2   Transaction Processing

2.1   In-Person Charges

2.2   Card Not Present Charges

2.3   Other Charges

2.4   Charge or Credit Records

2.5   Retaining Charge and Credit Records

2.6   Fraud Prevention Tools

2.7   Strong Customer Authentication

2.8   American Express SafeKey Programme

2.9   Use of Service Providers

 

2.1     In-Person Charges

a.For all In-Person Charges the Card must be presented and you must:

i.not accept a Card that is visibly altered or mutilated, or presented by anyone other than the Cardmember, and, if a Transaction is declined, you must notify the Cardmember immediately;

ii.follow the Card acceptance steps outlined below in Subsection 2.1.1, "      Chip Cards" through Subsection 2.1.6, "      Unattended Terminals" as applicable; and

iii.obtain an Authorisation.

iv.In all cases, you will be liable for fraudulent Charges arising from a failure to comply with our Card acceptance procedures.

2.1.1      Chip Cards

a.For Chip and personal identification number (PIN) Countries and Chip Only Countries, as indicated in Chapter 8, "Country Specific Policies", you must ensure that your point of sale (POS) Systems are capable of accepting Chip Cards, and, in Chip and PIN Countries, are capable of verifying the PIN. In these countries, you must follow the procedures below.

i.When presented with a Chip Card, the Card must be inserted into the reader of the POS System that must capture Chip Card Data (unless the Charge is processed through Contactless Technology, in which case you must follow the steps outlined in Subsection 2.1.5, "      Contactless" ).

ii.If you are in a Chip and PIN Country, for Transaction amounts equal to or greater than the Contact Limit, as indicated in Chapter 8, "Country Specific Policies", and for Transactions that do not qualify for the No CVM Programme (Subsection 2.1.4, "      No CVM Programme"), the POS System should advise the Cardmember to enter the PIN (a “Chip and PIN Transaction”) or any other Cardholder Verification Method (CVM), excluding Cardmember signature. Upon such advice, your Establishment must ensure that the Cardmember completes the applicable CVM when prompted by the POS System. Failure to capture the PIN may result in Chargebacks for lost, stolen, or non-received fraudulent In-Person Charges (see Fraud Liability Shift – Lost/Stolen/Non-Received (ISO 4799) in Subsection 5.6.3, "      Fraud"). In a Chip Only Country, the POS System may also advise for the Cardmember to enter a CVM. In a Chip Only Country, if you choose to obtain a Cardmember signature, see Subsection 2.1.3, "      Obtaining Cardmember Signature".

iii.If the Establishment is unable to complete a Chip Card Transaction due to a technical problem, the POS System should show an error message and either decline the Transaction or direct the Establishment to capture full magnetic stripe data by following the procedure for non-Chip Card Transactions (See Subsection 2.1.2, "      Non-Chip Cards").

iv.If your Establishment swipes a Chip Card through the POS System when no technical problem exists, or at any time manually keys a Charge into the POS System, the Transaction may be declined and, if it is not, we may have Chargeback rights for fraudulent In-Person Charges (see Fraud Liability Shift - Counterfeit (ISO 4798) in Subsection 5.6.3, "      Fraud").

v.In addition to Subsection 2.1.1.a (iv), you will be liable for any losses that we may suffer and we will have Chargeback rights for fraudulent In-Person Charges, and/or we may terminate the agreement, if:

a.the POS System has not been upgraded to accept Chip Cards; or

b.you and your Processing Agent do not have the ability to capture and send Chip Card Data; or

c.we have not certified the POS System to accept Chip Transactions or Chip and PIN Transactions, as specified in Chapter 8, "Country Specific Policies".

2.1.2      Non-Chip Cards

a.For In-Person Charges where the Card is not a Chip Card, or in non-Chip Countries, the POS System will provide instructions for you to swipe, and you must swipe the Card through the POS System (unless the Charge is processed through Contactless Technology, in which case you must follow the steps outlined in Subsection 2.1.5, "      Contactless"). You must:

i.ensure that the Card is being used within any valid dates shown on its face;

ii.ensure that the account number on the face of the Card matches the account number on its back and there is a Card Identification Number (CID);

iii.verify that the signature panel of the Card is signed, where applicable, and is the same name as the name on its face (except for Prepaid Cards that show no name on their face);

iv.verify that the Cardmember's name and signature, if obtained, on the Charge Record matches the name and signature on the Card, or for a Prepaid Card that shows no name on its face, that the signature on the back of such Prepaid Card matches the signature on the Charge Record, if obtained; and

v.verify that the Card account number and expiration date printed on the Charge Record matches the Card account number and expiration date on the Card.

b.You may obtain the Cardmember's signature on the Charge Record. If you choose to obtain a Cardmember signature, or are required to do so by law, see Subsection 2.1.3, "      Obtaining Cardmember Signature".

c.If your POS System fails then, in addition, you must seek a voice Authorisation (See Chapter 3, "Authorisation").

d.If the magnetic stripe is unreadable, the Charge may be keyed into the POS System manually and you must obtain an imprint of the Card to verify that the Card was present. A pencil rubbing or photocopy of the Card is not considered to be a valid imprint. If you do not take a manual imprint where required, and make it available to us on request, we will have Chargeback rights for such Charge.

