October 2015
Rules of Card Acquiring Merchant
Agreement
These Rules of Card Acquiring Merchant Agreement consist of Part A – General rules
Part B – Country-specific rules and rules for domestic card programmes
Part C – Sector- and/or -service-specific rules
Part A – General rules 1. Application of the rules
This extract of rules describes the framework which applies to the agreement entered into between the Merchant and the Acquirer in respect of acquiring of card transactions.
2. General remarks regarding the acquiring of card transactions and the Merchant Agreement as a whole, contradiction in terms and conditions
‘Acquiring of card transactions’ refers to the services offered for authorising, clearing and settling card transactions carried out at the Merchant.
The services provided by the Acquirer under the Merchant Agreement are mainly directed to entrepreneurs, companies and associations and they are always to be used for industrial and commercial activity only.
The content of the service and the parties’ responsibilities and rights are stated in the approved Merchant Agreement applica-tion, in the General rules (Part A) and in the Specific rules (cf Parts B and C) and in the Merchant Instructions which alto-gether at any given time constitute the content of the Merchant Agreement. The Acquirer is not liable for any damage caused to the Merchant as a result of the Merchant not complying with the terms and conditions of the Merchant Agreement.
The Acquirer’s right and ability to offer card services are affected by Visa’s and MasterCard’s regulations and directives. The contractual relation between the Acquirer and the Merchant must comply with these regulations. The Merchant instructions as in force at the time of approval of the Merchant Agreement applica-tion by the Acquirer are sent by the Acquirer to the Merchant or they are set available to the Merchant in the Teller’s Merchant Portal.
Should the approved Merchant Agreement application conflict with the General rules or the Specific rules, the approved Mer-chant Agreement application prevails.
Should the General rules conflict with the Specific rules, the Specific rules shall prevail.
3. Use of third-party service providers
Either party may fulfil its obligations under this Merchant Agreement using a third-party service provider. All third-party service providers have to be PCI-compliant and registered as an approved service provider according to the card scheme in-structions. The parties are responsible for the activities of their third-party service providers as for their own.
4. Scope
The Merchant may utilise the services provided under the Merchant Agreement by the Acquirer only to payments made with MasterCards (debit, credit, Maestro) and Visa cards (debit, credit, Visa Electron, V PAY) and other cards stated in the Merchant Agreement.
The card issuers may also introduce new card products
(em-bossed or unem(em-bossed). In the case some card issuer intro-duces new card products, the Merchant may start accepting them as means of payment after complying with the procedures instructed by the Acquirer.
The Merchant approves the new terms and conditions (includ-ing without limitation new pric(includ-ing) set by the Acquirer appli-cable to acquiring of the new card products as the Merchant accepts a Transaction made by a new card product.
5. Other cards
The Merchant may enter into agreements with companies that acquire types of cards other than those described in the Merchant Agreement. The Merchant must notify the Acquirer of any such agreements before the card company’s cards may be used at the Merchant. Purchases made with such cards are to be credited to the account that is designated by the Merchant and stated in the Merchant Agreement.
6. Types of card payments and other definitions
6.1 Acquirer: means the acquirer, Kortaccept Nordic AB,
Finnish Branch in this Merchant Agreement.
6.2 Standard payment (POS): Payments to manned Merchants
by the cardholder using the card’s chip or magnetic stripe in a payment terminal providing proof of identity by a PIN code, sig-nature or other approved Cardholder Verification Method (CVM) or payments to manned Merchants by the cardholder using the card’s or a mobile’s contactless feature.
Special conditions apply to Standard payments (POS).
6.3 Online purchases in eCommerce environment: Payments
to virtual Merchants by the cardholder via the Internet or another open network approved by the Acquirer, approving pay-ments made with the card. Special conditions apply to online purchases.
6.4 Mail and telephone orders (MO/TO): Payments to
Mer-chants that offer goods and services via mail order and tel-ephone order sales. The cardholder writes the number, etc., of the card on the mail order which is signed, or this information is stated on the telephone. Special conditions apply to mail and telephone orders.
6.5 Hotels: A Merchant that offers overnight accommodation,
possibly with advance booking. Special conditions apply to hotels.
6.6 Vehicle rental: A Merchant that offers vehicle rental,
pos-sibly with advance booking.
Special conditions apply to vehicle rentals.
6.7 Unattended payment terminals or Cardholder-Activated Terminals (CAT): Payments are made at unattended terminals
by the cardholder using the card in a selfservice payment terminal, possibly providing proof of identity with a PIN code if the payment terminal asks for this. Special conditions apply to unattended payment solutions and automatic machines.
6.8 Recurring payments: A Merchant and a cardholder may
en-ter into an agreement to make periodic payments, often without stating a fixed amount and for an unspecified period.
Special conditions apply to recurring payments.
6.9 Cash Advance: The service allows cardholders to withdraw
cash either through an ATM or over the counter at a bank or other financial agency, up to a certain limit.
6.10 Quasi-Cash: A Transaction representing a Merchant’s sale
of items that are directly convertible to cash, for example, cur-rency exchange. Special conditions apply to Quasi- Cash.
6.11 Cash-back: The cardholder may withdraw cash from the
Merchant when paying a purchase at the Point-of-Sale – ef-fectively offering two services in one transaction. Cashback is a domestic service and only cardholders of the participating issu-ers having access to it. The EMV POS terminal needs to support the service and its requirements.
Special Country-specific rules apply to Cashback.
6.12 Authentication service: A function in which the
card-holder is identified by the issuer of the card in connection with an Internet-based online payment by means of a separate set of IDs and/or passwords (for example, 3DSecure like MasterCard SecureCode and Verified by Visa).
6.13 Authorisation: A check carried out by the Merchant in
which the card issuer states whether the card’s status or the size of the amount prevents a transaction from being executed.
6.14 Authorisation limit: Limit specified by the Acquirer in
the local currency for a Point-of-Sale or Trading Site within which the Point-of-Sale or Trading Site in question must always authorise transactions.
6.15 Banking Day: Banking Day means a business day on
which banks generally are open to the public for carrying on substantially all of banking functions.
6.16 Card data: Card data means the card number, expiry
date, and verification code of the cardholder’s card.
6.17 Card Scheme: means the Visa and MasterCard card
organisations and their card schemes as well as other card schemes the parties may agree at any given time. It refers mainly to Visa and MasterCard, as the owners of the payment scheme, into which an Acquirer or any other eligible financial institution can become a member. By becoming a member of the scheme, the member is thereby authorised to issue or acquire the Transactions performed within the scheme.
6.18 Card Verification Code/Value (CVC/CVV) are security features of the card, such as CVC, CVV, iCVV or PVV. Three- or
four-digit number series printed on the card’s signature panel, such as CVV2, CVC2, are used in mail orders or telephone orders and eCommerce environment.
6.19 Charge back: A procedure in which an issuer charges all
or part of the amount of a Transaction back via an Acquirer to the Merchant in accordance with Card Scheme regulations.
6.20 EMV: EMV® is a global standard for credit and debit
cards based on chip card technology.
6.21 International Card Organisations/Card Schemes: Visa and
MasterCard card organisations and their card schemes, as well as other card schemes the parties may agree on.
