General Merchant agreement
Terms and conditions
1. Interpretations and definitions
1.1 In this agreement, unless the context indicates otherwise, the following applies:
1.1.1 Natural persons include juristic entities (incorporated or unincorporated) and vice versa.
1.1.2 Headings are for convenience only and must not be used to interpret the agreement.
1.1.3 Expressions in the General Merchant Terms and Conditions have the same meaning in the product terms and conditions and related annexures, schedules, and merchant documents, unless defined otherwise. The terms and conditions below are the general provisions applicable to processing card transactions, you must read these terms and conditions in conjunction with the relevant product terms and conditions.
1.1.4 If a provision in a definition is a substantive provision giving rights to or imposing obligations on a party, regardless of whether it appears in the definitions clause only, it will be a substantive provision of the agreement.
1.1.5 Reference to a statutory enactment must be interpreted as a reference to that enactment (as amended or substituted) at the start date of the agreement.
1.1.6 Reference to ‘days’ means calendar days, unless qualified by the word ‘business’.
1.1.7 Unless specifically stated otherwise, any number of days will be determined by excluding the first and including the last day. If the last day falls on a Saturday, Sunday or public holiday, it will be the following business day.
1.1.8 Where figures are referred to in numerals and in words and there is any conflict between the two, the words shall prevail;
1.1.9 reference to payments refers to that payment as being in South African rands (ZAR). You must adhere to the South African Reserve Bank’s (SARB’s) financial limits for ZAR when processing payments in foreign currency.
1.1.10 No provision in the agreement must be interpreted against or to the disadvantage of a party because that party has or is deemed to have structured, drafted and/or introduced that provision.
1.1.11 The words ‘include’ and ‘including’ mean ‘include without limitation’ and ‘including without limitation’. The use of the words ‘include’, ‘includes’ and ‘including’ followed by a specific example or examples must not be interpreted as limiting the meaning of the general wording preceding it.
1.1.12 The agreement is subject to the Financial Intelligence Centre Act (FICA), 38 of 2001; Consumer Protection Act (CPA), 68 of 2008; Protection of Personal Information Act (POPIA), 4 of 2013; and all other legislation and regulations as well as the card network rules and card industry requirements (as amended).
1.2 Definitions
Unless expressly indicated otherwise, the words and expressions below mean the following:
3D Secure |
An authentication method approved by a Card Network that provides the ability to authenticate Cardholders during an online purchase, thus reducing the likelihood of Fraudulent Card usage. |
Acquirer, acquiring bank |
A bank or financial institution that allows you to accept card payments from the issuing bank and processes card payments on your behalf. In the context of the agreement, we are the acquirer. |
Agreement |
The merchant agreement, which consists of the following and may be amended: · General Merchant Terms and Conditions. · POS Terms and Conditions. · E-commerce Terms and Conditions. · Any other terms and conditions attached to any of the above. · Merchant application form (electronic or paper-based). · Any recorded telephone calls and/or statements, including any annexures attached or to be attached to them. |
American Express / Amex |
American Express Limited, an American financial services corporation. Nedbank issues American Express cards in South Africa under license of American Express. |
Amex terms and conditions |
The terms and conditions as set out in Annexure 3 containing all of the relevant provisions relating the Amex product, which must be read in conjunction with the general terms and conditions. |
AMT |
An Authenticated mobile transaction (a card-not-present mobile transaction, authenticated with a PIN). |
Annexure |
A document that is attached or to be attached to the agreement and that sets out specific provisions of each card acceptance product. |
Applicable law |
All legal and regulatory requirements and enactments in South Africa and any other jurisdiction from which the services are provided and/or that may be applicable in relation to your and our services and activities, including applicable anti-bribery law (which is any bribery, fraud, kickback or other similar anti-corruption law of any relevant country, including the UK Bribery Act, 2010) or similar legislation. |
Authorisation, authorised |
The issuing bank confirming that there is enough money available on the card or in the account linked to the card, allowing a transaction to be processed. If the issuing bank indicates that there is not enough money available, the transaction will be declined. |
Bank, Nedbank, we, us, our |
Nedbank Limited, with registration number 1951/000009/06, a licensed financial services and registered credit provider (NCRCP16), with limited liability, duly incorporated in line with the company laws of South Africa, together with its successors in title. |
Batch |
means a series of electronic financial Card Transactions in a Settlement. |
Budget |
A feature that allows a cardholder to pay a transaction off over an extended period. |
Card |
A valid debit, credit, virtual or digital card that is acceptable to us and that is issued by the issuing bank or by a financial institution for the exclusive use of a cardholder to perform card transactions. A card may have contactless card, digital wallet, QR code or other payment features developed to facilitate card payments. |
Card acceptance products |
The products below, and all its associated capabilities, that form part of the suite of products that we offer, enabling you to accept cards as a payment method: a) POS devices b) E-commerce services |
Cardholder |
The natural person or legal entity to whom a card is issued and/or who is authorised to use it. This would include physical cards as well as digital or virtual cards. |
Card network |
An entity that operates a card network engaged in the business of issuing cards as a payment method, including Mastercard International, Visa International, Diners Club International, American Express, Union Pay International (UPI), the Buy Aid associations, and any other entities operating another card network that may exist. |
Card network rules, rules |
The rules that the card networks publish and that stipulate and regulate the terms of use of their cards and network infrastructure. These rules may sometimes change. |
Card not present |
means a Card payment transaction processed without the presence of a physical Card (or representation thereof such as Samsung Pay, Google Pay, Apple Pay etc), either by way of a manual entry of Card details or online capture of Card details for E-commerce transactions, in other words where the physical Card has not been swiped, dipped or tapped by means of a reader. |
Card transaction |
A commercial transaction for which the card is used as a payment method. |
Chargeback |
When the issuing bank returns payment instruction to the acquiring bank as a result of a dispute that the cardholder has raised on the grounds of, among others, an invalid or fraudulent transaction. |
Chargeback fee |
Fees, penalties and charges associated with a chargeback. |
Chip card |
means a plastic Card embedded with an integrated circuit, or chip, that communicates information to a point-of-sale (POS) device, depending on the risk parameters on the Card and POS device. |
Contactless card |
means a chip Card with additional functionality, which is able to make a contactless payment, this includes digital/virtual Cards. |
Contactless payment |
A transaction made whereby a contactless card is tapped against or within close proximity of a contactless POS device, commonly known as ‘tap and go’. |
Commencement date |
The date on which this agreement is signed by the Merchant, regardless of when Nedbank signs the Agreement. |
Confidential information |
Information relating to data subjects, business activities and relationships. It is data of any nature, tangible or intangible, oral or in writing and in any format or medium, which by its nature or content is or reasonably ought to be identifiable as confidential and/or proprietary to either party and is provided or disclosed in confidence or may come to the knowledge of the other party by whatever means. Confidential information includes the following, even if it is not marked as ‘confidential’, ‘restricted’ or ‘proprietary’ (or with similar descriptions): a) Technical, scientific, commercial, financial and market information, methodologies, formulas and trade secrets. b) Architectural information, demonstrations, plans, designs, drawings, processes, process maps, functional and technical requirements and specifications, and the data relating to them. c) Intellectual property, including third-party intellectual property, as the context may indicate. d) Personal information. |
CVV2/CVC2/4DBC |
Is a security feature for Card-not-present Transactions on most Visa, MasterCard, American Express and Diners Club Cards, consisting of a three- or four-digit value that provides a cryptographic check of the information embossed on the Card. CVV2, CVC2 and 4DBC are Card verification codes for Visa, MasterCard and American Express® respectively. For American Express® the code, called CID, is a four-digit number on the front of the Card above the account number. For Visa and MasterCard the code is a three-digit number that appears at the end of the account number on the back of the Card. A CVV2, CVC2 or 4DBC number is printed only on the Card – it is not contained in the magnetic strip information, nor does it appear on sales receipts or statements. |
Days |
All days except Saturdays, Sundays and public holidays. Where a number of days is stipulated, it will exclude the first day and include the last. |
Debit card |
A card that gives online access via the POS device to a cardholder’s bank account and that allows an immediate debit to this account of the full transaction amount. |
Digital card |
A card that is registered on an electronic device such as a cellphone, smart watch or tablet and that enables a cardholder to use the device to make contactless payments. This is sometimes referred to as a virtual card. |
E-commerce |
Electronic commerce, including transactions performed by means of electronic media in a non-face-to-face environment. |
E-commerce transaction |
A transaction that a cardholder performs over the internet for which authorisation was obtained. |
E-commerce terms and conditions |
The terms and conditions as set out in Annexure 2 containing all of the relevant provisions relating the e-commerce product and must be read in conjunction with the general terms and conditions. |
Fees |
Charges that we are entitled to debit to your nominated account, including service charges and fees, the merchant service commission, and administration charges as set out in the fee schedule. |
Fee schedule |
The schedule as set out in the cover page of this agreement and sets out the fees applicable to the card acceptance products |
Floor limit |
The maximum amount (including VAT) that we allow you to charge to a card for a single card transaction before authorisation is required. |
Foreign card |
A Card issued by a foreign issuing bank and therefore not governed by local interchange regulations. |
Fraud |
A wrongful or criminal deception intended to result in financial or personal gain. |
Fraudulent Transaction |
Any transaction that constitutes Fraud in terms of any legislative or regulatory provision or Common Law (irrespective of whether or not the Card Transaction was Authorised or whether or not an Authorisation code number was provided by Us). a Transaction that is processed using a Cardholders financial detail, account information or Card which is/was not authorised by the Customer. or the use of a card which has not been issued by a genuine Issuing Bank.. |
General terms and conditions |
The terms and conditions that set out all of the provisions that relate to processing card transactions as a whole and our relationship. These terms and conditions will apply to the agreement notwithstanding which products have been selected by you. |
Hot-Card File |
A limited electronic file of Cards that are considered high risk by the banking industry of South Africa. |
Intellectual property |
Any know-how (not in the public domain), invention (whether patented or not), design, trademark (whether registered or not), software or copyright material (whether registered or not), processes, process methodology (whether patented or not), and all other identical or similar intellectual property that may exist anywhere in the world that is not in the public domain, including applications for registration of the intellectual property. |
Intellectual property rights |
In relation to any intellectual property, all and any proprietary rights to the intellectual property, or any other right, title, authority or entitlement that a party holds in respect of the intellectual property, whether under licence or otherwise. |
Interchange Rate |
The fee paid by the Acquiring Bank to the Issuing Bank, which is regulated and prescribed by the SARB on local Transactions. International Transactions attract various and often higher interchange fees that are not regulated by the SARB. |
Invalid transaction |
A transaction that constitutes or arises as a result of any of the following (irrespective of whether the card transaction was authorised or whether we gave you an authorisation code): a) An act and/or omission by you and/or your employees that results in a loss or chargeback. b) The use of a card by a person other than the cardholder. c) The processing of a transaction without our prior authorisation. d) A transaction where the date of the transaction is earlier than the start date shown on the card. e) Accepting cards that are defaced, blank or illegible or cards from which the embossed inscription are illegible. f) Accepting a card that has expired. g) Accepting a card for any purpose other than current transactions. h) Duplicating a transaction. i) A transaction in terms of which the sales voucher: i) does not exist or cannot be provided; ii) is illegible; iii) is materially different or incomplete when compared with the sales voucher that was given to the cardholder; or iv) is laundered. j) A transaction where the value exceeds the authorised floor limit without our prior authorisation. k) A transaction that does not comply with the obligations set out in the card network rules. l) A transaction for which the goods or services were not delivered within the agreed period or at all. m) A transaction where the supply of goods or services is illegal. n) A transaction performed by your employee(s) when they are not authorised to do so. o) A transaction that occurred as a result of your error. p) A fraudulent transaction. q) Accepting a payment instrument from you or your authorised representative in respect of any type of transaction for any reason other than the valid supply of goods or services, which will be evidenced on request by us.
If a transaction is regarded as an invalid transaction or an incomplete transaction, we have the right to charge each invalid transaction or incomplete transaction back to you, and you will be liable for all losses incurred as a result of the invalid transaction or incomplete transaction. We also have the right to terminate the agreement immediately. |
Issuing bank, issuer |
The bank or entity that issued a card to a cardholder. |
Loss |
All losses, liabilities, costs, expenses, fines, penalties, damages, claims and all related costs and expenses (including legal fees on the scale as between attorney and own client, tracing and collection charges, costs of investigation, interest and penalties). |
M-commerce |
An E-commerce transaction performed through wireless and/or mobile electronic media. |
Magnetic strip |
A strip of magnetic tape affixed to the back of a card containing basic data such as the account number and the cardholder’s name. |
Manual entry |
The keying of a card number into the pos device to effect a transaction without inserting the card into or swiping the card through the pos device. |
Manual entry facility |
The ability of a merchant to process transactions by making use of manual entry. |
Manual transaction |
A transaction processed by way of manual entry. |
Mastercard |
Mastercard Incorporated or Mastercard Worldwide, an American multinational financial services corporation. |
Material amendment |
An amendment to these terms and conditions that impacts your day-to-day business operations, specifically relating to using the services. |
Merchant, you, your |
The entity or person who has entered into the agreement with us. |
Merchant application form |
The application form that you completed and that sets out, among others, the particulars of your business and the applicable card acceptance products. |
Merchant portal |
As it relates to Scan to Pay, the interface on your device enabling you to, among others, check transactions and access reports. |
Merchant service commission, MSC |
Fees that you must pay to us. |
Merchant Service Desk |
The Nedbank contact centre designated for merchant support services. |
Nominated account |
The bank account that you nominate in the cover page of this agreement. We use this account to credit amounts due to you and to debit costs, chargebacks and/or amounts for which you are liable in terms of the agreement. |
Party |
You or us. ‘Parties’ means you and us. |
PASA |
The Payments Association of South Africa and its successor in title, being the payment system management body as approved by the South African Reserve Bank, which determines industry requirements applicable to you and us. |
PCI DSS |
The Payment Card Industry Data Security Standards as stipulated by the PCI Council and card networks. |
Penalty |
A fine that a card network levies to a bank if you contravene its regulations and/or operational risk parameters. |
Personal information |
Has the meaning set out in POPIA, includes special personal information and relates only to the personal information of which we are the responsible party. |
PIN |
A Cardholder’s personal identification number that is issued to the Cardholder by the Issuing Bank. |
POS |
Point of sale. |
POS terms and conditions |
The terms and conditions as set out in Annexure 1 containing all of the relevant provisions relating the POS product and which must read in conjunction with the general terms and conditions. |
POPIA |
Protection of Personal Information Act, 4 of 2013. |
Processing, process |
When it comes to personal information, has the meaning set out in POPIA. |
QR code |
A quick-response code generated to enable one to process transactions. It is a machine-readable code consisting of either an array of black and white squares or a linked numeric code, typically used for storing internet links or other information. The QR code can be a static QR code or a dynamic QR code: a) A static QR code has a predetermined value or will allow the customer to enter a value. b) A dynamic QR code is linked to specific purchases. |
Refund |
The amount that is debited to your nominated account and credited to the cardholder in terms of clause 11, or to cause this to happen in respect of the amount in terms of clause 11. |
Sales voucher |
The written confirmation of a transaction that you have processed, recording the date, your business name and location, PAN, the amount of the transaction, and the reference number. Within the context of the E-commerce Terms and Conditions, this includes electronic sales vouchers. |
Scan to Pay |
Nedbank Scan to Pay. |
Scan to Pay compatible app |
means the application a Customer will install on a smartphone and/or tablet or similar technology, which will allow a Customer to load Card details to create a digital wallet and scan Scan to Pay QR codes. |
Start date |
The date on which you sign the agreement, regardless of when we sign it. |
Smart device |
A compatible electronic device operated by the Customer, including a smartphone or tablet. |
Territory |
South Africa. |
Third party service provider |
A third party service provider that Nedbank has contracted with in order to provide the Services. |
Transaction |
a monetary transaction in terms of which you ou accept payment from a customer via a card transaction. |
Transaction fee |
The fee that we charge you for each card transaction, as specified in the fee schedule. |
Visa |
Visa Inc., an American multinational financial services corporation; |
2. Introduction
2.1 The agreement regulates the relationship between the parties as it relates to the services as set out in clause 5.
2.2 The agreement sets out the general terms of the services and consists of various annexures that set out the specific terms of the card acceptance products, which must be read together with these general terms and conditions.