2.1.3      Obtaining Cardmember Signature

a.Obtaining Cardmember signature on In-Person Charges is optional to complete a Charge Record, and at your discretion, unless required by Applicable Law.

b.If you choose, or are required by Applicable Law, to obtain a Cardmember signature on a manual imprint, printed, or electronic In-Person Charge, you must:

i.obtain signature on the Charge Record; and

ii.if possible, verify that the name indicated by the signature is the same as the name on the Card; and

iii.verify that the signature on the Charge Record matches the signature on the Card; except in the case of Prepaid Cards that may not include a signature.

c.You must still obtain the Cardmember’s signature for all Transactions that are made pursuant to an American Express instalment payment plan or as communicated to you from time to time that you need to do so.

2.1.4      No CVM Programme

a.Save as expressly set out elsewhere, Transactions conducted within the European Economic Area (EEA) or United Kingdom (UK) will not qualify for the No CVM Programme unless it is a Contactless Transaction at an Expresspay enabled POS System. If your Establishment is located outside the EEA or UK, you may choose not to request a CVM from Cardmembers where:

i.the Charge amount equals or is less than the value provided in the Maximum Amount for a Contact Transaction without a CVM column indicated in Chapter 8, "Country Specific Policies";

ii.the Charge submission includes the appropriate indicator to reflect the Card and the Cardmember were present at the POS System; and

iii.the Charge includes a valid Authorisation approval.

b.Under the No CVM Programme, we will not exercise Chargeback for such Charges based solely on the failure to obtain the Cardmember's CVM. Nonetheless, you are required to comply with our request for written response to a Disputed Charge related to fraud for not capturing a CVM. Even if an Establishment and a Charge qualify under the No CVM Programme, we have the right to Chargeback for reasons unrelated to the Establishment's failure to obtain a CVM from the Cardmember at the POS System. The No CVM Programme does not apply to Disputed Charges involving customer service or goods and services disputes. If we receive disproportionate numbers of Disputed Charges under the No CVM Programme, you must work with us to reduce the number of disputes. If such efforts fail, we may exercise our Chargeback rights and/or modify or terminate your participation in the No CVM Programme.

c.You may only participate in the No CVM Programme if we classify you in an industry that accepts In-Person Charges, except in the following instances:

i.Your Establishment does not conduct In-Person Charges (i.e., Internet, mail order, telephone order);

ii.We consider your Establishment to be high risk;

iii.Your Establishment is placed in the Fraud Full Recourse Programme; or

iv.We deem, in our sole discretion, your Establishment is ineligible for any other reason.

2.1.5      Contactless

a.When presented with a Chip Card or Mobile Device to be read via Contactless Technology and the Charge is equal or less than the applicable Maximum Amount for a Contactless Transaction with No CVM set out in Chapter 8, "Country Specific Policies", you must:

i.capture the Charge Data using the Contactless reader; and

ii.obtain Authorisation;

b.If the Charge amount is over the Maximum Amount for a Contactless Transaction with No CVM, if you are unable to complete a Contactless Transaction, or if prompted by your POS System, you will need to follow the process set out in Subsection 2.1.1, "      Chip Cards", or Subsection 2.1.2, "      Non-Chip Cards", as applicable.

c.For Digital Wallet Contactless-initiated Transactions, a Consumer Device Cardmember Verification Method (CDCVM) is required if the Mobile Device and the POS System are capable of performing CDCVM. For these Charges, you must create a Charge Record as described in Section 2.4, "Charge or Credit Records", including an indicator that the Transaction is a Digital Wallet Contactless-initiated Transaction. To ensure proper POS System acceptance for Digital Wallet Contactless-initiated Transactions, you should comply with the most current American Express Contactless-enabled POS System requirements.

d.We will not exercise missing imprint, counterfeit, lost, stolen, or non-received fraud Chargebacks for Contactless or Digital Wallet Contactless-initiated Transactions if the Establishment successfully verifies the Cardmember via CDCVM and meets all of the criteria and requirements listed above. This does not apply to Disputed Charges involving other dispute reasons (e.g., it does not apply to goods or services disputes). Nonetheless, you are required to comply with our request for written response to a Disputed Charge related to fraud for Contactless or Digital Wallet Contactless-initiated Transactions.

e. If you have the ability to process Consumer-Presented Quick Response Code (CPQR) Transactions, you must:

i.clearly inform the Cardmember that they can pay for the purchase by generating a QR Code;

ii.use a scanning device easily accessible to the Cardmember, but placed in such a manner that there is no possibility that the Cardmember’s device is triggered due to proximity; and

iii.if the presented QR Code fails to be scanned, request:

a.the QR Code be re-presented;

b.an alternative payment method be used; or

iv.obtain an Authorisation.