6.22 Merchant: The entrepreneur, company or other entity that
has concluded a Merchant Agreement with the Acquirer, includ-ing all its Points-of-Sale and/or Tradinclud-ing Sites.
6.23 Merchant Agreement: The application/agreement with the
appendices, rules and Merchant Instructions which together in their format at any given time constitute the Merchant Agree-ment.
6.24 Merchant ID: An identification number given by the
Acquirer to the Merchant which specifies the Point-of-Sale, Trading Site and/or the main Point-of-Sale.
6.25 Merchant Instructions: Instructions issued by the Acquirer
in order to comply with, among others, the rules and instruc-tions of the International Card Organisainstruc-tions, including payment card handling, data security, MO/TO, eCommerce and functions of terminals, as well as best practices and other information to Merchants.
6.26 Merchant Portal
Merchant Portal: is a web-based service provided by the Acquirer
where the Merchant’s administrator gets access and grants ac-cess rights within the Merchant organisation. The portal provides information about settlements, batches, specific Transactions and calculated fees. In addition, Merchants can view information about Acquiring products and services and the latest news.
6.27 Payment Service Provider (PSP/internet Payment Service Provider (iPSP)): A third party used by the Merchant to which
the Merchant sends the Transactions acquired by it (e.g. a third party or other transaction router). The Merchant Processor must be a certified service provider in accordance with the PCI standard.
6.28 PCI: PCI DSS is the international Payment Card Industry
Data Security Standard, used by Visa International, MasterCard Worldwide, American Express, JCB and Discover Financial Services. PCI DSS and other payment card industry stand-ards complement each other and define the minimum safety requirements for card transactions. Adhering to this standard is compulsory for all parties receiving, transmitting or storing card transactions.
6.29 Point-of-Sale (POS) terminal: A certified device and/or
system used by the Merchant that reads and verifies the card data.
6.30 Secure Payment Application (SPA): Security method
designed to authenticate cardholders when they pay online.
6.31 Transaction date (T): A date on which the Acquirer (or the
collection centre with which the Acquirer has on agreement) has received a Transaction with the correct content and in the agreed format from the Merchant or from the Merchant’s Pay-ment Service Provider.
6.32 Terminal vendor: A company which supplies certified POS
terminals to other companies or Merchants.
6.33 Trading Site: A site approved by the Acquirer with a
distinctive Merchant ID issued by the Acquirer and used by the Merchant for MO/TO or eCommerce.
6.34 Transaction: Information about payment based on an
agreement between a company and a cardholder to transfer an amount from the cardholder to the Merchant.
6.35 Universal Cardholder Authentication Field (UCAF): A field
to support a universal, multipurpose data transport infrastruc-ture that the Card Scheme uses to communicate authentica-tion informaauthentica-tion among the cardholder, merchant, issuer and acquirer communities.
7. Rights and obligations of the Acquirer
7.1 Authorisation routing, Transaction Acquiring and Data Errors The Acquirer routes the authorisation requests sent by the Merchant and/or the Merchants Payment Service Provider (PSP) to the Acquirer on the terms and conditions set out in the Merchant Agreement.
The Acquirer acquires all Transactions properly presented to it and received by it on the terms and conditions set out in the Merchant Agreement. The Merchant must ensure that the Transactions are sent by the PSP of the Merchant to the Acquirer and that the transaction data sent by the terminal or other solution is free from errors. The Acquirer is entitled to re-fuse to acquire or send to the card issuer Transactions that have been found to be erroneous or are suspected to be erroneous as well as to apply an extended settlement period.
Errors in an assembled data set comprising transactions of several companies and sent by the Payment Service Provider might result in an extended settlement period with respect to all transactions within the same assembled data set, even if the error only concerns a part of the assembled data, e.g. another company than the Merchant.
If the Acquirer acquires and settles to the Merchant, Transac-tions that the Merchant has delivered after the due date or that have been erroneous, the Acquirer is entitled to deduct the Transaction contested by the cardholder or card issuer and any other expenses incurred by the Acquirer from the subsequent settlements with the Merchant and/or its Points-of-Sale or Trad-ing Sites, or to otherwise debit these to the Merchant.
The Acquirer is also entitled to refuse to acquire Transactions that entail a specific risk of credit loss or misuse or for any other justified cause for refusal, or to apply an extended settle-ment period with respect to such Transactions.
The Acquirer is not liable for an extended settlement period caused by errors in transaction data or assembled data sets or caused by Transactions delivered after the due date.
7.2 The Acquirer’s settlement guarantee
The Acquirer undertakes to provide settlement to the Merchant for the Transactions properly presented to the Acquirer and re-ceived by the Acquirer in accordance with the Merchant Agree-ment. The settlement takes place at the latest on a day followed by the number of Banking Days after the Transaction Date agreed in the Merchant Agreement. The payment is to be made to the account that is designated by the Merchant and stated in the Merchant Agreement. The settlement is to take place in the same currency as that in which the transaction took place unless otherwise stated in the Merchant Agreement. The settle-ment account must be in the same currency as the settlesettle-ment. The Acquirer’s obligation to make payment in accordance with this provision is conditional (i) on the Merchant having met its obligations in accordance with the Merchant Agreement and (ii) on the date of settlement being (a) a Banking Day, and (b) where the currency of the payment is other than the domestic currency of the Acquirer, a day (other than Saturday or Sunday) on which banks are open for general business in the principal financial centre of the country of that currency to enable the Acquirer to execute the Transactions in such currency.
If the Merchant is liable for a loss caused to the Acquirer or the Merchant has received settlement for transactions to which it is not entitled, the Acquirer has the right to deduct a correspond-ing amount from a later settlement with the Merchant. The Acquirer does not normally check the Transaction before settle-ment is made to the Merchant. The Acquirer may use set-off to collect any claim that it has against the Merchant in connection with this Merchant Agreement.
The Acquirer is entitled to hold back the settlement as a risk management measure if it suspects that the Merchant would cause financial or any other kind of risk to the Acquirer. In addi-tion the Acquirer may be obliged to hold back the settlement or do the settlement (in whole or partly) to a third party subject to law or other order binding on the Acquirer.
7.3 Repayment obligation of the Merchant and the Acquirer’s right to charge back
Where a cardholder makes a complaint regarding a Transaction which has been reported by the Merchant and the Acquirer does not find that the complaint is clearly erroneous, the Ac-quirer is to charge back the Transaction from the Merchant. Where a Transaction related to a standard payment is made at an EMV terminal or the parties have specifically agreed upon guaranteed payment for transactions of the relevant type, the Merchant must, within seven (7) days of the earlier of (i) the Acquirer’s retrieval request or (ii) charge back, demonstrate that in conjunction with the Transaction the Merchant has made the verifications and otherwise has fulfilled the requirements stated in this Merchant Agreement. Where the complaint is based on such, the Merchant must also demonstrate that there was no defect or deficiency on the article or service to which the Transaction related. In the event that the sales company does not fulfil its obligations in this respect, a repayment obligation arises and the amount is charged back from the Merchant. Where the Transaction relates to any other type of card pay-ment, the Merchant must, in addition to the requirements set out chapter hereinabove within seven (7) days the earlier of (i) the Acquirer’s retrieval request or (ii) charge back, demonstrate that the Transaction was ordered by the cardholder. Where the Merchant fails to fulfil its obligations in this respect or where the complaint, in accordance with Visa’s or MasterCard’s rules and regulations, is such that the Transaction can be rejected, a repayment obligation arises.