2.3 Our relationship and the agreement are subject to the card network rules and all applicable laws. By entering into the agreement, you agree to be bound by all of them at all times.
3. Your business
3.1 Your warrant that your business is as described in the cover page of this agreement, and you undertake to accept cards in payment of goods and/or services relating to your business only and within South Africa only.
3.2 The goods and/or services you offer may not be sold or produced in contravention of the agreement, applicable law, common-law provisions or the card network rules.
3.3 You must notify us in writing of any change in the nature of your business or a change in the ownership or beneficial control of your business within three business days.
3.4 The card networks restrict and/or prohibit certain industries. Therefore, if you are dishonest with regards to your business or if you supply goods and/or services that are not aligned with the disclosed business, we may view that as a material breach of the agreement and terminate it accordingly.
4. Duration
4.1 The agreement will come into force on the start date, subject to its provisions, and will endure for an initial period of one year (initial period).
4.2 If you want to terminate the agreement when the initial period expires, you must inform us at least 90 days before the expiry date. If you do not inform us within 90 days of the expiry date, the agreement will continue indefinitely until it is terminated in line with the provisions set out in the agreement.
4.3 Termination of the agreement will not affect any existing obligations that you may have towards us, and will not affect our rights in terms of the agreement.
4.4 Each annexure to this agreement will endure for the period set out in clause 4.1, subject to the further provisions of clause 4.
5. Services
5.1 The services that we provide in terms of the agreement are the following:
5.1.1 The ability to accept and process transactions through using the card acceptance products.
5.1.2 Clearing and settlement services, which entail –
5.1.2.1 debit and credit card clearing and settlement by us, in terms of which you receive payment from a cardholder for goods and/or services; and
5.1.2.2 our paying the amounts due to you and retaining the amounts that you owe us in terms of the agreement.
5.1.3 Supply and support services, which entail –
5.1.4 support in respect of the debit and credit card clearing and settlement services referred to in clause 5.1.2;
5.1.5 billing and invoicing; and
5.1.6 any services that are as set out in the annexures.
6. Your obligations
6.1 In providing your goods and/or services, you agree to the following:
6.1.1 You will display and disclose all information necessary for the cardholder to make an informed decision, including the total price, the cost of any taxes and delivery charges that apply.
6.1.2 You will not process a transaction if it does not relate to a genuine transaction for goods and/or services that you provide.
6.1.3 You will accept all valid cards that a cardholder presents in payment for the goods and/or services.
6.1.4 You will process transactions originating within South Africa and denominated in South African rands only.
6.1.5 You will supply goods and/or services at your ordinary price and will not add extra charges or set any minimum or maximum transaction amount for a particular transaction.
6.1.6 You will not require a cardholder to pay a surcharge or a part of a discount of yours or any related finance charges in connection with a transaction.
6.1.7 You will make comprehensive details of return and refund policies available to cardholders and disclose to them that you (not the original manufacturer or supplier of the goods and/or services) are the merchant of record and responsible for fulfilment of the transaction.
6.2 In addition to the above, you must do the following:
6.2.1 Comply with all legislation regulating your business, products and services, including the Consumer Protection Act, 68 of 2008, and the Electronic Communications and Transactions Act, 25 of 2002.
6.2.2 Check the expiry date of every card before you process a transaction.
6.2.3 Ensure that you have procedures in place for all transactions to prevent or reduce invalid transaction and/or fraudulent transactions.
6.2.4 At all times when accepting a card adhere to the card network rules, applicable laws, and the agreement.
6.2.5 Keep copies of all signed sales vouchers for at least 180 days from the date of the transactions.
6.2.6 Not attempt to limit your liability by requesting or inducing cardholders to waive their dispute rights in your favour.
7. Authorisation
7.1 The authorisation process that must be followed for each card acceptance product is as set out in the relevant annexures for each product.
7.2 An authorisation granted under any provision of this clause 7 or any annexure does not constitute evidence or a warranty that:
7.2.1 we will eventually make the payment;
7.2.2 the card is valid;
7.2.3 the card is genuine (ie that the card is not counterfeit); and/or
7.2.4 the person presenting the card is the actual cardholder.
7.3 Authorisation is merely an indication that the account linked to the card has enough money to pay for the card transaction on the authorisation date and that the card has not been reported lost or stolen at the time the card is presented for payment. Authorisation does not mean that a card transaction may not be subject to a chargeback. An authorisation also does not mean that payment will ultimately be made following the actions or inactions of a third party participating in the payment process.
7.4 All budget transactions require authorisation.
7.5 You must ensure that the transaction will take place on the same date the authorisation was given, unless we have given prior written consent to your processing the transaction on a different day. Certain categories of merchants are exempt from this rule.
7.6 The floor limit for all transactions will be R0, unless we have agreed otherwise in writing.
7.7 We have the right to increase, decrease or cancel your floor limit at any time at our discretion without giving reasons by giving you written notice.
7.8 We reserve the right to decline an authorisation request for any reason. We will endeavour to provide you with reasons for that decision but are not obliged to do so.
8. Our rights and obligations
8.1 We will pay to you electronically the value of all goods and/or services that you have supplied once the transaction has been authorised, less the agreed merchant service commission, which is payable by you. However, in the event of excessive chargebacks, bankruptcy, fraud, suspected fraud, invalid transactions or unfulfilled transactions, we may retain the money.
8.2 We are authorised to debit any other account that you have with us or with any other financial institution with the fees and charges set out in the agreement if we are unable to debit your nominated account.
8.3 We may apply set-off to any amount that we must pay in terms of this agreement against any amount that you owe us, whether in terms of this agreement or otherwise. We may not apply set-off to amounts that you owe to us arising from any possible commercial banking relationship that may exist between the parties.
8.4 In addition to any obligation specified in this agreement, we will:
8.4.1 give you monthly statements (electronic or paper-based) detailing all activity, relating to this agreement, on your nominated account; and
8.4.2 keep you informed of any changes in our operational policies or the card network rules that affect you.
9. Invalid transactions
9.1 We may, at our discretion, choose to treat invalid transactions as valid, but without prejudice to our right to treat any later similar transactions as invalid transactions.
9.2 We may charge back invalid transactions as described in clause 12.
9.3 We may debit the value of invalid transactions against your nominated account at any time or recover it from you in any other way.
10. Fraudulent transactions
10.1 The onus is on you to implement fraud prevention measures and to establish processes and controls aimed at combating, preventing and detecting fraud when processing transactions. You must ensure that you are adequately protected against fraud activities.
10.2 You must not honour transactions and/or accept cards that you know or suspect are fraudulent transactions, fraudulent cards or transactions that are not authorised by the customer.
10.3 If a fraudulent transaction or a suspected fraudulent transaction occurs, or if we suspect that a transaction is for any reason suspicious, invalid, erroneous or illegal, we are irrevocably authorised to:
10.3.1 withhold or delay settlement of the transaction;
10.3.2 recover the value of the transaction from you by debiting your nominated account, even if it is held at another bank, or by applying set-off or net-settling amounts due to you with the value of the fraudulent transaction and losses that we incurred or suffered as a result of or in connection with the fraudulent, invalid, erroneous or illegal transaction that you have processed, and you indemnify us against all losses in this regard;
103.3 place a hold on your nominated account;
10.3.4 pledge an amount equal to an estimate of any potential losses that we may incur as a result of the fraudulent, invalid or suspicious transaction;
10.3.5 suspend the acquiring service and products; or
10.3.6 terminate the agreement immediately without prior notice and without prejudice to any other rights in law.
11 Refund procedure
11.1 If a cardholder asks for a refund and/or you are required to refund the cardholder in terms of legislative provisions and/or because you reasonably believe that the cardholder is entitled to a refund, you must process the refund to the card used for the transaction or any other card issued to the cardholder.
11.2 Notwithstanding clause 11.1 you may choose to refund the cardholder in cash.
11.3 All refunds will be done at your own risk.
11.4 You must calculate the amount of any refund at the refund date using the prevailing exchange rate (where applicable). Any fees due to us resulting from the transaction will remain due and payable to us.
12 Cardholder disputes and chargebacks
12.1 Disputes and chargebacks will be dealt with in terms of the card network rules and the prevailing provisions.
12.2 The cardholder may dispute transactions within 180 days of the transaction date. In some instances this period may be longer.
12.3 We reserve the right to charge back the amount of disputed transactions directly to your nominated account on receiving the dispute.
12.4 Reasons for chargebacks include, but are not limited to the following:
12.4.1 Actual or suspected lack of authorisation.
12.4.2 Unlawful or suspicious transactions.
12.4.3 Goods and/or services not having been delivered.
12.4.4 Goods and/or services not being to the agreed standard or quality.
12.4.5 A transaction being fraudulent or invalid.
12.4.6 A transaction not having been processed in line with the card network rules.
12.5 You will be liable to us for the full chargeback amount as well as any Nedbank and/or card network fees relating to chargebacks.
12.6 We will debit the transaction amount against your nominated account or any other bank account in your name with enough credit.
12.7 We may hold the transaction amount in advance for potential chargebacks until the chargeback process has been completed.
12.8 You are liable for all chargebacks as well as their resolution with the cardholder and issuing bank. We will not intervene on behalf of you, the cardholder or the issuing bank and will not become involved in a dispute between you and a cardholder. We will assist only in the exchange of documents between you and the issuing bank.
12.9 If you want to dispute a chargeback, you must submit all the relevant and necessary documents to us on request within the stipulated time frames. If you do not submit the documents to us at all or within the stipulated time frames, the chargeback will be upheld. Nedbank does not determine the outcome of the chargeback or dispute.
12.10 The card networks prescribe certain thresholds relating to chargebacks and fraudulent transactions. If these thresholds are exceeded, the card networks may charge fines and/or penalties, for which you will be liable. It may also result in us terminating the agreement or reviewing and amending it.
12.11 You agree and accept full chargeback liability for all fraud established on a card, regardless of whether the chargeback is regarded as being the result of fraudulent card use.
13. Liability shift
13.1 If you have complied with the authorisation procedures as set out in the agreement and annexures, the liability for any resultant chargebacks will shift from you to the issuing bank.
13.2 However, if you do not follow the necessary processes, the liability for any resultant chargeback will shift from the issuing bank to you and you will be liable for the chargebacks.
13.3 Liability shift occurs only when a chargeback arises from the authorisation process relating to the transaction. A cardholder may still raise a chargeback if the dispute relates to the services rendered or the goods provided.
14. Merchant service commision, fees and charges
14.1 We are entitled to charge the merchant service commission, fees and charges as set out in the fee schedule.
14.2 We will provide you with a statement reflecting the merchant service commission, fees and charges debited or any other amount credited to your nominated account. This statement will be paper-based or electronic.
14.3 If we do not provide you with a statement, it will not be a waiver of our claims to the merchant service commission, fees or charges concerned.
14.4 It is your obligation to dispute statement within 90 days after the statement date in order to us to review your dispute and address your dispute. If you fail to raise a dispute within the indicated time, it will be deemed that you are in agreement with the relevant statement.
14.5 We will determine the percentage of the merchant service commission at our discretion. We may review this percentage, and will notify you of any changes.
14.6 We reserve the right to levy other fees at any time but will always notify you accordingly one month before they become applicable.
14.7 All amounts specified in the cover page of this agreement are payable free of any deductions or set-off.
14.8 You acknowledge and agree that we will be entitled to debit your nominated account with all the amounts specified in the agreement within 180 days of the date of the cancellation of this agreement.
14.9 If we are unable to debit your nominated account, wentained in your memorandum.
15. Debiting your account
15.1 You nominate the bank account set out in the cover page of this agreement for the debiting of any fees as it relates to the agreement.
15.2 We may debit your nominated account, at whichever bank this account is held, with the following:
15.2.1 Refunds due to a cardholder in line with the refund procedure set out in clause 9, 10, 11 and/or 12.
15.2.2 The value of reversals of invalid transactions.
15.2.3 Rentals for software and/or devices and/or fees for the provision of merchant facilities.
15.2.4 The merchant service commission as detailed in the fee schedule.
15.2.5 Refunds to a cardholder not attended to by you.
15.2.6 The value of disputed transactions that cardholders brought to our attention.
15.2.7 Interest at our prime overdraft rate on any amount that you owe us.
15.2.8 The value of transactions performed with a cancelled or otherwise invalid card.
15.2.9 Fees and/or fines and/or penalties that the card networks or industry regulatory bodies charge for excessive chargebacks or other disputes relating to you and/or your failure to comply with regulatory requirements or any other fee, fine or penalty levied by such a regulatory body or organisation due to your failure to adhere to this agreement.
15.3 You must pay an administration fee for each payment that is due to us that your bank has returned unpaid.
15.4 You undertake to notify us immediately in writing or by email of any changes in the details of your nominated account. This notification must reach us at least 10 business days before the change will come into effect. You waive any right to claim damages from us if the damages result from non-compliance with this clause.
15.5 The amounts referred to in the agreement may be subject to exchange rate variations, where applicable.
15.6 VAT will be payable on all fees referred to in the agreement and the fee schedule, where applicable, unless otherwise stated.
15.7 We reserve the right to terminate the agreement immediately if your bank returns a payment for whatever reason.
15.8 We reserve the right to change any other fees provided for in the agreement by giving you written notice, which could be a letter, statement message, statement insert or something else.
15.9 You agree and acknowledge that if your facility is cancelled, we may debit your nominated account with all the amounts specified in the agreement within 180 days of the date of the cancellation.
16. PCI DSS
16.1 When processing card transactions, you must comply with PCI DSS and therefore do the following:
16.1.1 Consult the PCI DSS website (https://www.pcisecuritystandards.org/Merchants/).
161.2 At your own cost agree to and do comply with all the requirements of PCI DSS, which are available at https://www.pcisecuritystandards.org.
16.1.3 Report all instances of a data compromise, as defined by PCI DSS, to us immediately but not later than 24 hours from the time you became aware of the incident.
16.1.4 Ensure that identified breaches of the PCI DSS are rectified within six months of the reported breach.
17. Warranties
17.1 By presenting transactions to us for payment, you warrant and continue to warrant the following:
17.1.1 No proceedings have started or are threatened against you that would or could restrain you from entering into the agreement or from providing the goods and/or services.
17.1.2 All statements of fact contained in them are true.
17.1.3 The goods and/or services concerned were supplied at your normal cash price, which does not include additional charges or element of credit.
17.1.4 The transaction between you and a cardholder is legal and conforms to the laws of South Africa.
17.1.5 The goods and/or services supplied in terms of the transactions are not in conflict with the laws of South Africa or the card network rules.
17.1.6 There has been full compliance with the terms of the agreement.
17.1.7 You indemnify us against any claim or liability that may arise from a dispute between you and a cardholder about goods and/or services supplied, with the onus being on you to provide satisfactory evidence to us that the cardholder had authorised the debit from their account.
17.1.8 You indeed supplied the goods and/or services referred to in the transactions to the cardholder at the agreed location and within the agreed period.
17.1.9 You have full capacity and authority to enter into and perform your obligations under the agreement in terms of your constitutive documents and applicable law, and are not subject to any legal or contractual restrictions or limitations in this regard.
17.1.10 You have not been induced to enter into the agreement by any prior representations, warranties or guarantees, whether oral or in writing, except as expressly contained in the agreement.
17.1.11 If you are -
17.1.11.1 a legal person or trust, you are incorporated in terms of the relevant laws of South Africa and registered in line with South African law; or
17.1.11.2 a natural person, you are a South African citizen and domiciled in South Africa or are a permanent resident of South Africa or a foreign citizen holding the necessary permits and visas to conduct business in South Africa; or
17.1.11.3 a partnership, the majority of the partners are South African citizens and domiciled in South Africa and the main business of the partnership is conducted in South Africa.