2.1.5.1       Merchant-Presented Quick Response (MPQR)

a.If you have the ability to process MPQR Transactions, you must:

i.have the Cardmember use their Mobile Device to scan the MPQR code;

ii.display the Quick Response (QR) code, which can be dynamic or static, for scanning by the Cardmember;

iii.ensure the MPQR Code is not altered or tampered with;

iv.receive a notification that the Transaction has been approved and check the Transaction amount is correct before providing the goods or services. If you do not receive the notification, you should contact us to confirm the status of the MPQR Transaction;

v.contact us or decline the Transaction if you are suspicious of the Cardmember or receive notification from us to do so;

vi.retain records of MPQR Transactions. These can be in the form of a notification from us, an invoice, or other documentation of the Transaction; and

vii.obtain an Authorisation.

2.1.6      Unattended Terminals

a.We will accept Charges for purchases at your unattended POS Systems (e.g., Customer Activated Terminals (CATs) or payment kiosks) subject to the Charge Records requirements in Section 2.4, "Charge or Credit Records", and the following additional requirements. You must:

i.include in all requests for Authorisation the full magnetic stripe stream or Chip Card Data;

ii.ensure the Charge complies with the Specifications, including flagging all requests for Authorisation and all Charge submissions with a CAT indicator, where technically feasible;

iii.follow any additional Authorisation procedures that we may provide to you if you accept the Card at an unattended POS System that is part of, or attached to, a fuel dispenser; and

iv.ensure that the unattended POS System notifies the Cardmember if the Transaction is declined, where technically feasible.

b.In Chip and PIN Countries, as indicated in Chapter 8, "Country Specific Policies", if an unattended POS System is not configured for Chip and PIN Transactions then you may still accept the Card and the provisions of Subsection 2.1.1, "      Chip Cards" will not apply in relation to completing the applicable CVM. However, if you do so, you will be liable for any losses and we will have Chargeback rights for fraudulent In-Person Charges made with lost, stolen and non-received Chip Cards.

c.In Chip Only Countries, as indicated in Chapter 8, "Country Specific Policies", if an unattended POS System is not configured for Chip Card Transactions you may still accept the Card. However, if you do so, you will be liable for any losses and we will have Chargeback rights for fraudulent In-Person Charges made with counterfeit Chip Cards.

2.2     Card Not Present Charges

a.For Card Not Present Charges, you must:

i.create a Charge Record as described in Section 2.4, "Charge or Credit Records", including an indicator that the Transaction is Card Not Present and a designation of "mail order," "telephone order," "Digital Order," "fax order" or “Credentials-on-File” as applicable, on the signature line or the appropriate electronic descriptor on the Charge Record;

ii.obtain the Cardmember's name as it appears on the Card, the Card account number or Token and expiry date, the Cardmember's billing address, and the delivery address;

iii.obtain Authorisation;

iv.if the order is to be shipped or delivered more than seven (7) days after the original Authorisation, obtain a new Authorisation before shipping or delivering the order; and

v.immediately notify the Cardmember if the Transaction is declined.

b.If the goods are to be collected by the Cardmember, the Card must be presented by the Cardmember upon collection and you should treat the Transaction as an In-Person Charge and comply with the provisions provided in Section 2.1, "In-Person Charges".

c.For Card Not Present Charges where goods are to be collected from a designated store you must establish a process to ensure that the goods are collected by the Cardmember who placed the order, or by an authorised third party designated by the Cardmember at the time of placing the order.

d.If you wish to accept orders for goods or services where the card is not physically presented to you, then you do so at your own risk. We have Chargeback rights for any Card Not Present Charge that the Cardmember denies making or authorising. This excludes Transactions that qualify for the American Express SafeKey® Programme (AESK Programme). We will not exercise our Chargeback rights for Card Not Present Charges based solely upon a Cardmember claim that he or she did not receive the disputed goods if you have verified with us that the address to which the goods were shipped is the Cardmember's billing address and obtained a receipt signed by an authorised signer verifying the delivery of the goods to such address.

2.2.1      Digital Orders

a.We will accept Charges for Digital Orders subject to the requirements above in this Section 2.2, "Card Not Present Charges", the following clauses, and any additional requirements we may have from time to time. You must:

i.send Charge Data concerning any Digital Order via the internet, email, intranet, extranet, or other digital network or any other electronic mail medium only to the Cardmember who made the Digital Order, your Processor or us, in accordance with the Data Security Operating Policy (DSOP);

ii.submit all Charges for Digital Orders electronically;

iii.use any separate Establishment Numbers that we provide you for Digital Orders in all your requests for Authorisation and submissions of Charges for Digital Orders;

iv.ensure your websites that permit Cardmembers to make Digital Orders are identified by extended validation certificates or by other similar authentication methods in order to restrict the use of fraudulent websites;

v.employ appropriate controls to separate payment related processes from your online shop to enable the Cardmember to determine whether they are communicating with you or us; and

vi.provide us with at least one (1) month's prior written notice of any change in your website address.

b.We reserve the right not to accept Digital Orders immediately if any event or series of events occurs which in our opinion may affect your ability to comply with your obligations under the Agreement or to any Cardmember.

c.We may dispense with the notice period, as set out in the Agreement, and immediately notify you of additional requirements, including our encryption software requirements and security guidelines, in order to protect the security of Digital Orders and/or Cardmember Information and/or to prevent fraud.

