1.1.Unless the contrary intention appears, the following words have these meanings in this Agreement:
“Banking Day”means a day on which banks are open for general banking business in Melbourne Australia except for Saturdays, Sundays and National Public Holidays in Australia.
Card Schemes means, unless otherwise agreed by the parties, Visa and MasterCard.
Card Scheme Rules means the rules and regulations which regulate participants in the Card Schemes.
Cardholder means the Person in whose name the Card has been issued.
Chargeback is the reversal of a sales transaction.
Card means a card that has been designated by the issuer as a Visa or MasterCard card or a card issued by any other card scheme which you have agreed to accept, and we have agreed to process.
Data Breach means any occurrence which results in the unauthorised access by a third party to confidential data relating to card transactions stored by your business or any entity engaged by you to provide storage or transmission services in respect of that data.
Data Security Standards means the Payment Card Industry Data Security Standards (“PCIDSS”) mandated by the Card Schemes for the protection of Cardholder details and transaction information, and any additional or replacement standards of which You are advised from time to time.
Acquirer refers to Global Payments Australia 1 Pty Ltd, ABN 26 601 396 543
Payment Service means [the service provided by Payment Facilitator].
Person includes an individual, firm, body corporate, unincorporated body or association, partnership, joint venture and any government agency or authority.
Personal Information refers to information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion, which is received by You from any source as a consequence of the performance of the rights and obligations under this Agreement.
PIN means the personal identification number allocated by ACQUIRER, a card issuer or personally selected by the account holder.
Privacy Law means all legislation and principles relating to the collection, use, disclosure, storage and granting of access rights to Personal Information.
Related Body Corporate has the meaning given to it in the Corporations Act, 2001 (Cth).
Relevant Law means any:
(a) statute, ordinance, code or other law including regulations and other instruments under them that are relevant to the obligations and rights of this Agreement; and
(b) any code of practice, guidelines or standards issued by relevant regulators or industry bodies, including any card scheme rules relevant to this Agreement.
Transaction Receipt means a document used to evidence a transaction.
We, Us and Our means, collectively, ACQUIRER and LATPAY.
You and Your means the Person to whom the Payment Service is provided by Us
- APPROVAL TO USE PAYMENT SERVICES
2.1 You acknowledge that:
(a) the operation of this Agreement is conditional on ACQUIRER approving an application for
(b) LATPAY to provide the Payment Services to You; and in relation to information provided by You to LATPAY in connection with Your application:
- LATPAY may provide that information to ACQUIRER;
- We may rely on such information as being complete, accurate and not misleading or deceptive; and
- ACQUIRER is not obliged to verify the completeness or accuracy of the information
(c) We may obtain from any Card Scheme or a person who is involved in any Card Scheme, any credit reporting agency or any other person, information about Your merchant history or Personal Information about You, a Related Body Corporate, Your officers, employees or agents for any purpose relating to the operation of those Card Schemes and We can use
any such information to assess an application from us under clause 2.1(a);
(d) We can disclose information about Your merchant history, a data breach and relevant
Personal Information in the following circumstances:
- to any Card Scheme or to any person who is involved in any Card Scheme, information about You for any purpose related to the operation of those schemes, card fraud detection agencies (including information about termination of merchant solutions and reason(s) for termination of ACQUIRER merchant solutions; and
- where the law requires or permits us to do so; and
- where we have reasonable grounds to believe that either you are involved in dishonest or criminal activity, are a victim of such activity, may have information relevant to an inquiry into such activity or have experienced a data breach, to any state or federal law enforcement or regulatory agency whether or not we have been requested by that agency to provide such information; and
(e) we can disclose your information to any related entities of ours and to any outsourced service providers engaged by us (for example, mail houses, debt collection agencies (where necessary) or data analytics providers); and
(f) the decision whether to approve your application is at ACQUIRER’s sole discretion and the reason for any decision which is made may not be given to You;
(g) an approval by ACQUIRER is specific to LATPAY providing payment services to you and does not in any way constitute a representation by ACQUIRER that you will able to use the services of another payment service provider or of ACQUIRER directly should you cease using LATPAY’s payment services for any reason; and
(h) any information obtained by ACQUIRER during its assessment of an application under clause 2(a) is and remains confidential to ACQUIRER and will not be shared with You. ACQUIRER is bound by Card Scheme Rules and all correspondence and discussions between Card Schemes and ACQUIRER are confidential as between ACQUIRER and the Card Schemes.
