EX-10.2 3 g07337exv10w2.htm EX-10.2 SIXTH AMENDMENT TO SERVICE AGREEMENT
EX-10.2
3
g07337exv10w2.htm
EX-10.2 SIXTH AMENDMENT TO SERVICE AGREEMENT
15. The Service Agreement is hereby amended by the addition of a new Section 12.17 to read as
follows:
12.17 Rights to Customer’s Accounts. For the avoidance of doubt, the parties
acknowledge and agree that FDMS has no legal or equitable interest in Customer’s Accounts
under the terms of this Agreement, and that Customer shall have the sole and absolute right
to convert and transfer any Merchants to other processors.
16. Exhibit A to the Service Agreement is hereby amended by the addition of a new
subsection IV, as set forth in Attachment A hereto.
17. Section II of Exhibit B to the Service Agreement is hereby deleted in its entirety
and replaced with the new Section II of Exhibit B attached hereto.
18. Exhibit C to the Service Agreement is hereby amended by the addition of the
following new definitions:
“Card or Electronic Payment Association” means (i) Visa, MasterCard and any other
association or card issuer having proprietary rights to and clearing and oversight
responsibilities with respect to any credit or debit card used to effect Transactions and
includes any debit card network utilized to authorize and settle any debit card used to
effect Transactions and (ii) NACHA and any other association or entity having oversight
responsibilities with respect to electronic payments.
“CISP” means Visa’s Cardholder Information Security Program, as may be amended from
time to time.
“Data Security Requirements” means the Payment Card Industry Data Security
VALIDATION PHRASE OR WORD: (This field is used as additional identification for the User when
calling support. The phrase must be at least 5 and no more than 20 characters. DO NOT USE SSN):
SET-UP: (Complete the information below to indicate how User will be set up (i.e., Chain, Subchain
or Merchant ID). SELECT ONLY ONE OF THESE CATEGORIES.)
PRODUCTS REQUIRED: This User requires access to the following products:
For Web-Based ClientLine: Select Product Option 1, 2, & 3 **ONLY**
Product Option #4 o
* Requires a VPN login
Merchant Enrollment – AMA*
o New ISO
- Installation & Training
o Existing ISO
(Forms cannot be processed without the proper signature.)
Exhibit 10.2 SIXTH AMENDMENT TO SERVICE AGREEMENT This sixth Amendment to Service Agreement (this “Amendment”) is made and entered into as of this 29 day of January, 2007 between First Data Merchant Services Corporation (“FDMS”) and iPayment, Inc., formerly known as iPayment Holdings, Inc. (“Customer”). RECITALS A. Customer and FDMS have previously entered into a Service Agreement dated as of July 1, 2002, as amended by amendments dated October 25, 2002, November 27, 2002, January 8, 2004, May 25, 2004 and July 11, 2005 (the “Service Agreement”). B. Customer, as successor in interest to 1st Merchant Bank Card, and Concord Payment Services, Inc. successor in interest to BUYPASS Corporation and an Affiliate of FDMS, are parties to that certain Participation Agreement dated as of April 13, 1998 (the “1st Merchant Participation Agreement”). The parties now desire to terminate the 1st Merchant Participation Agreement and to incorporate the services provided thereunder into the Service Agreement. C. Customer, as successor in interest to xxxxxxxxxx.xxx, and Concord Payment Services, Inc. successor in interest to BUYPASS Corporation and an Affiliate of FDMS, are parties to that certain Participation Agreement dated as of March 22, 1999 (the “xxxxxxxxxx.xxx Participation Agreement”). The parties now desire to terminate the xxxxxxxxxx.xxx Participation Agreement and to incorporate the services provided thereunder into the Service Agreement. D. Customer and FDMS, along with FDMS’s sponsoring bank partner (“Bank”), agree to negotiate expeditiously and in good faith a Sponsorship Agreement pursuant to which Bank will provide Customer with sponsorship and Clearing Bank services related to the solicitation of merchants and processing and settlement of Transaction Card Transactions for certain of Customer’s Accounts processed under the terms and conditions of this Agreement (the “Sponsorship Agreement”). The parties acknowledge and agree that the execution of the Sponsorship Agreement is an element of the bargain between the parties, and that FDMS would not be entering into this Amendment and offering the prices contained herein without knowing that it would also be entering into the Sponsorship Agreement. E. Customer and FDMS now desire to amend the Service Agreement as set forth herein. AGREEMENT In consideration of the foregoing, Customer and FDMS hereby agree as follows: 1. Except as otherwise specifically set forth herein or in Exhibit B attached hereto, the terms of this Amendment will be effective as of July 1, 2006. 2. Section 2.2 of the Service Agreement is hereby deleted in its entirety and replaced with the following: 2.2 Communication Links.