d.We will not be liable for fraudulent Digital Orders. We will have the right to Chargeback for Internet Charges even if you have received an Authorisation approval code and have complied with all other provisions of the Agreement. Additionally, if a Disputed Charge arises involving a Card Not Present Charge that is a Digital Delivery Transaction, we may exercise our Chargeback rights for the full amount of the Charge.

e.You must ensure that your website or applicable digital medium notifies the Cardmember if the Transaction is declined for Authorisation.

f.For Digital Wallet Application-initiated Transactions, you will (i) certify for Digital Wallet Application-initiated Transactions with your Processor, terminal provider, or if you have a direct link to us, your American Express representative and (ii) follow Card Not Present Charge requirements set forth in this Section 2.2, "Card Not Present Charges". If applicable, a CDCVM is required if the Mobile Device is capable of performing CDCVM. For these Charges, you must create a Charge Record as described in Section 2.4, "Charge or Credit Records". For these Charges to qualify as a Digital Wallet Application-initiated Transaction, you must include an indicator that the Transaction is a Digital Wallet Application-initiated Transaction in the Authorisation and on the Charge Record. We will not exercise a missing imprint fraud Chargeback for Digital Wallet Application-initiated Transactions if the Establishment meets all off the criteria and requirements set out in this paragraph. The preceding sentence does not apply to Disputed Charges involving dispute reasons other than missing imprint fraud (e.g., it does not apply to goods or services disputes).

g.In circumstances where you accept Charges for Digital Orders that are verified by the American Express SafeKey Programme, we may offer the Cardmember the option to pay for their purchase with points. This does not impact the relationship between you and us and does not change either party's rights or obligations under the Agreement. However, if you prefer that we do not offer this functionality to Cardmembers using your digital platform then please write to us using the correspondence address for your country found in your Agreement.

h.For Digital Wallet Application-initiated Transactions that are also Recurring Billing Charges, you must follow the process set out in Subsection 2.3.7, "      Recurring Billing". The Charge Record should include indicators that the Charge is a Recurring Billing Charge and not a Digital Wallet Application-initiated Transaction.

2.3     Other Charges

2.3.1      Advance Payment Charges

a.Advance Payment Charge procedures are available for custom orders (e.g., orders for goods to be manufactured to a customer's specifications), entertainment / ticketing (e.g., sporting events, concerts, season tickets), tuition, room and board, and other mandatory fees (e.g., library fees) of higher educational institutions, airline tickets, vehicle rentals, rail tickets, cruise line tickets, lodging, and travel-related services (e.g., tours, guided expeditions).

b.If you offer Cardmembers the option, or require them to make Advance Payment Charges, you must:

i.state your full cancellation and refund policies, clearly disclose your intent and obtain written consent from the Cardmember to bill the Card for an Advance Payment Charge before you request an Authorisation. The Cardmember's consent must include:

a.their agreement to all the terms of the sale (including price and any cancellation and refund policies); and

b.a detailed description and the expected delivery date of the goods and/or services to be provided (including, if applicable, expected arrival and departure dates);

ii.obtain Authorisation; and

iii.complete a Charge Record.

c.If the Advance Payment Charge is a Card Not Present Charge, you must also:

i.ensure that the Charge Record contains the words "Advance Payment"; and

ii.within twenty-four (24) hours of the Charge being incurred, provide the Cardmember written confirmation (e.g., email or facsimile) of the Advance Payment Charge, the amount, the confirmation number (if applicable), a detailed description and expected delivery date of the goods and/or services to be provided (including expected arrival and departure dates, if applicable) and details of your cancellation/refund policy.

d.If you cannot deliver goods and/or services (e.g., because custom-ordered merchandise cannot be fulfilled), and if alternate arrangements cannot be made, you must immediately issue a Credit for the full amount of the Advance Payment Charge which relates to the goods or services which cannot be delivered or fulfilled.

e.In addition to our other Chargeback rights, we may exercise Chargeback for any Advance Payment Charge that is a Disputed Charge or portion thereof if, in our sole discretion, the dispute cannot be resolved in your favour based upon unambiguous terms contained in the terms of sale to which you obtained the Cardmember's written consent.

2.3.2      Aggregated Charges

a.This Subsection 2.3.2, "      Aggregated Charges" applies only to Transactions processed by your Establishments conducting business over the internet. You may process Aggregated Charges provided the following criteria are met:

i.you clearly disclose your intent and obtain consent from the Cardmember that their purchases or refunds (or both) on the Card may be aggregated and combined with other purchases or refunds (or both) before you request an Authorisation;

ii.each individual purchase or refund (or both) that comprises the Aggregated Charge must be incurred under the same Establishment Number and on the same Card;

iii.obtain Authorisation of no more than the applicable limit shown in Chapter 8, "Country Specific Policies" (or Local Currency equivalent) or such other amount as notified to you;

iv.create a Charge Record for the full amount of the Aggregated Charge;

v.the amount of the Aggregated Charge must not exceed the applicable limit set forth in Chapter 8, "Country Specific Policies" (or such other amount as notified to you) or the amount for which you obtained Authorisation, whichever is lower;

vi.submit each Charge Record within our submission timeframe. A Charge will be deemed "incurred" for purposes of this subsection, on the date of the first purchase or refund (or both) that comprises the Aggregated Charge; and

vii.provide the Cardmember with an email containing:

a.the date, amount, and description of each individual purchase or refund (or both) that comprises the Aggregated Charge, and

b.the date and the amount of the Aggregated Charge.