Where repayment obligations arise, the Merchant must im-mediately pay an amount to the Acquirer corresponding to that which the Acquirer must pay to the issuer who had issued the card used, plus interest on such amount for the period from the date that the Acquirer paid the Transaction amount to the Merchant until such time as payment is made by the Merchant at an interest rate corresponding to local law.
The Acquirer is entitled to debit the Merchant’s account in the case a repayment obligation arises and the Merchant is obli-gated to pay in accordance with this provision.
The disputed amount may be debited to the Merchant’s account unless the Acquirer can immediately reject the cardholder’s complaint as being groundless.
From the date when the Acquirer receives a claim for payment as mentioned above or is made aware that there may be a
breach of the Merchant Agreement, the Acquirer may freeze funds in the Merchant’s accounts in the amount equal to the claim against the Acquirer brought by a third party.
The Acquirer is entitled to charge a fee for each charge back that occurs during the invoicing period.
Should complaints or losses relating to the Merchant during the previous thirty (30) days exceed 0.5% of the card volumes or number of Transactions on a specific Merchant ID, the Acquirer may debit the Merchant for processing costs and/or for charges or fees imposed on the Acquirer by MasterCard or Visa. The Acquirer is also entitled to charge the Merchant for fees and other claims for compensation that can be brought against the Acquirer by a third party (such as MasterCard and Visa) on the basis that the Merchant has breached the Merchant Agree-ment. Handling costs that the Acquirer incurs in connection with processing the claim may also be debited to the Merchant. The parties are to have a continuous dialogue regarding the volume of complaints and implementation of measures to limit the number of complaints as low as possible.
7.4 Merchant Portal and reporting
Merchant Portal is a service provided by the Acquirer to the Merchant. The Acquirer defines the content of the Merchant Portal at any given time.
The Acquirer provides the Merchant with administrator codes with which the Merchant’s administrator may create the neces-sary number of user IDs entitling the access to the Merchant Portal. The Merchant identifies itself to the Merchant Portal by utilising the user ID’s. The Merchant undertakes to keep, and is liable for keeping, the identification data, consisting of a user ID and password, used in the interactive services separate from each other. The Merchant is liable for the proper safekeeping of identification data to prevent all unauthorised third parties from accessing the data. The Merchant acknowledges the fact that a person using the created ID always has access rights to the Merchant Portal and is entitled to represent the Merchant to-wards the Acquirer relating to documents set into the Merchant Portal. If the identification data has been lost or the Merchant has reason to suspect that an unauthorised person has gained access to the identification data, it is obligated to prevent un-authorised use and to notify the Acquirer thereof immediately. The Merchant is liable for informing all its employees and other persons acting on its behalf who use or keep its identification data of the safekeeping obligations.
The Merchant acquires the data communications required for the use of the Merchant Portal and is responsible for their functioning, costs and security. The Acquirer is not responsible for any failures in data communications or data transfer that do not derive from the Acquirer. Both parties are responsible for ensuring proper data security for their own data systems and for seeing to it that the systems are protected against unauthorised use in a reliable manner.
The Acquirer sets available to the Merchant in the Merchant Portal (or at option of the Acquirer or if it has been separately so agreed, sends via e-mail or by mail) a report on the set-tlements on each Banking Day. In addition, the Acquirer sets available in the Merchant Portal or sends via e-mail a monthly summary report to the Merchant. The Acquirer may make
changes to the reporting system. If the change adds the Mer-chant’s obligations or restricts its rights, the change is subject to a prior notification to the Merchant in accordance with clause 16 of Part A Rules.
The Acquirer may give notifications to the Merchant by using the Merchant Portal, as stated in these Rules.
7.5 Use of the service
The Acquirer or the Acquirer’s service provider does not guar-antee uninterrupted use of the service. The Acquirer or the Ac-quirer’s service provider endeavours to rectify faults and errors notified by the Merchant within a reasonable time or, depending on the nature of the fault or error, in connection with further upgrading of the service.
The Acquirer or its service provider is entitled to interrupt the use of the service if this is necessary for the maintenance; repair or upgrading of the service or if there is another justified cause for the interruption. The Acquirer or its service provider notifies the Merchant of any interruptions in the use of the service in advance, if possible.
7.6 Reserve/security
The Acquirer may demand that the Merchant has to provide se-curity for its obligations to the Acquirer. This may take the form of a deposit in a bank, the withholding of settlement or some other form according to the Acquirer’s demands. The security is to be returned to the Merchant 540 days after the termination of the Merchant Agreement at the latest.
7.7 Inspection of the Merchant’s premises
The Acquirer or a party named by the Acquirer is entitled, without giving prior notice, to have access to the Merchant’s premises and equipment for handling card transactions in order to inspect these and ensure that the Merchant’s opera-tions are bona fide and honourable. If the Merchant has a service provider to handle the Transactions, the Merchant must ensure that the Acquirer is given a corresponding opportunity to inspect this company’s premises and equipment. The inspec-tion pursuant to this provision may take place at least once in a calendar year unless there are unforeseen grounds for carrying out such an inspection more often. Should any error or breach of security regulations be ascertained, the Merchant undertakes to correct these.
A site inspection visit report should be generated. The Acquirer may request the Merchant to replace the equipment. If the Merchant’s equipment or other procedures do not fulfil the requirements set by the Acquirer, the Merchant shall replace the equipment and/or change the procedures at the Acquirer’s request in a manner and within the period specified by the Acquirer. In case of non-compliance with the Acquirer’s request, the Acquirer may terminate the Merchant Agreement.
7.8 Miscellaneous
The Acquirer may record the calls to its service numbers. The recorded calls will be processed by the authorised personnel only. Recordings will be used, among others, in the processing of claims and in staff training.
The Acquirer is entitled to give a Payment Service Provider and/ or terminal vendor necessary information about the Merchant in order to set up the Merchant POS terminals or other systems for the service correctly.
8. Rights and obligations of the Merchant
8.1 Handing over of Transactions and technical standards The equipment that the Merchant is to use for Transactions and authorisations (such as a terminal), including software, hardware and communications, must be certified and must comply with the prevailing technical standards and guidelines stipulated by the Acquirer. The Merchant is to send the Transac-tions, the authorisation requests and authorisation reversals to the Acquirer (or a collection centre with which the Acquirer has an agreement) in accordance with the prevailing standard and guidelines stipulated by the Acquirer. The Merchant is respon-sible for the functioning, costs and security of its equipment used for authorisations, gathering and storing information and handing over Transactions.
The Merchant may use a Payment Service Provider to process authorisations and transactions, pass them on to the Acquirer and reverse them. This Payment Service Provider (and any changes of it) must be approved by the Acquirer before the Merchant starts to use the relevant Payment Service Provider. The Payment Service Provider is to comply with the standards and guidelines which apply to the Merchant. The Merchant is at all times responsible for the Payment Service Provider and li-able for its errors, costs, and the like. The Merchant must notify the Acquirer of its intention to start to use a different Payment Service Provider well in advance in order to receive the approval or denial of the Acquirer early enough.
