amended by Paymentech upon 30 days’ prior written notice to TP3, if needed in order to comply with applicable law, Payment Brand Rules or JPMC policies. TP3 shall also comply with all requirements and agreements outlined in Schedule E (Remediation Plan), if applicable. TP3 shall require that all Merchants execute any and all applications and documentation Paymentech and the Payment Brands may require from time to time. TP3 agrees to each of the obligations, terms, and conditions set forth in Schedule B hereto, including, but not limited to, requiring that TP3 (and, as necessary, each Merchant) is in full compliance with applicable federal, state, and local laws, statutes, ordinances, governmental rules and regulations, the Payment Brand Rules, Paymentech and Member legal, credit, compliance or other policies, procedures, and practices as in effect from time to time. To the extent required by the Payment Brand(s), TP3 must be registered, and maintain such registration, as a third party service provider with such Payment Brand(s). With respect to all Merchants, TP3 agrees to provide to Paymentech the data described on Schedules B hereto, and such other information as Paymentech may reasonably request from time to time to enable it to track and evaluate the Program’s success and to meet Paymentech’s compliance and reporting obligations to the Payment Brands, in such a timeframe as required on Schedule B. TP3 shall assume full financial liability, and be fully liable to Paymentech, for Transactions submitted on behalf of Merchants, as well as for any disputed Transactions, credits, or customer service-related expenses, Chargebacks, or fraud. TP3 shall be responsible for its and its Merchants’ compliance with all Payment Brand Rules and other Payment Brand requirements, applicable state, federal, and local laws, ordinances, governmental rules, and regulations that may be applicable to either TP3 or Merchants as a result of the Program.
Page 4 of 35 |
1.8 Commercial Entities. TP3 agrees and understands that the Payment Brand Rules require that, in addition to any contract between Merchant and TP3, Paymentech must enter into a written agreement with each Merchant having Visa annual sales greater than $100,000 or MasterCard annual sales greater than $1,000,000 (a “Commercial Entity”) and that such requirements shall be included in either a separate agreement or in the TP3 Merchant Processing Agreement. TP3 shall promptly notify Paymentech of any Merchant which it has reason to believe may be or is likely to become a Commercial Entity, but such requirement shall not affect TP3’s obligation to enter into an agreement with a Merchant as required by Section 1.5. At any time and from time to time, Paymentech shall be entitled to designate any Merchant as a Commercial Entity which Paymentech reasonably believes will meet the criteria outlined above, and to require, either directly or through TP3, such Merchant to execute an agreement with Paymentech in a form substantially similar to the form attached hereto as Schedule C, with such changes as the Payment Brands may require from time to time. With respect to each Merchant entity that Paymentech designates as a Commercial Entity, TP3 shall collect and forward all information requested by Paymentech to comply with Paymentech’s or Member’s legal or compliance obligations, Payment Brand Rules as well as Paymentech’s or Member’s then current policies, including, without limitation, its credit policies. Exercise of any right by Paymentech against any Merchant or TP3 shall not preclude Paymentech, in its sole discretion, from enforcing its right against, or recovery fromTP3.. Any Merchant having annual MasterCard sales greater than $1,000,000 must receive settlement funds directly from Paymentech as required by current Payment Brand Rules. TP3 will assist Paymentech in obtaining appropriate documentation pertaining to the settlement account from such Merchants.
2. Authorizations.
2.1 Obtaining Authorizations. TP3 is required to obtain authorization/approval codes through Paymentech, in accordance with this Agreement, for all Transactions. TP3 acknowledges for itself and on behalf of the Merchants that an authorization/approval code of a Transaction indicates only (i) that the Payment Instrument contains a valid account number; and (ii) that the Customer’s Payment Instrument has an available credit balance sufficient for the amount of the Transaction at the time the authorization is given, but does not constitute a representation from Paymentech, Member, a Payment Brand, or a card issuing bank that a particular Transaction is a valid or undisputed transaction entered into by the actual Customer.
2.2 Lack of Authorization. Paymentech reserves the right to refuse to process any Transaction Record submitted by TP3 (i) unless a proper authorization/approval code is recorded, (ii) that Paymentech reasonably determines is or may become uncollectible from the Customer to which the Transaction would otherwise be charged, or (iii) that was prepared in violation of any provision of this Agreement or the Payment Brand Rules.
3. Refunds and Adjustments.
3.1 Disclosure of Refund Policy. TP3 is required to ensure that TP3 and all Merchants each maintain a fair policy with regard to the refund, return, or cancellation of merchandise or services and adjustments of Transactions. TP3 is also required to ensure that TP3 and each Merchant discloses its refund, return, or cancellation policy to Paymentech and to Customers.
3.2 Changes to Policy. Any change in a refund, return, or cancellation policy must be submitted to us, in writing, not less than fourteen (14) days prior to the effective date of such change. Paymentech reserves the right to refuse to process any Transaction Record made subject to a revised refund, return, or cancellation policy of which Paymentech has not been notified in advance.
3.3 Procedure for Refunds/Adjustments. If TP3 or the Merchants allow a price adjustment, return of merchandise, or cancellation of services in connection with a Settled or Conveyed Transaction, TP3 will prepare and deliver to us a Transaction Record reflecting such refund/adjustment within three (3) days of receiving the request for such refund/adjustment. The amount of the refund/adjustment cannot exceed the amount shown as the total on the original Transaction Record except by the exact amount required to reimburse the Customer for postage that the Customer paid to return merchandise. TP3 is not allowed to accept cash or any other payment or consideration from a Customer in return for preparing a refund to be deposited to the Customer’s account; nor may cash refunds be given to a Customer in connection with a Settled or Conveyed Transaction, unless permitted or required by law.
4. Settlement.
4.1 Submission of Transaction Record. TP3 is required to submit the Transaction Record no later than the next business day immediately following the day that such Transaction Record is originated. Failure to do so can result in higher interchange fees and other costs and increased Chargebacks. For debit card transactions that are credits to a Customer’s account, TP3 agrees to submit such Transaction Record within twenty-four (24) hours of receiving the authorization for such credit. Unless otherwise indicated on Schedule A, TP3 will be solely responsible for all communication expenses required to facilitate the submission and transmission of all Transaction Records to Paymentech.
Page 5 of 35 |
4.2 TP3’s Bank Account(s). Unless it has been agreed to by the parties that Paymentech will directly fund a Commercial Entity for its respective Transaction settlement funds, TP3 must maintain (a) one or more “for the benefit of” (FBO) accounts designated to receive funds related to the settlement of all Commercial Entities’ Transactions; and (b) one or more FBO accounts designated to receive funds related to the settlement of all other Merchants’ Transactions. All FBO accounts must be compliant with all applicable laws pertaining to such accounts, held at a bank that is a member of the Automated Clearing House (“ACH”) system or the Federal Reserve wire system, and established in accordance with Schedule D attached hereto and incorporated herein by reference. TP3 must not, under Generally Accepted Accounting Principles (GAAP), account for funds in the FBO accounts as their own funds. Furthermore, TP3 must designate at least one bank account for the debit of any fees and costs associated with Paymentech’s processing of the Transactions or for other obligations and liabilities of TP3 or the Merchants under this Agreement. All FBO and bank accounts designated by TP3 pursuant to this Section 4.2 shall be collectively referred to herein as “Settlement Account”. During the term of this Agreement, and thereafter until we notify TP3 that all monies due from TP3 and all Merchants under this Agreement have been paid in full, TP3 agrees not to close the Settlement Account without giving Paymentech at least five (5) days’ prior written notice and substituting another Settlement Account. TP3 is solely liable for all fees and costs associated with the Settlement Account and for all overdrafts. TP3 authorizes Paymentech to initiate electronic credit and debit entries and adjustments to the Settlement Account or applicable bank account at any time without regard to the source of any monies therein. Paymentech will not be liable for any delays in receipt of funds or errors in Settlement Account entries caused by third parties, including, but not limited to, delays or errors by the Payment Brands or TP3’s bank.
4.3 Conveyed Transactions. To the extent that TP3 submits any Conveyed Transactions for processing by Paymentech and TP3 or the Merchant does not have a valid agreement in effect with the applicable Payment Brand, TP3 hereby authorizes Paymentech, at Paymentech’s option, to submit such Transactions to the applicable Payment Brand, and to share with the applicable Payment Brand such information from the Application, or otherwise provided to Paymentech by TP3 or Merchant, as may be required in order to approve acceptance of such Payment Instrument as method(s) of payment. Subject to such approval, TP3 agrees to the applicable Payment Brand’s standard terms and conditions with respect to such method(s) of payment. Upon the transmission of such Conveyed Transactions to Paymentech, the Conveyed Transaction will be forwarded to the appropriate Payment Brand. Payment of the proceeds due for such Conveyed Transaction will be governed by the agreement with that Payment Brand, and Paymentech bears no responsibility for performance of such agreement. Even if a valid authorization for a Conveyed Transaction is obtained, Paymentech is not liable for errors in Settlement Account entries relating to the funding of those Conveyed Transactions, including delays caused by TP3, Merchant, third parties, the Payment Brands, or TP3‘s or Merchant’s bank.
4.4 Transfer of Settlement Funds. For all Settled Transactions, Paymentech will process the Transaction Records to facilitate the funds transfer between the various Payment Brands, TP3, and Merchant. Promptly after receiving credit for such Transaction Record, Paymentech will provide provisional credit to the Settlement Account for the proceeds. The proceeds payable shall be equal to the amounts received by Paymentech in connection with the Transaction Record less the sum of the following: (i) all fees, imposed by Paymentech or any third parties passed through to TP3, charges, and discounts set forth in Schedule A; (ii) all Chargebacks; (iii) all equipment charges (if any); (iv) all Customer refunds, returns, and adjustments; and (v) all Reserve Account amounts; (vi) any funds Paymentech may pay directly to a Merchant if direct funding is required by the Payment Brand Rules; and (vii) any fees, charges, fines, assessments, penalties, or other liabilities that may be imposed on Paymentech or the Member from time to time by the Payment Brands and all related costs and expenses incurred by Paymentech pursuant to this Agreement. Paymentech also reserves the right to withhold or offset from the proceeds owed to TP3 or any Merchant by Paymentech any or all amounts owed by TP3 or a Merchant to Paymentech or its affiliates under any other agreement between you and Paymentech. TP3 agrees that amounts set forth above, and any other amounts are due and payable by TP3 at the time the related services are rendered and may be imposed on a daily basis if Paymentech so determines; that all Reserve Account amounts due from TP3 hereunder are payable upon establishment; and that the related Chargebacks, Customer refunds and adjustments, fees, charges, fines, assessments, penalties, and all other liabilities are due and payable when Paymentech receives notice thereof from the Payment Brands or any third party, or otherwise pursuant to this Section 4.4. In the event Paymentech does not deduct such amounts from the proceeds payable, TP3 agrees to pay all such amounts immediately without any deduction or offsets. Alternatively, at Paymentech’s sole option, Paymentech may debit the Settlement Account or the Reserve Account for such amounts at any time. Without limiting the foregoing or Paymentech’s rights under Section 7.2 or Section 10, if a Payment Brand notifies Paymentech or the Member that it or they intend to impose any fine, fee, or penalty as a result of excessive Chargebacks or TP3’s acts or omissions (including, without limitation, failure to fully comply with any Payment Brand Rules), Paymentech may suspend the processing of the Transactions upon at least 10 days prior notice.