Page 1
(a) FDMS periodically shall install or provide the means for communicating data from its facilities or equipment to Customer’s or Customer’s designated third parties’ facilities or equipment, subject to FDMS’s acceptance and qualification of each such third party and such third party’s execution of and compliance with a third party service provider agreement in a form acceptable to FDMS. Any interface between any such third party and the FDMS System will be developed and established at its or Customer’s sole cost and expense. The method of transmission and the media employed will be determined by FDMS taking into consideration relevant factors such as traffic type, inbound and outbound message sizes, traffic loading distribution, and the equipment or devices that are or may be used. (b) If Customer desires to interface with the FDMS System to directly transmit to or receive cardholder data from FDMS for any purpose other than reviewing reports or processing chargebacks, Customer acknowledges that it first must comply with FDMS’s then-current requirements for third party processors, including execution of FDMS’s third party processor agreement. 3. Section 2.3 of the Service Agreement is hereby deleted in its entirety and replaced with the following: 2.3 Compliance With Law. (a) Customer is subject to a variety of federal, state and local laws, regulations and judicial and administrative decisions and interpretations applicable to its Transaction Card business, including, but not limited to, OFAC regulations, as amended or promulgated from time to time (“Legal Requirements”). FDMS shall cooperate with Customer in resolving issues relating to Customer’s compliance with the Legal Requirements in accordance with the terms of this Agreement, including this Section 2.3. (i) Customer is solely responsible for (i) monitoring and interpreting the Legal Requirements, (ii) determining the particular actions, disclosures, formulas, calculations and procedures required for compliance with the Legal Requirements (whether to be performed by FDMS or by Customer) and (iii) maintaining an ongoing program for compliance with the Legal Requirements. In addition, Customer is solely responsible for reviewing and selecting the parameter settings and programming features and options within the FDMS System that will apply to Customer’s Transaction Card programs, and for determining that its selection of such settings, features and options is consistent with the Legal Requirements and with the terms and conditions of Customer’s Accounts. In making such determinations, Customer may rely on the written description of such settings, features and options in the User Manuals, customer bulletins and other system documentation provided by FDMS to Customer. (ii) As promptly as possible after it first obtains knowledge thereof, Customer shall disclose to FDMS any violation of a Legal Requirement with respect to or related to a Transaction processed pursuant to this Agreement where such violation could reasonably result in FDMS’s violation of a FDMS Legal Requirement and shall take such remedial or other actions as may be required or prudent under the circumstances.
Page 2
(b) FDMS is solely responsible for compliance with all laws, regulations and judicial and administrative decisions applicable to FDMS as a third party provider of data processing services, including, but not limited to, OFAC regulations, as amended or promulgated from time to time (“FDMS Legal Requirements”). FDMS will not be responsible for any violation by Customer of a Legal Requirement to the extent such violation occurs as a result of performance by FDMS of the Services in accordance with the FDMS Legal Requirements, instructions of Customer or written procedures provided by or approved by Customer. Customer shall cooperate with FDMS in resolving issues relating to FDMS’ compliance with the FDMS Legal Requirements in accordance with the terms of this Agreement, including this Section 2.3. (i) As promptly as possible after it first obtains knowledge thereof, FDMS shall disclose to Customer any violation of a FDMS Legal Requirement with respect to or related to a Transaction processed pursuant to this Agreement where such violation could reasonably result in Customer’s violation of a Legal Requirement and shall take such remedial or other actions as may be required or prudent under the circumstances. (ii) Customer acknowledges and agrees that FDMS shall have no obligation to provide processing services to Customer or any of its Merchants or to process any Transactions in violation of any FDMS Legal Requirement. If FDMS withholds processing services pursuant to this Section 2.3(b)(iii), FDMS will give prompt notice of such to Customer. (c) Subject to the terms of Article 10, FDMS and Customer shall cooperate with each other in providing information or records in connection with examinations, requests or proceedings of each other’s regulatory authorities. 4. Section 3.2 of the Service Agreement is hereby deleted in its entirety and of no further force and effect. 5. Section 4.1 of the Service Agreement is hereby deleted in its entirety and replaced with the following: 4.1 Processing Fees. Customer shall pay FDMS the Processing Fees set forth in Exhibit B to this Agreement. [***] Customer will not be liable for any Processing Fees or other fees unless such fees are set forth in this Agreement (including Exhibit B), an amendment to this Agreement, a separate agreement or other tangible documentation (including email) whereby the parties agree to the pricing for any new services or products. 6. Section 4.4 of the Service Agreement is hereby deleted in its entirety and of no further force and effect. 7. Section 6.1 of the Service Agreement is hereby deleted in its entirety and replaced with the following: *** Omitted pursuant to a confidential treatment request. The confidential portion has been filed separately with the SEC.
Page 3
6.1 Limitation on Liability. (a) Each of Customer’s and FDMS’s cumulative liability for any loss or damage, direct or indirect, for any cause whatsoever (including, but not limited to, those arising out of or related to this Agreement) with respect to claims (whether third party claims, indemnity claims or otherwise) relating to events in any one Processing Year shall not under any circumstances exceed the amount of the Processing Fees paid to FDMS by Customer pursuant to this Agreement for Services performed during the immediately preceding [***] [***] full months; provided, however, that FDMS’s cumulative liability under Section 11.1(b)(ii) and Customer’s cumulative liability under Section 11.2(b)(iii) relating to events in any one Processing Year shall not exceed [***] [***] times the amount of Processing Fees paid to FDMS by Customer pursuant to this Agreement for Services performed during the immediately preceding [***] [***] full months. (b) The monetary limits provided for in Section 6.1(a) shall not be construed to limit the payment obligations of Customer or FDMS, as applicable, with respect to (i) acts of gross negligence or willful misconduct by either Customer or FDMS, (ii) breaches by either Customer or FDMS of their obligations under Article 10 or (iii) Processing Fees, Special Fees, or any other fee, tax, interest or other amount due and owing by Customer under this Agreement. 8. Section 8.1 of the Service Agreement is hereby deleted in its entirety and replaced with the following: 8.1 Term. This Agreement is effective from the date hereof and shall extend for eight (8) Processing Years through June 30, 2010 (the “Original Term”). Processing Year 1 of the Term shall commence on July 1, 2002 and continue through June 30, 2003. For purposes of this Agreement, a “Processing Year” means each twelve (12) month period commencing on the first day of July and ending on the last day of following June. 9. Section 9.1 of the Service Agreement is hereby amended by the addition of the following new subsection (h): (h) if Customer breaches any material representations, warranties, obligations, or covenants in this Agreement and fails to cure such breach within sixty (60) calendar days after written notice of the breach is provided to Customer by FDMS; provided however, that if Customer is attempting in good faith to cure such breach within said sixty (60) day cure period but the nature of the breach prevents a cure within sixty (60) days, then Customer shall be allotted an additional number of days to cure, provided the total number of days of the cure period shall be no greater than one hundred twenty (120) days. 10. Section 9.2 of the Service Agreement is hereby amended by the addition of the following new subsection (a)(vi): (vi) if FDMS breaches any material representations, warranties, obligations, or covenants in this Agreement and fails to cure such breach within sixty (60) calendar days after written notice of the breach is provided to FDMS by Customer; provided *** Omitted pursuant to a confidential treatment request. The confidential portion has been filed separately with the SEC.