A special merchant number provided by the Acquirer must be stated in connection with the sending or reversal of Transac-tions and authorisaTransac-tions. Where the Merchant Agreement covers several types of card payments the Acquirer provides a merchant number for each type of card payment under the Merchant Agreement.
Transactions are to be deposited with the Acquirer (or a collec-tion centre with which the Acquirer has an agreement) within two (2) days after the Transaction date on which the cardholder has authorised the payment at the latest unless otherwise agreed in the Merchant Agreement. The Merchant is always li-able to retrieve the feedback on that the Transactions have been sent. If Transactions are received by the Acquirer (or a collection centre with which the Acquirer has an agreement) later than by the above-mentioned cut-off time, the Acquirer may refuse to settle the Transactions or to write back settlements that have been made.
It is the Merchant’s responsibility to ensure that the Merchant has received settlement for Transactions which have been sent to the Acquirer. The Merchant must complain about any lack of settlement within twenty-one (21) calendar days after the Transactions have been handed over to the Acquirer at the latest.
In order to decrease the risk relating to malfunctioning of equip-ment used to send Transactions to the Acquirer, the Merchant is advised to send Transactions to the Acquirer online or at least on a daily basis. The Acquirer may refuse to settle the Transac-tions sent to the Acquirer in an incorrect form.
In the case of any necessary replacement or modification of equipment and system changes, including the introduction of chip cards, the Merchant and Acquirer are each to pay their own costs.
The Merchant is financially responsible for Transactions in which a chip card has been used at a terminal or other solution that is not approved in accordance with the EMV specifications. 8.2 Authorisations and blocking controls
The Merchant shall authorise each Transaction unless otherwise stated in the Merchant Agreement, in the specific terms and conditions or in the Merchant Instructions. An authorisation is a confirmation from the card issuer that the payment may be car-ried out. The authorisation may also provide other information but it does not confirm the correct identity of the cardholder. An approved authorisation alone does not provide the Merchant with a guarantee that the card payment will be settled, see clause 7. The floor limit of authorisations must not be disclosed to any unauthorised third parties (including the cardholder). The entire purchase price (the total amount) must be author-ised or verified as one amount. The Merchant cannot evade the floor limit dividing the amount or split sales. If the floor limit is exceeded without authorisation having been obtained, the Acquirer may reject or reverse the Transaction.
Transactions involving Electron or Maestro cards must at all times be authorised online before they are executed. The same applies to cash-back cash withdrawal transactions.
If the Merchant receives a blocking notice from the Acquirer and attempts are made to use a card stated on the notice, the card is to be rejected.
An obtained authorisation must be reversed as soon as possible (and however not later than within 24 hours) after a Transac-tion cancellaTransac-tion or a finalisaTransac-tion of a TransacTransac-tion for an amount lower than the authorised amount. The Merchant shall ensure (with its PSP) that the reversal has been made. Any author-ised amount not reversed must correspond to the Transaction amount.
The rules and instructions regarding the manner in which authorisation takes place may be specified in the specific terms and conditions and in the Merchant Instructions.
8.2.1 Further terms and conditions applicable to the authorisati-ons of MasterCard Transactiauthorisati-ons
In addition to the terms set out in clause 8.2, the terms set out in this clause 8.2.1 are applicable to the authorisations relating to Transactions made using a MasterCard payment card unless otherwise stated in the specific terms and conditions or in the Merchant Instructions.
The Merchant must code the authorisation request as either pre-authorisation or final authorisation. Pre-authorisations of Maestro Transactions are allowed only in online shopping in eCommerce environment and at unattended, automated fuel dispensers as set out in the specific terms and conditions or in the Merchant Instructions.
Unless otherwise stated in the specific terms and conditions or in the Merchant Instructions, the Merchant shall use the final authorisation in which the authorisation is requested for the final Transaction amount and the Transaction may no longer be cancelled after the authorisation request is approved in full. Each approved final authorisation has a payment guarantee pe-riod of seven (7) calendar days from the authorisation approval date unless otherwise stated in the specific terms and condi-tions or in the Merchant Instruccondi-tions.
A pre-authorisation is an authorisation in which the authorisa-tion is requested for an estimated amount and/or the Transac-tion may not be completed for reasons other than a techni-cal failure or lack of full issuer approval. Pre-authorisations may only be used in accordance with the specific terms and conditions and/or the Merchant Instructions. Each approved pre-authorisation has a payment guarantee period of thirty (30) calendar days from the authorisation approval date unless otherwise stated in the specific terms and conditions or in the Merchant Instructions.
To extend the duration of the payment guarantee period, the Merchant may submit additional authorisation requests for the same Transaction on later dates. A unique identifier from the original approved authorisation of a Transaction must appear in each additional authorisation request. The approved amount of any authorisation with an expired guarantee is deemed to be zero.
8.3 Commissions and other fees
The Merchant shall pay to the Acquirer the fees stated in the tariff of the Acquirer for the services stated in the Merchant Agreement and other charges, commissions, fees and costs in accordance with the Merchant Agreement. Unless otherwise agreed, the amounts are to be debited in the same currency as the one in which the relevant Transaction is executed and are to be documented by a bank statement or separate statements. All other fees are to be debited in the domestic currency of the Acquirer, unless otherwise agreed in the Merchant Agreement. The account to which the fee will be debited should be in the same currency as the fee.
The Merchant is to ensure that there are always sufficient funds to cover the amount debited. The Acquirer is allowed to debit the commissions and fees monthly to the Merchant’s account if nothing else is specified in the Merchant Agreement.
A tariff and Merchant commissions are part of the Merchant Agreement. The service fees and commissions are debited to the Merchant’s account monthly in Gross settlement option and deducted from the settlement amount in Net settlement option. Should the Merchant Agreement be terminated by one of the parties during a period for which the Merchant has paid a fee, any of the fees may not be refunded to the Merchant.
8.4 Permitted transactions
The Merchant is to accept transactions with all types of cards that are within the scope of the Merchant Agreement.
Additional rules for the handling of cards and card transactions may be stated in the specific terms and conditions or in the Merchant Instructions.
Transactions may only be executed in the domestic currency of the Acquirer unless otherwise stated in the Merchant Agree-ment. The Merchant may not hand over Transactions that contravene local or international laws or rules or in which a card has been used to pay for bets in games or similar circumstances or where the cardholder’s payment and/or obligation can be regarded as being invalid by virtue of local law.
The Acquirer may at any time demand that the Merchant must document that Transactions have been executed in accordance with this Merchant Agreement or the Merchant Instructions. If
there is any doubt that this has not taken place, the Acquirer is entitled, while waiting for documentation, to withhold settle-ment until the situation has been settled.
Should the Merchant have deliberately forced the use of a back-up solution, settlement may be withheld if a dispute regarding the Transaction arises.
The cardholder is only to be credited in connection with previ-ously approved Transactions. The credit transaction is to be executed using the same card and card number as the originally approved debit transaction. The Merchant is not allowed to pay cash in connection with any return of goods or other repayments to the cardholder.