17.2 In addition to the other undertakings, you unconditionally and irrevocably undertake to do the following:
17.2.1 Inform us promptly in writing –
17.2.1.1 of any alterations to your constitutional documents;
17.2.1.2 of any change in the present shareholding or ultimate beneficial control relating to your voting rights;
17.2.1.3 of any other events or circumstances relating to business rescue proceedings in respect of you or your members or by an affected person as set out in the Companies Act, 71 of 2008 (the Companies Act), or at the instance of the court pursuant to a court order starting business rescue proceedings (whether the proceedings are anticipated, threatened or have started), and immediately provide us with the full details of the proceedings; copies of all relevant documents, including applications, notices of meetings and resolutions, and any steps that you are taking or proposing to take in respect of the proceedings; and
17.2.1.3 if you have received notices from the Companies and Intellectual Property Commission (commission’) in terms of sections 22(2) and 22(3) of the Companies Act.
17.2.2 Deliver to us written notice of a board or members’ meeting of yours to approve a resolution as set out under section 129 of the Companies Act within five business days before the date on which it will held, together with the details of the date and place at which the meeting will be held. You agree that we will be entitled to attend the meeting at our discretion. If we attend the meeting, we will have the right, subject to applicable laws, to be consulted in respect of the appointment of an appropriate business rescue practitioner.
17.2.3 Inform us in writing before entering into a merger, a demerger or an amalgamation. On receipt of this notice we may terminate the agreement immediately.
17.2.4 Comply with section 75 (disclosure of financial interest) of the Companies Act in respect of all agreements you contemplate and, in the event of non-compliance, obtain a ratifying extract from the shareholders.
17.2.5 If applicable, promptly deliver the written notice as set out in section 129(7) of the Companies Act to us.
17.2.6 Promptly comply with the requirements of section 11(3)(b) (RF companies) and section 13(3) of the Companis Act in respect of any special conditions contained in your memorandum.
18. Protection of personal information
18.1 If you have access to, store (including in digital form) or communicate (including any digital communication) personal information relating to the data subjects, you must:
18.1.1 treat the personal information as confidential;
18.1.2 not disclose the personal information to any third party, unless we have authorised the disclosure in writing;
18.1.3 ensure that any person who has lawful access to the personal information has signed a legally binding non-disclosure agreement;
18.1.4 take appropriate, technical and/or organisational measures to ensure the integrity of the personal information and to ensure that it is secured and protected against unauthorised or unlawful processing, accidental loss, destruction or damage, alteration, disclosure or access by –
18.1.4.1 having regard to any requirement in law or stipulated in industry rules or in codes of conduct or by a professional body; and
18..1.4.2 taking all necessary steps to -
18.1.4.2.1 at least every 12 months identify all internal and external risks to the personal information and provide us with a detailed written audit report within 30 days of having completed your investigations, whether the investigations happen as frequently as every 12 months or more frequently;
18.1.4.2.2 implement and maintain appropriate safeguards against the identified risks;
18.1.4.2.3 regularly verify that the safeguards have been implemented effectively and, where there has been a change of your environment regarding cyber or privacy during the tenure of the agreement, provide a written report to us within two days after the change of that environment;
18.1.4.2.4 accord the same levels of privacy and confidentiality for a natural person who is the data subject to a juristic person who is the data subject; and
18.1.4.2.5 comply with any audit requirements that we impose in respect of the personal information.
18.2 Notification of a security breach
18.2.1 You must:
18.2.1.1 notify our information officer or the Nedbank relationship manager by sending an email to privacy@nedbank.co.za (as referred to in the Nedbank Group PAIA (Promotion of Access to Information) Manual posted on our website) immediately but within 24 hours of becoming aware or suspecting any unauthorised or unlawful use, disclosure or processing of personal information; and
18.2.1.2 at your own cost take all necessary steps to mitigate the extent of the loss or compromise of the personal information and restore the integrity of the affected information systems as quickly as possible and -
18.2.1.2.1 give us all the necessary information that we may request pursuant to the security breach and help us meet any regulatory requirements and obligations in respect of the personal information;
18.2.1.2.2 in consultation with us and where required by law notify any legally mandated authority or data subjects; and
18.2.1.2.3 help us (in any format that we may require) comply with any requests for access to personal information from data subjects.
18.3 Permitted processing of personal information
You must process the personal information of data subjects in line with the agreement.
19. Confidential information and data security
19.1 The parties agree and undertake in favour of each other to keep the confidential information confidential, except as permitted (i) by the agreement, (ii) by prior written consent, (iii) by law, or (iv) if the confidential information is in the public domain. The parties will protect each other’s confidential information in the manner of a reasonable person protecting their own confidential information.
19.2 The confidentiality obligations in terms of this clause 19, with respect to each item of confidential information, will start on the date on which the information is disclosed or otherwise received and will endure indefinitely after the termination of the agreement for as long as the confidential information remains confidential.
19.3 Neither party will use or permit the use of the confidential information for any purpose other than for the purpose of the agreement and in particular not to use or permit the use of the confidential information, whether directly or indirectly, to obtain a commercial, trading, investment, financial or other advantage over the other party or otherwise use it to the detriment of the other party.
19.4 The parties will not copy or reproduce the confidential information by any means without the prior written consent of the disclosing party, it being recorded that any copies of the confidential information will be and remain the property of the disclosing party. The parties may disclose confidential information to attorneys or auditors, provided that the disclosure is reasonably required for purposes of conducting that party’s business activities. The party must then ensure that the recipient of the confidential information maintains the confidentiality.
19.5 Each party will ensure that its employees or contractors engaged in terms of the agreement are under an equivalent obligation of confidentiality to that imposed by the agreement on the parties, and will use commercially reasonable efforts to ensure that no employees or contractors will be in breach of that obligation and that any employee or contractor who is in breach is prevented from continuing the breach.
19.6 In the event that either party is required to disclose the confidential information by law, the party receiving the request to disclose information will:
19.6.1 advise the other party prior to disclosure, if possible;
19.6.2 take steps to limit the extent of the disclosure to the extent that it lawfully and reasonably practically can;
19.6.3 afford the other party a reasonable opportunity, if possible, to intervene in the proceedings; and
19.6.4 comply with the other party’s requests as to the manner and terms of the disclosure.
19.7 You may receive or have access to our confidential information and will therefore adopt appropriate technical and/or organisational security measures to:
19.7.1 prevent any unauthorised person from having access to computer systems processing or storing our confidential information, especially with regard to –
19.7.1.1 unauthorised reading, copying, alteration or removal of storage media;
19.7.1.2 unauthorised data input and unauthorised disclosure, alteration or erasure of our stored confidential information; and
19.7.1.3 unauthorised use of data-processing systems by means of data transmission facilities; and
19.7.2 ensure that authorised users of a data-processing system can access only our confidential information to which their access rights refer;
19.7.3 record which of our confidential information has been communicated, when and to whom;
19.7.4 ensure that our confidential information being processed on behalf of third parties can be processed only in the manner that we or the third party has prescribed;
19.7.5 ensure that, during communication of our confidential information and transport of storage media, the data cannot be read, copied or erased without authorisation; and
19.7.6 design your organisational structure in such a manner as to comply with industry best-practice data protection requirements.
19.8 The security measures set out above must be recorded in a plan and must be presented to us on demand.
19.9 The content and existence of the agreement constitute confidential information and must be treated as such.
19.10 The obligations in this clause will endure even if the agreement has been terminated.
20. Intellectual property
20.1 The parties to the agreement acknowledge that all intellectual property rights presently vesting in the respective parties at the date of signature of the agreement will continue to vest in those parties.
20.2 The parties undertake not to use one another’s intellectual property in any publication, advertisement, signage, media, circular or similar medium without the written approval of the other party.
20.3 Any intellectual property that we develop during the subsistence of the agreement for purposes of the services as set out in the agreement will vest exclusively with us.
20.4 We grant you a non-assignable and non-exclusive licence to use the service.
20.5 Subject to any intellectual property rights held by any other third parties, we retain all intellectual property and intellectual property rights in and to all intellectual property in connection with the service and specifically to any Scan to Pay logos, the Scan to Pay app, the Merchant Portal and QR codes.
20.6 You may not copy, republish, distribute, adapt, modify, alter, decompile, reverse-engineer or attempt to derive the source code of works or create a derivative of the source code, or otherwise try to reproduce the Scan to Pay app, the Merchant Portal or QR codes, their respective content, including any intellectual property in the content, their respective designs, any updates to the proprietary features and/or any proprietary features in relation to them, or any parts of them.
21. Regulators' and our audit rights
21.1 We and/or our agents and/or our internal or external auditors will have the right to audit you at any time to determine whether you comply with the agreement. These audit rights include the right of access to systems, procedures and software; vulnerability testing of systems, procedures and software; and inspection of the physical security of your premises. You will offer reasonable assistance and cooperation to us and/or our agents and/or our internal or external auditors for the carrying out of the auditing exercise.
21.2 To the extent that you engage an independent auditor to carry out an audit of your operations, you agree to provide us with the relevant copies of the audit reports of all those audit exercises on request.
21.3 You acknowledge that as a banking group, we have to comply with directives and guidelines from the South African Reserve Bank (SARB), other regulators and the card networks. Accordingly, any of our regulators, including SARB, will have the same audit rights as set out in this clause 21. If a regulator wants to do an audit of you, you must inform us to the extent allowed in law.
22. Disclaimer
22.1 We will not accept liability for incorrect transaction details you submit to us.
22.2 We do not guarantee uninterrupted availability of the service.
22.3 We do not accept liability for failed transactions if transactions fail for reasons beyond our control, including a telecommunication connectivity failure.
22.4 We do not warrant that the service will be error-free or that the service will perform to any particular standard.
22.5 You use the service at your own risk.
22.6 If you do not notify us of changes to your contact details, we will not be liable for any loss you may suffer if we cannot contact you or if you do not receive notifications or other documents or information from us.
23. Breach
23.1 Unless stated otherwise in the agreement, if either party commits a breach of this agreement and fails to remedy it within seven days of written notice, the notifying party will be entitled to terminate the agreement, without prejudice to any rights that the party may have.
23.2 If (i) a causal event (as defined below) occurs in respect of you; or (ii) you do not adhere to applicable laws; or (iii) you breach any term or condition of any licence, authorisation or consent required for the provision of the services, which breach we, at our discretion, consider to be prejudicial or potentially prejudicial to us, we will be entitled to terminate the agreement and/or any transaction document immediately on written notice to you. The termination will be without any liability to us and without prejudice to any claims that we may have for losses against you.
23.3 For the purposes of the agreement, a causal event is:
23.3.1 a compromise, scheme of arrangement or composition by you with any or all your creditors;
23.3.2 your liquidation, whether provisionally or finally, or the start of business rescue proceedings in relation to your business;
23.3.3 a default or cessation, or a reasonable prospect of default or cessation (as the case may be), of your normal line of business;
23.3.4the commission of an act or an omission that is an act of insolvency by an individual in terms of the Insolvency Act, 24 of 1936, or the existence of circumstances that would allow for the winding up of your business in terms of the Companies Act and/or in terms of section 68 of the Close Corporations Act, 69 of 1984, as the case may be;
23.3.5 your disposal of a material portion of your undertaking or assets;
23.3.6any change of control of your business, and this change of control will be accepted to have occurred in circumstances where, subsequent to the start date, any person (whether natural, juristic, or otherwise) acquires the ability, by virtue of ownership, rights of appointment, voting rights, management agreement, or agreement of any kind, to control or direct (directly or indirectly) your board or executive body or decision-making process or management as set out in the Companies Act; or
23.3.7your conduct or alleged conduct or your association or alleged association to a third party that, at our discretion, could result in reputational risk to us, provided that the causal events will be accepted to be causal events if we consider these events, at our discretion, to be detrimental to you for sound business reasons.
24. Termination
24.1 After expiration of the initial period, you may terminate the agreement on a calendar month’s written notice to us. You will then be responsible for the remaining responsibilities in respect of the services and products that we have delivered and for all losses incurred as a result of your actions and/or omissions.
24.2 We may terminate the agreement (in whole or in part) without cause or incurring liability at any time by giving you at least 30 days’ prior written notice indicating the termination date. Notwithstanding the foregoing, should we deem it necessary to do so we may terminate this agreement with immediate effect. Our rights in terms of this clause will not be affected by any force majeure event.
24.3 The termination of one annexure will not affect the validity of any other annexure, unless stated otherwise in the annexure. However, all annexures will terminate when the agreement terminates.
24.4 When the agreement terminates, the clauses in the agreement will continue to apply to transactions that you processed on or before the termination date. Termination of the agreement will not affect any rights and/or obligations of the parties that arose in terms of the agreement on or before the termination date.
25. Jurisdiction
The agreement is governed by the laws of South Africa and all disputes, actions and other matters in connection with it will be determined in line with those laws.
26. Limitation of liability
26.1 If a breach of any of the provisions of the agreement happens, you will be liable to us for all losses that we have sustained as a result of the breach.
26.2 We will not in any way be liable to you or any third party for any indirect, special and/or consequential losses that you or a third party have sustained.
26.3 Neither party’s direct or indirect liability is limited for fraud or theft by it or its employees, death or personal injury caused by you or your employees or authorised subcontractors or any liability arising from a breach or an indemnity given in respect of a party’s obligations, in relation to confidential information, intellectual property rights and applicable law.
27. Force Majeure
27.1 No party will be liable to the other for any losses resulting from non-performance of its obligations if and to the extent that the non-performance is caused by events not within the control of that party, provided that the non-performance could not have been prevented by reasonable precautions. ‘Reasonable precautions’ by way of example include making provision for alternative electrical power during temporary electrical power outages so that each party can continue performing its obligations.
27.2 If any event under clause 27.1, at our discretion, substantially prevents performance of the services, we may, at our option: (i) procure the services from another source; or (ii) terminate the agreement or any portion of it without liability. To the extent applicable, the charges payable under the agreement will then be adjusted to reflect the terminated services.
27.3 If either party (invoking party) cannot fulfil any of its obligations in terms of the agreement as envisaged in 27.1 and/or as a result of an act of God, strike, war, riots, fire, flood, legislation, insurrection, sanctions, trade disputes or economic embargo or any similar cause beyond the reasonable control of the invoking party (any event from here is called a force majeure), the invoking party will immediately give written notice of the force majeure to the other party:
27.3.1 specifying the cause and anticipated duration of the force majeure; and
27.3.2 promptly on termination of the force majeure confirming that the force majeure has ended.
27.4 Performance of these obligations will be suspended from the date on which notice is given in terms of subclause 27.3.1 until the date on which notice is given in terms of subclause 27.3.2.
27..5 The invoking party will not be liable for any delay or failure in the performance of any obligation in terms of the agreement or for loss or damage due to or resulting from the force majeure during the period referred to in subclause 27.3 above, provided that:
27.5.1 the invoking party uses and continues to use its best efforts and takes all reasonable steps to perform it obligations and provides the necessary notices as specified in clause 27.3; and
27.5.2 if the force majeure continues for more than 30 days, the other party will be entitled to cancel the agreement on the expiry of the 30 days with immediate effect on written notice. The other party will not be able to claim damages against the invoking party as a result of the delay or failure in the performance of any obligations under this agreement due to or resulting from the force majeure, except as otherwise stated in this agreement.
27.6 The provisions of this clause do not derogate our rights in terms of clause 24.
28. Domicilia and notices
28.1 You choose the physical address as set out in the cover page of this agreement as your domicilium citandi et executandi and, for the purposes of giving or sending any notice through electronic communication, the last email address that you have given us.
28.2 We choose 135 Rivonia Road, Sandown, Sandton, 2196, as our domicilium citandi et executandi and, for the purposes of giving or sending any notice through electronic communication, the last email address that we gave you.
28.3 Any notice addressed to a party at its physical or postal address must be sent by prepaid registered post, delivered by hand or sent by email.