Page 6 of 35 |
4.5 Negative Balances. To the extent the proceeds from Settled Transactions do not represent sufficient credits or the Settlement Account does not have a sufficient balance to pay amounts due under this Agreement (in connection with either TP3’s or Merchant’s Transactions), in addition to any other rights and remedies Paymentech may have under this Agreement (including termination), Paymentech may pursue one or more of the following options: (i) demand and receive immediate payment for such amounts from TP3; (ii) debit the Settlement Account or Reserve Account for the amount of the negative balance; (iii) withhold or offset any or all settlement payments until all amounts are paid; (iv) delay presentation of refunds ; and (v) pursue any other remedies available at law or in equity. Furthermore, if the amount represented by Transaction Records in any day is negative due to refunds or credits being submitted in excess of the proceeds from the Transactions, TP3 shall provide sufficient funds prior to the submission of the Transaction Records to prevent the occurrence of a negative balance.
4.6 Reserve Account. If: (i) there is a material, adverse change in TP3’s or a Merchant’s financial condition; (ii) TP3 or Merchant is in material default of this Agreement; (iii) TP3 or Merchant changes its billing practice in relation to the provision or shipment of merchandise or fulfillment of service or changes refund procedures currently in place, and fails to notify Paymentech in advance; (iv) TP3 or Merchant is receiving excessive Chargebacks (as defined in Section 7.2 below); (v) TP3 or Merchant significantly alters the nature of its business or product lines; or (vi) Paymentech has reasonable grounds to believe that it may be or become liable to third parties for the provisional credit extended to TP3 or Merchant or that TP3 or Merchant may be liable to Customers, Payment Instrument issuing banks, or the Payment Brands, or (vii) Paymentech has reasonable grounds to believe that it may be subject to any additional liabilities, including, without limitation, any fines, fees, or penalties assessed by any of the Payment Brands, arising out of or relating to Transactions, the Program, Chargebacks, a Merchant or TP3’s failure to comply with this Agreement, any of the Payment Brand Rules, or the Security Standards (as defined in Section 17), Paymentech may suspend or delay payments during investigation of the issue and/or designate an amount of funds Paymentech must maintain in order to protect it against the risk of, among other things, existing, potential, or anticipated Chargebacks and to satisfy the other obligations under this Agreement (such funds being hereinafter referred to as the “Reserve Account”), which may be funded in the same manner as provided for negative balances in Section 4.5. The Reserve Account will contain sufficient funds to cover any unbilled processing costs plus our estimated exposure based on reasonable criteria for Chargebacks, returns, unshipped merchandise and/or unfulfilled services, and all additional liabilities anticipated under this Agreement, including, but not limited to, Chargebacks, fines, fees, and penalties as set forth in Section 4.4. Paymentech may (but is not required to) apply funds in the Reserve Account toward, and set off any funds that would otherwise be payable against, the satisfaction of any amounts which are or may become due from TP3 or a Merchant pursuant to this Agreement. The Reserve Account will be held and controlled by Paymentech and TP3 will have no legal right or interest in the funds in the Reserve Account; provided, however, that upon satisfaction of all of obligations under this Agreement, Paymentech will pay to TP3 any funds then remaining in the Reserve Account. Any funds in the Reserve Account may be commingled with other funds, and need not be maintained in a separate account, but will be tracked and accounted for separately by Paymentech. Effective upon establishment of a Reserve Account, TP3 irrevocably grants to Paymentech a security interest in any interest TP3 has now or may later acquire in any and all funds, together with the proceeds thereof, that may at any time be in the Reserve Account and that would otherwise be payable to TP3 pursuant to the terms of this Agreement. TP3 agrees and agrees to cause Merchant to execute and deliver to Paymentech such instruments and documents (including, without limitation, security agreements and releases) that Paymentech may reasonably request to perfect and confirm the security interest in the Reserve Account.
5. Accounting. Paymentech will supply a detailed statement reflecting the activity for TP3’s account(s) by online-access (or otherwise if agreed to by both parties). Paymentech will not be responsible for any error that TP3 does not bring to Paymentech’s attention within one hundred and eighty (180) days from the date of such statement. TP3, for itself and on behalf of Merchant, acknowledges and agrees that it is TP3’s and the Merchants’ respective responsibility to ensure its secure online access.
Page 7 of 35 |
6. Retrieval Requests.
6.1 Records. TP3 agrees to store and retain each Transaction Record in compliance with the Payment Brand Rules.
6.2 Response to Retrieval Requests. Paymentech will send TP3 any Retrieval Request that it cannot satisfy with the information it has on file concerning any Settled Transaction. In response, TP3 must provide, in writing by certified or overnight mail or by confirmed fax (or by other means as agreed to by Paymentech), the resolution of the investigation of such Retrieval Request and include legible copies of any documentation required by the Retrieval Request within seven (7) days after it is sent (or such shorter time as the Payment Brand Rules may require). TP3 acknowledges that failure to timely fulfill a Retrieval Request and in accordance with Payment Brand Rules may result in an irreversible Chargeback.
7. Chargebacks.
7.1 Chargeback Reasons. TP3 or Merchant may receive a Chargeback from a Customer or Payment Brand for a number of reasons under the Payment Brand Rules. The following are some of the most common reasons for Chargebacks; in no way is this intended to be an exhaustive list of possible Chargeback reasons:
(1) Failure to issue a refund to a Customer upon the return of or failure to provide the applicable goods or services.
(2) A required authorization/approval code was not obtained.
(3) The Transaction Record was prepared incorrectly or fraudulently.
(4) TP3 did not respond to a Retrieval Request within 7 days or any shorter time period required by the Payment Brand Rules.
(5) The Customer disputes the Transaction or the authenticity of the signature on the Transaction Record or Payment Instrument, or claims that the Transaction is subject to a set-off, defense, or counterclaim.
(6) The Customer refuses to make payment for a Transaction because in the Customer’s good faith opinion, a claim or complaint has not been resolved, or has been resolved in an unsatisfactory manner.
(7) The credit or debit card comprising the Payment Instrument was not actually presented at the time of the Transaction or an electronic record or physical imprint of such Payment Instrument was not obtained, and the Customer denies making the purchase. The TP3 acknowledges, for itself and on behalf of Merchant, that, under these circumstances, the fact that an authorization/approval code was obtained does not mean that a particular Transaction is a valid or undisputed transaction entered into by the actual Customer.
7.2 Excessive Chargebacks. If TP3 or Merchant are receiving an excessive amount of Chargebacks, as determined by the Payment Brands from time to time, in addition to other remedies under this Agreement, Paymentech may take the following actions: (i) review TP3’s or Merchant’s internal procedures relating to acceptance of Payment Instruments and notify TP3 or Merchant of new procedures which should be adopted to avoid future Chargebacks; (ii) collect from TP3 (pursuant to Section 4.6) an amount determined by us to be sufficient to cover anticipated Chargebacks and all related fees, penalties, expenses, and fines; (iii) terminate this Agreement or the agreement between Paymentech and Merchant; or (iv) refuse to process for Merchant’s Transactions . TP3 also agrees to pay any and all penalties, fees, fines and costs assessed against TP3, A Merchant, Paymentech, and/or Member relating to TP3’s or a Merchant’s violation of this Agreement, a Commercial Entity Agreement or the Payment Brand Rules with respect to the acceptance of Payment Instruments, Transactions, or Excessive Chargebacks under this Section.
7.3 Claims of Customers. TP3 agrees that it will have full liability to Paymentech for all Chargebacks, regardless of whether TP3 receives payment or reimbursement from the Merchants therefore, and TP3 acknowledges that the funds provided to TP3 by Paymentech with respect to any Transaction represent only a provisional credit, and remain subject to potential Chargebacks. To the extent Paymentech has paid or may be called upon to pay a Chargeback, refund, or adjustment for or on the account of a Customer and TP3 does not immediately reimburse Paymentech as provided in this Agreement, then for the purpose of obtaining reimbursement of such sums paid or anticipated to be paid, Paymentech shall have all of the rights and remedies of such Customer under applicable federal, state, or local laws and TP3 (for itself and on behalf of the Merchants) authorizes Paymentech to assert any and all such claims in Paymentech’s own name for and on behalf of any such Customer individually or all such Customers as a class.
Page 8 of 35 |
8. Display Of Payment Brand Marks. TP3 is prohibited from using the Payment Brand Marks, as defined below, other than as expressly authorized by the Payment Brands or the Payment Brand Rules. TP3 shall also ensure that Merchant’s use of the Payment Brand Marks shall only be as authorized and in accordance with all requirements of this Section and the Payment Brand Rules. Payment Brand Marks or Marks mean the brands, emblems, trademarks, and logos that identify a Payment Brand. Additionally, and except as authorized by the Payment Brands, TP3 shall not use the Payment Brand Marks other than to display decals, signage, advertising, and other forms depicting the Payment Brand Marks that are provided to TP3 (i) by the Payment Brands; (ii) by Paymentech pursuant to this Agreement; or (iii) as otherwise approved in writing by Paymentech. TP3 may use the Payment Brand Marks only to promote the services covered by the Payment Brand Marks by using them on decals, indoor and outdoor signs, advertising materials, and marketing materials; provided, that all such uses must be consistent with Payment Brand Rules. TP3 has no ownership rights in the Payment Brand Marks and shall not assign to any third party the rights to use the Payment Brand Marks. The right to use the Payment Brand Marks pursuant to this Agreement terminates simultaneously with the termination of this Agreement.
9. Fees.
9.1 Schedule A. TP3 agrees to pay Paymentech for the services as set forth in Schedule A in accordance with this Agreement, regardless of whether TP3 receives payment or reimbursement from the Merchants therefor. Unless otherwise expressly stated in Schedule A, pricing is based on all Transactions qualifying under the Payment Brand Rules for the lowest Payment Brand interchange rates. For Transactions that do not qualify for the best rate, the Payment Brands may dictate that the Transaction is subject to a “downgrade”, which will result in TP3 being charged a higher rate than the qualified rate shown on Schedule A. Fees payable under this Agreement that contain a fraction of a cent will be rounded up to the next full cent.
9.2 Price Changes.
(a) Paymentech may modify the pricing on Schedule A upon thirty (30) days’ prior written notice to TP3. If TP3 does not agree with the new pricing, TP3 may terminate this Agreement upon 120 days’ notice to Paymentech.
(b) In addition, Paymentech may change its fees, charges, and discounts resulting from (i) changes in Payment Brand fees (such as interchange, assessments, and other charges); (ii) changes in pricing by any third party provider of a product or service used by TP3 or a Merchant; or (iii) fees which are added by a Payment Brand or card issuer. Such new prices will be applicable as of the effective date established by the Payment Brand or third party provider. For clarity, any price changes made pursuant to this Section 9.2(b) shall not give rise to a termination right by TP3.