2.3.3      Credentials on File

a.If you store Cardmember account data for Transaction processing you must ensure the Credentials-on-File include any Cardmember account data, including, but not limited to, PAN or Token, that is stored by or on behalf of Merchants.

b.You must obtain Cardmember consent before storing Cardmember credentials. It is recommended that you process an initial Authorisation upon receiving Cardmember consent to store credentials.

c.You may store Cardmember credentials to initiate Merchant-Initiated Transactions (MITs). Cardmembers may also use their stored credentials to initiate Transactions.

d.You must adhere to our Specifications (see Section 1.3, "Compliance with our Specifications").

2.3.4      Delayed Delivery Charges

a.You may accept the Card for Delayed Delivery Charges. For a Delayed Delivery Charge, you must:

i.clearly disclose your intent and obtain written consent from the Cardmember to perform a Delayed Delivery Charge before you request an Authorisation;

ii.obtain a separate Authorisation for each of the two (2) Delayed Delivery Charges on their respective Charge dates;

iii.clearly indicate on each Charge Record that the Charge is either for the "deposit" or for the "balance" of the Delayed Delivery Charge;

iv.submit the Charge Record for the balance of the purchase only after the goods have been shipped or provided or services rendered;

v.submit each Charge Record within our submission timeframes, and any in case, within seven (7) days of the Charge being incurred. The Charge will be deemed "incurred":

a.for the deposit: on the date the Cardmember agreed to pay the deposit for the purchase

b.for the balance: on the date the goods are shipped or provided or services are rendered

vi.submit and obtain Authorisation for each part of a Delayed Delivery Charge under the same Establishment Number; and

vii.treat deposits on the Card no differently than you treat deposits on all Other Payment Products.

2.3.5      Merchant-Initiated Transactions

a.A Merchant-Initiated Transaction (MIT) is a Transaction that is initiated by the Merchant through use of Credentials-on-File without direct participation from the Cardmember.

b.Merchants must obtain Cardmember consent to initiate an MIT, or a series of MITs, after storing a Cardmember's credentials. Cardmember consent for MITs and Credentials-on-File may be obtained simultaneously.

c.It is recommended that Merchants submit MITs only after an initial Cardmember-Initiated Transaction (CIT) or an initial Authorisation accompanying a Cardmember's request to store credentials.

d.It is recommended that Merchants submit MITs with the following data elements in the Authorisation Request:

i.Merchant-Initiated Transaction (MIT) indicator

ii.Original Transaction Identifier (O-TID)

e.Merchants must adhere to the requirements in Section 2.2, "Card Not Present Charges", when processing MITs.

f.If you are located in the EEA or UK, all of the requirements outlined in this Subsection 2.3.5, "      Merchant-Initiated Transactions" are mandatory (see Subsection 1.3, "Compliance with our Specifications").

2.3.6      No Show Charges

a.If we classify you in one of the following industries, you may process No Show Charges provided that the criteria set out below are met:

§lodging,

§trailer park/campground, or

§vehicle, aircraft, bicycle, boat, equipment, motor home, or motorcycle rentals.

b.The amount of any No Show Charge must not exceed:

i.the cost of the stay in the case of a lodging reservation; or

ii.the equivalent of one (1) day's rental in the case of other reservations.

c.If the Cardmember made a reservation with you and failed to show, you may process a No Show Charge if:

i.the Cardmember has guaranteed the reservation with their Card;

ii.you have recorded the Card number, its expiry date and the Cardmember's billing address;

iii.at the time of accepting the reservation you provided the Cardmember with the applicable daily rate and a reservation number or confirmation code;

iv.you held the accommodation/vehicle for the Cardmember until the published check-out/return time the day following the first day of the reservation and you did not make the accommodation/vehicle available to any other customers; and

v.you have a documented "No Show" policy, which reflects common practice in your industry and is in accordance with Applicable Law, which policy has been advised to the Cardmember at the time they made the reservation.

d.You must obtain an Authorisation for any No Show Charges prior to submitting them. If the Cardmember does not honour their reservation, you must include in the Charge Record an indicator that the Charge is a "No Show Charge".