Page 4
however, that if FDMS is attempting in good faith to cure such breach within said sixty (60) day cure period but the nature of the breach prevents a cure within sixty (60) days, then FDMS shall be allotted an additional number of days to cure, provided the total number of days of the cure period shall be no greater than one hundred twenty (120) days; provided further, however, that if a breach relates to issues that would require system changes to cure, the initial sixty day period shall be automatically extended by one calendar day for each calendar day during such sixty (60) day period (or the applicable extended period) during which there is a “freeze” on changes to the FDMS System, if any. 11. Section 9.2(b) of the Service Agreement is hereby deleted in its entirety and of no further force and effect. 12. Section 9.4 of the Service Agreement is hereby deleted in its entirety and of no further force and effect. 13. Sections 11.1 and 11.2 of the Service Agreement are hereby deleted in their entirety and replaced with the following: 11.1 FDMS’s Representation. (a) FDMS represents and warrants that the execution and delivery of this Agreement and the consummation of the transaction herein contemplated does not conflict in any material respect with or constitute a material breach or material default under the terms and conditions of any documents, agreements or other writings to which it is a party. (b) Data Security Requirements Compliance. (i) FDMS represents and warrants that it is, and during the Term of this Agreement will remain, in compliance with all applicable material Data Security Requirements at its expense. (ii) In addition to the obligations set forth in Exhibit E of this Agreement, FDMS shall indemnify and hold Customer harmless from and against any and all liabilities, claims, suits, damages, losses, costs and expenses, including any fines, penalties, reasonable attorney fees and costs of settlement, whether third party claims, indemnity claims or otherwise (“collectively, “Claims”) to the extent that the Claim is caused by, relates to or arises out of (1) any security breach in or intrusion into FDMS’s computer system, or (2) the actual loss or theft of any of Customer’s information or records containing Cardholder or Transaction Card data or any bank account information of a payee or payor that is generated or stored by, or on behalf of, FDMS. FDMS shall not have any liability for any Claim to the extent such Claim is caused by, relates to or arises out of any security breach in the computer system of Customer, Customer’s Merchants, or Customer’s or its Merchants’ agents or third party service providers, or the actual loss or theft of any information or records containing Cardholder or Transaction Card data or any bank account information of a payee or payor that is generated or stored by, or on behalf of, Customer, Customer’s Merchants, or Customer’s or its Merchants’ agents or third party service providers.
Page 5
(iii) As promptly as possible after it first obtains knowledge thereof, FDMS shall notify Customer of any security breach or data compromise of its computer system that directly impacts cardholder data with respect to Customer’s Accounts. As promptly as possible after it first obtains knowledge thereof, FDMS shall notify Customer of any suspected or actual loss or theft of any information or records relating to Customer’s Accounts containing Cardholder or Transaction Card data or any bank account information of a payee or payor that is generated or stored by, or on behalf of, FDMS. 11.2 Customer’s Representations. (a) Customer represents and warrants that the execution and delivery of this Agreement and the consummation of the transaction herein contemplated does not conflict in any material respect with or constitute a material breach or material default under the terms and conditions of any documents, agreements or other writings to which it is a party. (b) Data Security Requirements Compliance. (i) Customer represents and warrants that it is, and during the Term of this Agreement will remain, in compliance with all applicable material Data Security Requirements at its expense. (ii) Without liability, FDMS has the right to withhold Services, in whole or in part, and immediately suspend connectivity to the FDMS System with respect to Customer, any of Customer’s Merchants, or any of Customer’s or its Merchants’ agents or third party service providers if Customer, such Merchant, or such agent or third party service provider, as applicable, is not in compliance with all applicable Data Security Requirements until Customer, such Merchant, or such agent and third party service provider, as applicable, is in compliance with all applicable Data Security Requirements. If FDMS withholds Services or suspends connectivity pursuant to this Section 11.2(b)(ii), FDMS will give prompt notice of such to Customer. (iii) In addition to the obligations set forth in Exhibit E of this Agreement, Customer shall indemnify and hold FDMS harmless from and against any and all Claims to the extent that the Claim is caused by, relates to or arises out of (1) any security breach in or intrusion into Customer’s computer system, or (2) the actual loss or theft of any of its information or records containing Cardholder or Transaction Card data or any bank account information of a payee or payor that is generated or stored by, or on behalf of, Customer. (iv) As promptly as possible after it first obtains knowledge thereof, Customer shall notify FDMS of any security breach or data compromise of Customer’s computer system or the computer system of any of its Merchants or any of Customer’s or its Merchants’ agents or third party service providers. As promptly as possible after it first obtains knowledge thereof, Customer shall notify FDMS of any suspected or actual loss or theft of any information or records containing Cardholder or Transaction Card data or any bank account information of a payee or payor that is generated or stored by, or on behalf of, Customer, any of its Merchants, or any of Customer’s or its Merchants’ agents or
Page 6
third party service providers. 14. The addresses set forth in Section 12.3 of the Service Agreement are hereby deleted in their entirety and replaced with the following:
First Data Merchant | First Data Merchant | |
Services Corporation | Services Corporation | |