10. Termination.
10.1 Term. This Agreement takes effect upon the earlier of (a) Paymentech’s signature hereto; or (b) the date Paymentech processes TP3’s first Transaction submitted pursuant to this Agreement and continues for five (5) years from such date. Unless otherwise terminated by either party as provided in this Agreement, this Agreement will automatically renew for successive one-year terms. Either party may give notice of non-renewal of this Agreement in writing no more than ninety (90) days and no less than thirty (30) days prior to any expiration date.
10.2 Events of Default. If any of the following events shall occur (each an “Event of Default”):
(a) any transfer or assignment in violation of Section 14.4 of this Agreement by either party;
(b) irregular Transactions submitted by TP3 (either for itself or on behalf of Merchant) that materially increase the anticipated risk and which have not been previously disclosed and approved by Paymentech, excessive Chargebacks related to TP3 or Merchant;
(c) any representation or warranty in this Agreement is breached in any material respect or was or is incorrect in any material respect when made or deemed to be made;
(d) TP3 fails in any material respect to perform any of its obligations with respect to the funding or establishing of a Reserve Account, as detailed in Section 4.6;
(e) material breach of Section 1.1 by either party;
(f) Either party fails in any material respect in performance or observance of any term, covenant, condition, or agreement contained in this Agreement, including the attached Schedule B, without limitation, compliance with Payment Brand Rules and Security Standards;
Page 9 of 35 |
(g) a case or other proceeding shall be commenced by or against TP3 or Paymentech or Member in any court of competent jurisdiction seeking relief under the Bankruptcy Code or under any other laws, domestic or foreign, relating to bankruptcy, insolvency, reorganization, winding up, or adjustment of debts, the appointment of a trustee, receiver, custodian, liquidator, or the like of TP3 or Paymentech or Member, or of all or any substantial part of the assets, domestic or foreign, of TP3 or Paymentech or Member, and such case or proceeding shall continue undismissed or unstayed for a period of sixty (60) consecutive days, or an order granting the relief requested in such case or proceeding against TP3 or Paymentech or Member (including, without limitation, an order for relief under the Bankruptcy Code) shall be entered;
(h) Paymentech, in its reasonable discretion, deems TP3 to be financially insecure, such that TP3 is unable to meets its obligations under this Agreement;
(i) any Payment Brand (i) notifies Paymentech or Member that it is no longer willing to accept Transactions from TP3 or support TP3’s registration with the Payment Brands as a third party service provider; or (ii) requires Paymentech or Member to terminate or limit this Agreement;
(j) TP3 or any person owning or controlling TP3’s business is listed in one or more databases of terminated or high risk merchants maintained by the Payment Brands;
(k) TP3 engages in conduct that creates or could tend to create harm or loss to the goodwill of any Payment Brand, Paymentech, or Member;
(l) for a period of more than sixty (60) consecutive days, TP3 does not transmit Transaction Data to Paymentech;
(m) TP3 fails to comply with Section 15.15
(n) Paymentech’s Transaction processing services under this Agreement fail to conform to generally accepted standards for such services in the Transaction processing industry;
(o) TP3 engages in conduct that causes or could cause Paymentech or Member to be in violation of the Payment Brand Rules; or
(p) TP3 fails in any material respect to perform any of the obligations outlined in Schedule E.
then, the non-defaulting party may terminate this Agreement by providing the defaulting party with written notice of termination. Following receipt of such notice, and solely for termination based on subsections (c), (f) and (n) , the defaulting party shall have thirty (30) days to cure the Event of Default, and the Agreement shall terminate in the event such cure is not effected by the end of such period. No cure period shall be provided when termination is based any other Event of Default.
If this Agreement is terminated by Paymentech for TP3’s default hereunder, TP3 acknowledges that Paymentech may be required to report TP3’s business name and the names and other identification of its principals to the Payment Brands.
10.3 Other Events. In addition to the remedies above and any rights Paymentech may have under this Agreement, and without limiting such other rights and remedies, Paymentech may upon 5 days prior notice to TP3 suspend the processing of some or all of TP3’s Transactions upon: (a) an occurrence of an Event of Default by TP3; (b) an occurrence of an event of default by Merchant, as defined in the applicable Commercial Entity Agreement; (c) receipt by Paymentech of notice that a Payment Brand intends to impose any fine or penalty as a result of excessive Chargebacks or TP3’s or a Merchant’s acts or omissions; or (d) receipt by Paymentech of objections or concerns expressed by a Payment Brand which render Paymentech’s continued processing of TP3’s Transactions unduly burdensome, impractical, or risky.
10.4 Termination of Merchants. Paymentech may require TP3 to immediately terminate a Merchant for fraudulent activity, a material violation of the Payment Brand Rules or applicable law relating to the Program or Transactions submitted to Paymentech for processing, actions which create or could tend to create harm or loss to the goodwill of any Payment Brand, Paymentech, or Member; or any other conduct by Merchant which creates reputational risk to Paymentech or Member.
10.5 Account Activity After Termination; Termination Reserve. The provisions governing processing and settlement of Transactions, all related adjustments, fees, and other amounts due from TP3, and the resolution of any related Chargebacks, disputes, or other issues involving Transactions, will continue to apply even after termination of this Agreement, with respect to all Transactions made prior to such termination or after such termination, as described below. After termination of this Agreement for any reason whatsoever, TP3 shall continue to bear total responsibility for all Chargebacks, fees, fines, assessments, credits, and adjustments resulting from Transactions processed pursuant to this Agreement and all other amounts then due or which thereafter may become due to Paymentech or Member under this Agreement or which may be due to Paymentech before or after such termination to either Paymentech or Member. If TP3 submits Transaction Data to Paymentech after the date of termination, Paymentech may, at its sole discretion and without waiving any of its rights or remedies under this Agreement, process such Transaction Data in accordance with and subject to all of the terms of this Agreement.
Page 10 of 35 |
Upon notice of termination of this Agreement, Paymentech may estimate the aggregate dollar amount of anticipated Chargebacks, Refunds, and anticipated risks that Paymentech reasonably anticipates subsequent to termination, and TP3 agrees to immediately deposit such amount in its Settlement Account, or Paymentech may withhold such amount from settlement funds in order to establish a Reserve Account pursuant to and governed by the terms and conditions of this Agreement.
11. Indemnification. The indemnities provided under this Section 11 shall survive the termination of this Agreement.
11.1 Paymentech. Paymentech agrees to indemnify TP3 and its affiliates, officers, directors, employees, and agents from any losses, liabilities, and damages of any and every kind (including, without limitation, costs, expenses, and reasonable attorneys’ fees) arising out of any third party or Customer complaint, claim, demand or cause of action, or Chargeback related to (i) any failure by Paymentech to properly safeguard the Customer’s account information, (ii) Paymentech’s failure to deliver funds in accordance with Section 4.4 herein (which relates to settlement payments due from us for Transaction Records), or (iii) any voluntary or involuntary bankruptcy or insolvency proceeding by or against Paymentech, or (iv) Paymentech’s noncompliance with this Agreement or the Payment Brand Rules. This indemnification does not apply to any claim or complaint relating to TP3’s or Merchant’s failure to resolve a payment dispute concerning merchandise or services sold by Merchant or TP3’s or Merchant’s negligence or willful misconduct.
11.2 TP3. TP3 agrees to indemnify Paymentech, Member, and their respective affiliates, officers, directors, employees, agents, and sponsoring banks from any claims, actions, arbitrations, judgments, losses, liabilities, and damages of any and every kind (including, without limitation, costs, expenses, and reasonable attorneys’ fees) caused by, resulting from, arising out of, or in any way relating to (i) any claim, complaint, dispute, return, refund, or Chargeback with respect to any Transaction or Transaction Record submitted by XX0, (xx) XX0’s or Merchant’s noncompliance with this Agreement (specifically including any provision of Schedules B), a Commercial Entity Agreement, or the Payment Brand Rules, a breach of a representation or warranty made by TP3, and failure to comply with the Security Standards or any fines, fees, or penalties assessed against Paymentech by any of the Payment Brands arising out of or relating to TP3’s or Merchant’s Transactions or Chargebacks , (iii) any intentional or negligent misrepresentation by TP3 as to the type of business conducted by a Merchant, (iv) any voluntary or involuntary bankruptcy or insolvency proceeding by or against TP3 or Merchant, (iv) TP3’s or any Merchant’s failure to comply with applicable laws and regulations, including, without limitation, the receipt requirements of the Electronic Funds Transfer Act, or any action or omission by TP3 or Merchant which causes Paymentech, any Payment Brand, or any Payment Instrument-issuing bank to be in violation of any such applicable laws and regulations. This indemnification does not apply to any claim or complaint to the extent caused by Paymentech or Member’s negligence or willful misconduct.
12. Transaction Record And Payment Instrument Information. Financial information and other information about TP3 and the Merchants, Transaction Records, and other information that TP3 provides to Paymentech may be shared by Paymentech with its affiliates subject to the provisions of this Agreement and Payment Brand Rules. Paymentech will not otherwise disclose or use such information for any purpose whatsoever other than (i) as necessary to process the Transactions or otherwise provide services and maintain TP3’s account pursuant to this Agreement; (ii) to detect, prevent, reduce, or otherwise address fraud, security, or technical issues; (iii) to enhance or improve Paymentech’s products and services generally; or (iv) as otherwise required or permitted by the Payment Brands or applicable law. Paymentech may prepare, use, and/or share with third parties, aggregated, non-personally identifiable information derived from Transaction Records of all of Paymentech’s customers or specific segments of Paymentech’s customers.
TP3 acknowledges and understands, for itself and on behalf of Merchant, the importance of compliance with the Security Standards, such as those relating to the storage and disclosure of Transaction Record and Payment Instrument Information. Therefore, TP3 will, and will ensure that Merchants, exercise care to prevent disclosure or use of Payment Instrument Information, other than (i) to TP3’s agents and contractors for the purpose of assisting TP3 in completing a Transaction, (ii) to the applicable Payment Brand, or (iii) as specifically required by law. Furthermore, TP3 acknowledges and understands that its use of any fraud mitigation or security enhancement solution (e.g., encryption product or service), whether provided to TP3 by Paymentech or by a third party, in no way limits TP3’s obligation to comply with the Security Standards or TP3’s liabilities set forth in this Agreement.
Page 11 of 35 |
TP3 is allowed by the Payment Brand Rules to store only certain Payment Instrument Information (currently limited to the Customer’s name, Payment Instrument account number, and expiration date) and is prohibited from storing additional Payment Instrument Information, including, without limitation, any security code data such as XXX0, XXX0, and PIN data, and any magnetic stripe track data. TP3 will store all media containing Payment Instrument Information in an unreadable format wherever it is stored and in an area limited to selected personnel on a “need to know” basis only and, prior to either party discarding any material containing Payment Instrument Information, the party will destroy it in a manner rendering the account numbers unreadable. If at any time TP3 determines that Payment Instrument Information has been compromised, TP3 will notify Paymentech immediately and assist in providing notification to such parties as may be required by law or Payment Brand Rules, or as Paymentech otherwise reasonably deems necessary.
TP3 agrees to comply with all Security Standards, as defined in Section 17. TP3 further agrees to provide upon Paymentech’s request with such tests, scans, and assessments of TP3’s compliance with Security Standards as required by the Payment Brands.