2.3.7      Recurring Billing

a.Recurring Billing is a payment method whereby the Cardmember consents and authorises the Merchant to Charge the Cardmember's Card account on a periodic basis for a product or service, (e.g., membership fees to health clubs, magazine subscriptions, and insurance premiums). Each Recurring Billing Charge may be for a variable or a fixed amount. Merchants should adhere to the requirements in Subsection 2.3.5, "      Merchant-Initiated Transactions", when processing Merchant-Initiated Transactions for Recurring Billing.

b.Before submitting your first Recurring Billing Charge you must:

i.clearly and conspicuously disclose all material terms of the offer including, if applicable, the fact that Recurring Billing Charges will continue until the option is cancelled by the Cardmember;

ii.disclose details of your cancellation/refund policy, and obtain the Cardmember's consent to bill their Card and the Recurring Billing Charges terms before submitting the first Recurring Billing Charge;

iii.obtain the Cardmember's name, the Card number, the Cardmember's signature (if applicable), Card expiry date, the Cardmember's billing address, and a statement confirming consent for you to charge their Card for the same or different amounts at specified or different times.

iv.comply with any instructions of which we may reasonably notify you; and

v.notify the Cardmember that they are able to discontinue Recurring Billing Charges at any time and provide contact details for cancelling Recurring Billing Charges.

c.Where the material terms of the option change after Submission of the first Recurring Billing Charge, promptly notify the Cardmember in writing of such change and obtain the Cardmember's express written consent to the new terms prior to submitting another Recurring Billing Charge.

d.The method you use to secure the Cardmember's consent must contain a disclosure that you may receive updated Card account information from the financial institution issuing the Cardmember's Card. You must retain evidence of such consent for two (2) years from the date you submit the last Recurring Billing Charge.

e.In addition to our other Chargeback rights, we may exercise Chargeback for any Charge that does not meet the requirements set forth in this Subsection 2.3.7, "      Recurring Billing". We may exercise our Chargeback rights for any Charge of which you have notified the Cardmember and to which the Cardmember does not consent or if you process Recurring Billing Charges after the Cardmember or we have notified you that the Cardmember has withdrawn consent for Recurring Billing Charges.

f.Before submitting any Recurring Billing Charge you must:

i.obtain Authorisation; and

ii.create a Charge Record including indicators that the Transaction is a Recurring Billing Charge.

g.Before submitting any “Credentials-on-File” Charge you must:

i.obtain Authorisation; and

ii.create a Charge Record with the words “Credentials-on-File” and the appropriate electronic descriptor.

h.The cancellation of a Card constitutes immediate cancellation of that Cardmember's consent for Recurring Billing Charges. We need not notify you of such cancellation, nor will we have any liability to you arising from such cancellation. You must discontinue the Recurring Billing Charges immediately if requested to do so by a Cardmember directly, or through us or the financial institution issuing the Cardmember's Card. If a Card account is cancelled, or if a Cardmember directly (or through us or the Card issuer) withdraws consent to Recurring Billing Charges, you are responsible for arranging another form of payment (as applicable) with the Cardmember (or former Cardmember).

i.If the Agreement is terminated for any reason, then you shall at your own cost notify all Cardmembers for whom you have submitted Recurring Billing Charges of the date when you will no longer be accepting the Card. At our option you will continue to accept the Card for up to ninety (90) days after any termination takes effect.

2.3.7.1       Introductory Offers

a.If you offer Cardmembers an option to make Recurring Billing Charges that include an Introductory Offer, you must comply with all requirements set forth in this Subsection 2.3.7, "      Recurring Billing", in addition to the following requirements:

i.Clearly and conspicuously disclose all material terms of the Introductory Offer to the Cardmember, including a simple and expeditious cancellation process that allows the Cardmember to cancel before submitting the first Recurring Billing Charge;

ii.Obtain the Cardmember’s express consent to accept the terms and conditions of the Introductory Offer;

iii.Send the Cardmember a confirmation notification in writing upon enrolment in the Introductory Offer; and

iv.Send the Cardmember a reminder notification in writing before submitting the first Recurring Billing Charge, that allows the Cardmember a reasonable amount of time to cancel.

2.3.7.2       Recurring Billing – European Economic Area and United Kingdom

a.If you are located in the EEA or UK, and in relation to a Card issued in the EEA or UK, if you submit a Recurring Billing Charge for an amount which was not specified in full when the Cardmember provided consent to Recurring Billing Charges and you do not obtain the Cardmember's consent specifically in relation to the full exact amount of such Charge, we will have Chargeback rights for the full amount of the Charge for a period of one hundred and twenty (120) days from submission of the applicable Charge, and thereafter for any disputed portion of such Charge (up to and including the full amount). If the Cardmember consents to an adjusted Charge amount, we may exercise our Chargeback rights accordingly. Nothing in this paragraph will prejudice our Chargeback rights generally in relation to Recurring Billing Charges.

b.If notification is required prior to each varying Recurring Billing charge, you must notify the Cardmember of the amount and date of each Recurring Billing Charge:

i.at least ten (10) days before submitting each Charge; and

ii.whenever the amount of the Charge exceeds a maximum Recurring Billing Charge amount specified by the Cardmember.

c.You will permit us to establish a hyperlink from our website to your website (including its home page, payment page or its automatic/recurring billing page) and list your customer service contact information.