0000 Xxxx Xxxxxx, XX-00 | 0000 X. Xxxxxx Xxxxxx, Xxxxx 000X | |
Xxxxx, XX 00000 | Xxxxxxxxx Xxxxxxx, Xxxxxxxx 00000 | |
Attn: Vice President — FSP | Attn: General Counsel | |
Telecopy Number: | Telecopy Number: 000-000-0000 | |
If to Customer: | With a copy to: | |
iPayment, Inc. | iPayment, Inc. | |
00 Xxxxxx Xxxxx Xxxx, Xxxxx 000 | 26707 West Xxxxxx Xxxxx Xxxx, Xxxxx 000 | |
Xxxxxxxxx, XX 00000 | Xxxxxxxxx, XX 00000 | |
Attn: Xxxxxx Xxxxxxx | Attn: Xxx Xxxxxxx | |
Telecopy Number: | Telecopy Number: |
Page 7
Standard developed by MasterCard and Visa, CISP, SDP and other similar requirements that apply to entities that transmit, process or store Cardholder, Transaction Card or bank account information, as may be promulgated or amended by a Card or Electronic Payment Association or any local, state or federal legislative, judicial or administrative authority from time to time. “OFAC” means the United States Department of the Treasury Office of Foreign Assets Control. “SDP” means the MasterCard Site Data Protection Program, as may be amended from time to time. 19. Customer and FDMS will use reasonable efforts to convert any acquired merchant portfolios after July 1, 2006 from a third party processor to the FDMS System; provided, however, that Customer will not be required to attempt to convert any such merchants if the merchant utilizes a front-end product solution not supported by FDMS or if the acquired channel refuses to board accounts on the FDMS System, or if the conversion of such merchants would not make economic or strategic business sense to the Customer. 20. The following amendments to the Service Agreement are herby null and void and of no further force and effect: (i) the Third Amendment to Service Agreement dated as of January 8, 2004; and (ii) the Fifth Amendment to Service Agreement dated as of July 11, 2005. 21. The following agreements are herby terminated without penalty to any party and are of no further force and effect: (i) the 1st Merchant Participation Agreement; and (ii) the xxxxxxxxxx.xxx Participation Agreement. 22. Capitalized terms used but not otherwise defined in this Amendment will have the meanings set forth in the Service Agreement. 23. In the event of a conflict between this Amendment and the Service Agreement as it relates to the subject matter of this Amendment, the terms of this Amendment will control. Otherwise, all terms and conditions of the Service Agreement will remain in full force and effect and likewise apply to this Amendment.
Page 8
The parties have executed this Amendment as of the date first above written. FIRST DATA MERCHANT SERVICES CORPORATION By: \s\ Xxxx Xxxxxx Name: Xxxx Xxxxxx Title: Vice President iPAYMENT, INC. By: \s\ Xxxx Daily Name: Xxxx Daily Title: Chief Executive Officer
Page 9
ATTACHMENT A CONCORD SERVICES IV. Concord Services 1. Definitions. Capitalized terms used but not otherwise defined in this Section will have the meanings set forth in Exhibit C. The following definitions apply to the terms set forth below: (a) “Buypass Transaction” means each instance during which Concord has electronic contact with a point of sale device of a Merchant of Customer for the purpose of processing a transaction, credit or refund. (b) “Concord” shall mean Concord EFS, Inc. and any entity which, directly or indirectly, owns or controls, or is owned or controlled by, or is under common ownership or common control with, Concord EFS, Inc. (c) “Concord’s Proprietary Information” shall have the meaning set forth in Section 7 hereof. (d) “Concord Services” include Buypass services, ClientLine Services, PINless Debit Transaction services and EFSnet Web Payment Services, as each is defined in this Section IV. (e) “Concord System” means the computer equipment, computer software, and related equipment and documentation used at any time and from time to time to provide the Concord Services and includes the “Buypass” (or “Atlanta”) platform. (f) “Concord System Specifications” shall mean the specifications, manuals, technical and operating data and operating standards adopted, amended or supplemented and published from time to time by Concord with respect to the Concord System. (g) “Network” means any debit card network utilized to authorize and settle any debit card used to effect Transactions and includes STAR, NYCE and Pulse debit card networks and such additional debit card networks that FDMS or Concord may add in their sole discretion. 2. Buypass services. FDMS, either directly or through its Affiliates, including Concord, or other third party service providers, shall make available to Customer and certain of its Merchants as agreed upon by the parties data processing services on the “Buypass” platform. In exchange for such services, Customer will pay the fees set forth in Exhibit B in the manner set forth in this Section IV. Buypass Transaction detail is only available through ClientLine® Services. 3. ClientLine Services. Concord has developed a product that allows Customer to access certain databases of Buypass Transaction information maintained by Concord and communicate certain instructions to Concord using an Internet connection to access a Concord internal web page (“ClientLine® Services”). FDMS, either directly or through its Affiliates, including Concord, or other third party service providers, shall make available to Customer, and Customer shall access, ClientLine® Services in the manner described and in accordance with the terms and conditions set forth below. The specific features and functions available through ClientLine® Services are detailed in ClientLine® Services documentation that will be provided to Customer by FDMS or Concord, as may be promulgated, amended or supplemented by FDMS or Concord from time to time (the “Documentation”). As referenced herein, such features and functions include, Attachment A, Page 1