TP3 must notify Paymentech of its and any Merchant’s use of a Service Provider and, to the extent required by each Payment Brand, all Service Providers must be (i) compliant with all Security Standards applicable to Service Providers, and (ii) registered with and/or recognized by such Payment Brand(s) as being so compliant. TP3 agrees to exercise due diligence to ensure that all of its and Merchant’s Service Providers, agents, business partners, contractors, or subcontractors with access to Payment Instrument Information, maintain compliance with the Security Standards. To the extent required by each Payment Brand, all Payment Applications, or software involved in processing, storing, receiving or transmitting of Payment Instrument Information used by TP3 or a Merchant, shall be (i) compliant with all Security Standards applicable to such Payment Applications or software, and (ii) registered with and/or recognized by such Payment Brand(s) as being so compliant.
TP3 understands that failure of it or a Merchant to comply with the Payment Brand Rules, including the Security Standards, or the compromise of any Payment Instrument Information, may result in assessments, fines, and/or penalties by the Payment Brands, and TP3 agrees to indemnify and reimburse Paymentech immediately for any such assessment, fine, or penalty imposed on us or the Member and any related loss, cost, or expense incurred by Paymentech or the Member. If any Payment Brand requires a forensic examination of TP3 or a Merchant or any of their respective Service Providers, agents, business partners, contractors, or subcontractors due to a data security compromise event or suspected event, including without limitation, Chargeback, fraud, or data security compromise events or such other events that the Payment Brands include in the Payment Brand Rules (“Data Security Compromise Event”), TP3 shall cooperate (and shall cause Merchants and all applicable Service Providers to cooperate) with such forensic examination until it is completed (including, without limitation, the engagement of an examiner acceptable to the relevant Payment Brand). Notwithstanding the foregoing, the Payment Brands may directly engage, or demand that Paymentech engage, an examiner on behalf of TP3 or a Merchant in order to expedite the investigation of the Data Security Compromise Event. In either scenario, TP3 agrees to pay for all costs and expenses related to such forensic examination (including any attorneys’ fees and other costs relating to such forensic examination).
By executing this Agreement, TP3 represents that, in the event of its failure, including bankruptcy, insolvency, or other suspension of business operations, TP3 will not sell, transfer, or disclose any materials that contain Transaction Record or Payment Instrument Information to third parties. TP3 must return such information to Paymentech or provide Paymentech with acceptable proof of its destruction.
13. Information About TP3’s Business.
13.1 Additional Financial Information. Upon five (5) days’ written notice, TP3 agrees to furnish to Paymentech (i) its most recently prepared financial statements and credit information and (ii) if applicable, its three (3) most recent filings with the SEC.
Page 12 of 35 |
13.2 Audit Rights. With prior notice and during normal business hours, Paymentech’s duly authorized representatives may visit TP3’s business premises and may examine TP3’s books and records that pertain to Transaction Records or compliance with this Agreement.
13.3 Other Information. TP3 agrees to provide us at least thirty (30) days’ prior written notice of its or a Merchant’s intent to change product lines or services, its trade name, or the manner in which it accepts Payment Instruments. If Paymentech determines such a change is material to our relationship with TP3, Paymentech may refuse to process any Transaction Records made subsequent to the change following 5 days prior notice to TP3. TP3 agrees to provide Paymentech with prompt written notice if TP3 or a Merchant is the subject of any voluntary or involuntary bankruptcy or insolvency petition or proceeding.
14. Disclaimer; Limitation of Damages. Subject to Section 5, Paymentech will, at its own expense, correct any Transaction Data to the extent that such errors have been caused by Paymentech or by malfunctions of Paymentech’s processing systems. Under no circumstances will Paymentech’s financial responsibility for its failure of performance under this Agreement exceed the total fees paid to Paymentech under this Agreement (net of Payment Brand fees, third party fees, interchange, assessments, penalties, and fines) for the twelve (12) months prior to the time the liability arose; provided, however, that the foregoing limitation shall not apply to Paymentech’s indemnification obligations under Section 11.1. EXCEPT AS OTHERWISE PROVIDED FOR IN THIS AGREEMENT, AND EXCEPT WITH RESPECT TO TP3’S OR A MERCHANT’S FAILURE TO COMPLY WITH THE SECURITY STANDARDS AND EXCEPT WITH REPSECT TO ALL OF THE INDEMNIFICATION OBLIGATIONS OF EACH PARTY UNDER SECTION 11, IN NO EVENT WILL ANY PARTY, ITS RESPECTIVE DIRECTORS, OFFICERS, EMPLOYEES, OR AFFILIATES, BE LIABLE FOR SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, REGARDLESS OF THE FORM OF ACTION AND EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, OR ANY LOSS, THEFT, DISAPPEARANCE, OR DAMAGE TO DATA TRANSMITTED ELECTRONICALLY IN CONNECTION WITH THIS AGREEMENT. ANY FINES, FEES, PENALTIES, OR ASSESSMENTS IMPOSED BY THE PAYMENT BRANDS RELATED TO TP3’S OR MERCHANT’S ACCEPTANCE OF PAYMENT INSTRUMENTS SHALL NOT BE DEEMED TO BE CONSEQUENTIAL DAMAGES. ALL PARTIES ACKNOWLEDGE THAT THIS IS AN AGREEMENT FOR COMMERCIAL SERVICES. THE UNIFORM COMMERCIAL CODE DOES NOT APPLY AND PAYMENTECH AND MEMBER HEREBY DISCLAIM ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, MADE TO MERCHANT OR ANY OTHER PERSON, REGARDING QUALITY, SUITABILITY, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR OTHERWISE (REGARDLESS OF ANY COURSE OF DEALING, CUSTOM, OR USAGE OF TRADE) OF ANY SERVICES PROVIDED UNDER THIS AGREEMENT OR ANY GOODS PROVIDED INCIDENTAL TO SUCH SERVICES.
15. Miscellaneous.
15.1 Taxes. Unless TP3 is otherwise exempt, and, if applicable, provide a valid exemption certificate, TP3 agrees to pay any taxes imposed on the services, equipment, intellectual property, supplies, and other goods purchased or tangible property provided under this Agreement, and TP3 authorizes Paymentech to increase the amount we collect from TP3 to reflect any and all assessments or other taxes imposed on Paymentech as a result of the services provided to TP3 under this Agreement, if any.
15.2 Application and Credit Check. TP3 represents and warrants that statements made on the Application for this Agreement are true as of the date of execution of this Agreement. TP3 agrees to promptly update any changes thereto during the term of this Agreement. TP3’s signature on this Agreement authorizes Paymentech to perform any credit check deemed necessary with respect to TP3 and its directors, officers, affiliates, principals, and guarantors (if applicable).
15.3 Section Headings. The section headings of this Agreement are for convenience only and do not define, limit, or describe the scope or intent of this Agreement.
Page 13 of 35 |
15.4 Assignment. TP3 may not assign or transfer this Agreement, by operation of law, merger, or otherwise, without Paymentech’s prior written consent. In the event of such transfer or assignment, the party to whom the Agreement was transferred or assigned shall be bound to the terms and conditions of this Agreement to the same extent as if Paymentech, Member and such assignee or transferee, as the case may be, entered into an agreement identical to this Agreement on the effective date of such transfer or assignment. Upon notice to Merchant, another Payment Brand member may be substituted for Member under whose sponsorship this Agreement is performed and for whom Paymentech is acting as agent hereunder. Subject to Payment Brand Rules, Paymentech may assign or transfer this Agreement and its rights and obligations hereunder and may delegate its duties hereunder, in whole or in part, to any third party, whether in connection with a change in sponsorship, as set forth in the preceding sentence, or otherwise, without notice to or consent of Merchant. No assignee for the benefit of creditors, custodian, receiver, trustee in bankruptcy, debtor in possession, sheriff or any other officer of a court, or other person charged with taking custody of a party’s assets or business, shall have any right to continue or to assume or to assign this Agreement.
15.5 Parties; Public Statements. This Agreement binds TP3 and its respective heirs, representatives, and permitted and approved successors (including those by merger and acquisition) or assigns. This Agreement binds us and our respective heirs, representatives, successors, and assigns. TP3 represents and warrants that its execution of and performance under this Agreement (i) in no way breaches, contravenes, violates, or in any manner conflicts with any of its other legal obligations, including, without limitation, its corporate charter or similar document or any agreement between TP3 and any third party or any affiliated entity; (ii) has been duly authorized by all necessary action and does not require any consent or other action by or in respect of any third party; and (iii) that the person signing this Agreement on TP3 ‘s behalf is duly authorized to do so. In providing services to TP3, we will not be acting in the capacity of agent, partner, or joint venturer; we are acting solely as an independent contractor. TP3 will not, without Paymentech’s prior written consent in each instance, issue any media release, or make any other public announcement or public disclosure relating to this Agreement and/or the Program, except as may be approved in writing by the Paymentech and/or agreed by Paymentech pursuant to a separate written agreement between the parties. Notwithstanding the foregoing sentence or anything else set forth in the Agreement, TP3 may disclose this Agreement or the Program or any of the terms thereof pursuant to the requirements of any securities law or regulation, including the Securities Exchange Act of 1934, as amended (the “Act’), and the regulations promulgated thereunder. In any such event, TP3 shall use its best efforts to provide an opportunity to Paymentech to review and comment upon such disclosure. If TP3 is required to file a copy of this Agreement with the Securities and Exchange Commission under the Act or any regulation promulgated thereunder, TP3 shall seek confidential treatment by the Securities and Exchange Commission of information in the Agreement that is determined by TP3 to be confidential (in accordance with the rules promulgated under the Act).
15.6 Severability. Should any provision of this Agreement be determined to be invalid or unenforceable under any law, rule, or regulation, including any Payment Brand Rule, such determination will not affect the validity or enforceability of any other provision of this Agreement.
15.7 Waivers. No term or condition of this Agreement may be waived except pursuant to a written waiver executed by the party against whom such waiver is sought to be enforced.
15.8 Entire Agreement. The Payment Brand Rules, Application, and all schedules and attachments to this Agreement are made a part of this Agreement for all purposes. This Agreement represents the entire understanding between TP3 and Paymentech with respect to the matters contained herein and supersedes any prior agreements between the parties. This Agreement shall prevail over the terms of any agreement governing the Settlement Account or any agreement between TP3 and Merchant. The parties acknowledge and agree (i) that this Agreement applies only to Transaction Records generated within the United States; and (ii) that this is a contract for commercial services.
15.9 Notices. Except as otherwise provided in this Agreement, all notices must be given in writing and either hand delivered, faxed, mailed first class, postage prepaid, sent via electronic mail transmission, or sent via overnight courier (and will be deemed to be given when so delivered or mailed) to the addresses set forth below or to such other address as either party may from time to time specify to the other party in writing.