Unless otherwise specified in the specific terms and conditions, a Merchant may only report Transactions under this Merchant Agreement relating to the purchase of goods and services from the Merchant and subsequent reversals relating to previous Transactions. Therefore a Merchant may not report card transac-tions relating to the receiving of payment for goods and services provided by other companies, as may occur with a distributor’s handling. Nor may the Merchant report card transactions which concern payment of existing debt or previously rejected checks. After the Acquirer’s special review and prior consent, the Mer-chant may report Transactions in which the MerMer-chant acts as an agent or intermediary and thereby sells or conveys another party’s goods or services or sells or conveys goods or services on another party’s behalf, for example, trips or tickets to events. In the cases where another party may perform the service that the card transactions concern, the Merchant is responsible for the service as if it had been performed by the Merchant itself in accordance with the Merchant Agreement, for example, as regards clause 7.3 Repayment obligation.
8.4.1 Unjustified card usage
If the Merchant knew or should have known that the cardholder was not entitled to use the card, the card transaction must not be executed.
In cases of doubt, the Merchant is to conduct more detailed investigations, such as checks of identity of the cardholder, or contacting the Acquirer before the Transaction is carried out. This applies both in the case of ordinary electronic usage and when using a backup solution.
8.5 Cross-border Acquiring
Unless otherwise agreed in the Merchant Agreement, the Mer-chant may only hand over Transactions relating to the purchase of goods or services from the Merchant in the Acquirer’s country of domicile. If the Merchant operates in multiple countries and the Merchant and the Acquirer have so agreed, the Merchant may hand over Transactions also from the other countries speci-fied in the Merchant Agreement at any given time.
For the sake of clarity it is stated that the Merchants operat-ing in cross-border sales must comply with all local laws, regulations and rules in the markets they operate or enter. Furthermore, the Merchant must comply with any regional rules registered with the Card Schemes and informed by the Acquirer or its service providers to the Merchant.
8.6 Requirements for the Merchant’s services
The Merchant must accept all valid cards falling within the scope of this Merchant Agreement as full settlement for the sale of goods and services. The Merchant must accept cards for reg-istration as electronic transactions (terminal) unless otherwise stated.
The Merchant undertakes to handle card transactions in a professional manner, to ensure that the personnel who handle card transactions possess the necessary competence and com-ply with the terms and conditions of the Merchant Agreement, including without limitation Merchant Instructions, and with generally accepted practices in the industry.
The Merchant must show that it accepts cards by using stickers in entrance areas and beside payment points and must state in its advertising material the cards that can be used for payment. The Merchant is entitled to use the Acquirer’s business name and trademark, MasterCard’s and Visa’s trademarks and the trademarks of other cards covered by this Merchant Agreement. This is to be done in the way that the Acquirer instructs. The Merchant is to remove all trademarks and other symbols and identifiers of the International Card Organisations from all of its material and its main Point-of-Sale and all Points-of-Sale and Trading Sites immediately after the termination of the Merchant Agreement. The Acquirer is to a reasonable extent provide the Merchant with advertising and information material relating to card payments.
The Merchant must comply with all laws to which it may be subject where a failure to do so is reasonably likely to have a material adverse effect on (i) the business, assets, financial condition or the prospects of the Merchant and/or its group taken as a whole, (ii) the ability of the Merchant to perform its obligations under the Merchant Agreement or (iii) the validity or enforceability of the Merchant Agreement or a part of it. The Merchant has obtained, and must comply with, any mate-rial official approval, authorisation, consent, licence or the like required or appropriate for (i) the carrying on by it of its busi-ness and (ii) the execution and performance of the Merchant Agreement and any related document and the use of the service under the Merchant Agreement.
The Merchant is to promptly inform the Acquirer of:
any changes to ownership factors, the board of directors, general manager or contact information required for its operations under the Merchant Agreement,
any material changes in its business, and
any circumstances referred to in clause 14 which could entitle the Acquirer to terminate the Merchant Agreement with immediate effect.
Should the Merchant believe that the Acquirer has incorrect in-formation about the Merchant, the Merchant must immediately contact the Acquirer to rectify the matter.
8.7 Filing
The terminal records, signed receipts and merchant bookings must be stored in accordance with the prevailing accounting regulations, and according to PCI (see clause 10.1), and for a minimum period of 18 months. If requested by the Acquirer,
purchase receipts, logs, vouchers and suchlike, or if necessary copies of these, must be handed over to the Acquirer within five (5) days of a request received. If the Merchant uses a service provider to store documentation, the service provider must hand over the documentation on behalf of the Merchant.
This obligation also applies after the Merchant Agreement has expired. Upon request by the Acquirer, all information that has been compiled during the last eighteen (18) months before the Merchant Agreement has expired must be delivered to the Acquirer.
8.8 Register of Point-of-Sale terminals
The Merchant is liable to have an up-to-date register of all its Point-of-Sale terminals, and also the Point-of-Sale terminals which have been taken out of use. The Acquirer may at any time ask for such a register and it should at any time be up-to-date.
8.9 Currency indemnity and waiver
The Merchant is obliged at the Acquirer’s request to indem-nify the Acquirer against any cost or loss arisen out of the conversion of a currency in the case of any sum due from the Merchant has to be converted from the currency in which it is payable into another currency for the purpose of filing a claim against the Merchant or obtaining or enforcing an order, judge-ment or kind and there has been discrepancy between the rate of exchange applied to the conversion and the rate of exchange available to the Acquirer at the time the Acquirer receives the sum.
The Merchant waives any right it may have in any jurisdiction to pay any amount under the Merchant Agreement in a cur-rency other than that in which it is expressed to be payable in the Merchant Agreement.
9. Duty of confidentiality
The parties must not disclose any information regarding the content of the Merchant Agreement or any information that the parties gather in accordance with the rules and instructions of the Merchant Agreement and which relates to the parties or the cardholder. The information may only be disclosed to the Acquirer, to a service provider engaged by the Acquirer, to a company or other corporation based in Finland or abroad which belongs to the same domestic or foreign group or economic in-terest consortium as the Acquirer at any given time or to a com-pany or to some other comcom-pany that is legally in such a position that information can be disclosed to it and to service providers engaged by the Merchant for handling card transactions. When information is disclosed to the latter type of company, the duty of confidentiality applies to such company as well. The obliga-tion to maintain confidentiality in accordance with this provision also applies after the Merchant Agreement has terminated. The parties and their service providers must not process personal data obtained from the Transaction apart from that which is necessary for executing the Transaction. The informa-tion must not be used in selective marketing measures or other contexts which contravene local rules and regulations.
10. Security requirements
The Acquirer may lay down requirements for the equipment that the Merchant must have for authorisations, gathering and storing information and handing over Transactions. In order
to prevent information which is confidential according to the clause regarding the duty of confidentiality becoming known to unauthorised third parties, the Merchant must implement the necessary security measures.
The Merchant must implement the security measures that the Acquirer considers necessary.
10.1 Storage and securing of cardholder data and PCI regula-tion
The Merchant must at all times comply with the common standard PCI (Payment Card Industry Data security standard) and the regulations of Visa, MasterCard and/or the Acquirer for secure trade and perform the required security checks. These are required where Visa AIS is concerned (Account Information Security) and are available at www.visa.com and where Master-Card is concerned SDP (Site Data Protection) and are available at www.mastercardeurope.com.