28.4 Any notice will be deemed to have been given and received as follows:
28.4.1 If it was posted, seven days after the date it was posted (or on the next business day if no postal services are available on that day).
28.4.2 If it was hand-delivered, on the day of delivery.
28.4.3 If it was faxed or emailed, on the date of the sending of the fax or email.
28.5 Regardless of anything to the contrary contained in this clause 28, a written notice or communication that a party actually received will be adequate written notice or communication to that party, even if it was not sent or delivered to its chosen domicilium citandi et executandi or in a way provided for in this clause 28.
29. Amendment to the agreement
29.1 During the term of the agreement we may revise and update it or discontinue or otherwise modify (temporarily or permanently) the services and/or any part of your access to it. We reserve the right to make these changes effective immediately if it is necessary to maintain the integrity and security of the services and related systems, and to comply with the card network rules, legislation, regulations and industry requirements.
29.2 The latest version of the agreement and annexures are available on our website and this version will at all times be the agreement that governs our relationship.
29.3 You are obligated to review any changes to the agreement and must contact us if you require clarity on any of the provisions.
29.4 Material amendments to the agreement will be communicated to you through a telephone call, written notice, statement messages or SMSs.
29.5 If you do not agree to an material amendment, you must inform us in writing or telephonically if you want to terminate the agreement within five days after having received our notice.
29.6 If you do not notify us of your intention to terminate the agreement, your continued use of the services after that will serve as confirmation that you have receive adequate notice of the material amendments and have accepted the amended agreement. All transactions processed after material changes have been made to the agreement will be governed by the amended agreement.
29.7 In the event that additional card acceptance facilities are activated for you, either at your request or our mutual agreement, confirmation will be sent to you in writing by Nedbank.
30. General
30.1 The agreement, which we may amended from time to time, constitutes the entire agreement between the parties in respect of the subject matter, correctly reflects the intention of the parties and constitutes all arrangements entered into between them.
30.2 A certificate of indebtedness signed by any manager of ours will be regarded as sufficient proof of the particulars included in the certificate for the purposes of provisional sentence, summary judgment or any other purpose.
30.3 No failure, delay, relaxation or indulgence on our part in exercising any power or right conferred on us in terms of the agreement will be a waiver of that power or right, and it will not change or cancel any of the terms and conditions of the agreement.
30.4 Unless expressly stated otherwise, the agreement (in whole or in part), any share or interest in it, or any rights or obligations conferred on you may not be ceded, assigned or otherwise transferred without our prior written consent.
30.5 You acknowledge that, apart from what is recorded in the agreement, we have given no warranty (express or implied) concerning our obligations under the agreement or in respect of any provisions contained in it.
30.6 We will not be liable for any corrupted computer data or vouchers lost in transit, whatever the cause.
30.7 We will be entitled, at our discretion and without notifying you, to consolidate any or all your Nedbank accounts. A partial consolidation will not prevent us from claiming from you any amount excluded in the consolidation.
30.8 We may, for any reason, set off amounts due and payable to us against amounts that we may owe you from any account that you have with us. You must immediately pay to us any net amount that is still payable to us after set-off.
30.9 The terms of the agreement in respect of each part will be accepted as whole, separate, severable and separately enforceable in the widest sense from the rest of the agreement.
30.10 The parties acknowledge that each clause of the agreement is separate. If a clause is or becomes illegal, invalid and/or unenforceable for any reason, it must be treated as if it had not been included in the agreement. This will not result in the remainder of the agreement being illegal, invalid or unenforceable.
30.11 The agreement is subject to the card acquiring rules and regulations of the card networks (as amended).
ANNEXURE 1
POS Terms and Conditions
1. Definitions and interpretation
1.1 You must read this annexure together with the General Merchant Terms and Conditions.
1.2 Words and phrases not defined in this annexure will have the same meaning as assigned to it in the general terms and conditions.
1.3 If there is a conflict between this annexure and the general terms and conditions, this annexure will prevail only to the extent that the inconsistency relates to POS devices and the processes applicable to them.
1.4 In this annexure the words and expressions below shall have the meaning assigned to it herein, these definitions must be read in conjunction with the terms as defined in the general terms and conditions:
1.4.1 cashback advance |
means the withdrawal of cash by a cardholder from the merchant till, which may or may not be combined with a transaction and subject to the provisions of PASA applicable to transactions of this nature. |
1.4.2 contactless POS device |
A Nedbank POS device that is enabled to perform contactless payments. |
1.4.3 DCC |
Dynamic Currency Conversion, which is the system that enables you to process foreign transactions.
|
1.4.4 DCC participation payment
|
The payment we make to you for participating in DCC. |
1.4.5 delivery address |
Your address or addresses where we must deliver the equipment as specified in the cover page of this agreement. |
1.4.6 foreign card |
A card that is issued by a bank outside South Africa, is held by a foreign cardholder and holds foreign currency. |
1.4.7 foreign currency
|
The currency other than South African rand in which a foreign cardholder’s account is denominated. |
1.4.8 foreign transaction |
The process where a foreign cardholder presents a foreign card at your POS device to pay for a purchase and the local currency is converted to the foreign currency at an exchange rate that Reuters determines. You will receive settlement of the foreign transaction in South African rand. |
1.4.9 EMV |
A payment method that is named after Europay, Mastercard and Visa and that enables card issuers, retailers and consumers to use chip cards and POS devices with added security. |
1.4.10 equipment |
A POS device, PIN entry device (PED) and other peripherals, including communication equipment such as a SIM, a Wi-Fi router or similar equipment, that we supply to enable the equipment to work. |
1.4.11 maintenance period |
The period between the delivery date of the equipment and the date of its return. |
1.4.12 merchant supervisor card and/or PIN |
The card(s) or PIN(s) that we issued to you and that gives you access to the supervisor functions of the POS device. |
1.4.13 mobile POS products |
Includes PocketPOS and POSplus. |
1.4.14 MOTO Merchants |
Means a Merchant who processes MOTO Transactions and who is approved as such by the Bank |
1.4.15 MOTO transactions |
means a mail-order, or telephone-order transaction, in terms of which a cardholder orders goods or services from a MOTO merchant by way of mail or telephone. Neither the card nor the cardholder is present at the MOTO merchant’s premises when the transaction is processed and processed by way of manual entry. |
1.4.16 petrol card and/or garage card and/or fleet card |
A card that is issued specifically to buy petroleum products and/or to pay for repairs and maintenance (in the case of a garage card). |
1.4.17 petroleum products |
Petrol, oil, oil additives, lubricants, diesel, paraffin, power paraffin, petroleum additives and other similar motor products. |
1.4.18 petrol sales voucher |
A sales voucher that you issue for petroleum product sales. |
1.4.19 PocketPOS |
The PocketPOS app that is downloaded from an app store. It may include the card acceptance device that is optional and at an additional cost. The PocketPOS app offers tap-on-phone contactless payment acceptance and Scan to Pay QR code acceptance functionalities on compatible mobile devices. The optional card acceptance device offers card swipe and EMV transactions. |
1.4.20 POS device |
A point-of-sale device and/or PIN entry device that is used for processing card transactions and includes devices for use with POSplus. |
1.4.21 POS agreement or POS terms and conditions |
This annexure, which sets out the terms and conditions applicable to the use of POS devices, including any addenda, annexures or schedules attached or to be attached to it. |
1.4.22 POSplus |
The POSplus Application that is downloaded from an app store and includes a POS device. The POSplus Application offers Tap on Phone contactless payment acceptance and Scan to Pay QR code Acceptance on compatible mobile devices,card swipe and EMV transactions. |
1.4.23 replaceable value |
means the value of parts of the POS equipment that can be replaced without discarding the device in its entirety. |
1.4.24 rental fee |
The monthly fee that you must pay us to use the POS device, as set out in the fee schedule. |
1.4.25 SIM |
Security identity module, which is a security device that may be an integral part of or used in conjunction with the POS device and which enables the POS device to communicate via mobile communication data networks. |
2. Duation
2.1 This annexure will endure for the same period as the agreement. If the agreement is terminated, the annexure will also terminate.
2.2 If you terminate this annexure for any reason within the initial period, we will be entitled to debit your nominated account with the rental fee, including VAT, multiplied by the number of months remaining in the initial period, which you agree is a reasonable cancellation penalty.
3. Your business
3.1 Your warrant that your business is as described in the cover page of this agreement, and you undertake to accept cards in payment of goods and/or services relating to your business only and within South Africa only.
3.2 The goods and/or services you offer may not be sold or produced in contravention of the agreement, applicable law, common-law provisions or the card network rules.
3.3 You must notify us in writing of any change in the nature of your business or a change in the ownership or beneficial control of your business within three business days.
3.4 The card networks restrict and/or prohibit certain industries. Therefore, if you are dishonest with regards to your business or if you supply goods and/or services that are not aligned with the disclosed business, we may view that as a material breach of the agreement and terminate it accordingly.
4. Duration
4.1 The agreement will come into force on the start date, subject to its provisions, and will endure for an initial period of one year (initial period).
4.2 If you want to terminate the agreement when the initial period expires, you must inform us at least 90 days before the expiry date. If you do not inform us within 90 days of the expiry date, the agreement will continue indefinitely until it is terminated in line with the provisions set out in the agreement.
4.3 Termination of the agreement will not affect any existing obligations that you may have towards us, and will not affect our rights in terms of the agreement.
4.4 Each annexure to this agreement will endure for the period set out in clause 4.1, subject to the further provisions of clause 4.
5. Services
5.1 The services that we provide in terms of the agreement are the following:
5.1.1 The ability to accept and process transactions through using the card acceptance products.
5.1.2 Clearing and settlement services, which entail –
5.1.2.1 debit and credit card cearing and settlement by us, in terms of which you receive payment from a cardholder for goods and/or services; and
5.1.2.2 our paying the amounts due to you and retaining the amounts that you owe us in terms of the agreement.
5.1.3 Supply and support services, which entail –
5.1.4 support in respect of the debit and credit card clearing and settlement services referred to in clause 5.1.2;
5.1.5 billing and invoicing; and
5.1.6 any services that are as set out in the annexures.
6. Your obligations
6.1 In providing your goods and/or services, you agree to the following:
6.1.1 You will display and disclose all information necessary for the cardholder to make an informed decision, including the total price, the cost of any taxes and delivery charges that apply.
6.1.2 You will not process a transaction if it does not relate to a genuine transaction for goods and/or services that you provide.
6.1.3 You will accept all valid cards that a cardholder presents in payment for the goods and/or services.
6.1.4 You will process transactions originating within South Africa and denominated in South African rands only.
6.1.5 You will supply goods and/or services at your ordinary price and will not add extra charges or set any minimum or maximum transaction amount for a particular transaction.
6.1.6 You will not require a cardholder to pay a surcharge or a part of a discount of yours or any related finance charges in connection with a transaction.
6.1.7 You will make comprehensive details of return and refund policies available to cardholders and disclose to them that you (not the original manufacturer or supplier of the goods and/or services) are the merchant of record and responsible for fulfilment of the transaction.
6.2 In addition to the above, you must do the following:
6.2.1 Comply with all legislation regulating your business, products and services, including the Consumer Protection Act, 68 of 2008, and the Electronic Communications and Transactions Act, 25 of 2002.
6.2.2 Check the expiry date of every card before you process a transaction.
6.2.3 Ensure that you have procedures in place for all transactions to prevent or reduce invalid transaction and/or fraudulent transactions.
6.2.4 At all times when accepting a card adhere to the card network rules, applicable laws, and the agreement.
6.2.5 Keep copies of all signed sales vouchers for at least 180 days from the date of the transactions.
6.2.6 Not attempt to limit your liability by requesting or inducing cardholders to waive their dispute rights in your favour.
7. Authorisation
7.1 The authorisation process that must be followed for each card acceptance product is as set out in the relevant annexures for each product.
7.2 An authorisation granted under any provision of this clause 7 or any annexure does not constitute evidence or a warranty that:
7.2.1 we will eventually make the payment;
7.2.2 the card is valid;
7.2.3 the card is genuine (ie that the card is not counterfeit); and/or
7.2.4 the person presenting the card is the actual cardholder.
7.3 Authorisation is merely an indication that the account linked to the card has enough money to pay for the card transaction on the authorisation date and that the card has not been reported lost or stolen at the time the card is presented for payment. Authorisation does not mean that a card transaction may not be subject to a chargeback. An authorisation also does not mean that payment will ultimately be made following the actions or inactions of a third party participating in the payment process.
7.4 All budget transactions require authorisation.
7.5 You must ensure that the transaction will take place on the same date the authorisation was given, unless we have given prior written consent to your processing the transaction on a different day. Certain categories of merchants are exempt from this rule.
7.6 The floor limit for all transactions will be R0, unless we have agreed otherwise in writing.
7.7. We have the right to increase, decrease or cancel your floor limit at any time at our discretion without giving reasons by giving you written notice.
7.8 We reserve the right to decline an authorisation request for any reason. We will endeavour to provide you with reasons for that decision but are not obliged to do so.
8. Our rights and obligations
8.1 We will pay to you electronically the value of all goods and/or services that you have supplied once the transaction has been authorised, less the agreed merchant service commission, which is payable by you. However, in the event of excessive chargebacks, bankruptcy, fraud, suspected fraud, invalid transactions or unfulfilled transactions, we may retain the money.
8.2 We are authorised to debit any other account that you have with us or with any other financial institution with the fees and charges set out in the agreement if we are unable to debit your nominated account.
8.3 We may apply set-off to any amount that we must pay in terms of this agreement against any amount that you owe us, whether in terms of this agreement or otherwise. We may not apply set-off to amounts that you owe to us arising from any possible commercial banking relationship that may exist between the parties.
8.4 In addition to any obligation specified in this agreement, we will:
8.4.1 give you monthly statements (electronic or paper-based) detailing all activity, relating to this agreement, on your nominated account; and
8.42 keep you informed of any changes in our operational policies or the card network rules that affect you.
9. Invalid transactions
9.1 We may, at our discretion, choose to treat invalid transactions as valid, but without prejudice to our right to treat any later similar transactions as invalid transactions.
9.2 We may charge back invalid transactions as described in clause 12.
9.3 We may debit the value of invalid transactions against your nominated account at any time or recover it from you in any other way.
10. Fraudulent transactions
10.1 The onus is on you to implement fraud prevention measures and to establish processes and controls aimed at combating, preventing and detecting fraud when processing transactions. You must ensure that you are adequately protected against fraud activities.
10.2 You must not honour transactions and/or accept cards that you know or suspect are fraudulent transactions, fraudulent cards or transactions that are not authorised by the customer.
10.3 If a fraudulent transaction or a suspected fraudulent transaction occurs, or if we suspect that a transaction is for any reason suspicious, invalid, erroneous or illegal, we are irrevocably authorised to:
10.3.1 withhold or delay settlement of the transaction;
10.3.2 recover the value of the transaction from you by debiting your nominated account, even if it is held at another bank, or by applying set-off or net-settling amounts due to you with the value of the fraudulent transaction and losses that we incurred or suffered as a result of or in connection with the fraudulent, invalid, erroneous or illegal transaction that you have processed, and you indemnify us against all losses in this regard;
10.3.3 place a hold on your nominated account;
10.3.4 pledge an amount equal to an estimate of any potential losses that we may incur as a result of the fraudulent, invalid or suspicious transaction;
10.3.5 suspend the acquiring service and products; or
10.3.6 terminate the agreement immediately without prior notice and without prejudice to any other rights in law.
11. Refund procedure
11.1 If a cardholder asks for a refund and/or you are required to refund the cardholder in terms of legislative provisions and/or because you reasonably believe that the cardholder is entitled to a refund, you must process the refund to the card used for the transaction or any other card issued to the cardholder.
11.2 Notwithstanding clause 11.1 you may choose to refund the cardholder in cash.
11.3 All refunds will be done at your own risk.
11.4 You must calculate the amount of any refund at the refund date using the prevailing exchange rate (where applicable). Any fees due to us resulting from the transaction will remain due and payable to us.