15.10 Governing Law; Waiver of Jury Trial. This Agreement will be governed by and construed in accordance with the laws of the State of Texas without reference to conflict of law provisions. Any action, proceeding, litigation, or mediation relating to or arising from this Agreement must be brought by Paymentech against TP3 in the county and state of TP3’s principal office as indicated below, and by TP3 against Paymentech exclusively in Dallas County, Dallas, Texas. THE PARTIES HEREBY KNOWINGLY, VOLUNTARILY, AND INTENTIONALLY WAIVE ANY RIGHTS EITHER OF THEM MAY HAVE TO CONTEST JURISDICTION OR VENUE. THE PARTIES HEREBY KNOWINGLY, VOLUNTARILY, AND INTENTIONALLY WAIVE ANY RIGHTS EITHER OF THEM MAY HAVE TO A TRIAL BY JURY IN RESPECT OF ANY LITIGATION BASED ON, ARISING OUT OF, OR IN CONNECTION WITH THIS AGREEMENT.
Page 14 of 35 |
15.11 Force Majeure. Neither party will be liable for delays in processing or other nonperformance caused by such events as fires, telecommunications failures, utility failures, power failures, equipment failures, labor strife, riots, war, terrorist attack, nonperformance of our vendors or suppliers, acts of God, or other causes over which the respective party has no reasonable control, except that nothing in this Section 15.11 will affect or excuse your liabilities and obligations for Chargebacks, refunds, or unfulfilled products and services.
15.12 Amendment and Consents. Any provision of this Agreement may be amended, but only if the amendment is in writing and signed by all parties. In order to be effective, any consent required under this Agreement must be in writing and signed by the party granting the consent.Notwithstanding the foregoing, in the event the terms of this Agreement must be amended pursuant to a change required by law, the Payment Brand Rules or any third party regulatory or governmental entity with jurisdiction over the matters described herein, such amendment will be effective upon thirty (30) days prior notice to TP3. TP3’s electronic signature or continued submission of Transactions following such notice will be deemed to be TP3’s acceptance of such amendment.
15.13 Counterparts and Electronic Signature. This Agreement may be executed in several counterparts, each of which will be deemed an original, but all of which together will constitute one and the same instrument. A signature received via facsimile or electronically via email shall be as legally binding for all purposes as an original signature.
15.14 Survival. The provisions of Sections 1.7, 4.2, 4.4, 4.5, 4.6, 6.1, 7, 10.4, 10.5, 11, 12, 14, 15, and 16 shall survive the termination of this Agreement.
15.15 Federal Income Tax Reporting. Pursuant to 26 USC 6050W Paymentech is a “payment settlement entity”, obligated to collect and report certain taxpayer information to the United States Internal Revenue Service. Therefore, in conjunction with the execution of this Agreement, TP3 shall provide Paymentech with the appropriate taxpayer certification documentation, via Internal Revenue Service (IRS) Form W-9 (or the appropriate versions of Form W-8, if applicable). TP3 shall promptly notify Paymentech if there are any changes in this information. Paymentech may deduct withholding taxes, if any, from proceeds payable to TP3 where required under applicable law. Paymentech may, in accordance with applicable law and from time to time during the term of this Agreement, request TP3 to recertify its taxpayer certification hereunder. Furthermore TP3 shall be responsible for any penalties related to the reporting obligations of Paymentech hereunder to the extent such penalties accrue based on the actions or inactions of TP3 provided that there has been reasonable notice from Paymentech.
To the extent Paymentech does not directly fund Merchants for the settlement proceeds of Transactions processed hereunder, the parties agree that Paymentech shall have no tax reporting obligations whatsoever for any Merchants which submit transactions through TP3 under this Agreement. Therefore, TP3 agrees to comply with any information reporting requirements under any Federal or State laws related to the payment by TP3 to Merchant of settlement proceeds from Transaction processed pursuant to this Agreement, including, without limitation, Internal Revenue Code (IRC) Section 6050W and similar laws enacted by any state or other taxing jurisdiction. TP3 agrees that TP3 has sole responsibility for gathering, storing and reporting all required Merchant and Transaction data to comply with such laws and TP3 agrees to fully indemnify and hold Paymentech and Member harmless against any applicable taxes, fines and penalties related to such compliance and reporting.
To the extent Paymentech does directly fund Merchants for the settlement proceeds of Transactions processed hereunder, TP3 shall assist Paymentech with the collection of appropriate taxpayer certification documentation from all applicable Merchants (via IRS Form W-9 or W-8). Unless otherwise provided herein or agreed to by the parties, Paymentech has sole responsibility for complying with all tax reporting obligations related to the payment by Paymentech to Merchant of settlement proceeds from Transaction processed pursuant to this Agreement, including, without limitation, Internal Revenue Code (IRC) Section 6050W and similar laws enacted by any state or other taxing jurisdiction.
15.16 No Third Party Beneficiaries. This Agreement confers no rights on any person not a signatory hereof, including, without limitation, any Merchant.
Page 15 of 35 |
16. Definitions.
“Application” is a statement of TP3’s financial condition, a description of the characteristics of TP3’s business or organization, and related information TP3 has previously or concurrently submitted to Paymentech, including credit and financial information, to induce Paymentech to enter into this Agreement and that has induced Paymentech to process Transactions under the terms and conditions of this Agreement.
“Chargeback” is a reversal of a Transaction previously presented to Paymentech pursuant to Payment Brand Rules.
“Conveyed Transaction” is any Transaction conveyed to a Payment Brand for settlement by such Payment Brand directly to TP3 or Merchant.
“Customer” is the person or entity to whom a Payment Instrument is issued or who is otherwise authorized to use a Payment Instrument.
“Effective Date” means the date this Agreement takes effect pursuant to Section 10.1.
“JPMC” means X.X. Xxxxxx Xxxxx & Co. and its affiliates.
“Member” is JPMorgan Chase Bank, N.A. or other entity providing sponsorship to Paymentech as required by all applicable Payment Brands. Member is a principal party to this Agreement and your acceptance of Payment Brand products is extended by the Member.
“Payment Brand” is any payment method provider whose payment method is accepted by Paymentech for processing, including, but not limited to, Visa, U.S.A., Inc., MasterCard International, Inc., Discover Financial Services, LLC and other credit and debit card providers, debit network providers, electronic check and ACH payments, gift card and other stored value and loyalty program providers. Payment Brand also includes the Payment Card Industry Security Standards Council and the Electronic Payments Association (NACHA).
“Payment Brand Rules” are the bylaws, rules, and regulations, as they exist from time to time, of the Payment Brands, including, without limitation, any operating principles (including without limitation the TP3 Risk Management Standards and Operating Procedures identified in Schedule C of this Agreement), as may be revised from time to time by the Payment Brands in their sole discretion.
“Payment Application” is a third party application that is involved in the authorization or settlement of Transaction Record.
“Payment Instrument” is an account, or evidence of an account, authorized and established between a Customer and a Payment Brand, or representatives or members of a Payment Brand that TP3 or Merchant accepts from Customers as payment for a good or service. Payment Instruments include, but are not limited to, credit and debit cards, electronic check and ACH payments, stored value cards, loyalty cards, electronic gift cards, authorized account or access numbers, paper certificates and credit accounts.
“Payment Instrument Information” is information related to a Customer or the Customer’s Payment Instrument, that is obtained by TP3 or Merchant from the Customer’s Payment Instrument, or from the Customer in connection with his or her use of a Payment Instrument (for example a security code, a PIN number, or the customer’s zip code when provided as part of an address verification system). Without limiting the foregoing, such information may include the Payment Instrument account number and expiration date, the Customer’s name or date of birth, PIN data, security code data (such as CVV2 and CVC2) and any date read, scanned, imprinted, or otherwise obtained from the Payment Instrument, whether printed thereon, or magnetically, electronically or otherwise stored thereon. For the avoidance of doubt, the data elements that constitute Payment Instrument Information shall be treated according to their corresponding meanings as “cardholder data” and “sensitive authentication data” as such terms are used in the then current PCI DSS.
“Paymentech”, “we”, “our”, and “us” is Paymentech, LLC, a Delaware limited liability company, having its principal office at 00000 Xxxxxx Xxxxxxx, Xxxxxx, Xxxxx 00000.
“Retrieval Request” is a request for information by a Customer or Payment Brand relating to a claim or complaint concerning a Transaction.
“Security Standards” are all rules, regulations, standards or guidelines adopted or required by the Payment Brands or the Payment Card Industry Security Standards Council relating to privacy, data security and the safeguarding, disclosure and handling of Payment Instrument Information, including but not limited to the Payment Card Industry Data Security Standards (“PCI DSS”), visa’s Cardholder Information Security Program (“CISP”), Discover’s Information Security & Compliance Program, American Express’s Data Security Operating Policy, MasterCard’s Site Data Protection Program (“SDP”), Visa’s Payment Application Best Practices (“PABP”), the payment Card Industry’s Payment Application Data Security Standard (“PA DSS”), MasterCard’s POS Terminal Security program and the Payment Card Industry PIN Entry Device Standard, in each case as they may be amended from time to time.
“Service Provider” is any party that processes, stores, receives, transmits, or has access to Payment Instrument Information TP3’s behalf or any Merchant’s behalf, including, but not limited to, TP3’s or Merchants’ agents, business partners, contractors, and subcontractors.
Page 16 of 35 |
“Settled Transaction” is a Transaction conducted between a Customer and TP3 (on behalf of Merchant) utilizing a Payment Instrument in which consideration is exchanged between the Customer and Merchant for the purchase of a good or service or the return of refund of such purchase and the dollar amount of such Transaction is settled by the Payment Brand through Paymentech to TP3 or the Merchant’s settlement account.
“Transaction” is a transaction conducted between a Customer and a Merchant utilizing a Payment Instrument in which consideration is exchanged between the Customer and Merchant, and which is submitted to Paymentech by TP3.
“Transaction Record” is the written or electronic record of a Transaction, including but not limited to an authorization code or settlement record submitted to Paymentech for processing.
IN WITNESS WHEREOF, the undersigned parties have duly executed this Agreement.
Agreed and Accepted by: | Agreed and Accepted by: | |||
USATECHNOLOGIES, INC. | PAYMENTECH, LLC for itself and on behalf of JPMORGAN CHASE BANK, N.A. | |||
TP3 Legal Name | ||||
/s/Xxxxxxx X. Xxxxxxx | /s/*** | |||
By (authorized signature) | By | |||
Xxxxxxx X. Xxxxxxx, Chairman/CEO | *** | |||
Print Name and Title | Print Name and Title | |||
4/22/15 | April 24, 2015 | |||
Date | Date | |||
000 Xxxxxxxxx Xxxx, Xxxxx 000 | *** | |||
Xxxxxxx | Xxxxxxx | |||
Xxxxxxx, XX 00000 | *** | |||
City, State Zip | City, State Zip |
To
Be Completed By Paymentech, LLC Your Agreement Contract Number is: ___248258 - 540133____________________________ Your Processing Identification Number Will Be Provided At Time of Processing Set Up |
Page 17 of 35 |
Schedule A
Pricing Schedule
***
Page 18 of 35 |
SCHEDULE B
TP3 Risk and Compliance Obligations
TP3 agrees it will provide, comply and cooperate with Paymentech as follows:
1. TP3 Platform - TP3 agrees to provide the required information to support and certify to the TP3 Platform. The TP3 Platform requirements, include, but are not limited to, inclusion in transaction data of needed specifications for unique Merchant ID, as well as other data fields, such as Merchant name, tax id, MCC, status, and owner records (the Required Specifications are attached hereto as Exhibit B-1). Once certified to the TP3 Platform, in the event there are issues identified by Paymentech or by TP3 with data feeds or other errors, TP3 will remediate the issue within thirty (30) business days.