among other things, (i) access to information regarding Buypass Transactions, (ii) access to other proprietary information of Concord (“Concord Proprietary Information”), (iii) the ability to communicate certain instructions to FDMS or Concord as specifically provided in the Documentation (“Communications Interface”), (iv) access to and creation of Buypass Transaction related reports (“Reporting Features”), and (v) generation of Buypass Transaction related statements. Customer acknowledges and agrees that only the Reporting Features of the ClientLine® Services are currently available to Customer and any additional features and functionality of the ClientLine® Services that are made available by FDMS to Customer will be subject to additional terms, conditions and fees mutually agreed to by the parties in writing. (a) Equipment. Customer shall be solely responsible, at its expense, for the acquisition, repair and maintenance of all equipment and software necessary for it to utilize ClientLine® Services (the “Equipment”), including without limitation a personal computer, modem, and telecommunications and web browser software. All such Equipment must comply with all specifications and requirements set forth in the Documentation from time to time. Customer acknowledges that for ClientLine® Services to function properly, and to enable Customer to fully use ClientLine® Services, Customer must maintain the Equipment and keep it in good working order and repair, including by timely installing software upgrades or modifications. (b) License. All right, title and interest in and to ClientLine® Services and the Communications Interface and Concord Proprietary Information available through the ClientLine® Services, including without limitation all copyrights or renewals thereof, are and shall remain exclusively owned by Concord. Until ClientLine® Services are terminated as set forth in this Section IV, FDMS grants to Customer (i) a nonexclusive right to access and use ClientLine® Services and the Concord Proprietary Information available through the ClientLine® Services, and (ii) a limited, nonexclusive, revocable, sublicense to access and use the Communications Interface, for the purposes contemplated by and subject to the terms, conditions and limitations contained in this Paragraph and the Documentation. (c) License Limitations. ClientLine® Services and the Communications Interface and Concord Proprietary Information available through the ClientLine Services are provided for the sole use of Customer and its officers, employees or agents authorized to use ClientLine® Services in accordance with this Paragraph. If, in utilizing ClientLine® Services, Customer receives any confidential information of any third party, including any Transaction-related information of any third party other than Customer or its Merchants, or any non-public personal financial information of any consumer, or any of Concord Proprietary Information to which it is not entitled, Customer shall notify FDMS immediately and shall not use, copy or disclose such information to any third party. (d) Fees. In exchange for the ClientLine® Services, Customer shall pay the ClientLine® Services the fees set forth in Exhibit B in the manner set forth in this Section IV. (e) Support Services. FDMS or Concord shall provide support services to assist Customer with procedural questions relating to ClientLine® Services through the use of a toll-free telephone number. (f) Changes and Improvements. FDMS and Concord reserve the right to supplement, modify or delete: (i) the content or format of ClientLine® Services; (ii) any data or other information available through ClientLine® Services; and (iii) any feature, procedure, technique or documentation with respect to ClientLine® Services or use of ClientLine® Services by Customer. A list of the information available through ClientLine® Services, as well as significant changes in ClientLine® Services affecting customers generally, shall be published from time to time by Concord and made available to Customer. (g) Protection and Security of ClientLine® Services. Customer must complete the Security Access Request Form set forth in Schedule 1, as such form may be amended or supplemented by FDMS Attachment A, Page 2
from time to time, and submit such form to FDMS. Upon FDMS’s approval of such form, FDMS will issue Customer an identification code and password so it may access the ClientLine® Services (“Access Codes”). Access Codes are the property of Concord and Customer shall not disclose the Access Codes to anyone except upon direction from an authorized employee of Concord. Customer acknowledges and agrees that Customer solely is responsible for ensuring that (i) Access Codes are distributed only to Customer’s designated officers, employees and agents who are authorized by Customer to utilize ClientLine® Services, (ii) Customer’s officers, employees and agents protect the confidentiality of the Access Codes and of information obtained through use of the Access Codes, (iii) Customer’s officers, employees and agents use the Access Codes and ClientLine® Services only for their intended purposes, and (iv) Concord is immediately notified of the termination of any of Customer’s officer’s, employee’s or agent’s authority to utilize an Access Code. Customer shall instruct each of its officers, employees and agents to utilize the degree of care in protecting the secrecy of the Access Codes and the Concord Proprietary Information that Customer uses to protect its most sensitive commercial information, but in no event less than a commercially reasonable degree of care, and Customer shall take such additional steps as may be necessary to monitor and enforce the confidential treatment of Access Codes and the Concord Proprietary Information. Until the ClientLine® Services are terminated as set forth in this Section IV, Customer shall maintain security systems sufficient to protect Concord’s Proprietary Information, the Communications Interface, Customer’s databases and all other confidential information contained in or accessed by Customer via ClientLine® Services and shall ensure that all Cardholder and Buypass Transaction data is protected by Customer behind firewalls or on servers inaccessible to third parties. Customer shall immediately notify Concord in writing upon the occurrence of a breach of its security obligations set forth in this Section. (h) Communications Interface. Customer represents and covenants to FDMS and Concord that all information transmitted to Concord through the Communications Interface will be transmitted in accordance with the Documentation and accurate and complete and Concord shall be entitled to rely upon any and all such information or instructions received under a Customer Access Code as a duly authorized direction of Customer unless Concord has received a written notice of revocation of authority for such Access Code in accordance with the requirements set forth in this Paragraph and the Documentation. Neither