2.2 You represent and warrant that:
(a) any information You provide to LATPAY in connection with an application for LATPAY to provide the Services is complete, accurate and not misleading or deceptive; and
(b) if You have disclosed Personal Information to LATPAY in connection with the application under clause 2.1(a), You have obtained the relevant individual’s prior consent to the disclosure and otherwise complied with Your obligations under Privacy Law; and
(c) You are able to satisfy Your obligations and responsibilities under this Agreement.
2.3 You acknowledge and agree that:
(a) LATPAY and ACQUIRER are authorised to obtain from third parties financial and credit information relating to You in connection with our decision to approve your application and in respect of our continuing evaluation of Your financial and credit worthiness; and
(b) any information collected by LATPAY may be disclosed by us to ACQUIRER.
2.4 The Parties agree that no Party is or will be bound by this Agreement unless and until ACQUIRER has confirmed its approval for LATPAY to provide the Payment Services to You.
- YOUR OBLIGATIONS
||must immediately notify LATPAY of any change to Your financial position which may affect Your ability to perform Your obligations under this Agreement; and
||must provide LATPAY with prior written notice of any change in your place of business not carry on business in a place which has not been approved by LATPAY and must not move Your place of business without our prior written consent; and
||(c) must not change Your business name or ownership of Your business without giving LATPAY prior notice and not substantially change the type of goods and services You sell without our prior written consent; and
||only submit a sales transaction where You are the supplier of the goods and/or services; and
||not submit transactions on behalf of a third party. For the avoidance of doubt, this includes submitting transactions for goods or services sold on another Person’s website; and
||must allow the employees, contractors or agents of ACQUIRER or those of any Card Scheme reasonable access to Your premises during normal business hours to check Your compliance with this Agreement, the Data Security Standards or for the purposes of the relevant Card Scheme Rules; and
||must provide LATPAY and ACQUIRER with all information and assistance reasonably required to perform their obligations and to deal with any queries in relation to the Payment Service; and
||must comply with all applicable Card Scheme Rules and Relevant Laws and contractual requirements in accepting card payments and performing Your obligations under this Agreement; and
||will observe and implement the fraud prevention procedures set out in the manuals, guides or directions provided to You, unless otherwise mutually agreed to by the parties.
Data Security Standards
3.2 This clause applies to you if you collect payment data directly from a cardholder or store any cardholder data. In addition to the other provisions of this agreement, you acknowledge and agree:
(a) you must protect stored cardholder data, regardless of the method used to store such data.
Data storage also includes physical storage and security of cardholder data. Some examples of other data storage which must be secured include an access or excel database and hard copy files. Storage should be kept to the minimum required for business, legal, and/or regulatory purposes; and
(b) you must not store the personal identification number (PIN) or sensitive authentication data after authorization (even if encrypted); and
(c) if LATPAY or ACQUIRER tell you that you must comply with the Payment Card Industry Data Security Standards, you must, at your cost, successfully complete the protocols for PCIDSS within the time frame stipulated by LATPAY or the Card Schemes. You acknowledge and agree that if you fail to do so:
- LATPAY or ACQUIRER may terminate the merchant services; and
- you are liable for any fine imposed upon ACQUIRER by the Card Schemes as a result of your failure to comply; and
- you are liable for any fines which the Card Schemes levy in the event that you suffer a card data compromise incident, and have not complied with the PCIDSS Accreditation program; and
(d) ACQUIRER is obliged to report all Data Breach events to Card Schemes, law enforcement agencies and/or Australian regulators. You grant irrevocable and enduring consent for ACQUIRER to release details of any such Data Breach to the aforementioned bodies; and
(e) if you have suffered a Data Breach:
- you must give ACQUIRER and its agents full access to your systems and databases to facilitate a forensic analysis to ascertain:
- what card data has been compromised; and
- what weaknesses in the system permitted the unauthorised access to the data base; and
- whether card data was created, deleted, altered, copied or manipulated in any manner; and
- all costs of the forensic analysis must be paid by you; and
- in order to continue processing card transactions, you must undergo a full Payment Card Industry Data Security Standard (“PCIDSS”) accreditation. All costs of this accreditation exercise must be paid by you
Your duties to Cardholders