2.3.8      Split Shipment Transactions

a.A split shipment Transaction occurs when a Cardmember makes a single purchase of multiple individually priced goods and the goods are delivered to the Cardmember in multiple shipments. Unit prices and items sold as a set must not be billed as separate Charges. You may obtain a single Authorisation and submit multiple Charge Records for the purpose of completing a split shipment Transaction. The Authorisation will be valid for up to seven (7) days after the Authorisation date (see Section 3.2, "Authorisation Time Limit").

b.To accept the Card for split shipment Transactions, you must:

i.State your full cancellation and refund policies;

ii.Advise the Cardmember of the Authorisation amount that will be requested;

iii.Disclose and obtain the Cardmember's consent that the items from the purchase will be delivered separately and billed as separate Charges;

iv.Provide the estimated delivery date(s);

v.Submit a Charge Record only after each item has shipped.

2.4     Charge or Credit Records

a.For every Charge or Credit, you must create an electronically reproducible Charge Record or Credit Record at the time of purchase that complies with the Specifications or in a form approved by us containing the following information:

i.full Card number or Token for Charge Records;

ii.the expiry date of the Card;

iii.the date the Charge or Credit was incurred;

iv.your Establishment's name, address and Establishment Number;

v.the amount of the Charge or Credit, including applicable taxes, gratuities, and fees;

vi.for Charge Records, a description of the goods and services purchased;

vii.for Charge Records, the Authorisation approval code number; and

viii.all other information as required from time to time by us or Applicable Law.

b.On copies of Charge Records delivered to Cardmembers, you must truncate the Card number and you must not print the Card's expiry date nor the CID. Truncated Card Number digits must be masked with replacement characters such as "x," " *," or "#," and not blank spaces or numbers;

c.You may create multiple Charge Records for a single purchase placed on different Cards, but you must not create multiple Charge Records for a single purchase to the same Card, by dividing the purchase into more than one Charge, except in the case of airline or cruise line tickets, hotel charges, a Delayed Delivery Charge, (See Subsection 2.3.4, "      Delayed Delivery Charges"), a split shipment Transaction (see Subsection 2.3.8, "      Split Shipment Transactions"), or where we have authorised you to do so for Charges above a certain value.

d.For Corporate Purchasing Card (CPC) Charges, you must comply with our Charge Record requirements above. In addition, you are required to capture additional Card Data on the Charge Record, and Transmission Data on the Transmissions, according to our Specifications, including:

i.CPC reference information (e.g., purchase order number);

ii.the CPC Client Account information;

iii.the purchase price of the goods with the actual amount of taxes charged shown separately, where taxes are applicable;

e.You must process CPC Charges under your CPC Establishment Number.

2.4.1      Substitute Charge Records

a.In some cases, you may provide a Substitute Charge Record as supporting documentation in place of the original Charge Record. You must also provide any additional information requested in the Inquiry. Substitute Charge Records may be used in response to the following Inquiry reasons:

i.6003

ii.6006

iii.6016

b.See Section 5.8, "Inquiry Types" for additional information regarding Inquiry reasons.

c.The Substitute Charge Record must include the following:

i.Card Number

ii.Cardmember name

iii.Merchant name

iv.Merchant location

v.Transaction date/date goods or services were shipped or provided

vi.Transaction amount

vii.Authorisation Approval

viii.description of goods/services

d.Additionally, the following optional information should be included, if available, on the Substitute Charge Record:

i.date goods/services were ordered

ii.website address

iii.your customer service’s telephone number/email address

iv."ship to" name and address

v.Automated Address Verification response code

vi.order confirmation number

vii.electronically captured Cardmember signature

2.5     Retaining Charge and Credit Records

a.You must retain the original or electronically stored Charge Record or Credit Record (as applicable) and all documents and data evidencing the Transaction, including evidence of the Cardmember's consent to it, or reproducible records thereof, for the full Record Retention Period as defined in Chapter 8, "Country Specific Policies", from the later of the date you submitted the corresponding Charge or Credit to us or the date you fully delivered the goods or services to the Cardmember, or for a different retention period as required by Applicable Law. If we send you a request, you must provide a copy of the original or electronically stored Charge Record or Credit Record and other supporting documents and data to us within the response timeframe, listed in Section 5.5, "Chargebacks and Inquiries Response Timeframe" from the date of our request.

2.6     Fraud Prevention Tools

a.As available, you should use our Automated Address Verification (AAV), Address Verification Service (AVS), Enhanced Authorisation, and CID services (or any other similar fraud prevention tools that we may make available to you from time to time). These are methods to help you mitigate the risk of fraud but are not guarantees that a Charge will not be subject to Chargeback. You must be certified for AAV, AVS, and Enhanced Authorisation in order to use these fraud prevention tools. We may suspend, terminate, amend or prevent access to the fraud prevent tools at any time, with or without notice to you. We will not be liable and will have no obligation to you in the event we suspend, terminate, amend, or prevent access to the fraud prevention tools.

2.7     Strong Customer Authentication

a.If you have Establishments in the EEA or UK, those Establishments must support solutions allowing us to perform Strong Customer Authentication of the Cardmember for Charges made by Digital Orders. If you fail to allow us to perform Strong Customer Authentication, Charges made by Digital Orders may be declined.

b.If your Establishments in the EEA or UK accept Charges made by Digital Orders, they should participate in our American Express SafeKey Programme.