More information about PCI can be found at https://www.pcise-curitystandards.org/
More detailed rules and instructions regarding what the Merchant must apply may be stated in the specific terms and conditions. The Acquirer is also entitled to issue security rules and instructions in another manner. The rules and instructions issued by the Acquirer separately or in the specific terms and conditions can specify, for example, what kind of a technical solution the Merchant needs to have for making authorisation, collecting information, reporting or other measures of handling the transaction data. All the physical and/or electronic storage of cardholder data must take place in such a way and in such a form that the data are inaccessible to unauthorised third par-ties. All the access rights must be logged and all users must be assigned a separate user identity. All stored card numbers must be encrypted and CVV2/CVC2 or other sensitive authorisation data must under no circumstances be stored after an authorisa-tion has been made.
The Merchant may not save the card verification value in the chip application (iCVV/chip CVC) or the PIN verification value in the magnetic stripe (PVV).
Should a Payment Service Provider (PSP) store, process and transfer cardholder data on behalf of the Merchant, the Mer-chant undertakes to inform the Acquirer of this. The MerMer-chant’s service provider will in such cases be subject to the regulations mentioned above.
The Merchant undertakes to immediately contact the Acquirer if it suspects fraud, infringement into a system or another incident that can constitute a security risk. Furthermore, the Acquirer is entitled to delay the settlement of suspicious card transactions until the incident has been investigated. In connection with serious suspicions the Acquirer is entitled to temporarily stop all card transactions.
Should there be reasonable grounds to suspect a breach of security or that cardholder data has gone astray or the PCI rules define that the Merchant has to go through the security scan-ning, the Merchant must by order of the Acquirer examine the Merchant’s systems thoroughly, (“vulnerability scanning”). Such an examination must be performed by a PCI-certified data secu-rity company. The Merchant must bear all the costs incurred in connection with this.
Should the Merchant fail to comply with the PCI DSS require-ments and the cardholder data goes astray, the Merchant will be financially liable for the investigations, forensic costs and any losses that arise as a result of misused cards. In addition, the Acquirer may charge the Merchant for the fines that the card companies impose on the Acquirer as a result of the Mer-chant’s incompliance with the PCI DSS requirements. 11. Liabilities
11.1 Liability for Damage
Each party is liable for damage caused to the other party by a breach of the Merchant Agreement subject to the limitations set out below in clause 11.2 and/or in the Merchant Agreement. 11.2 Limitation of liability
The parties are not liable for the other party’s losses which arise from a force majeure, amendments to law, measures imple-mented by the authorities, acts of war, disruption of postal, tele-phone or data traffic or any other electronic communication net-works, data transfer, automatic data processing, interruptions of general transactions, strikes, boycotts, lockouts, blockades or other similar circumstances. The reservation regarding strikes, lockouts and blockades also applies if the parties themselves are the objective of, or themselves initiate, such measures. The parties are not liable for any indirect damage including, without limitation, loss of profits or revenue, loss of savings or business or loss of goodwill.
Limitations of liability do not apply to intentional acts or gross negligence or breach of confidentiality obligations.
12. The validity, service utilisation and termination of the Mer-chant Agreement
The Merchant Agreement enters into force and the Merchant may start to utilise the services provided under the Merchant Agreement when the Merchant has signed the Merchant’s ap-plication for Card Acquiring Merchant Agreement, the Acquirer has approved the Merchant’s application for Card Acquiring Merchant Agreement and the Merchant has fulfilled all the conditions precedents set out by the Acquirer for the utilisation of the service.
The Merchant Agreement continues to be in force until further notice. The Merchant Agreement may be terminated by either party by giving a written notice at least three (3) months prior to the termination.
The Acquirer may terminate the Merchant Agreement and block the settlement account with immediate effect if one or more of the following circumstances occur or the Acquirer suspects might occur:
One or more items in the Merchant Agreement are breached The Merchant has given incorrect or incomplete information
regarding its business.
The Merchant provides services or sells products on the market in a way that in the opinion of the Acquirer is con-trary to responsible business practice.
The Merchant’s area of operations has changed since the Merchant Agreement was entered into and the Merchant has not given notice of this or the Merchant has terminated its business or changed its business materially in a way which in the opinion of the Acquirer is inappropriate for acquiring Transactions
The Merchant sells or brokers goods or services, or per-forms other operations which contravene MasterCard’s, Visa’s or another business partner’s regulations.
There is a reason to suspect that the Acquiring service is being used or will be used for criminal activity or activities. The Merchant acts or plans to act in a way that would
damage the reputation of the Acquirer or a third party. The number or type of complaints deviates from that which
the Acquirer regards as normal or exceeds by 0.5%the number of Transactions per Merchant ID in a month. The Merchant has not fulfilled any or all of its payment
obligations towards the Acquirer when due, or the Acquirer has right to cancel its commitment towards the Merchant, under an agreement or another undertaking binding betwe-en the Acquirer and the Merchant or the Acquirer considers that the Merchant’s liquidity is otherwise insufficient. The Merchant offers goods or services that, in the
Acqu-irer’s view, are of such a nature that they contravene the Acquirer’s policy.
The Merchant has been engaged in unlawful or criminal acts.
The Merchant has defaulted on a payment or committed some other fundamental breach of the Merchant Agree-ment.
The Merchant’s settlement account is terminated. The Merchant starts debt settlement proceedings, goes
into liquidation, petitions to be wound up or is forced into bankruptcy.
Such termination must be given in writing.
The parties have the right to terminate the acquiring of a certain type of card payments from the scope of the Merchant Agreement.
Following the termination of the Merchant Agreement, wholly or partially, the Merchant’s sales paid for through cards whose acquiring has been terminated immediately cease.
When the Acquirer is entitled to terminate the Merchant Agree-ment with immediate effect or has reason to suspect that such right to terminate exists, the Acquirer may refuse to acquire reported Transactions.
If the Merchant Agreement is terminated, the Merchant must hand back all the material and equipment it has received from the Acquirer and immediately stop all sales using the cards covered by this Merchant Agreement. After the termination, the parties are still responsible for Transactions handled during the validity of the Merchant Agreement. For example, the Acquirer has the right to debit chargebacks and fees to the Merchant’s account.
If the Merchant Agreement is terminated due to misuse as defined by the International Card Organisations (e.g. misuse of card data or suspected money laundering) or any other breach of the Merchant Agreement by the Merchant or by any of the Merchant’s service providers, the Acquirer is entitled to register the reason for terminating the Merchant Agreement in the data systems maintained by the International Card Organisations, where data will be stored for five (5) years from the registration.
13. Intellectual Property Rights
All intellectual property rights to the Merchant services and the service descriptions are the property of the Acquirer.
All trademark rights and all other intellectual property rights to Visa and MasterCard trademarks and to other trademarks of the International Card Organisations belong to the appropriate International Card Organisation. The Merchant is not granted any other rights to them, except for those expressly set out in these rules.
14. Amendments to the terms and conditions in the Merchant Agreement and other changes
The Acquirer is entitled to amend the Merchant Agreement and its terms and conditions, such as these rules and charges, com-missions and fees.