3.3 Subject to the other provisions of this Agreement, You:
(a) must accept any valid and acceptable Card in a transaction; and
(b) must only send LATPAY a sales transaction when you have committed to provide the goods and services to the customer; and
(c) must not accept a Card in a credit card transaction for the purpose of giving a Cardholder cash; and
(d) must perform all obligations (including supplying all goods and/or services) to the cardholder in connection with the sale; and
(e) must not sell, purchase, provide or exchange any information or document relating to a Cardholder’s account number, or Card number, or a transaction, to any Person other than:
- ACQUIRER; and
- the card issuer; or
- as required by law; and
(f) must destroy any document that is no longer required to be retained by applicable law or card scheme rules, in a manner which makes the information unreadable; and
(g) must take reasonable steps to ensure that the information and documents mentioned in (e) are protected from misuse and loss and from unauthorised access, modification or disclosure; and
(h) must not make any representation in connection with any goods or services which may bind
LATPAY, ACQUIRER or any Card Scheme; and
(i) must not indicate or imply that we, ACQUIRER or any Card Scheme endorse any goods or services or refer to a nominated Card in stating eligibility for goods, services, or any membership; and
(j) must not accept a Card or a transaction which is of a type You have been previously advised is not acceptable; and
(k) must prominently and unequivocally inform the Cardholder of Your identity at all points of Cardholder interaction (including on any relevant web site, promotional material and invoice) so that the Cardholder can readily distinguish You from LATPAY, any supplier of goods or services to You, or any other third party; and
(l) must provide notice to any Cardholder with whom You enter into a transaction that You are responsible for that transaction, including for any goods or services provided, any payment transaction, related service enquiries, dispute resolution, and performance of the terms and conditions of the transaction; and
(m) must not unfairly distinguish between issuers of a Card when accepting a transaction; and
(n) must not refuse to complete a transaction solely because a Cardholder refuses to provide additional identification information in circumstances where we do not require You to obtain it; and
(o) if You collect or store Cardholder information, you must comply with any Data Security
Standards notified to You; and
(p) You must not transfer or attempt to transfer financial liability under this Agreement by asking or requiring a Cardholder to waive his or her dispute rights.
3.4 You may only process a transaction as a recurring transaction if:
(a)you have obtained cardholder permission (either electronically or in hardcopy) to periodically charge for a recurring service; and
(b)you retain this permission for the duration of the recurring services and make it available to us on request; and
(c) you provide a simple and accessible online cancellation procedure, if the cardholder request for the goods or services was initially accepted online.
3.5 You agree to indemnify, and hold ACQUIRER harmless from and against any fines imposed on ACQUIRER by a Card Scheme because of your conduct in relation to the merchant services, including any fines imposed as a result of an unacceptable rate of chargebacks.
- WEBSITE REQUIREMENTS
4.1 Unless You are otherwise notified in writing, you must, before You accept any electronic commerce transaction over the Internet, establish and maintain at Your own expense a web site that complies with the requirements of clause 4.2.
4.2 The web site must clearly display the following information:
(a) Your business name (and Australian Business Number as applicable); and
(b) the address of Your approved place of business; and
(c) Your business contact details, including telephone numbers and an email address; and
(d) a complete description of the goods and services available for purchase on Your web site with the price advertised in Australian dollars or, if we have agreed that you can process transactions in another currency, that currency; and
(e) details of Your return and refund policy, including how a transaction can be cancelled by a
(f) details of Your delivery times for goods and services. Delivery times are to be appropriate for the type of business carried on by You. If the delivery is to be delayed, the Cardholder must be notified of the delay and an option provided to them to obtain a refund; and
(g) details of any Australian export restrictions (if applicable); and
(i) a description of the measures You have to maintain the security of:
- Cardholders’ account data; and
- any other information which, by notice, we or ACQUIRER require You to display from time to time; and
(j)any other information required for the purpose of complying with card scheme rules.
4.3 You must provide us reasonable access to view, monitor and audit the pages of Your web site.
4.4 Your web site payments page must be protected by Secure Sockets Layer or any other form of security method approved in writing by us.