12. Cardholder disputes and chargebacks
12.1 Disputes and chargebacks will be dealt with in terms of the card network rules and the prevailing provisions.
12.2 The cardholder may dispute transactions within 180 days of the transaction date. In some instances this period may be longer.
12.3 We reserve the right to charge back the amount of disputed transactions directly to your nominated account on receiving the dispute.
12.4 Reasons for chargebacks include, but are not limited to the following:
12.4.1 Actual or suspected lack of authorisation.
12.4.2 Unlawful or suspicious transactions.
12.4.3 Goods and/or services not having been delivered.
12.4.4 Goods and/or services not being to the agreed standard or quality.
12.4.5 A transaction being fraudulent or invalid.
12.4.6 A transaction not having been processed in line with the card network rules.
12.5 You will be liable to us for the full chargeback amount as well as any Nedbank and/or card network fees relating to chargebacks.
12.6 We will debit the transaction amount against your nominated account or any other bank account in your name with enough credit.
12.7 We may hold the transaction amount in advance for potential chargebacks until the chargeback process has been completed.
12.8 You are liable for all chargebacks as well as their resolution with the cardholder and issuing bank. We will not intervene on behalf of you, the cardholder or the issuing bank and will not become involved in a dispute between you and a cardholder. We will assist only in the exchange of documents between you and the issuing bank.
12.9 If you want to dispute a chargeback, you must submit all the relevant and necessary documents to us on request within the stipulated time frames. If you do not submit the documents to us at all or within the stipulated time frames, the chargeback will be upheld. Nedbank does not determine the outcome of the chargeback or dispute.
12.10 The card networks prescribe certain thresholds relating to chargebacks and fraudulent transactions. If these thresholds are exceeded, the card networks may charge fines and/or penalties, for which you will be liable. It may also result in us terminating the agreement or reviewing and amending it.
12.11 You agree and accept full chargeback liability for all fraud established on a card, regardless of whether the chargeback is regarded as being the result of fraudulent card use.
13. Liability shift
13.1 If you have complied with the authorisation procedures as set out in the agreement and annexures, the liability for any resultant chargebacks will shift from you to the issuing bank.
13.2 However, if you do not follow the necessary processes, the liability for any resultant chargeback will shift from the issuing bank to you and you will be liable for the chargebacks.
13.3 Liability shift occurs only when a chargeback arises from the authorisation process relating to the transaction. A cardholder may still raise a chargeback if the dispute relates to the services rendered or the goods provided.
14. Merchant service commision, fees and charges
14.1 We are entitled to charge the merchant service commission, fees and charges as set out in the fee schedule.
14.2 We will provide you with a statement reflecting the merchant service commission, fees and charges debited or any other amount credited to your nominated account. This statement will be paper-based or electronic.
14.3 If we do not provide you with a statement, it will not be a waiver of our claims to the merchant service commission, fees or charges concerned.
14.4 It is your obligation to dispute statement within 90 days after the statement date in order to us to review your dispute and address your dispute. If you fail to raise a dispute within the indicated time, it will be deemed that you are in agreement with the relevant statement.
14.5 We will determine the percentage of the merchant service commission at our discretion. We may review this percentage, and will notify you of any changes.
14.6 We reserve the right to levy other fees at any time but will always notify you accordingly one month before they become applicable.
14.7 All amounts specified in the cover page of this agreement are payable free of any deductions or set-off.
14.8 You acknowledge and agree that we will be entitled to debit your nominated account with all the amounts specified in the agreement within 180 days of the date of the cancellation of this agreement.
14.9 If we are unable to debit your nominated account, we will net-settle you.
15. Debiting your account
15.1 You nominate the bank account set out in the cover page of this agreement for the debiting of any fees as it relates to the agreement.
15.2 We may debit your nominated account, at whichever bank this account is held, with the following:
15.2.1 Refunds due to a cardholder in line with the refund procedure set out in clause 9, 10, 11 and/or 12.
15.2.2 The value of reversals of invalid transactions.
15.2.3 Rentals for software and/or devices and/or fees for the provision of merchant facilities.
15.2.4 The merchant service commission as detailed in the fee schedule.
15.2.5 Refunds to a cardholder not attended to by you.
15.2.6 The value of disputed transactions that cardholders brought to our attention.
15.2.7 Interest at our prime overdraft rate on any amount that you owe us.
15.2.8 The value of transactions performed with a cancelled or otherwise invalid card.
15.2.9 Fees and/or fines and/or penalties that the card networks or industry regulatory bodies charge for excessive chargebacks or other disputes relating to you and/or your failure to comply with regulatory requirements or any other fee, fine or penalty levied by such a regulatory body or organisation due to your failure to adhere to this agreement.
15.3 You must pay an administration fee for each payment that is due to us that your bank has returned unpaid.
15.4 You undertake to notify us immediately in writing or by email of any changes in the details of your nominated account. This notification must reach us at least 10 business days before the change will come into effect. You waive any right to claim damages from us if the damages result from non-compliance with this clause.
15.5 The amounts referred to in the agreement may be subject to exchange rate variations, where applicable.
15.6 VAT will be payable on all fees referred to in the agreement and the fee schedule, where applicable, unless otherwise stated.
15.7 We reserve the right to terminate the agreement immediately if your bank returns a payment for whatever reason.
15.8 We reserve the right to change any other fees provided for in the agreement by giving you written notice, which could be a letter, statement message, statement insert or something else.
15.9 You agree and acknowledge that if your facility is cancelled, we may debit your nominated account with all the amounts specified in the agreement within 180 days of the date of the cancellation.
16. PCI DSS
16.1 When processing card transactions, you must comply with PCI DSS and therefore do the following:
16.1.1 Consult the PCI DSS website (https://www.pcisecuritystandards.org/Merchants/).
16.1.2 At your own cost agree to and do comply with all the requirements of PCI DSS, which are available at https://www.pcisecuritystandards.org.
16.1.3 Report all instances of a data compromise, as defined by PCI DSS, to us immediately but not later than 24 hours from the time you became aware of the incident.
16.1.4 Ensure that identified breaches of the PCI DSS are rectified within six months of the reported breach.
17. Warranties
17.1 By presenting transactions to us for payment, you warrant and continue to warrant the following:
17.1.1 No proceedings have started or are threatened against you that would or could restrain you from entering into the agreement or from providing the goods and/or services.
17.1.2 All statements of fact contained in them are true.
17.1.3 The goods and/or services concerned were supplied at your normal cash price, which does not include additional charges or element of credit.
17.1.4 The transaction between you and a cardholder is legal and conforms to the laws of South Africa.
17.1.5 The goods and/or services supplied in terms of the transactions are not in conflict with the laws of South Africa or the card network rules.
17.1.6 There has been full compliance with the terms of the agreement.
17.1.7 You indemnify us against any claim or liability that may arise from a dispute between you and a cardholder about goods and/or services supplied, with the onus being on you to provide satisfactory evidence to us that the cardholder had authorised the debit from their account.
17.1.8 You indeed supplied the goods and/or services referred to in the transactions to the cardholder at the agreed location and within the agreed period.
17.1.9 You have full capacity and authority to enter into and perform your obligations under the agreement in terms of your constitutive documents and applicable law, and are not subject to any legal or contractual restrictions or limitations in this regard.
17.1.10 You have not been induced to enter into the agreement by any prior representations, warranties or guarantees, whether oral or in writing, except as expressly contained in the agreement.
17.1.11 If you are -
17.1.11.1 a legal person or trust, you are incorporated in terms of the relevant laws of South Africa and registered in line with South African law; or
17.1.11.2 a natural person, you are a South African citizen and domiciled in South Africa or are a permanent resident of South Africa or a foreign citizen holding the necessary permits and visas to conduct business in South Africa; or
17.1.11.3 a partnership, the majority of the partners are South African citizens and domiciled in South Africa and the main business of the partnership is conducted in South Africa.
17.2 In addition to the other undertakings, you unconditionally and irrevocably undertake to do the following:
17.2.1 Inform us promptly in writing –
17.2.1.1 of any alterations to your constitutional documents;
17.2.1.2 of any change in the present shareholding or ultimate beneficial control relating to your voting rights;
17.2.1.3 of any other events or circumstances relating to business rescue proceedings in respect of you or your members or by an affected person as set out in the Companies Act, 71 of 2008 (the Companies Act), or at the instance of the court pursuant to a court order starting business rescue proceedings (whether the proceedings are anticipated, threatened or have started), and immediately provide us with the full details of the proceedings; copies of all relevant documents, including applications, notices of meetings and resolutions, and any steps that you are taking or proposing to take in respect of the proceedings; and
17.2.1.4 if you have received notices from the Companies and Intellectual Property Commission (commission’) in terms of sections 22(2) and 22(3) of the Companies Act.
17.2.2 Deliver to us written notice of a board or members’ meeting of yours to approve a resolution as set out under section 129 of the Companies Act within five business days before the date on which it will held, together with the details of the date and place at which the meeting will be held. You agree that we will be entitled to attend the meeting at our discretion. If we attend the meeting, we will have the right, subject to applicable laws, to be consulted in respect of the appointment of an appropriate business rescue practitioner.
17.2.3 Inform us in writing before entering into a merger, a demerger or an amalgamation. On receipt of this notice we may terminate the agreement immediately.
17.2.4 Comply with section 75 (disclosure of financial interest) of the Companies Act in respect of all agreements you contemplate and, in the event of non-compliance, obtain a ratifying extract from the shareholders.
17.2.5 If applicable, promptly deliver the written notice as set out in section 129(7) of the Companies Act to us.
17.2.6 Promptly comply with the requirements of section 11(3)(b) (RF companies) and section 13(3) of the Companies Act in respect of any special conditions contained in your memorandum.
18. Protection of personal information
18.1 If you have access to, store (including in digital form) or communicate (including any digital communication) personal information relating to the data subjects, you must:
18.1.1 treat the personal information as confidential;
18.1.2 not disclose the personal information to any third party, unless we have authorised the disclosure in writing;
18.1.3 ensure that any person who has lawful access to the personal information has signed a legally binding non-disclosure agreement;
18.1.4 take appropriate, technical and/or organisational measures to ensure the integrity of the personal information and to ensure that it is secured and protected against unauthorised or unlawful processing, accidental loss, destruction or damage, alteration, disclosure or access by –
18.1.4.1 having regard to any requirement in law or stipulated in industry rules or in codes of conduct or by a professional body; and
18.1.4.2 taking all necessary steps to -
18.1.4.2.1 at least every 12 months identify all internal and external risks to the personal information and provide us with a detailed written audit report within 30 days of having completed your investigations, whether the investigations happen as frequently as every 12 months or more frequently;
18.1.4.2.2 implement and maintain appropriate safeguards against the identified risks;
18.1.4.2.3 regularly verify that the safeguards have been implemented effectively and, where there has been a change of your environment regarding cyber or privacy during the tenure of the agreement, provide a written report to us within two days after the change of that environment;
18.1.4.2.4 accord the same levels of privacy and confidentiality for a natural person who is the data subject to a juristic person who is the data subject; and
18.1.4.2.5 comply with any audit requirements that we impose in respect of the personal information.
18.2 Notification of a security breach
18.2.1 You must:
18.2.1.1 notify our information officer or the Nedbank relationship manager by sending an email to privacy@nedbank.co.za (as referred to in the Nedbank Group PAIA (Promotion of Access to Information) Manual posted on our website) immediately but within 24 hours of becoming aware or suspecting any unauthorised or unlawful use, disclosure or processing of personal information; and
18.2.1.2 at your own cost take all necessary steps to mitigate the extent of the loss or compromise of the personal information and restore the integrity of the affected information systems as quickly as possible and -
18.2.1.2.1 give us all the necessary information that we may request pursuant to the security breach and help us meet any regulatory requirements and obligations in respect of the personal information;
18.2.1.2.2 in consultation with us and where required by law notify any legally mandated authority or data subjects; and
18.2.1.2.3. help us (in any format that we may require) comply with any requests for access to personal information from data subjects.
18.3 Permitted processing of personal information
You must process the personal information of data subjects in line with the agreement.
19. Cconfidential information and data security
19.1 The parties agree and undertake in favour of each other to keep the confidential information confidential, except as permitted (i) by the agreement, (ii) by prior written consent, (iii) by law, or (iv) if the confidential information is in the public domain. The parties will protect each other’s confidential information in the manner of a reasonable person protecting their own confidential information.
19.2 The confidentiality obligations in terms of this clause 19, with respect to each item of confidential information, will start on the date on which the information is disclosed or otherwise received and will endure indefinitely after the termination of the agreement for as long as the confidential information remains confidential.
19.3 Neither party will use or permit the use of the confidential information for any purpose other than for the purpose of the agreement and in particular not to use or permit the use of the confidential information, whether directly or indirectly, to obtain a commercial, trading, investment, financial or other advantage over the other party or otherwise use it to the detriment of the other party.
19.4 The parties will not copy or reproduce the confidential information by any means without the prior written consent of the disclosing party, it being recorded that any copies of the confidential information will be and remain the property of the disclosing party. The parties may disclose confidential information to attorneys or auditors, provided that the disclosure is reasonably required for purposes of conducting that party’s business activities. The party must then ensure that the recipient of the confidential information maintains the confidentiality.
19.5 Each party will ensure that its employees or contractors engaged in terms of the agreement are under an equivalent obligation of confidentiality to that imposed by the agreement on the parties, and will use commercially reasonable efforts to ensure that no employees or contractors will be in breach of that obligation and that any employee or contractor who is in breach is prevented from continuing the breach.
19.6 In the event that either party is required to disclose the confidential information by law, the party receiving the request to disclose information will:
19.6.1 advise the other party prior to disclosure, if possible;
19.6.2 take steps to limit the extent of the disclosure to the extent that it lawfully and reasonably practically can;
19.6.3 afford the other party a reasonable opportunity, if possible, to intervene in the proceedings; and
19.6.4 comply with the other party’s requests as to the manner and terms of the disclosure.
19.7 You may receive or have access to our confidential information and will therefore adopt appropriate technical and/or organisational security measures to:
19.7.1 prevent any unauthorised person from having access to computer systems processing or storing our confidential information, especially with regard to –
19.7.1.1 unauthorised reading, copying, alteration or removal of storage media;
19.7.1.2 unauthorised data input and unauthorised disclosure, alteration or erasure of our stored confidential information; and
19.7.1.3 unauthorised use of data-processing systems by means of data transmission facilities; and
19.7.2 ensure that authorised users of a data-processing system can access only our confidential information to which their access rights refer;
19.7.3 record which of our confidential information has been communicated, when and to whom;
19.7.4 ensure that our confidential information being processed on behalf of third parties can be processed only in the manner that we or the third party has prescribed;
19.7.5 ensure that, during communication of our confidential information and transport of storage media, the data cannot be read, copied or erased without authorisation; and
19.7.6 design your organisational structure in such a manner as to comply with industry best-practice data protection requirements.
19.8 The security measures set out above must be recorded in a plan and must be presented to us on demand.
19.9 The content and existence of the agreement constitute confidential information and must be treated as such.
19.10 The obligations in this clause will endure even if the agreement has been terminated.
20. Intellectual property
20.1 The parties to the agreement acknowledge that all intellectual property rights presently vesting in the respective parties at the date of signature of the agreement will continue to vest in those parties.
20.2 The parties undertake not to use one another’s intellectual property in any publication, advertisement, signage, media, circular or similar medium without the written approval of the other party.
20.3 Any intellectual property that we develop during the subsistence of the agreement for purposes of the services as set out in the agreement will vest exclusively with us.
20.4 We grant you a non-assignable and non-exclusive licence to use the service.
20.5 Subject to any intellectual property rights held by any other third parties, we retain all intellectual property and intellectual property rights in and to all intellectual property in connection with the service and specifically to any Scan to Pay logos, the Scan to Pay app, the Merchant Portal and QR codes.