2.8     American Express SafeKey Programme

a.The American Express SafeKey Programme (“AESK Programme”) enables Merchants to verify Cardmembers during the online Authentication process in order to help reduce the likelihood of American Express Card fraud.

b.The SafeKey Programme does not eliminate online fraud, especially where no authentication occurs. You must continue to employ other reasonable fraud mitigation practices and continue to perform fraud screening to mitigate fraud.

c.American Express offers different versions of the SafeKey Programme, supporting different types of Transactions. Your Establishments must use the version of SafeKey that supports the types of Transactions you process. For additional information about the American Express SafeKey Programme, please refer to the relevant SafeKey Implementation Guide, SafeKey Protocol Guide, and Technical Specifications which are available at www.americanexpress.com/merchantspecs.

d.To participate in the SafeKey Programme, your Establishments must:

i.complete the required SafeKey technical integration with your SafeKey service provider;

ii.comply with the relevant SafeKey Implementation Guide and the SafeKey Protocol Guide, as may be updated from time to time, which are available at www.americanexpress.com/merchantspecs;

iii.provide complete and accurate data for SafeKey Charges, as specified in the relevant SafeKey Implementation Guide and the SafeKey Protocol Guide and Specifications; and

iv.comply with the SafeKey branding requirements detailed in the American Express SafeKey Logo Guidelines, available at www.americanexpress.com/merchantspecs.

e.We may suspend, terminate, amend, or prevent access to the SafeKey Programme at any time, with or without notice to you. We shall not be liable and shall have no obligation to you in the event we suspend, terminate, amend, or prevent access to the SafeKey Programme. If you do not agree with the modified or current SafeKey Programme, you must cease participation.

2.8.1      American Express SafeKey Fraud Liability Shift

a.Under the AESK Programme, we will not exercise our Chargeback rights for certain types of fraudulent Transactions, including Card Not Present Chargebacks (“SafeKey Fraud Liability Shift”). The SafeKey Fraud Liability Shift does not apply to Disputed Charges involving dispute reasons other than fraud (e.g., the SafeKey Fraud Liability Shift does not apply to goods or services disputes).

b.To qualify for the SafeKey Fraud Liability Shift, in addition to the requirements in paragraph 2.8 (d) above, you must comply with the additional requirements below:

i.The SafeKey Charge was SafeKey Authenticated and received Electronic Commerce Indicator (ECI) 5, or SafeKey Attempted and received an ECI 6;

ii.Do not exceed a fraud ratio of 0.9% and fraud Charges of USD $25,000, or local currency equivalent, calculated monthly, based on all Charges as determined by American Express. If at any time you exceed the Fraud to Sales Ratio you must work with us to reduce the number of Disputed Charges at your Establishment;

iii.If your Establishment is located outside of Japan, the SafeKey Electronic Commerce Indicator was provided in both the Authorisation request and the Charge submission; and

iv.For Establishments located within Japan, the SafeKey Electronic Commerce Indicator was provided in the Authorisation request.

c.For the avoidance of doubt, we reserve the right, in our sole discretion, to revoke, modify, or terminate your Establishment’s eligibility for the SafeKey Fraud Liability Shift where:

i.You do not meet any of the requirements listed above (e.g., you exceed the Fraud to Sales Ratio, or where you do not provide clear and accurate data for SafeKey Charges);

ii.You submit SafeKey authentication data to us that is different from the authentication data used during the SafeKey authentication process; or

iii.You submit authentication data that is invalid or reused authentication data from a different SafeKey Charge.

2.9     Use of Service Providers

 

With our prior approval, you may retain, at your expense, a Service Provider; however, you remain financially and otherwise liable for all obligations, services, and functions such Service Providers perform under the Agreement for you, including confidentiality obligations and compliance with the Specifications for Authorising and submitting Charge Data to us, as if you performed such obligations, services, and functions. Any omission or failure to perform by a Service Provider does not relieve you of your obligations under the Agreement. You must ensure that your Service Providers cooperate with us to enable your Card acceptance. You, and not American Express, are responsible and liable for any problems, errors, omissions, delays, or expenses caused by your Service Provider including in relation to the handling of confidential Cardmember Information; any settlement payments misdirected to other parties because of misprogramming of POS Systems by third parties; and for any fees that your Service Provider charges us or our Affiliates, or that we or our Affiliates incur as a result of your Service Provider. You must ensure that your Service Provider has sufficient resources and security controls to comply with all standards, including, but not limited to, technical standards, guidelines, or rules including to prevent internet fraud and protect the personal data of the Cardmember, including data related to Transactions, under Applicable Law. We may bill you for any fees charged by your Service Provider or deduct them from our payments to you. You must notify us promptly if you change your Service Provider and provide us, on request, with all relevant information about your Service Provider. We need not alter our conduct of business in respect of such Service Provider's performance and may rely upon that performance as if done by you. Any listing or certification by us of a Service Provider does not constitute a guarantee or warranty by us of their performance and does not relieve you of responsibility and liability for any such Service Provider that you elect to use.