2. Sanctions Screening - Paymentech will perform sanctions screening of all prospective Merchants. If the screening indicates that the prospective or existing Merchant or its owner(s) are on a sanctions list, TP3 will research and provide additional demographic information, as may be requested by Paymentech, and will provide the results of such research to Paymentech within three (3) Business Days. TP3 shall ensure that a prospective Merchant listed on a sanctions list shall not be permitted to be a Merchant. In addition, if an existing Merchant is found on a sanctions list, Paymentech will notify TP3 and TP3 must terminate such Merchant within three (3) Business Days.
3. MATCH/TMF
3.1 Screening. As required by the Payment Brands, TP3 will perform MATCH/TMF screening on all of its Merchants. Each prospective Merchant and its owner(s) must be cleared against Visa’s TMF and MasterCard’s MATCH files before TP3 enters into an agreement with or processes any transactions for a Merchant. If the initial query indicates that the prospective Merchant or its owner(s) are on the MATCH or TMF lists, TP3 will research and determine if Merchant is a true match and will provide the results of such query and research to Paymentech within three (3) Business Days. TP3 shall ensure that a prospective Merchant listed on the TMF or MATCH File is not permitted to be a Merchant.
3.2 Termination. If a decision is made to terminate a Merchant and MATCH or TMF Criteria is met (MATCH/TMF Criteria is determined by the respective Payment Brand and will be provided to TP3 by Paymentech upon request), TP3 will report such decision to terminate to Paymentech and will provide to Paymentech, within three (3) Business Days of the date in which the decision to terminate was made, information sufficient to permit Paymentech to add Merchant to MATCH/TMF within the time frame required by MasterCard and Visa.
4. CIP / KYC Requirements -TP3 is required to implement and maintain appropriate CIP/KYC procedures with respect to all of its Merchants. Paymentech will review, evaluate and examine the TP3’s policies and procedures for customer identification to determine if they are adequate, meet all legal/regulatory obligations of the TP3, and can result in a reasonable conclusion that the TP3 knows its customers. If the TP3’s policies are determined to be less than adequate, or do not meet their legal/regulatory obligations, TP3 agrees to remediate and correct any noted deficiencies in its policies and procedures within thirty (30) Business Days or within such other mutually acceptable time frame as may be agreed between the parties if it is not commercially reasonable for TP3 to correct such deficiencies within thirty (30) Business Days. TP3 agrees to provide Paymentech with the resulting data it obtains through its CIP/KYC process in a format and manner that is acceptable to Paymentech. TP3 also agrees to maintain the resulting CIP/KYC data/documentation in its records for at least seven (7) years. Any change in TP3’s CIP/KYC policies and procedures must be submitted to us, in writing, not less than thirty (30) days prior to the effective date of such change.
5. Prohibited Merchant Types - The Prohibited Businesses and Business Activities, Prohibited Merchants, and Prohibited Transactions, which are identified in the attached Exhibit B-2, shall not be supported in the Program, and TP3 shall implement and maintain appropriate procedures to prevent the processing of transactions on behalf of such merchants and transaction types. TP3 shall notify Paymentech promptly in the event that it has reason to believe that any Merchant or any Merchant’s activities or Transactions fall within any of the Prohibited Businesses and Business Activities, Prohibited Merchants, and Prohibited Transactions set forth in Exhibit B-2.
6. TP3 Transaction Monitoring - TP3 is required to perform transaction monitoring on all of its Merchants’ transactions and to provide Paymentech with the resulting data in a manner and format that is acceptable to Paymentech. TP3 agrees to provide its policies and procedures to Paymentech, for review. Paymentech will to determine the adequacy of the TP3’s due diligence and transaction monitoring policies, procedures, and processes and will advise TP3 on any changes or improvements that may be required. TP3 agrees to remediate and correct any noted deficiencies in its policies and procedures within thirty (30) Business Days or within such other mutually acceptable time frame as may be agreed between the parties if it is not commercially reasonable for TP3 to correct such deficiencies within thirty (30) Business Days. In addition, in the event that unusual activity is detected by TP3’s transaction monitoring policies and procedures, TP3 will escalate and notify Paymentech in accordance to the Risk Escalation Quick Reference Guide (attached hereto as Exhibit B-3) and will investigate and provide Paymentech with a completed Risk Escalation Form (attached hereto as Exhibit B-4) showing the results of its investigation to Paymentech within three (3) Business Days.
Page 19 of 35 |
7. Escalations and Investigations – In the event that Paymentech detects unusual activity, potentially prohibited activity or Paymentech becomes aware of circumstances that indicate a potential legal or regulatory issue with respect to TP3 or a Merchant, TP3 agrees to work with Paymentech in good faith and agrees to provide any information which may be requested by Paymentech in order to permit Paymentech to perform its own investigation and resolution of potential legal and/or regulatory violations or other questionable behavior pertaining to TP3 or TP3’s Merchants.
8. Onsite Compliance Validations - TP3 will permit Paymentech to come onsite at the inception of this Agreement and on an on-going basis, as requested by Paymentech, thereafter, to review TP3’s compliance with the requirements and obligations contained in this Agreement. These requirements include access to the requested information contained in this Schedule B, as well as the information and documentation required to complete the attached Third Party Payment Processor Due Diligence Certification (attached as Exhibit B-5), which TP3 will be required to execute, following such initial and yearly onsite, attesting to the compliance requirements contained therein.
8.1 | During the onsite visit, a TP3 Questionnaire will be completed and will include the following questions about the TP3. TP3 agrees to provide information and documentation to Paymentech sufficient, as determined by Paymentech, to allow Paymentech to make the following determinations and evaluations: |
a. | Paymentech will determine the geographies of the TP3’s physical presence and significant business operations, customers, vendors, suppliers, transaction activities, and income/revenues |
b. | Paymentech will obtain and evaluate the TP3’s annual report/financial statement for any AML/sanctions risks |
c. | Paymentech will determine whether the TP3 has obtained all necessary state licenses, registrations, and approvals |
d. | Paymentech will determine whether the TP3 has procedures in place to meet requirements of regulations implementing the Unlawful Internet Gambling Enforcement Act of 2006 |
e. | Paymentech will determine if the TP3 is also an MSB; if so, the information outlined in Section 8.2 below, is also required |
f. | Paymentech will determine if the TP3 intends to use its JPMC products and services on behalf of its customers; |
g. | Paymentech will gather information regarding the TP3’s AML record, particularly related to any recent regulatory actions, tax avoidance issues and/or fines/penalties issued by a government agency. |
h. | Paymentech will determine whether the TP3 re-sells its services to a third party (e.g., an agent or provider of Independent Sales Organization (ISO) opportunities or gateway arrangements) or provides processing on behalf of other intermediaries through its accounts or services at JPMC. |
i. | Paymentech will require to gather information about the TP3’s customers, including the average number and types |
j. | Paymentech will determine whether the TP3 will be depositing Remotely Created Checks (RCCs) generated on behalf of customers into its JPMC account |
k. | Paymentech will assess TP3’s customer complaints (if applicable) Paymentech will identify if the TP3 uses more than one bank to process its customers’ payments and whether the TP3 has a history of moving from one bank to another within a short period of time |
l. | Paymentech will review and discuss independent audit results |
m. | Paymentech will obtain a list of the TP3’s customers, including name, address, to screen names for sanctions |
Page 20 of 35 |
n. | Paymentech will validate directly or indirectly that the TP3’s customers are legitimate businesses. Direct validation is performed by obtaining the TP3s new customers’ information in accordance with JPMC requirements and performing CIP and name screening |
o. | Paymentech will determine if any of the TP3’s customers are prohibited according to JPMC’s Global KYC Standards or risk tolerance |
p. | Paymentech will review and evaluate information related to the TP3’s return history at JPMC, including rates of return for ACH debit transactions and check deposits per month |
q. | Paymentech will obtain information on the TP3’s customers’ sales channels (e.g., Internet or store locations). |
r. | Paymentech will determine the swiping versus keying volume for credit card transactions and charge-back activity if JPMC processes the card activity. |
s. | For TP3s who offer services via mobile/smart phone/tablet POS, the following must also be obtained and evaluated: |
s.1 | Paymentech will review of the TP3's device security and encryption capabilities |
s.2 | Paymentech will review of the TP3’s ability to validate location, IP address and/or Political Time Zone device functionality to identify transaction origination |
8.2 | In the event the TP3 is also an Money Service Business (“MSB”), or becomes an MSB at a later date, then TP3 (also referred to as “MSB” in this Section 8.2) also agrees to provide information and documentation to Paymentech sufficient, as determined by Paymentech, to allow Paymentech to make the following determinations and evaluations: |
A. | Paymentech will review and assess the MSB’s operations, its size, dollar volumes, types of services, type/nature of customers, and internal control procedures |
B. | Paymentech will evidence that the MSB is registered in the jurisdiction and in compliance with any licensing requirements |
C. | Paymentech will review the MSB’s agent oversight procedures and AML training materials used with employees and agents |
D. | Paymentech will obtain and document whether the MSB is acting as a principal or as an agent for another principal MSB. If acting as principal, obtaining a list of agents and their locations when the agents are receiving services directly or indirectly through the principal’s JPMC account. If acting as agent, obtaining the principal’s name and screening it against the OFAC and other countries’ sanctions lists (as applicable), the JPMC Internal Name Screening Lists, and negative media |
E. | Paymentech will obtain and documenting sufficient information to form a reasonable understanding of the MSB’s agent types |
F. | Paymentech will determine and evaluate the MSB’s ownership |
G. | Paymentech will document information known or reasonably available publicly regarding the MSB customer’s reputation and AML record, particularly related to any recent fines or penalties issued by a government agency. |
H. | Paymentech will validate the name and address of the person residing in the US and authorized to be agent to accept service of legal process; applicable if the MSB is located outside the US but is doing business wholly or substantially within the US |
I. | Paymentech will determine and understand the nature and duration of JPMC’s relationship with the MSB and any of its subsidiaries and affiliates |
J. | Paymentech will determine the nature of MSB’s business, anticipated activity, types of products and services offered and the locations and markets served by the MSB. |
K. | Paymentech will review the MSB’s AML compliance program by obtaining a completed AML questionnaire form and considering the extent to which the program is reasonably designed to detect and prevent money laundering |
Page 21 of 35 |
L. | If a foreign MSB (defined as an MSB that is located outside of the United States), then Paymentech will evaluate the AML environment and supervisory regime of the jurisdiction that issued the charter or license, and to the extent that information regarding such jurisdiction is reasonably available, of the jurisdiction in which any company which is an owner is incorporated or chartered. |
Page 22 of 35 |
Exhibit B-1
***
Page 23 of 35 |
Prohibited Business Types
Exhibit B-2
Prohibited Merchants
The following merchant types are considered Prohibited in part due to image concerns, Association prohibition, unlawful activity and extreme high risk which increases potential liability above and beyond that which is expected in the normal course of business. These types of products and services may also have a history of creating a high level of fraud and chargeback activity. Applications from these merchant types will not be considered and should not be solicited.