If an amendment to the Merchant Agreement or its terms and conditions does not add the Merchant’s obligations or restrict its rights, or is caused by an amendment to legislation or Card Scheme rules or a decision of the authorities or is made for critical security reasons, The Acquirer is entitled to announce the amendment by publishing it on www.teller.com, at the Merchant Portal or in another electronic channel provided or accepted by the Acquirer, by sending the amendment to the Merchant via e-mail or by post or they may be otherwise deliv-ered to the Merchant. The amendment comes into effect at the time announced by the Acquirer.
If an amendment to the Merchant Agreement or its terms and conditions add the Merchant’s obligations or restricts its rights, and is not caused by an amendment to legislation or Card Scheme rules or a decision of the authorities or is not made for critical security reasons, the Acquirer will inform the Merchant of the amendment via Merchant Portal, or another electronic channel provided or accepted by the Acquirer, via e-mail, by post or in some other manner agreed separately either electroni-cally or on paper. The amendment enters into force at the time stated by the Acquirer; however, no earlier than one (1) month from the sending of the notification. If the Merchant does not wish to accept such an amendment, the Merchant may, by giving at least fourteen (14) days prior to the amendment a written notice to the Acquirer to terminate the Merchant Agree-ment with effect from the date when the amendAgree-ment enters into force.
Changes of charges, commissions and fees included in the tariff of the Acquirer are published in the revised tariff. Such changes take effect as of the date indicated by the Acquirer.
In addition, the Acquirer has the right to issue new or amend the Merchant Instructions with effect from the time announced by the Acquirer by publishing the Merchant Instructions via the Merchant Portal or by sending them via e-mail or by post or by informing the Merchant of setting them available to the Merchant at the branches of the Acquirer or by delivering them in some other manner either electronically or on paper. A change of the settlement account must be documented in writing to the Acquirer
15. Transfer
The Merchant may not transfer its rights or obligations pursu-ant to the Merchpursu-ant Agreement to a third party without the Acquirer’s prior written approval.
The Acquirer is entitled to transfer its rights and obligations pursuant to the Merchant Agreement to another company in the Nets Group.
16. Notices
A written notification sent by post from the Acquirer is consid-ered to have been delivconsid-ered to the Merchant on the seventh (7th) day after the notification was sent at the latest, provided the letter is sent to the address which is stated in the Merchant Agreement or which is otherwise known to the Acquirer. An electronic notification by the Acquirer to the Merchant is considered to have been delivered to the Merchant no later than on the next day after the Acquirer has published the notification or has delivered the notification to the Merchant by using at least one of the agreed electronic means.
17. Dispute resolution
The parties must attempt to reach an amicable resolution of any dispute relating to the Merchant Agreement. If the parties fail to agree the disputes arising from the Merchant Agreement, they are processed in the District Court of the capital of the country where the Acquirer has its domicile unless otherwise agreed.
The Merchant Agreement is governed by the law of the country where the Acquirer has its domicile.
Part B Country-specific rules and rules for domestic card programmes 1. in Denmark 2. in Finland 3. in Norway 4. in Sweden 5. in Estonia 6. in Latvia 7. in Lithuania 8. in Poland
Part B – 2. Specific rules for payments in Finland and rules for domestic card programmes
The Acquirer referred to in the Part A, B and C of these Rules of Card Acquiring Merchant Agreement is Kortaccept Nordic AB, Finnish Branch.
Kortaccept Nordic AB, Finnish Branch Teollisuuskatu 21
FI - 00510 Helsinki
Tel +358 200 31000 (0200 31000) Fax + 358 9-6964 9213 (09 6964 9213) Mail kortaccept-fi@teller.com
Kortaccept Nordic AB, Finnish Branch has been registered in the Trade Register maintained by the National Board of Patents and Registration.
The business operations of Kortaccept Nordic AB, Finnish Branch are supervised by the Swedish Financial Supervisory Authority (Finansinspektionen, P.O. Box 7821, 10397, Stock-holm, Sverige, www.fi.se).
Separate agreements are needed for routing of other card scheme transactions like American Express (AmEx), Diners and PLCs (private label cards).
Authorisations
In Finland the Card schemes set country-specific floor limits for authorisations are followed. The value of the floor limit is the maximum amount the Merchant can complete a Transaction without online authorisation. A party that puts to use higher floor limits than are set or refuses to authorise Transactions that must be authorised has financial liability for possible disputable Transactions.
The published floor limits set up to the POS terminal Apply to EMV chip transactions to determine which
Trans-actions may be authorised offline, Apply to all Transactions completed at a
Merchant that does not have an online-capable Point-of- Sale (POS) terminal,
Do not apply to any magnetic stripe-read
face-to-face transaction completed at an online-capable terminal (floor limit is zero), and
Do not apply to any non–face-to-face transactions e.g. unat-tended terminals or eCommerce (floor limit is zero). Floor limit values are assigned according to the business code of the Merchant (MCC), the transaction category code (TCC), and the geographical location. The Acquirer informs the Merchant of the floor limits in force at any given time
by publishing the floor limits in the Merchant Instructions or by informing the payment service provider of the floor limits required for the POS terminal.
Cash withdrawals in connection with payments made with cards
The Merchant may offer Cash-back to the cardholder in ac-cordance with the Merchant Instructions. Cash withdrawals in connection with Cash-back may only take place in conjunction with face-to-face purchases and may not exceed the maximum amount set out in the Merchant Instructions. The issuer may decide to have lower Cash-back limits and also if Cash-back is allowed for the card type. A Cash-back transaction is only made in connection with a purchase and it has to be always online authorised. The cardholder receipt must show the purchase amount and Cash-back amount separately.
Surcharging
The Merchant is entitled to impose an additional charge on the cardholder in connection with purchases made with a Visa or MasterCard only to the extent that it is allowed according to the Finnish law.
The Merchant must, in connection with the provision of a service or an item which is paid by card, offer its customer reasonable terms and conditions and ensure that the customer is clearly informed regarding the terms and conditions for its provision. The charge must be separately shown on the receipt. Restricted loop cards
Issuers of cards may issue, in accordance with the Card Scheme rules, cards that only Merchants belonging to a certain business code of the merchants (MCC) may accept for payment. These cards may be destined to be used only for pay-ment of a certain goods and/or with a value of certain minimum/maximum amount e.g. relating to fringe benefits in accordance with the tax regulation. The Merchant accept-ing restricted loop cards for payment of certain fraccept-inge benefits must comply with the laws and regulations as well as with the decisions and instructions of the Finnish Tax Administration regarding fringe benefits in force at any given time.
Part C – Sector- and/or service-specific rules
This part contains a specific extract of the terms and conditions applicable to
1. standard payments (POS)
2. mail orders and telephone orders (MO/TO) 3. online shopping, eCommerce
4. recurring transactions 5. Quasi Cash
6. unattended payment terminals or cardholder-activated terminals (CAT)
7. hotels 8. car rentals
9. contactless payments
The specific rules apply in addition to the general rules. In the case of any conflict between the specific rules and the general rules, the specific rules prevail.
1. Specific terms and conditions applicable to standard payments (POS)
1.1 Verification
If the chip on the card is read without any participation of the Merchant and the cardholder authorises the transaction with PIN, or if the chip is read, at the option of the cardholder, using the contactless interface of the terminal for a transaction under the CVM-required limit, the Merchant does not need to perform the card verification listed below. This is also applicable if the information on the card is read without any participation of the Merchant and the card does not demand any further measures than that the information is read.