FDMS nor Concord shall have any liability whatsoever arising out of any instructions communicated to Concord via the Communications Interface, including without limitation any and all errors or omissions made by Customer with respect to such instructions. (i) Confidentiality. Concord acknowledges that, Customer, in its use of ClientLine® Services, may disclose to Concord certain non-public personal financial information relating to Cardholders. Accordingly, Customer agrees to hold and use any and all such Cardholder information in confidence, and not to disclose, reveal, copy, sell, transfer, assign or distribute any part or parts of it, in any form, to any person or entity, or permit any of its employees, agents, or representatives to do so, except as expressly permitted or required by law. Customer represents and covenants that, pursuant to an agreement between Customer and each Merchant whose Buypass Transaction information is contained in the Customer databases and obtained via ClientLine® Services pursuant to this Section, Customer has been duly authorized to obtain such Buypass Transaction information, and, in the event any Merchant revokes the aforementioned authorization, Customer shall no longer obtain the Buypass Transaction information of the applicable Merchant. (j) Indemnification. In addition to its indemnification obligations under Article 6 of the Agreement and as otherwise stated in this Section IV, Customer shall indemnify, defend and hold harmless each of Concord and FDMS and each of their respective directors, officers, employees, agents, successors and assigns from and against any and all claims, demands, damages, costs, expenses (including reasonable attorneys’ fees), losses and liabilities arising out of all claims and actions brought or made by any third party (including Merchants) relating in any way to the misuse of an Access Code, or the wrongful disclosure or use of information obtained through the ClientLine® Services, by Customer or any of its Attachment A, Page 3
employees or agents or the Equipment under their control. 4. PINless Debit Transactions Services. FDMS, either directly or through its Affiliates, including Concord, or other third party service providers, shall make available to Customer and its Merchants, and Customer and its Merchants shall access, PINless debit Transaction services in the manner described and in accordance with the terms and conditions set forth below. Customer desires to access the Networks for the purposes of processing certain Buypass Transactions on behalf of its Merchants without receiving PIN validation (“Pinless Debit Transactions,” also known as “Debit Xxxx Payment Transactions”) and FDMS desires to provide Pinless Debit Transaction services as may be permitted by the Network rules. Customer acknowledges that under no circumstances will FDMS or Concord have any liability for Pinless Debit Transactions services and any associated fees, penalties or charges should payment of any Pinless Debit Transaction be rejected for any reason. Prior to and during FDMS’s provision of the Pinless Debit Transaction services contemplated hereunder, Customer and its Merchants and Indirect Processors (as such term is defined in Debit Network rules) shall be subject to and shall comply with the requirements of the Networks, including without limitation, execution and completion of certain documentation and agreements as required by the Networks; at any time that Customer or any of its Merchants or Indirect Processors are not in compliance with such requirements, FDMS or Concord may terminate Pinless Debit Transaction services with respect to Customer or such Merchant or Indirect Processor. FDMS or Concord may delete any Network upon prior written notice to Customer and in accordance with Network rules. All Pinless Debit Transactions processed hereunder shall be billed at the rates set forth in Exhibit B, plus any applicable Transaction and Third Party Fees, in the manner set forth in this Section IV. 5. EFSnet Web Payment Services. FDMS, either directly or through its Affiliates, including Concord, or other third party service providers, shall make available to Customer and its Merchants, and Customer and its Merchants shall access, the Internet gateway interface (“EFSnet”) for use with certain Concord-certified point of sale equipment (“Equipment”) for the purposes of processing, via the Internet, certain e-commerce payment transactions and other electronic payment transactions initiated at the point of sale (the “EFSnet Web Payment Services”) in the manner described and in accordance with the terms and conditions set forth below. In exchange for such services, Customer will pay the fees set forth in Exhibit B in the manner set forth in the Agreement. (a) General Customer Requirements. In order to access the EFSnet Web Payment Services, Customer shall: (1) Successfully complete testing of the integration of Customer’s system with the EFSnet system and the integration of the system of each of the following that will access the EFSnet system through Customer: Merchants and third party processors (collectively the “Customer Parties”). Customer must receive written certification from Concord of the completion of each test with respect to Customer Parties; (2) Until the EFSnet Web Payment Services are terminated as set forth in this Section IV, ensure that Customer and Customer Parties are in compliance with the EFSnet Specifications (as defined in Section 5 below) and the EFSnet interface specifications located at xxx.xxxxxxxxxxxxx.xxx, as promulgated, supplemented or amended from time to time; (3) Obtain and maintain, and cause Customer Parties to obtain and maintain, at their sole cost and expense, an Internet connection; (4) Obtain, or cause Customer Parties to obtain, an authorization of each Buypass Transaction processed hereunder by Customer Parties, in accordance with the terms of the Agreement, including this Section IV. Attachment A, Page 4