Prohibited Merchants include but are not limited to:
o | *** |
Page 24 of 35 |
Exhibit B-3
RISK ESCALATION QUICK REFERENCE GUIDE
SUSPICIOUS ACTIVITY/TRANSACTIONS |
Fraudulent merchant applications, sales, credits, or other transactions; Excessive fraud related chargebacks; Identity theft; Merchant victimized from fraud scam and activity exceeds ***; Accounts linked to other known fraudulent activity or fraud related accounts; Merchant attempting to refund all transactions; Merchant is victim of unauthorized access into their terminal, and activity exceeds $25,000; Merchant is a victim of employee theft via refunds exceeding *** if employee is identified, *** if not identified; Merchant Collusion exceeding ***; Any money laundering activity regardless of termination; and Unauthorized fraud transactions are confirmed directly from Cardholders
NOTE: This not an all inclusive list. Its purpose is to provide some thoughts and examples of activity that would warrant an escalation. Each case stands on its own and may have a unique set of circumstances that may not be listed above. |
ESCALATION EVENT TYPES | ||
Event Type | Dollar Threshold |
Timeframe |
Internal/Insider fraud | No monetary amount |
Immediately escalate TBD
|
Money Laundering | No monetary amount |
Immediately escalate TBD
|
Suspect Known
|
*** or more | CPS Requires: No later than 5 business days after event identification. |
No Suspect | *** or more | CPS Requires: No later than 5 business days after event identification. |
Supplemental | No monetary amount |
Immediately upon detection.
|
Correction | No monetary amount |
Immediately upon detection of error.
|
NARRATIVE - IMPORTANT REMINDERS | |
Do | Don’t |
Write the narrative in MS Word and use the Grammar/ Spell check feature
Write the 5 essential elements: 1. Who is conducting the criminal or suspicious activity?
2. What type of suspicious activity occurred?
3. When were the significant dates in the case?
4. Where did the suspicious activity take place?
5. Why does the institution think the activity is suspicious? |
Insert tables, files, or documents in the narrative field
Use non-factual information, personal opinions, and/or bank jargon, e.g., chargebacks; retrieval requests; and other industry specific terms
Use capitalized letters throughout the entire narrative
State, “additional information is available upon request” or “please contact me for further information.”
Write in the first person
|
Page 25 of 35 |
Exhibit B-4
TP3 Risk Escalation Form | ||||
User ID #: | Discovery Date of Activity: | |||
Date Submitted to Paymentech: | Submitted By: | |||
User Information | ||||
True/Owner Name: | ||||
Residence Address: | ||||
City: | State: | ZIP Code: | ||
Email Address: | ||||
Residence Tel #: | Date of Birth: | SSN: | ||
Cell Phone #: None | ||||
Account Information | ||||
Account/User Name: | ||||
Business Address: | ||||
City: | State: | ZIP Code: | ||
Business Tel #: | Activation Date: | |||
First Transaction Date: | Freeze Date: | Deactivation Date: | ||
Bank Name: | Routing #: | Account #: | ||
Usage Information | ||||
MCC Code: | ||||
Device Information | ||||
Number of Devices: | ||||
Device #1: | ||||
UDID: | ||||
Transaction Information | ||||
GPV: $ | ||||
Number Of Successful Transactions: | Number Of Unsuccessful Transactions: | |||
Number Of Chargebacks: | Total Dollar Value of Received Chargebacks: $ | |||
Total Dollar Value of Frozen Collateral: $ | ||||
Additional Account Notations | ||||
Why was action taken on the account? If a merchant questionnaire was submitted, what was supplied? Relevant public information: Relevant background information: Notes from the overall payment activity: Notes from chargebacks/refunds/tipping: Relevant account connections: Shared card activity (if applicable): Summary of why the account is being escalated: | ||||
Page 26 of 35 |
Exhibit B-5
THIRD PARTY PAYMENT PROCESSOR
CERTIFICATION
This certification is a JPMorgan Chase Bank, N.A. (“JPMC”) requirement for all third party processors including clients that process payments for their affiliates through their JPMC deposit accounts. This form is intended to facilitate JPMC’s compliance with applicable Anti-Money Laundering (AML) laws and regulations. This form should be updated whenever the below named Client makes changes in their Due Diligence Program that would affect the accuracy of the information provided in this certification. As used in this form, the term “Customer” means the Client’s customer, affiliate or other third party whose payments are being transmitted or otherwise processed through the Client’s account at JPMC.
TO BE COMPLETED BY A SENIOR MANAGER OR COMPLIANCE OFFICER | |
Legal Name of Client: _______________________________________________________________
TIN: __________________
I am an authorized officer, member, manager, director or other authorized official of the above-named client (the “Client”). I hereby certify that the following information:
1. Does the Client have a duly authorized Compliance Officer? Yes ☐ No ☐ If “Yes”, list the following: Name: ___________________________ Title: ____________________________
1. Does the Client maintain risk-policies, procedures, and a system of internal controls to assure ongoing Customer Due Diligence validating the legitimacy of the Customers’ businesses such as conducting background checks? Yes ☐ No ☐
2. Does the Client maintain a written Customer Identification Program (“CIP”) that includes the validation of the identity of Customers through a particular process or tool? Yes ☐ No ☐ If “Yes”, please describe below: ____________________________________________________________________________________________________________ ____________________________________________________________________________________________________________ ____________________________________________________________________________________________________________ ____________________________________________________________________________________________________________
3. Does the Client conduct AML training for employees involved in AML functions? Yes ☐ No ☐
|
Page 27 of 35 |
4. Does the Client independently test for compliance with the program and applicable laws? Yes ☐ No ☐ If “Yes”, list the following: Date of last independent test: ______________________ Name of Entity who conducted the test: _________________________________
5. Does the Client perform transaction monitoring to assess and manage the risks associated with processing third party payments to identify potentially suspicious activity, including ACH debit returns (including unauthorized returns), and if applicable, charge-backs or other returns? Yes ☐ No ☐
6. Does the Client immediately report to JPMC any activity or transaction of a Customer that the Client suspects or becomes aware that such activity or transaction may be of an illegal or illegitimate nature? Yes ☐ No ☐
7. Does the Client conduct OFAC sanctions screening? Yes ☐ No ☐
8. Has the Client provided JPMC with a list of Customers’ names, addresses, taxpayer identification numbers, and principal business activities? Yes ☐ No ☐
9. Does the Client notify JPMC of new customers including the name, address, taxpayer identification number, principal business activity, and does the Client collect customer identification due diligence and screening on such customers prior to submission? Yes ☐ No ☐
10. Can the Client verify they do not have any prohibited customer types (as identified to the Client by JPMC) transacting through JPMC accounts? Yes ☐ No ☐
11. Can the Client verify they do not permit its Customers to resell services to any parties as related to transactions through JPMC accounts or services? Yes ☐ No ☐
12. Can the Client verify they do not have any relationships with money service businesses, financial institutions, payment processors or any other intermediaries that may be executing payments on behalf of third parties through Client’s accounts at JPMC? Yes ☐ No ☐
13. Can the Client verify they do not have any Customers that are involved in gaming where transactions are processed through JPMC accounts? Yes ☐ No ☐ |
Page 28 of 35 |
14. Has the Client provided JPMC with a Regulation GG Unlawful Internet Gambling Certification for any U.S. dollar accounts? Yes ☐ No ☐
| |
The undersigned further certifies that he/she has read and understands this Certification, that the statements made in this Certification are complete and correct in all material respects, and that he/she is authorized to execute this Certification on behalf of the Client. | |
Authorized Certifying Signature: | Date: |
Printed Name: | Title: |
Address: | Phone Number: |
Page 29 of 35 |
Schedule C
(Commercial Entities Agreement)
This Commercial Entity User Agreement (“CEA”) is provided to all Program Participants that are Commercial Entities (as defined by Visa and MasterCard) and open an account with USA Technologies, Inc. (“USA Technologies). Each such entity or person receiving this CEA is referred to herein as “Merchant” and may be referred to herein as “you” and/or “your”. This CEA constitutes your separate legally binding contract for credit and debit card processing for payment transactions between (1 ) you, as a Commercial Entity; and (2) Paymentech, LLC on behalf of itself and JPMorgan Chase Bank, NA (collectively, “Paymentech”). Paymentech shall be a third-party beneficiary of, and may enforce any provisions of, or cease providing credit and debit card processing services under, the USA Technologies ePort Connect Services Agreement (“ePCSA”), entered into by and between Merchant and USA Technologies, which sets forth requirements regarding credit and debit card payments, all of which are incorporated in this CEA by reference. In this CEA “we”, “us” and “our” refer to Paymentech.
By signing the USA Technologies Payment Processing Services Agreement, the Merchant agrees to this CEA which is included in the ePCSA as Exhibit A. Merchant agrees to the terms and conditions of this CEA and any documents incorporated by reference. Merchant further agrees that this CEA forms a legally binding contract between Merchant and Paymentech. Any rights not expressly granted herein are reserved by Paymentech.
1. Purpose of this CEA. When your customers pay you, they may have the option of paying you through funding sources including a credit card funded payment. Since you may be the recipient of a credit card funded payment, Visa U.S.A., Inc. and Visa International (“Visa”) and MasterCard International Incorporated (“MasterCard”) (collectively the “Networks”) require that you enter into a direct contractual relationship with a bank that is a Merchant of the Networks. By entering into the CEA, you are fulfilling the Network rule of entering into a direct contractual relationship with a Merchant bank, and you are agreeing to comply with Network rules as they pertain to payments you receive through USA Technologies.
2. Network Rules. The Networks require that you comply with all bylaws, rules and regulations of the Networks, as may be applicable to you and your payment transactions and as are in effect from time to time (“Network Rules”). You understand that Paymentech may be required to modify this CEA in order to comply with the requirements imposed by the Network Rules. You may use the logos of the Networks only in the manner authorized by the Networks and to indicate that Visa and MasterCard cards are accepted as methods of payment.
3. Merchant represents, warrants, and covenants that, to the best of its knowledge, each Transaction:
(a) | represents payment for or Refund of a bona fide sale or lease of the goods, services, or both, which Merchant has the legal right to sell and which is provided by Merchant in the ordinary course of its business; |
(b) | is not submitted on behalf of a third party; |
(c) | represents a current obligation of the customer solely for the amount of the Transaction; |
(d) | does not represent the collection of a dishonored check or the collection or refinancing of an existing debt; |
(e) | represents goods that have been provided or shipped, or services that have actually been rendered, to the customer; |
(f) | is free from any material alteration not authorized by the customer; |
(g) | or the amount thereof, is not subject to any dispute, setoff, or counterclaim; |
(h) | if such Transaction represents a credit to a customer’s payment card, is a refund for a Transaction previously submitted under the ePCSA; and |
Page 30 of 35 |
(i) | complies with applicable laws and all applicable Network Rules. | |
(j) |
4. Furthermore, Merchant represents, warrants, and covenants that, to the best of its knowledge, Merchant has not
(k) | disbursed or advanced any cash to the customer (except as authorized by the Card Brand Rules) for itself or to any of its representatives, agents, or employees in connection with the Transaction; |
(l) | accepted payment for effecting credits to a customer or a customer’s payment card; |
(m) | made any representation or agreement for the issuance of Refunds except as stated in Merchant’s Refund Policy; |
(n) | been provided with any information that would lead Merchant to believe that the enforceability or collectibility of the Transaction is in any manner impaired; and |
(o) | submitted any Transaction that Merchant knows or should have known to be either fraudulent, illegal, damaging to the Network(s), not authorized by the customer, or otherwise in violation of any provision of this CEA, applicable law, or Network Rules. |
5. Discrimination. Merchant agrees that it shall not engage in any acceptance practice that discriminates against or discourages the use of Visa or MasterCard in favor of any other card brand.