In connection with purchases, the Merchant must perform the following verifications:
1.1.1 Card verification
The Merchant must through ocular inspection of the card ensure that:
the card number, name of the cardholder, and term of vali-dity are stated on the card
the card does not show any signs of alteration the card bears the cardholder’s signature the term of validity on the card has not expired
the first four digits of the card number are identical to the four digits printed on the card directly under or above the card number. In the case the digits are not identical; the Merchant must retain the card and contact the Acquirer for further instructions.
the card number on the sales slip is identical to the card number on the card, and
the term of validity on the sales slip is identical to the term of validity stated on the card.
1.1.2 Customer identification
The cardholder must approve that the agreed amount will be debited to the card either through PIN or signature. The Mer-chant ensures that it is actually the cardholder who approves that the amount will be debited to the card by:
(A) Verification with PIN
In order for PIN codes to be accepted in connection with cus-tomer identification, the card number must be read mechanically.
PIN codes are entered using a PIN keypad approved by the Acquirer. The PIN keypad may only be used at the Merchant where the original installation took place.
The cardholder may at no time be requested to enter his or her PIN code where PIN usage is not permitted for the card in question. In connection with return transactions, PIN numbers must not be used.
(B) Verification with signature
The customer’s signature on the invoice or sales slip must be compared with the signature on the card and with the signature on the valid, official identity verification document issued by the authorities. In addition, the Merchant must verify that the photo on the ID matches the customer. Where the signatures or the photo do not match, the card must not be accepted for payment.
1.2 Collection of information
The following information must be collected by the card being read electronically in a terminal or other solution approved by the Acquirer and distributed to the Acquirer:
Merchant’s name address with country code
transaction type (purchase or returned purchase) trademark (Visa, MasterCard, Maestro)
acquirer card number
card expiry (Valid through)
transaction date and time for authorisation transaction amount
transaction currency authorisation code
Terminal Verification Result (TVR),
Application Identifier (AID) and Transaction Status Informa-tion (TSI)
reference number
Otherwise the collected transactions follow the specification provided by the Acquirer or the Acquirer’s service provider. Manually registered Transactions are not permitted unless ap-proved technical equipment allows this and the Acquirer and the Merchant have made a special agreement.
1.3 Authorisation
All card transactions must be authorised through a terminal or other approved solution. The floor limit is zero (0) if nothing else is laid down in the Merchant Agreement or stated in the Country-specific rules and rules for domestic card programmes as informed in the Merchant Instructions.
2. Specific terms and conditions applicable to mail order and telephone order (MO/TO)
2.1 Permitted transactions
These special conditions apply to MasterCard and Visa cards. Transactions using Maestro, Electron and V PAY cards are not permitted.
2.2 Information to be obtained
The Merchant must obtain the following information in connec-tion with a Transacconnec-tion (this should be stated in the customer’s mail order/telephone order):
cardholder’s name
cardholder’s address (delivery name and address) name of the person making the order
card number card type card’s expiry date
card’s control digits (CVC2/CVV2), i.e. the last three digits on the signature panel on the back of the card
cardholder’s signature (in the case of mail orders) transaction currency transaction date authorisation code order date shipping date shipping address
description of the merchandise and services total amount of the order
order confirmation number
information on whether the cardholder wishes the Value Added Tax (VAT) amount to be specified
Merchant name Merchant location online address, if any itemised charges if any 2.3 Authorisation
The Merchant must obtain authorisation for the order’s total amount and check the card’s control digits (CVV2/CVC2). This is done by stating the control digits in the authorisation request. The authorisation is carried out by the Merchant’s approved electronic system contacting the Acquirer or the Acquirer’s service provider.
If the authorisation and/or control digits are not approved by the authorisation request, the Transaction must not be carried out. This section is applicable to Visa Transactions: If more than seven (7) days elapse between the date when the authorisation is made and the date when the goods are sent and the amount is debited, the Merchant must obtain a renewed authorisation for the total amount. If this renewed authorisation is not agreed on, the cardholder must not be debited and the goods must not be delivered.
This section is applicable to MasterCard Transactions: If the transaction might not be completed for a reason such as the goods ordered being later found out to be out of stock, the Mer-chant must obtain a pre-authorisation for the agreed amount and later obtain an additional authorisation to get the duration of the payment guarantee period of seven (7) days extended, if necessary. If the cardholder is debited after the payment guar-antee period has expired the transaction may be charged back also on the basis that the card account is permanently closed. 2.4 Requirements for the Merchant’s services
The Merchant is to comply with the legislation in force govern-ing sales and marketgovern-ing via distance sellgovern-ing.
Immediately following the order, the Merchant must send the cardholder a written confirmation of the order and inform the cardholder of any cancellation conditions.
The ordered goods may not be sent before an authorisation in accordance with clause 3 has been made. Once the Transaction has been authorised, the goods are to be sent within seven (7) days unless any other agreement regarding delivery has been entered into in writing with the cardholder.
2.5 Delivery of Transactions
Transactions may not be handed over until the goods have been sent off to the cardholder. When the goods are sent, the Transaction is to be handed over by the deadlines stated in the general terms and conditions.
With mail order, telephone order (MOTO) hosted with an internet Payment Service Provider (iPSP), connected to fraud monitoring, the Merchant is always responsible for fraud and risk if not 3D Secure.
3. Specific terms and conditions applicable to online shopping in eCommerce environment
3.1 A general description of online payments using MasterCard SecureCode/Verified by Visa.
With MasterCard SecureCode/Verified by Visa, the Merchant may accept card payments via the Internet and verify a transac-tion with it (verificatransac-tion service). The Merchant must have installed a payment solution that contains MasterCard Secure-Code/Verified by Visa in order to be able to execute Transac-tions.
The MasterCard SecureCode/Verified by Visa functionality applies to cards issued within the MasterCard and Visa EU regions; acceptance of cards issued outside these regions is not covered by a corresponding security level and complaint rules. The Merchant must use software for an online shopping -payment solution in accordance with an agreement with the Acquirer. This software is not covered by this Merchant Agree-ment.
3.2 Guaranteed payment
Transactions effected using Visa cards and MasterCards over the Internet are in most cases subject to guaranteed payment (see clause 7.3 Repayment obligation of the General rules relat-ing to Merchant Agreement). However, Transactions made usrelat-ing Visa Commercial Cards and MasterCard Commercial Cards issued outside Europe are not subject to guaranteed payment. 3.3. ID check via an issuing bank
Once a card number has been registered by the Merchant or its Payment Service Provider, an enquiry will immediately be sent to Visa’s or MasterCard’s register of card issuers and card number series which are included in 3D Secure. The enquiry must be sent in the form and manner defined by the Acquirer or a service company engaged by the Acquirer. Where the cardholder’s card is included in 3D Secure, he or she is linked to the card issuing bank’s website. The Merchant assists in such linking service in the manner defined by the Acquirer or a service company engaged by the Acquirer.
Once the customer has successfully passed the ID check by the issuing bank, he or she is then linked back to the Merchant’s website. The Merchant collects CAVV/AAV from Cardholder Web interface and this value must be included in the Transaction according to the 3D Secure specification.
In order to ensure that the verification against Visa’s and MasterCard’s register and the following linking, etc., takes place