20.6 You may not copy, republish, distribute, adapt, modify, alter, decompile, reverse-engineer or attempt to derive the source code of works or create a derivative of the source code, or otherwise try to reproduce the Scan to Pay app, the Merchant Portal or QR codes, their respective content, including any intellectual property in the content, their respective designs, any updates to the proprietary features and/or any proprietary features in relation to them, or any parts of them.
21. Regulators' and our audit rights
21.1 We and/or our agents and/or our internal or external auditors will have the right to audit you at any time to determine whether you comply with the agreement. These audit rights include the right of access to systems, procedures and software; vulnerability testing of systems, procedures and software; and inspection of the physical security of your premises. You will offer reasonable assistance and cooperation to us and/or our agents and/or our internal or external auditors for the carrying out of the auditing exercise.
21.2 To the extent that you engage an independent auditor to carry out an audit of your operations, you agree to provide us with the relevant copies of the audit reports of all those audit exercises on request.
21.3 You acknowledge that as a banking group, we have to comply with directives and guidelines from the South African Reserve Bank (SARB), other regulators and the card networks. Accordingly, any of our regulators, including SARB, will have the same audit rights as set out in this clause 21. If a regulator wants to do an audit of you, you must inform us to the extent allowed in law.
22. Disclaimer
22.1 We will not accept liability for incorrect transaction details you submit to us.
22.2 We do not guarantee uninterrupted availability of the service.
22.3 We do not accept liability for failed transactions if transactions fail for reasons beyond our control, including a telecommunication connectivity failure.
22.4 We do not warrant that the service will be error-free or that the service will perform to any particular standard.
22.5 You use the service at your own risk.
22.6 If you do not notify us of changes to your contact details, we will not be liable for any loss you may suffer if we cannot contact you or if you do not receive notifications or other documents or information from us.
23. Breach
23.1 Unless stated otherwise in the agreement, if either party commits a breach of this agreement and fails to remedy it within seven days of written notice, the notifying party will be entitled to terminate the agreement, without prejudice to any rights that the party may have.
23.2 If (i) a causal event (as defined below) occurs in respect of you; or (ii) you do not adhere to applicable laws; or (iii) you breach any term or condition of any licence, authorisation or consent required for the provision of the services, which breach we, at our discretion, consider to be prejudicial or potentially prejudicial to us, we will be entitled to terminate the agreement and/or any transaction document immediately on written notice to you. The termination will be without any liability to us and without prejudice to any claims that we may have for losses against you.
23.3 For the purposes of the agreement, a causal event is:
23.3.1 a compromise, scheme of arrangement or composition by you with any or all your creditors;
23.3.2 your liquidation, whether provisionally or finally, or the start of business rescue proceedings in relation to your business;
23.3..3 a default or cessation, or a reasonable prospect of default or cessation (as the case may be), of your normal line of business;
23.3.4 the commission of an act or an omission that is an act of insolvency by an individual in terms of the Insolvency Act, 24 of 1936, or the existence of circumstances that would allow for the winding up of your business in terms of the Companies Act and/or in terms of section 68 of the Close Corporations Act, 69 of 1984, as the case may be;
23.3.5 your disposal of a material portion of your undertaking or assets;
23.3.6 any change of control of your business, and this change of control will be accepted to have occurred in circumstances where, subsequent to the start date, any person (whether natural, juristic, or otherwise) acquires the ability, by virtue of ownership, rights of appointment, voting rights, management agreement, or agreement of any kind, to control or direct (directly or indirectly) your board or executive body or decision-making process or management as set out in the Companies Act; or
23.3.7 your conduct or alleged conduct or your association or alleged association to a third party that, at our discretion, could result in reputational risk to us, provided that the causal events will be accepted to be causal events if we consider these events, at our discretion, to be detrimental to you for sound business reasons.
24. Termination
24.1 After expiration of the initial period, you may terminate the agreement on a calendar month’s written notice to us. You will then be responsible for the remaining responsibilities in respect of the services and products that we have delivered and for all losses incurred as a result of your actions and/or omissions.
24.2 We may terminate the agreement (in whole or in part) without cause or incurring liability at any time by giving you at least 30 days’ prior written notice indicating the termination date. Notwithstanding the foregoing, should we deem it necessary to do so we may terminate this agreement with immediate effect. Our rights in terms of this clause will not be affected by any force majeure event.
24.3 The termination of one annexure will not affect the validity of any other annexure, unless stated otherwise in the annexure. However, all annexures will terminate when the agreement terminates.
24.4 When the agreement terminates, the clauses in the agreement will continue to apply to transactions that you processed on or before the termination date. Termination of the agreement will not affect any rights and/or obligations of the parties that arose in terms of the agreement on or before the termination date.
25. Jurisdiction
The agreement is governed by the laws of South Africa and all disputes, actions and other matters in connection with it will be determined in line with those laws.
26. Limitation of liability
26.1 If a breach of any of the provisions of the agreement happens, you will be liable to us for all losses that we have sustained as a result of the breach.
26.2 We will not in any way be liable to you or any third party for any indirect, special and/or consequential losses that you or a third party have sustained.
26.3 Neither party’s direct or indirect liability is limited for fraud or theft by it or its employees, death or personal injury caused by you or your employees or authorised subcontractors or any liability arising from a breach or an indemnity given in respect of a party’s obligations, in relation to confidential information, intellectual property rights and applicable law.
27. Force Majeure
27.1 No party will be liable to the other for any losses resulting from non-performance of its obligations if and to the extent that the non-performance is caused by events not within the control of that party, provided that the non-performance could not have been prevented by reasonable precautions. ‘Reasonable precautions’ by way of example include making provision for alternative electrical power during temporary electrical power outages so that each party can continue performing its obligations.
27.2 If any event under clause 27.1, at our discretion, substantially prevents performance of the services, we may, at our option: (i) procure the services from another source; or (ii) terminate the agreement or any portion of it without liability. To the extent applicable, the charges payable under the agreement will then be adjusted to reflect the terminated services.
27.3If either party (invoking party) cannot fulfil any of its obligations in terms of the agreement as envisaged in 27.1 and/or as a result of an act of God, strike, war, riots, fire, flood, legislation, insurrection, sanctions, trade disputes or economic embargo or any similar cause beyond the reasonable control of the invoking party (any event from here is called a force majeure), the invoking party will immediately give written notice of the force majeure to the other party:
27.3.1 specifying the cause and anticipated duration of the force majeure; and
27.3.2 promptly on termination of the force majeure confirming that the force majeure has ended.
27.4 Performance of these obligations will be suspended from the date on which notice is given in terms of subclause 27.3.1 until the date on which notice is given in terms of subclause 27.3.2.
27.5 The invoking party will not be liable for any delay or failure in the performance of any obligation in terms of the agreement or for loss or damage due to or resulting from the force majeure during the period referred to in subclause 27.3 above, provided that:
27.5.1 the invoking party uses and continues to use its best efforts and takes all reasonable steps to perform it obligations and provides the necessary notices as specified in clause 27.3; and
27.5.2 if the force majeure continues for more than 30 days, the other party will be entitled to cancel the agreement on the expiry of the 30 days with immediate effect on written notice. The other party will not be able to claim damages against the invoking party as a result of the delay or failure in the performance of any obligations under this agreement due to or resulting from the force majeure, except as otherwise stated in this agreement.
27.6 The provisions of this clause do not derogate our rights in terms of clause 24.
28. Domicilia and notices
28.1 You choose the physical address as set out in the cover page of this agreement as your domicilium citandi et executandi and, for the purposes of giving or sending any notice through electronic communication, the last email address that you have given us.
28.2 We choose 135 Rivonia Road, Sandown, Sandton, 2196, as our domicilium citandi et executandi and, for the purposes of giving or sending any notice through electronic communication, the last email address that we gave you.
28.3 Any notice addressed to a party at its physical or postal address must be sent by prepaid registered post, delivered by hand or sent by email.
28.4 Any notice will be deemed to have been given and received as follows:
28.4.1 If it was posted, seven days after the date it was posted (or on the next business day if no postal services are available on that day).
28.4.2 If it was hand-delivered, on the day of delivery.
28.4.3 If it was faxed or emailed, on the date of the sending of the fax or email.
28.5 Regardless of anything to the contrary contained in this clause 28, a written notice or communication that a party actually received will be adequate written notice or communication to that party, even if it was not sent or delivered to its chosen domicilium citandi et executandi or in a way provided for in this clause 28.
29. Amendment to the agreement
29.1 During the term of the agreement we may revise and update it or discontinue or otherwise modify (temporarily or permanently) the services and/or any part of your access to it. We reserve the right to make these changes effective immediately if it is necessary to maintain the integrity and security of the services and related systems, and to comply with the card network rules, legislation, regulations and industry requirements.
29.2 The latest version of the agreement and annexures are available on our website and this version will at all times be the agreement that governs our relationship.
29.3 You are obligated to review any changes to the agreement and must contact us if you require clarity on any of the provisions.
29.4 Material amendments to the agreement will be communicated to you through a telephone call, written notice, statement messages or SMSs.
29.5 If you do not agree to an material amendment, you must inform us in writing or telephonically if you want to terminate the agreement within five days after having received our notice.
29.6 If you do not notify us of your intention to terminate the agreement, your continued use of the services after that will serve as confirmation that you have receive adequate notice of the material amendments and have accepted the amended agreement. All transactions processed after material changes have been made to the agreement will be governed by the amended agreement.
29.7 In the event that additional card acceptance facilities are activated for you, either at your request or our mutual agreement, confirmation will be sent to you in writing by Nedbank.
30. General
30.1 The agreement, which we may amended from time to time, constitutes the entire agreement between the parties in respect of the subject matter, correctly reflects the intention of the parties and constitutes all arrangements entered into between them.
30.2 A certificate of indebtedness signed by any manager of ours will be regarded as sufficient proof of the particulars included in the certificate for the purposes of provisional sentence, summary judgment or any other purpose.
30.3 No failure, delay, relaxation or indulgence on our part in exercising any power or right conferred on us in terms of the agreement will be a waiver of that power or right, and it will not change or cancel any of the terms and conditions of the agreement.
30.4 Unless expressly stated otherwise, the agreement (in whole or in part), any share or interest in it, or any rights or obligations conferred on you may not be ceded, assigned or otherwise transferred without our prior written consent.
30.5 You acknowledge that, apart from what is recorded in the agreement, we have given no warranty (express or implied) concerning our obligations under the agreement or in respect of any provisions contained in it.
30.6 We will not be liable for any corrupted computer data or vouchers lost in transit, whatever the cause.
30.7 We will be entitled, at our discretion and without notifying you, to consolidate any or all your Nedbank accounts. A partial consolidation will not prevent us from claiming from you any amount excluded in the consolidation.
30.8 We may, for any reason, set off amounts due and payable to us against amounts that we may owe you from any account that you have with us. You must immediately pay to us any net amount that is still payable to us after set-off.
30.9 The terms of the agreement in respect of each part will be accepted as whole, separate, severable and separately enforceable in the widest sense from the rest of the agreement.
30.10 The parties acknowledge that each clause of the agreement is separate. If a clause is or becomes illegal, invalid and/or unenforceable for any reason, it must be treated as if it had not been included in the agreement. This will not result in the remainder of the agreement being illegal, invalid or unenforceable.
30.11 The agreement is subject to the card acquiring rules and regulations of the card networks (as amended).
ANNEXURE 2
E-commerce Terms and Conditions
1. DEFINTIONS AND INTERPRETATION
1.1 You must read this annexure together with the general terms and conditions.
1.2 Words and expressions, not expressly defined in this annexure will have the same meaning as in the general terms and conditions.
1.3 If there is a conflict between this annexure and the general terms and conditions, this annexure will prevail only to the extent that the inconsistency relates to e-commerce transactions.
1.4 In this annexure the words and expressions below shall have the meaning assigned to it herein, these definitions must be read in conjunction with the terms as defined in the general terms and conditions
1.4.1. authentication |
The process of verifying that a person making an e-commerce purchase is entitled to use the card tendered for payment. |
1.4.2. authorisation, authorised |
The issuing bank confirming that there is enough money available on the card or in the account linked to the card, allowing a transaction to be processed. If the issuing bank indicates that there is not enough money available, the transaction will be declined. |
1.4.3. card network |
An entity that operates a card network engaged in the business of issuing cards as a payment method, including Mastercard International, Visa International, Diners Club International, American Express, Union Pay International (UPI), the Buy Aid associations, and any other entities operating another card network that may exist. |
1.4.4. CAVV |
Customer authentication verification value, the three-digit number on the back of a card. |
1.4.5. ECI |
Electronic-commerce indicator, a two- or three-digit code issued by the card networks or us to notify you of the authentication of the cardholder and the status of the cardholder’s issuing bank under 3D Secure. |
1.4.6. internet |
The collection of local area networks, wide-area networks and third-party networks that all use the same protocol (namely TCP/IP) to form a packet-switched network, colloquially referred to as the internet, and accessible by any person or business through an internet service provider. |
1.4.7. liability shift |
The burden of proof for qualifying e-commerce transactions from us and you to the issuing bank. This shift of liability applies only in cases where the dispute relates to cardholder authentication in processing the transaction. No shift of liability occurs if the dispute relates to the actual provision of goods or services or their quality. Liability shift applies when you are enrolled in the 3D Secure programme. |
1.4.8. M-commerce |
An e-commerce Transaction performed through wireless and/or mobile electronic media. |
1.4.9. merchant portal |
As it relates to Scan to Pay, the interface on your device that enables you to, among others, check transactions and access reports. |
1.4.10. merchant server plug-in, MPI |
A component that is incorporated into your web storefront and performs functions related to Verified by Visa and SecureCode on your behalf. |
1.4.11. message |
An electronic communication from your server to the payment gateway or vice versa in a format that we prescribe. |
1.4.12. payer authentication request, PAReq |
A message sent from the MPI to the issuing bank’s Access Control Server (ACS) (via the cardholder’s browser) requesting the authentication of the cardholder. |
1.4.13. payer authentication response, PARes |
A message formatted, digitally signed and sent from the issuing bank’s ACS to the MPI (via the cardholder’s browser), providing the results of the issuing bank’s authentication of the cardholder. |
1.4.14. payment gateway |
A service provider that specialises in providing web-based secured e-commerce services and with whom you contract to receive these services. |
1.4.15. payment gateway network |
The information technology network of the Payment Gateway (connected between its entry and exit core routers), which includes routers, switches, firewalls, cabling, Payment Gateway software and any other hardware, software and infrastructure that forms part of it or is related to it. |
1.4.16. SecureCode |
The Mastercard 3D Secure programme. |
1.4.17. UCAF/ECI |
Universal cardholder authentication field or e-commerce indicator, which identifies an internet transaction. |
1.4.18. Verified by Visa |
The Verified by the Visa 3D Secure programme. |
2. DURATION
This annexure will endure for the same period as the agreement. If the agreement is terminated, the annexure will also terminate.
3. E-COMMERCE CARD PAYMENT ACCEPTANCE
3.1 You must be enrolled in the 3D Secure programme.
3.2 You must process e-commerce transactions in line with the prevailing 3D Secure measures.
3.3 If you process e-commerce transactions that are not protected via 3D Secure, you will be liable for all losses (and fees that we or the card networks levy) arising as a result of this non-compliance.
3.4 E-commerce transactions that are processed via 3D Secure will result in a liability shift. However, the following transactions under the following circumstances will have no liability shift:
3.4.1 An e-commerce transaction is processed on a business or corporate card that is a Mastercard or Visa card. You will remain liable for all disputed e-commerce transactions when these cards are used.
3.4.2 3D Secure authentication is unavailable or unsuccessful and you choose to proceed with the transaction, or your infrastructure and/or systems or your payment gateway fails when you attempt a transaction.
3.5 You acknowledge that, if an issuing bank receives an authorisation request for an e-commerce transaction from a 3D Secure-enabled merchant and finds that the transaction has not been processed as a 3D Secure transaction, then the issuing bank is entitled to and will claim a greater interchange rate for that transaction. The merchant service commission payable by you in this case will be higher and we may choose to levy further penalties on these transactions.