(5) Regardless of whether the Transaction Card is or is not present at the point of sale, cause Customer Parties to follow and comply with the policies and procedures established by Concord and provided to Customer from time to time for the acceptance of such Cards. (6) Cause its Customer Parties to maintain the confidentiality and security of the store ID and store key issued to such Customer Party by Customer, and notify Concord immediately of any disclosure or unauthorized use of the store ID or store key of which the Customer or a Customer Party becomes aware. (7) Cooperate with Concord and Networks and provide such information as is requested by Concord and Networks to fulfill any Network requirements. (b) EFSnet Specifications Compliance. Customer shall review and comply with, and shall cause Customer Parties to review and comply with the EFSnet Interface Specification, the EFSnet Resource Guide located at xxx.xxxxxxxxxxxxx.xxx, and the EFSnet transaction processing information located at xxxx://xxx.xxxxxxxxxxxxx.xxx/Xxxxxxx/XxxXxxxxXxxx.xxx., as each may be amended, supplemented or relocated by Concord or FDMS from time to time (collectively, the “EFSnet Specifications). (c) Card Not Present Transactions Via the Internet. With respect to Internet Transactions originated through EFSnet, unless otherwise directed by Concord or FDMS: (1) Customer shall cause Merchants to complete the sales draft without the Cardholder’s signature or an imprint but with the Cardholder’s name, billing address, card number, expiration date of the Card, a description of the merchandise or service and the date and amount of all charges, including taxes. (2) Customer shall cause Merchants to obtain information to perform address verification services and obtain and provide other information as Concord may reasonably require. (3) Customer shall cause each Merchant, which engages in Internet Transactions to complete and deliver to Concord in the manner instructed by FDMS or Concord an EFSnet Web Payment Services profile, as promulgated, amended or supplemented by Concord or FDMS from time to time and delivered to Customer. (4) Customer agrees and acknowledges that Merchants may authorize but shall not settle sales prior to delivery of the product or service. All Internet Transactions will be settled by Concord into a depository institution in the United States. (5) Customer shall cause Merchants’ web sites to contain at least the following information: (i) complete description of the goods or services offered; (i) returned merchandise and refund policy; (iii) customer service contact, including electronic mail address and/or telephone number; (iv) transaction currency (U.S. dollars only); and (v) export or legal restrictions. (6) Customer shall cause Customer Parties to process Internet Transactions only (i) if the Transactions have been encrypted by Concord or by a third party vendor acceptable to Concord and (ii) Cardholder data is protected by the Customer Party behind firewalls or on servers inaccessible to third parties. Encryption is not a guarantee of payment to Merchants. (7) If applicable based upon the manner in which a Merchant’s account is set-up, Customer agrees and acknowledges that Internet Transactions initiated by Customer Parties are authorized and settled through separate bank identification numbers or Interbank Card Association (collectively “BIN/ICA”) numbers and interchanges and Customer acknowledges that Concord will be unable to combine deposits of Internet Transactions and non-Internet Transactions. Attachment A, Page 5
(d) Chargebacks. Customer agrees and acknowledges that Internet Transactions are subject to a higher incidence of chargebacks and, as with other Transactions, receiving an authorization and following procedures and complying with applicable requirements will not relieve Customer or Customer Parties of liability for chargebacks nor for any liability associated with the fraudulent use of data obtained off of Customer’s or a Customer Party’s website or Transaction processing system. (e) Fees. All Buypass Transactions initiated via the EFSnet Gateway shall be billed at the Buypass Transaction rates set forth in Exhibit B, plus any applicable Transaction fees and Third Party Fees. (f) Indemnity. In addition to its indemnification obligations under Article VI of the Agreement and as otherwise stated in this Section IV, Customer shall indemnify and hold FDMS and Concord and each of their officers, directors, employees, shareholders and subsidiaries, from any and all loss, cost, expense, claim, damage and liability (including attorneys’ fees and costs) paid or incurred by any one or more of them, arising from, caused by, or attributable to, any of the following, except to the extent due to the gross negligence or willful misconduct of FDMS or Concord: (1) Any action FDMS or Concord takes in accordance with or in reliance upon information or instructions provided by Customer or Customer Parties, including instructions regarding the routing of Transactions; (2) Customer’s or Customer Parties’ transmission to FDMS or Concord of any inaccurate information; or (3) Unauthorized access to FDMS’s or Concord’s systems utilized to process, route and authorize Buypass Transactions from a point within Customer’s or a Customer Party’s control. 6. Payment of Fees for Concord Services. (a) Customer shall at all times be responsible for payment of all fees and charges due to FDMS as outlined in Exhibit B. (b) Customer shall adhere to Concord’s Merchant Debit Card Adjustment Processing Procedures set forth in Schedule 2. 7. Third Party Beneficiary. Concord is a third party beneficiary under the Agreement and this Section IV. V. Special Services for Transaction Solutions and Petroleum Card Services With respect to the Merchant Accounts processing on the “Stratus” platform that were originally sourced under (i) the ISO Services and Marketing Agreement dated as of April 17, 2002 by and between Transaction Solutions, LLC and Concord Transaction Services, LLC, and (ii) the Processing Service Agreement dated as of April 16, 2001 by and between Petroleum Card Services, Inc. and CTS Holdings, LLC, FDMS, through its affiliates, will continue to perform all services currently being performed with respect to such Merchant Accounts as of the date of execution of this Amendment. Attachment A, Page 6
Schedule 1 – User Security Access Request Form for ClientLine Services INSTRUCTIONS: Please complete one Payment Services Security Access Request Form per user. You may photocopy this form as necessary. USER INFORMATION: o New User o Upgrade / Modify User o Delete User
USER LAST NAME: | First Name: | Middle Initial: | ||||||||
Chain (Association) ID | MID# & location number: | |||||
Sub-Chain (Division) Code | Agency/Sales # (if applicable) | |||||
MERCHANT NAME: | ||