6. Access to Cardholder Data. Merchant may receive Cardholder Data in connection with services provided under this Agreement. Merchant agrees that (i) it will not use the Cardholder Data for any purpose that it knows or should know to be fraudulent or in violation of any Network Rules; (ii) it will not sell, purchase, provide or exchange in any manner or disclose Cardholder Data to anyone other than its acquirer, Visa or MasterCard (as applicable) or in response to a government request; and (iii) it will be compliant with the Payment Card Industry Data Security Standards (PCI DSS) and will cooperate in a forensic investigation if so required.
7. Merchant Identification. Merchant agrees to prominently and unequivocally inform the cardholder of the identity of the Merchant at all points of interaction.
8. Chargebacks. Merchant shall use all reasonable methods to resolve disputes with the cardholder. Should a chargeback dispute occur, Merchant shall promptly comply with all requests for information from USA Technologies or Paymentech. Merchant shall not attempt to recharge a cardholder for an item that has been charged back to the cardholder, unless the cardholder has authorized such actions.
9. Merchant’s Refund Policy Must Be Clearly Communicated. If Merchant limits refund/exchange terms or other specific conditions for Card sales, Merchant’s policy must be clearly provided to the cardholder prior to the sale and as part of the sale confirmation process.
10. Term and Termination. This CEA is effective upon the date Merchant accepted the ePCSA and continues so long as Merchant uses the service or until terminated by Merchant or Paymentech, provided that those terms which by their nature are intended to survive termination (including without limitation, indemnification obligations and limitations of liability) shall survive. This CEA may be terminated by Paymentech at any time based on a breach of any of Merchant’s obligations under this Agreement or the ePCSA, or based on the termination of the payment processing relationship between USA Technologies and Paymentech. This CEA will terminate automatically upon any termination or expiration of Merchant’s ePCSA.
11. Indemnification. Merchant agrees to indemnify and hold Paymentech harmless from and against all losses, liabilities, damages and expense: (a) resulting from any breach of any warranty, covenant or agreement or any misrepresentation by Merchant under this Agreement; (b) arising out of Merchant’s or its employees’ negligence or willful misconduct, in connection with Card transactions or otherwise arising from Merchant’s provision of goods and services to customers; (c) arising out of Merchant’s use of the payment processing services; or (d) arising out of any third party indemnifications Paymentech is obligated to make, or liabilities or other obligations Paymentech may incur, as a result of Merchant’s actions (including indemnifications of or liabilities to, any Network or Issuing Bank). Paymentech agrees to indemnify and hold Merchant harmless from and against all losses, liabilities, damages and expenses: (a) resulting from any breach of any warranty, covenant, or agreement or any misrepresentation under this Agreement; or (b) arising from our gross negligence or willful misconduct in connection with this Agreement.
Page 31 of 35 |
12. Assignment/Amendments. This CEA may not be assigned by Merchant without the prior written consent of Paymentech. Paymentech may assign its rights under this CEA without Merchant’s consent. This CEA may be amended by the parties only upon mutual written agreement. Notwithstanding the above, Paymentech may amend this CEA to comply with Network and regulatory regulations upon written notice to Merchant.
13. Warranty Disclaimer. This CEA is a service agreement. We disclaim all representations or warranties, express or implied, made to Merchant or any other person, including without limitation, any warranties regarding quality, suitability, merchantability, fitness for a particular purpose or otherwise of any services or any goods provided incidental to the services provided under this CEA to the extent permitted by law.
14. Limitation of Liability. Except as provided otherwise in this CEA, in no event shall Paymentech or Merchant, or their respective affiliates, directors, officers, employees, agents or subcontractors, be liable for an indirect, consequential, incidental or punitive damages arising out of or related to this CEA or the payment services, including without limitation any inability, delay or errors in using the service. In addition, notwithstanding anything in this CEA to the contrary, Paymentech’s cumulative liability for all losses, claims, suits, controversies, breaches or damages for any cause whatsoever (including, but not limited to, those arising out of or related to this CEA) and regardless of the form of action or legal theory, and whether or not arising in contract or tort, shall not exceed $25,000.
15. Chase Paymentech may:
(a) | share information related to Merchant’s Transactions and other information provided by Merchant with Chase Paymentech’s affiliates; |
(b) | use or disclose information related to Merchant’s Transactions: |
i. | as necessary to process Merchant’s Transactions or otherwise provide Services and maintain Merchant’s account pursuant to this Agreement; |
ii. | to detect prevent, reduce, or otherwise address fraud, security, or technical issues; |
iii. | to enhance or improve Chase Paymentech’s products and Services generally; or |
iv. | as required or permitted by the Card Brands or applicable law; and |
(c) | prepare, use, or share with third parties, aggregated, non-personally identifiable information derived from Transactions of all of Chase Paymentech’s customers or specific segments of Chase Paymentech’s customers. |
16. General Provisions. This CEA will be binding upon and will inure to the benefit of the parties’ respective representatives, successors, and assigns. This CEA may not be amended except by Paymentech upon notice to you, and your continued use of USA Technologies’ services after such notice constitutes your acceptance of such amendment. The failure of a party to this CEA to object to or to take affirmative action with respect to any conduct of the other party that is in violation of the terms of this CEA will not be construed as a waiver thereof, or as waiver of any future breach or subsequent wrongful conduct. If any term or condition of this CEA should be held invalid by a court, arbitrator, or tribunal of competent jurisdiction in any respect, such invalidity will not affect the validity of any other term or condition hereof. If any term or condition of this CEA should be held to be unreasonable as to time, scope, or otherwise by such a court, arbitrator, or tribunal, it will be construed by limiting or reducing it to the minimum extent so as to be enforceable under then applicable law. This CEA will be governed by and construed in accordance with the laws of the State of Texas, without regard to its choice of law rules. This CEA and all referenced documents and rules constitute the entire understanding between you and Paymentech and supersede any and all agreements or understanding, whether in writing or otherwise, relating specifically to the subject matter hereof.
Page 32 of 35 |
SCHEDULE D
FBO ACCOUNTS
An FBO account may be set up as the funding account (Settlement Account) for Merchants, provided that the account meets the following terms and conditions:
• | An FBO account is the Merchant’s designated account for funding and the funds in the account belong to the Merchant. |
• | Funds pooled in an FBO account remain the property of each Merchant associated with that account and are not the property of TP3. |
• | The Merchant retains the right at all times to designate the use and disposition of the funds in the pooled account and can request funds be transferred to another account they control, or they can immediately access the funds in the pooled account by their own direction. |
• | An agreement is present to delineate the TP3 as the agent of the Merchant for purposes of the FBO account. |
• | The account represents a custodial arrangement and funds in the pooled FBO account are accounted for by TP3 as “off balance sheet” and are not commingled or accounted for as TP3’s funds or subject to the benefit of any of TP3’s creditors. |
• | Escheatment process is in place and unclaimed fund are escheated to the state as required by state law and are not retained by TP3. |
Page 33 of 35 |
SCHEDULE E
TP3 Remediation Plan
TP3 agrees to demonstrate its compliance with the following terms or provide the following information to Paymentech on or before the deadlines provided below:
1) | TP3 must have documented CIP Policies and Procedures which include the method used to perform CIP validation (validation of customers identity); documentation if identity if verified, as well as documentation and actions that must be taken when discrepancies are found; and an action plan for escalation and termination, when appropriate. |
Deadline for Remediation: ***
Incremental Steps: Documented updates should be complete by April 2015. Once completed, Paymentech will review and determine if compliance is met
2) | TP3 must perform OFAC screening and other applicable sanctions screening. TP3 must document how OFAC/sanctions screening s are being performed using their internal tools, as well as detailing how investigations and escalations will be done if and when a hit gets generated. |
Deadline for Remediation: ***
Incremental Steps: Paymentech will need credit application form as documentary evidence, as well as copies of updated policies and procedures referencing internal OFAC checks and detailing how investigations / escalations will be performed. USA Tech will need to define a process on how screening will be done for existing portfolio which has yet to be performed.
3) | TP3 will need to develop an internal transaction monitoring system capable of detecting unusual and/or egregious transaction behavior. |
Deadline for Remediation: ***
Incremental Steps: An approach document detailing requirements, timelines, identifying a vendor, and sizing of the project.
4) | TP3 processes transactions using a mobile device. TP3 must put controls in place to determine Geo-location of the mobile device and must put controls in place to test the security and encryption of the mobile device being used. |
Deadline for Remediation: ***
Incremental Steps: For mobile, one of two options must be decided: (1) Using Paymentech’s mobile device that has already been validated for Geo-location and security controls or (2) Paymentech would not be able to support TP3’s mobile-specific transactions and TP3 would need to agree not to submit them to Paymentech for processing.
5) | TP3 must designate an AML Compliance officer. |
Deadline for Remediation: ***
Incremental Steps: Xxxxx XxXxxxx has been assigned
6) | TP3 must have AML Training for its employees. |
Deadline for Remediation: ***
Incremental Steps: Training to be developed and timeline created for employees
7) | TP3 must put system in place to perform MATCH/TMF screening on all of its Merchants TP3 must also have a documented procedure designed and implemented which will appropriately handle investigations and escalations when a potential MATCH/TMF hit occurs. |
Deadline for Remediation: ***
Incremental Steps: USA Tech to develop MATCH policies and procedures when inquiries have a potential MATCH, detailing Service Level Agreements of 3 Business Days for investigations. In the event a merchant investigation does result in a true MATCH, steps will need to be outlined such as proper notification to Paymentech within 3 Business Days along with steps communicated to terminate the Merchant or decline the prospective merchant. In the event USA Tech decides to terminate a Merchant which meets MATCH criteria, USA Tech must notify Paymentech with (3) Business Days and provide the required information detailed by MATCH requirements.
Page 34 of 35 |
8) | TP3 must provide a copy of their internal policies and procedures relating to the Unlawful Internet Gambling Enforcement Act of 2006. TP3 must demonstrate that it is aware of this act and attest to how they prevent its applicability or comply with its mandates. |
Deadline for Remediation: ***
Incremental Steps: Document provided by USA Tech, awaiting feedback from Compliance
9) | TP3 must provide verification or sufficiently demonstrate they are registered as a PSP with Visa and are registered as a PF for MasterCard. |
Deadline for Remediation: ***
In Process with ***
Page 35 of 35 |