3.6 If it is discovered that you are not applying 3D Secure processes to transactions either routinely or periodically, we reserve the right to increase the merchant service commission retrospectively from the time it is evident that the 3D Secure processes are not consistently applied. We will also have the right to claim any resultant and/or related fines or penalties levied by the relevant regulatory bodies and/or terminate the agreement.
4. YOUR OBLIGATIONS
4.1 You must adhere to the following provisions when processing e-commerce transactions:
4.1.1 Operate this facility only within our jurisdictional territory.
4.1.2 Ensure that your website complies with the provisions as prescribed by the card network rules.
4.1.3 Install or integrate into your website software, internet infrastructure and processes that enable electronic data to identify you and the cardholder by verifying you and the integrity of the message.
4.1.4 Ensure that your website, server, internet infrastructure, policies and procedures adhere to our minimum requirements.
4.1.5 Implement hardware or software that we prescribe to limit or reduce fraud.
4.1.6 Notify us of any changes relating to your payment gateway or your website.
4.1.7 Ensure that the information printed and completed on the delivery note and/or proof of dispatch is true and correct.
4.2 You must display the following information on your website:
4.2.1 The Visa and Mastercard brand mark in full colour to indicate Visa and Mastercard acceptance, as specified in the respective Visa and Mastercard product brand standards.
4.2.2 A complete description of the goods and/or services offered.
4.2.3 The applicable returns or refund and cancellation policies, which must:
4.2.3.1 clearly stipulate to the cardholder where the return of goods or cancellation of services are restricted;
4.2.3.2 be clearly disclosed to a cardholder before final payment; and
4.2.3.3 be accepted and/or agreed to by the cardholder through positive conduct such as clicking on a ‘Click to accept’ button or marking a checkbox on your website. The cardholder must not be requested to make payment unless they have accepted the returns or refund and cancellation provisions. You may provide any other evidence that proves the cardholder’s acceptance, eg a cardholder-signed copy of the returns or refund and cancellation provisions or the cardholder’s return email accepting the returns or refund and cancellation provisions.
4.2.4 Your contact details, which include a contact name, telephone number, physical address of your permanent establishment, and email address.
4.2.5 Transaction currency [only South African rand (ZAR) is allowed].
4.2.6 Your delivery policy.
4.2.7 Your data privacy policy.
5. AUTHORISATIONS
5.1 You must follow the procedure below when presenting an e-commerce transaction for authorisation:
5.1.1 Prior to accepting any e-commerce transaction, you must obtain prior authorisation from us via the payment gateway.
5.1.2 Authorisation must be requested only at the time of and for a particular e-commerce transaction.
5.1.3 You are responsible for ensuring that your payment gateway populates the correct CAVV and ECI indicators in the message, failing which you will be liable for any loss incurred.
5.1.4 You must forward a message to the payment gateway consisting of a record of all authorised e-commerce transactions in respect of which the goods and/or services have been dispatched. This message will be construed as being a guarantee given by you that the goods and/or services have been dispatched and will constitute an instruction to us to process the virtual transaction.
5.1.5 Failure to comply with any or all of the requirements set out above will render the e-commerce transaction invalid.
5.2 In addition to the above, you must adhere to the following when processing an e-commerce transaction:
5.2.1 You may not store a cardholder’s CAVV number.
5.2.2 You may not split an e-commerce transaction, disguise a transaction or act in a way as to avoid obtaining authorisation.
5.2.3 Authorisation is a prerequisite for the dispatch of goods and delivery of services. If the initial amount for which authorisation was obtained differs from the final amount charged to the cardholder, you must cancel the initial authorisation request by contacting us and resubmit a new request.
5.2.4 On authorisation being granted, the provision of your goods and/or services must take place within the periods stipulated in your delivery policies or as otherwise agreed between you and the cardholder.
5.2.5 Record must be kept of cardholder details in a secure manner.
5.3 The risk relating to the operational effectiveness through which e-commerce transactions are transmitted (ie the payment gateway network) will vest in you. The contents of the message we receive from the payment gateway will be deemed to be the contents of the message as received from your server. The foregoing will not be applicable only if we appoint the payment gateway or provide this service to you.
6 .YOUR OBLIGATIONS IN RESPECT OF TRANSACTION DATA
6.1 You must keep all information relating to a transaction on your database for at least three years after the transaction date.
6.2 You must keep proof of supply or delivery of the goods or services for at least three years after the transaction date.
6.3 Having regard to the chargeback procedures, you may be liable for the value of the sale if the cardholder subsequently repudiates or disputes any transaction.
6.4 For transactions processed through the payment gateway, you must, within five days of the transaction date, query any non-reflected credits.
6.5 When processing card transactions, you must at all times comply with the PCI DSS and must therefore:
6.5.1 at your own cost comply with all aspects of the PCI DSS as published by the card networks from time to time;
6.5.2 report all instances of a data compromise to us immediately but within 24 hours from the time you became aware of the incident; and
6.5.3 ensure that identified breaches of the PCI DSS are rectified within six months of the reported breach.
6.6 You will be liable to settle any fines or penalties that the card networks levy in the event of a data breach.
6.7 A transaction requiring payment must be presented by means of a message to the payment gateway. The message must include a record of all authorised transactions relating to goods that have been dispatched. The frequency of the data interchange will be at our discretion. However, you must ensure that all transactions are presented for payment within three business days of the transaction date.
6.8 You undertake to notify us immediately if there are any errors in the data interchange arising from a defective communication link. Our liability will then be limited to correcting the faulty data interchange in the system.
6.9 The fact that we may have credited your nominated account does not deprive us of our right to effect chargebacks or cancel the payment of transactions by debiting your nominated account with the amount of the invalid transaction.
7. PROVISIONS RELATING SPECIFICALLY TO SOFTWARE AND INFRASTRUCTURE
7.1 You must, in accordance with our requirements and with reference to clauses 4 and 5 above, install or integrate with our Verified by Visa and SecureCode merchant plug-in technology to identify yourself to us and/or the cardholder in line with the standards and specifications of the bank.
7.2 A 3D Secure transaction will be invalid:
7.2.1 f you insert falsified 3D Secure authentication information into the transaction message by inserting invalid card numbers; or
7.2.2 if the UCAF/ECI indicators are incorrect; or
7.2.3 if you tamper with the 3D Secure authentication response from the issuer; or
7.2.4 if you do not process a transaction in compliance with the 3D Secure authentication process.
7.3 Verified by Visa and SecureCode liability shift protection is provided only for Visa and Mastercard internet e-commerce transactions and this protection applies to cardholder disputes or card-not-present transactions.
7.4 You must implement Verified by Visa and SecureCode in such a way that the cardholder account details are never stored in an unprotected manner and that you adhere to the PCI DSS requirements.
7.5 A message received from your server will be accepted to be a message from you.
7.6 You must supply us with the PAReq and/or PARes messages if requested to do so to resolve disputes.
7.7 If you do not comply with this entire clause 7 and this annexure in general, you will be liable for the transaction and the amount of the transaction will be debited to your nominated account.
8. ADDITIONAL PROVISIONS RELATING SPECIFICALLY TO SOFTWARE AND INFRASTRUCTURE
8.1 You may carry out transactions only if you have infrastructure approved by us and a valid merchant certificate (or if the certificate was provided as part of the payment gateway).
8.2 You must comply with all applicable laws regarding import and export transactions performed over the internet.
8.3 We will not be party to any dispute between you and an e-commerce service provider that you appointed to establish your internet infrastructure. We will also not be liable for any damage that you suffer resulting from any failure or malfunction of this infrastructure.
8.4 You will be responsible for paying any charges or additional charges levied by a telecommunications provider authorised to control any connections that the infrastructure needs to function properly.
8.5 We will not be liable for damage caused by a network breakdown, system failure or equipment malfunction, or by the destruction of or damage to facilities caused by power failures or similar occurrences. It will also not be liable for loss or damage caused by events beyond our control and/or the fact that you or the cardholder is unable to gain access to your infrastructure or to use it.
8.6 You must, within a period agreed to by both parties, implement any hardware or software that we prescribe to manage or reduce fraud. If you do not implement it, we will have the right to cancel the agreement immediately.
8.7 You agree to implement security standards in the manner that we prescribe.
9. MOTO TRANSACTIONS
9.1 If you perform MOTO transactions, you must do by using manual PAN entry.
9.2 A MOTO merchant may process MOTO transactions only with our written consent. We will give this consent at our discretion.
9.3 A MOTO merchant must enter the following information into the POS device to obtain authorisation:
9.3.1 The card number.
9.3.2 The expiry date.
9.3.3 The CVV2/CVC2/4DBC number.
9.4 The MOTO merchant must write on the sales voucher the cardholder’s name and account number and the address to which the goods were dispatched or the date on which the services were rendered. The MOTO merchant must also label the sales voucher a MOTO transaction and ensure that it is signed by the MOTO merchant (or authorised official) in the cardholder’s signature block on the sales voucher. The MOTO merchant must keep the order form with the cardholder’s signature and attach it to the POS-device-generated sales voucher. The MOTO merchant will be liable for the amount reflected on the sales voucher if the cardholder subsequently repudiates or disputes any MOTO transaction.
9.5 This clause 14 is applicable to Visa and American Express Cards only, as no manual entry transactions can be processed on Mastercard cards.
10. Scan to Pay
10.1 Cardholders can use the Scan to Pay app to scan QR codes to pay for purchases.
10.2 Transactions can be performed by cardholders either scanning the QR code manually or entering the numeric code linked to the QR code into the Scan to Pay app.
10.3 All transactions will be authenticated either by 3D Secure, AMT or another accepted authentication method.
10.4 As it relates to the Scan to Pay service, you agree that you will:
10.4.1 be responsible for implementing and managing appropriate security measures to prevent invalid transactions and fraudulent transactions;
10.4.2 display all promotional material that we give you to indicate that you accept Scan to Pay transactions, and to replace or remove this material immediately when we ask you to do so;
10.4.3 use the Merchant Portal with the necessary care, and not allow any unauthorised persons access to the portal; and
10.4.4 use the Scan to Pay service and the Merchant Portal, and any new capabilities that we introduce, in a diligent manner and with the necessary care.
10.5 As it relates to the Scan to Pay services, we will:
10.5.1 provide you with the necessary training to use the Scan to Pay services;
1.0.5.2 keep you informed of any changes to the Scan to Pay services that may affect you or your ability to use the Scan to Pay services; and
10.5.3 use reasonable efforts to remedy non-performance, defects or errors to the extent that the services fail to perform or if any defects or errors become apparent.
Annexure 3
Amex Terms and Conditions
1. DEFINITIONS AND INTERPRETATION
In these terms and conditions:
1.1 You must read this annexure together with the general terms and conditions.
1. 2 Words and expressions, not expressly defined in this annexure will have the same meaning as in the general terms and conditions.
1.3 If there is a conflict between this annexure and the general terms and conditions, this annexure will prevail only to the extent that the inconsistency relates to Amex transactions.
1.4 In this annexure the words and expressions below shall have the meaning assigned to it herein, these definitions must be read in conjunction with the terms as defined in the general terms and conditions:
1.4.1. AEIPS |
is an acronym for American Express integrated circuit card payment specification which enables issuers, retailers and consumers to use chip cards and terminals with added security. |
1.4.2. AEVV means |
American Express Verification Value, which is a Cardmember authentication field or e-commerce indicator used to identify an internet transaction. |
1.4.3. card |
any valid American Express chip and or magnetic stripe Card that is issued by us or any other person authorised to do so. |
1.4.4. CID |
a security feature for card-not-present transactions on American Express cards consisting of a four-digit value which provides a cryptographic check of the information embossed on the Card. CID is printed only on the card — it is not contained in the magnetic-stripe information, nor does it appear on sales receipts or statements. |
1.4.5. directory server
|
the American Express Directory Server, which receives messages from merchants for a specific card number/transaction and determines whether the card number is registered for SafeKey, thereafter directing the request for Cardmember authentication to the appropriate ACS. The ACS in question then responds, with the Directory Server forwarding the response to the merchant. |
1.4.6. cardmember |
the person to whom an American Express Card has been issued and who is authorised to use the Card. |
1.4.7. liability shift |
means Fraud Liability Shift (FLS). It applies to Transactions which were attempted or fully authenticated, where a merchant is enrolled in the American Express SafeKey programme, allowing the burden of proof for qualifying online/e-commerce transactions to shift from the acquiring bank and its merchant to the card Issuer. This applies to chargebacks on transactions where the merchant attempted to authenticate (or where Full Authentication occurred) the American Express Cardmember using SafeKey, where the issuer is based within a SafeKey FLS market. An updated list of participating markets can be found at https://network.americanexpress.com/en/globalnetwork/safekey/. Issuers in American Express FLS markets may be liable for fraud losses, regardless of participation in American Express SafeKey by the Issuer, or its Cardmembers. Thus, regarding foreign-issued American Express Card transactions at South African Merchants, the Merchant is protected in that if they are American Express SafeKey enabled and attempt to authenticate the Cardmember using SafeKey, even if the issuing bank is not a SafeKey participant, the issuer may be liable for a resultant fraud loss. |
1.4.8. ECI means
|
Electronic Commerce Indicator. |
1.4.9. SafeKey means |
the 3-D Secure protocol-based, industry standard American Express SafeKey Cardmember Authentication Programme that, when employed by Issuing Banks, Cardmembers, Acquiring Banks, and Internet Service Enterprises, provides greater security for Internet Transactions, by authenticating the Cardmember during purchase.
|
1.4.10. SafeKey Branding Guidelines
|
refers to the brand guidelines for American Express SafeKey which ensure that participants deliver a consistent brand image and build brand equity. |
1.4.11. service establishment |
The entity or person who has entered into the agreement with us to accept Amex cards. |
1.4.12. service establishment commission |
the fees payable in terms of this agreement. |
1.4.13. XID means
|
SafeKey Transaction ID. |
12. ACCEPTANCE
2.1 You undertake to accept cards for payment of goods and/or services.
2.2 You shall display adequately our American Express promotional material that we supply to you to indicate that you accept cards in payment for purchases and services. You shall also replace or remove such promotional material when we request you to do so.
2.3 You shall accept and process only cards which:
2.3.1 are genuine, current and valid;
2.3.2 are not listed in the current hot-card file: and
2.3.3 reflect a clear signature of the relevant Cardmember.
3. AUTHORISATION
3.1 All transactions must be processed in accordance with the terms set out in this agreement. You must obtain prior authorisation from Nedbank at the time of each card transaction in respect of any:
3.1.1 purchases which exceed the floor limit;
3.1.2 purchases, which are subject to an extended-payment term (also known as budget purchases); and
3.1.3 telephone and mail order purchases;
3.2 Telephonic authorisation shall be obtained only:
3.2.1 when a manual point-of-sale device is used in conjunction with a Card and the Card transaction exceeds the floor limit;
3.2.2 when a Card transaction exceeds the floor limit and/or the magnetic strip on the Card is damaged so that the electronic point-of-sale device is unable to read information contained in the magnetic strip, in which case you must obtain an imprint of the relevant Card and the Cardmember must sign the imprinted voucher;
3.2.3 when the electronic point-of-sale device instructs you to obtain such authorisation.
3.3 We reserve the right to decline any authorisation, without giving any explanation or reason therefore.
3.4 Any authorisation granted by us shall not be evidence or constitute a warranty of the validity of the Card and it is only an indication that the relevant account had sufficient funds to meet payment, and was not reported lost or stolen at the date and time of authorisation and transaction.
3.5 The merchant shall record the authorisation number legibly on each imprinted voucher.
3.6 The authorisation code must at all times be a valid code, either supplied electronically or by contacting Nedbank.
4. AEIPS ‘CHIP & PIN’ Card
4.1 AEIPS ‘CHIP & PIN’ transactions are to be processed as follows:
4.1.1 The cardmember shall be present when the Card is being processed and verify the transaction by entering his/her valid PIN on the EDC terminal or PIN pad;
4.1.2 Transactions may be processed online or offline by inserting the chip card in the point-of-sale terminal;
4.1.3 The cardmember under all circumstances will be asked to input his or her PIN into a keypad provided by the merchant;
4.1.4 The merchant shall ensure that chip card transactions are performed in a secure environment; should Nedbank request information regarding a transaction, the acquirer shall provide such information in the form of a transaction certificate within 7 (seven) days after we have requested you to do so.