Xxxxxx Xxxxxxx Xxxx 0 | ||
Xxxxxx Xxxxxxx Line 2: | ||
City: | State: | ZIP: | ||||||||
Phone: ( ) | FAX: ( ) | E-Mail Address: | ||||||||
Account Manager (if applicable) | Number of locations | |||||
Product Option #1 o | Product Option #2 o | Product Option #3 o | ||
Settlement-Based Reporting | Operational Management | BuyView | ||
o Reporting | o Customer Service — CMS | o Atlanta Transaction History | ||
o Charge Backs/Retrievals | o Contract Support | o Atlanta Terminal Totals | ||
o Statements | o Atlanta Debit/EBT Adjustments | o Atlanta Merchant Setup | ||
o Rate Analysis | o Terminal Deployment — CDS Web | o Atlanta Fleet Setup |
User Manager/Supervisor Signature: | Date: | |||||
User Manager/Supervisor Printed Name | ||
DO NOT WRITE BELOW THIS LINE | ||||
Completed by: | Date: | |||||
Client Support Manager: | Date: | |||||
Data Security Memphis: | Date: | |||||
Data Security Wilmington: | Date: | |||||
Attachment A, Page 7
Schedule 2 MERCHANT DEBIT CARD ADJUSTMENT PROCESSING PROCEDURES The Merchant debit Card adjustment processing procedures set forth in this Schedule 2, as may be amended or supplemented by FDMS from time to time (“Adjustment Procedures”), are intended to clarify the obligations of FDMS and Concord in processing, and of Customer and Customer’s Merchants in submitting and processing, adjustments (including Customer or Merchant initiated chargebacks, representments and other comparable error resolution processes) arising from Buypass Transactions processed by Concord under this Section IV, through Networks (“Adjustments”). The Adjustment Procedures contain deadlines for completion of Adjustment processing tasks. Failure to timely process Adjustments may affect the fees and charges incurred by Customer or a Merchant for Adjustments and may result in the loss of substantive Adjustment rights. Customer acknowledges and agrees to the following terms and conditions under which Adjustments will be processed. FEES FOR ADJUSTMENTS For each debit Adjustment initiated by Customer or its Merchants, Customer will pay the Debit Adjustment Fee set forth in Schedule 2 to this Section IV and all related Network fees. TIMING OF ADJUSTMENTS; CONSEQUENCES OF DELAY Each Network has a deadline after which (a) higher Adjustment fees may be incurred or (b) Adjustments will no longer be accepted for processing. Adjustments must be provided to Concord by Customer (or its Merchants) at least seven (7) Business Days before the applicable Network deadline (“Concord Deadline”) on the correct Concord adjustment form with all fields on this form completed correctly. If Customer (or its Merchants) completes any field on a Concord adjustment form incorrectly, the form will be returned to Customer and Customer (or its Merchant) must correctly complete and resubmit the form to Concord before the Concord Deadline. Concord will not be responsible for any Adjustment that is not provided to Concord in the correct format before the Concord Deadline and any increase in Network fees associated with such Adjustment regardless of the original reason for the Adjustment. The Adjustment Procedures are based on Network requirements for Adjustments and therefore subject to change if these requirements change. All time frames for Adjustments are measured from, and include, the date the transaction is initiated at the point of sale, unless otherwise indicated. If Customer participates in more than one Network, Customer and its Merchants should consider processing all Adjustments in accordance with the shortest applicable deadline imposed by these Networks in order to ensure compliance with all Network deadlines. In no event, shall Concord be responsible for any increase in Adjustment costs, related Network fees or the loss of any of Customer’s or a Merchant’s substantive adjustment rights if Customer fails to comply with the Concord Deadline.
Attachment A , Page 8
EXHIBIT B [***] *** Omitted pursuant to a confidential treatment request. The confidential portion has been filed separately with the SEC.
Exhibit B, Page 1
[***] *** Omitted pursuant to a confidential treatment request. The confidential portion has been filed separately with the SEC.
Exhibit B, Page 2
[***] *** Omitted pursuant to a confidential treatment request. The confidential portion has been filed separately with the SEC.
Exhibit B, Page 3
[***] *** Omitted pursuant to a confidential treatment request. The confidential portion has been filed separately with the SEC.
Exhibit B, Page 4
[***] *** Omitted pursuant to a confidential treatment request. The confidential portion has been filed separately with the SEC.
Exhibit B, Page 5
[***] *** Omitted pursuant to a confidential treatment request. The confidential portion has been filed separately with the SEC.
Exhibit B, Page 6
[***] *** Omitted pursuant to a confidential treatment request. The confidential portion has been filed separately with the SEC.
Exhibit B, Page 7
[***] *** Omitted pursuant to a confidential treatment request. The confidential portion has been filed separately with the SEC.
Exhibit B, Page 8
[***] *** Omitted pursuant to a confidential treatment request. The confidential portion has been filed separately with the SEC.
Exhibit B, Page 9
[***] *** Omitted pursuant to a confidential treatment request. The confidential portion has been filed separately with the SEC.
Exhibit B, Page 10
[***] *** Omitted pursuant to a confidential treatment request. The confidential portion has been filed separately with the SEC.
Exhibit B, Page 11
[***] *** Omitted pursuant to a confidential treatment request. The confidential portion has been filed separately with the SEC.
Exhibit B, Page 12
[***] *** Omitted pursuant to a confidential treatment request. The confidential portion has been filed separately with the SEC.
Exhibit B, Page 13
[***] *** Omitted pursuant to a confidential treatment request. The confidential portion has been filed separately with the SEC.
Exhibit B, Page 14
SCHEDULE 1 TO EXHIBIT B [***] *** Omitted pursuant to a confidential treatment request. The confidential portion has been filed separately with the SEC.
Exhibit B, Page 15
[***] *** Omitted pursuant to a confidential treatment request. The confidential portion has been filed separately with the SEC.
Exhibit B, Page 16
[***] *** Omitted pursuant to a confidential treatment request. The confidential portion has been filed separately with the SEC.
Exhibit B, Page 17