4.1.5 The merchant shall under the following circumstances refund the cardmember for goods and services:
4.1.5.1 damaged goods;
4.1.5.2 proof of non-delivery; and
4.1.5.3 wrong delivery of a specified order.
4.1.6 A Merchant transaction will be incomplete under one or more of the following circumstances:
4.1.6.1 If the card is pulled out of the chip reader slot before the transaction is completed;
4.1.6.2 If the chip technology fails during the transaction; and
4.1.6.3 If the telecoms are interrupted during the transaction flow.
4.1.7 If the Merchant had processed AEIPS chip transactions correctly as detailed in clause 1.1 above, then in such instance the card issuer shall take liability for the costs of such a transaction. However, if such a transaction had been processed incorrectly by the Merchant, then the Merchant shall take liability for the costs of such a transaction.
5. TELEPHONE, MAIL AND INTERNET ORDER TRANSACTIONS
5.1 You may not effect Card transactions for payment in respect of orders made by telephone, mail order or the internet unless you have received our prior written approval to do so.
5.2 You must retain your copy of the sales voucher for a period of at least 3 (three) years from the transaction date, in such a manner as to ensure that it retains its clarity. The sales voucher will be stored by the merchant for dispute resolution purposes.
5.3 No manual entry is allowed unless the merchant has obtained the prior written consent from Nedbank, which will be given at Nedbank’s sole discretion and on conditions determined by Nedbank. For manual-entry transactions an imprint of the Card has to be obtained and the CID numbers must be recorded for the electronic processing of the transaction.
6. PRESENTATION OF SALES VOUCHERS FOR PAYMENT
6.1 We shall, on the day of receipt of the sales vouchers, credit your nominated bank account with the full amount of correctly completed vouchers, subject to the provisions of clause 5.
6.2 By depositing a voucher or downloading an electronic deposit, as the case may be, in your nominated bank account, you warrant that:
6.2.1 all data reflected on the voucher is true and correct;
6.2.2 the prices of goods and/or services you supplied to the Cardmember do not exceed your cash prices;
6.2.3 the transaction between you and the Cardmember is lawful and that there are no defences, counterclaims, disputes or rights to setoff which would entitle the Cardmember to refuse or withhold payment of the full amount appearing on the voucher; and
6.2.4 nothing has occurred or arisen which will or may invalidate the voucher.
6.3 You hereby indemnify us against any claim, loss or damage arising from any dispute with the Cardmember regarding goods and/or services obtained through the use of the Card.
6.4 All vouchers deposited or all deposits electronically downloaded in your nominated bank account shall be deemed as payment of moneys to be credited to your nominated bank account only once each voucher or deposit has been honoured by the processing bank.
6.5 If any deposit or part of a deposit is disputed by the Cardmember, you authorise us to debit your nominated bank account pending the resolution of such dispute in your favour.
6.6 Any dispute with a Cardmember shall be resolved between you and the Cardmember, but we undertake to assist you, where possible, in resolving such disputes.
6.7 You have 3 (three) days from the date of Card transactions to deposit all vouchers used in conjunction with a manual point-of-sale device in you nominated bank account.
6.8 You have 3 (three) days from the date of the Card transactions to download all electronic deposits into your nominated bank account.
6.9 If we require a copy of any documentation for further investigation for any reason whatsoever, you have to furnish it to us within 7 (seven) days after we have requested you to do so.
7. FRAUDULENT TRANSACTIONS
Should fraudulent transactions account for more than 8% (eight percent) of your gross turnover we will be entitled to cancel your agreement with immediate effect and you agree and accept full chargeback liability for all fraud incurred on any American Express Card at your establishment whether or not the chargeback is regarded as a result of fraudulent Card usage or not.
Amex E-Commerce Transactions
1. RIGHTS AND OBLIGATIONS OF THE MERCHANT
1..1 The Merchant must implement SafeKey, and process all internet Transactions using this 3-D Secure technology, to be covered by FLS.
1.2 When conducting SafeKey Transactions, a service establishment must
1.2.1 nitiate a single authentication request per transaction
1.2.2 not re-use authentication data other than as stated below:
1. 2.2.1 In a SafeKey transaction, a Merchant may only re-use the original authentication data when a subsequent POS authorisation request (1100) message is necessary on the original purchase. Original authentication data is valid for up to forty-five (45) days from the authentication date. Authentication data must not be submitted in the authorisation request for separate purchases. In the event of a Cardmember Dispute, the acquirer and service establishment must be able to demonstrate that all authorization requests relate to the single, original authenticated purchase.
1.3 The service establishment agrees that, to be covered by FLS, the transaction must comply with the following requirements:
1.3.1 The acquirer and Issuer must be located in American Express SafeKey FLS Markets;
1.3.2 The transaction authentication must be completed as defined by the American Express SafeKey FLS Authentication type, meaning either the transaction was attempted or fully authenticated as evidenced by the ECI on the POS First Presentment (1240) message. Bit 23 (ECI) and Bit 97 (PI) of 1240 define the Safekey transaction.
1.3.2.1 If a response message (VERes) of N (No) is returned by the directory server, the service establishment can continue with the transaction however, it will be treated as a standard, non-SafeKey Transaction. In this case, FLS will not be applicable and the Merchant agrees and acknowledges that the Merchant will not be protected and will assume all liability in respect of the Transaction.
1.3.3 he service establishment must not be on the High Risk merchant list, and it is the Merchant’s duty to check this with the Acquirer
1.3.4 The service establishment must be in compliance with the American Express merchant fraud monitoring policies. A message received from the Merchant server will be deemed to be a message from the service establishment;
1.4 If all of these requirements in clause 1.3 are met, and the issuer is SafeKey certified, American Express will provide the issuer with a PI on the POS first presentment (1240) message. The PI with the SafeKey value indicates that the Transaction qualifies for SafeKey FLS. The service establishment must supply Nedbank with the merchant acquirer authentication request (PAReq) and/or Issuer authentication response (PARes) messages if requested to do so in the resolution of disputes
2. INVALID TRANSACTIONS
A Transaction will be invalid if:
2.1 The service establishment inserts falsified SafeKey authentication information into the transaction message by inserting invalid card numbers or the UCAF indicators are incorrect,
2.2 The SafeKey authentication response from the issuer is tampered with in any way by the service establishment.
2.3 The service establishment will be liable for all Invalid transactions as mentioned in this clause 2.
3. FRAUDULENT TRANSACTIONS
Should fraudulent transactions account for more than 8% (eight percent) of your gross turnover we will be entitled to cancel your agreement with immediate effect and you agree and accept full chargeback liability for all fraud incurred on any American Express Card at your establishment whether or not the chargeback is regarded as a result of fraudulent Card usage or not.
4. PROVISIONS RELATING SPECIFICALLY TO SOFTWARE AND INFRASTRUCTURE
4.1 The service establishment shall carry the risk relating to the operational effectiveness of the service establishment server (or any other server attached to the service establishment server through which transactions are being acquired), in the event that PCI DSS requirements are not complied with.
4.2 The service establishment must in accordance with the Nedbank’s requirements, install or integrate with Nedbank’s SafeKey MPI technology, to suitably identify the service establishment to the bank and/or the cardmember in accordance with the standards and specifications of the bank.
5. DISPLAY OF SYMBOLS
5.1 The service establishment must on its website display the SafeKey symbols in accordance with the brand guidelines for American Express SafeKey to ensure that service establishments deliver a consistent brand image and build brand equity. As a minimum, the service establishment must display the brand guidelines on its payment page and, optionally, also on either their home page and/or security information page.
5.2 The service establishment must adhere to the content and placement guidelines as supplied by Nedbank from time to time.
Annexure 4
BNPL Services Terms and Conditions
1. DEFINITIONS AND INTERPRETATION
In these terms and conditions:
1.1 You must read this annexure together with the General Merchant Terms and Conditions.
1.2 Words and expressions, not expressly defined in this annexure will have the same meaning as in the General Merchant Terms and Conditions.
1.3 If there is a conflict between this annexure and the General Merchant Terms and Conditions, this annexure will prevail only to the extent that the inconsistency relates to Amex transactions.
1.4 In this annexure the words and expressions below shall have the meaning assigned to it herein, these definitions must be read in conjunction with the terms as defined in the General Merchant Terms and Conditions:
1.4.1 activation date |
the date on which any one of the Alternative Payment Switching Services is activated by the Third Party Technical Service Provider or its Agent, (which activation is confirmed to the merchant via email). |
1.4.2 agent |
a duly authorised person/entity who acts for and on behalf of the Third Party Technical Service Provider. |
1.4.3 alternative payment switching services or services |
The payment of goods and/or services through Buy Now Pay Later utilising an in-store Nedbank EFT POS Terminal or through an online Nedbank API interface between the merchant and Nedbank for E-commerce Websites and M-commerce Solutions of the merchants. |
1.4.4 application |
an application for a BNPL payment facility. |
1.4.5 buy now pay later (BNPL) facility/ies |
a short term non interest bearing credit facility provided by BNPL Providers. |
1.4.6 BNPL provider |
a third party who advances the BNPL Facility to the customer and who settles the merchant the value of the transaction. |
1.4.7 disbursement |
the process of reconciliation, payment and administration of the physical settlement of funds to the merchant; |
1.4.8 fees |
the amounts detailed in the Fee Schedule. |
1.4.9 collection code |
The code that will be sent to the customer once a BNPL facility has been approved, which the customer must provide to the merchant when collecting his goods or services. The code is proof that the value of the transaction is approved and paid for and that the customer has collected the goods or received services. |
1.4.10 niussd |
Network Initiated Unstructured Supplementary Service Data. (A global system for mobile communication technology that is used to send text between a mobile phone and application program); |
1.4.11 term |
the period for which Services will be provided as set out in clause 4 of this Addendum; |
1.4.12 Third Party Technical Service Provider |
Switch Pay (Pty) Ltd with registration number 2017/510509/07, or such other party as Nedbank may, from time to time, appoint to provide the Services to the merchant; and |
2. ALTERNATIVE PAYMENT SWITCHING SERVICES
2.1 Nedbank has contracted with the Third Party Technical Service Provider to provide Alternative Payment Switching Services to merchants.
2.2 By accepting the terms of this addendum, the merchant will be able to offer BNPL Facilities to customers who wishes to buy goods or services from the merchant, these services will be available either through a POS Device in store or via the merchant’s e-commerce website.
3. PROCESS AND ADMINISTRATION OF APPLICATIONS
3.1 Upon a customer wishing to pay for goods or services, either through a POS Device or e-commerce website, the customer can elect to pay for the goods or services with a BNPL Facility. If the customer elects to pay this way, the Third Party Technical Service Provider will submit an application on behalf of the customer to the BNPL Providers.
3.2 The customer will be required to authorise any Personal Information submitted through the Application process by an SMS / NIUSSD authorisation process. The customer will be notified via SMS of the status and outcome of their Application.
3.3 Multiple BNPL Providers may offer a BNPL Facility to the customer, the customer will be free to select which BNPL Provider it wants to contract with.
3.4 Where the merchant assists in obtaining the necessary personal information directly from the customer, the merchant undertakes to ensure that the customer is informed of the reasons for the personal information being collected, and to ensure that customers are made aware of their rights in terms of section 5 of the POPI Act in respect of their personal information as data subjects.
3.5 The merchant agrees to take all reasonable steps to assist in ensuring that the personal information is complete, accurate, not misleading and updated where necessary, taking into account the purposes for which it was collected.
3.6 Where any of the personal information that is collected for the Applications is processed, stored or retained by the merchant, the merchant must adopt its own measures to ensure security, integrity and confidentiality in compliance with the POPI Act.
3.7 Upon approval of an Application, the customer is notified by SMS and issued a collection code.
4. PAYMENT
4.1 Upon the customer and the BNPL provider having concluded an agreement for a BNPL facility and a collection collection code issued to the customer, the BNPL provider will pay the merchant the value of the transaction nett of the fees as set out in the fee schedule.
4.2 The customer will be required to repay the value of the transaction back to the BNPL Provider in accordance with the agreement concluded between the customer and the BNPL Provider.
4.3 Payment for BNPL purchases will be made immediately to the merchant.
4.4 The merchant may at any stage request a report on the transaction audit trail from the Third Party Technical Service Provider.
4.5 This report will be in a format agreed to by the parties, but will at its minimum requirement, contain the following information:
4.5.1 References of customers that were processed;
4.5.2 Product and merchant information; and
4.5.3 List of disbursements.
5. REFUND
5.1 The merchant, as the supplier of goods, may be required to refund the full purchase price to the Third Party Technical Service Provider in the event that a customer wishes to reject delivery or return goods for reasons stipulated in the CPA.
5.2 The merchant hereby indemnifies the Third Party Technical Service Provider and Nedbank, to the fullest extent and without limitation, against any claim against it from a customer under the CPA, relating directly to the product sold.
5.3 The merchant specifically hereby confirms that it is aware of the provisions of Sections 11 to 67 of the CPA and will comply with these provisions.
5.4 In the event that the merchant fails to comply with any provisions of the CPA, specifically those provisions provided for in Sections 11 to 67 of the CPA (but not limited thereto) under circumstances where the merchant has already been paid for and on behalf of the customer for a completed transaction, then the merchant will refund the Third Party Technical Service Provider with the amount received by the merchant immediately upon demand;
5.5 Where the customer alleges a contravention of the CPA by the merchant, before payment is made to the merchant on behalf of the customer, then the Third Party Technical Service Provider may withhold payment of the funds to the merchant, pending a written instruction signed by the customer as to how the funds should be dealt with, (either in settling the amount to another preferred supplier or releasing the funds to the customer).
6. FEES
6.1 The fees which the merchant shall pay are as set out in the Fee Schedule.
6.2 Fees may be reviewed from time to time by Nedbank and any increase in fees will be communicated to the merchant in accordance with the provisions in the Merchant Agreement;
6.3 All fees will be payable on the 1st business day of each month following the activation date and debited from the merchants nominated bank account and the merchant hereby authorises Nedbank or such other authorised agent to debit the merchant’s nominated bank account in accordance with the above provisions.
6.4 In the event of non-payment of the monthly Application fees, Nedbank and/or the Third Party Technical Service Provider reserves the right to suspend services and withhold any settlements to the merchant until the final settlement of outstanding fees have been recovered.
7. DURATION OF ADDENDUM
7.1 The Services will commence of the Effective Date and will endure for as long as the merchant agreement remains in force.
7.2 In the event that a cancellation request is received, the Third Party Technical Service Provider will cease all switching services from the merchant, and all current and outstanding transactions in the merchant’s queue will be attended to and completed within the notice period, including submissions approved within the notice period.
8. CONSENT TO CREDIT REFERENCES AND DISCLOSURE OF INFORMATION IN TERMS OF POPI
8.1 The merchant hereby explicitly consents to the Third Party Technical Service Provider supplying its Personal Information to a registered credit bureau, for the purpose of obtaining a credit check as allowed for in the NCA, and authorises the Third Party Technical Service Provider or their agent to, at all times to -
8.1.1 contact, request and obtain information from any credit or service Financial Institution (or potential credit or service Financial Institution) or registered credit bureau relevant to an assessment of the behaviour, profile, payment patterns, indebtedness, whereabouts, and creditworthiness of the merchant;
8.1.2 furnish information concerning the behaviour, profile, payment patterns, indebtedness, whereabouts, and creditworthiness of the merchant to any registered credit bureau or to any credit or service Financial Institution (or potential credit or service Financial Institution) seeking a trade reference regarding the merchant’s dealings with the Third Party Technical Service Provider;
8.13 process any Personal Information for the purposes of rendering the Services.
8.2 The merchant also confirms that all the information provided by it to the Third Party Technical Service Provider is up to date, correct and complete.