Terms Of Service Agreement & Merchant Agreement
This Merchant Agreement ("Agreement" or "User Agreement" or "Terms Of Service") is a contract between you and E-PATH PTY LTD, (ACN: 124032917, ABN: 70124032917) and applies to your use of the E-PATH credit card payment gateway service. This Agreement affects your rights and you should read it carefully. We suggest you print the Agreement for your reference.
In this Agreement, "you" or "your" or "merchant" means any person or entity that has been approved as a secure E-PATH credit card payment gateway merchant account holder. Unless otherwise stated, "E-PATH" "we" or "our" will refer collectively to E-PATH PTY LTD and its subsidiaries, affiliates, directors, officers, employees, agents and contractors.
Unless otherwise specified, all references to a "bank" in this Agreement shall mean a registered financial organisation providing you with a merchant account facility (separate to E-PATH) for the purpose of enabling you to manually process credit card transactions, and all references to a "credit card" include all credit card providers and types.
1. The Legal Relationship between you and E-PATH
By applying for the Service, you formally instruct E-PATH to securely collect details of credit cards from your customers for delivery to you, subject to the terms and restrictions of this Agreement. At no stage will E-PATH communicate to your merchant account facility held with your bank, nor does E-PATH communicate with any bank or financial institution.
You acknowledge that:
a) E-PATH is not a bank.
b) E-PATH is not a "live" or "real-time" credit card processing service.
c) E-PATH does not collect or hold any funds whatsoever for any person or business identity.
d) E-PATH communicates to you, the E-PATH merchant only, to enable you to then enter the credit card details into your separate merchant account held at your bank or chosen financial institution in order for you to process the credit card charge after you have performed the appropriate level of preprocess verification validation (PVV2) see #2.14.
2. Merchant Responsibilities and Indemnification
E-PATH merchants must hold a valid merchant account facility with a registered bank or financial institution in either your country of location or in the country of your main registered trading/business activity.
2.1 E-PATH Displayed Name = Bank Merchant Account Name
The name you apply for the E-PATH service under which will become your displayed name on your gateway system is to be an exact match of the name your merchant account facility is in at your bank.
Exceptions to this rule are permitted insofar as where you seek an alternative name to be displayed on your E-PATH gateway, then your exact registered name of your merchant account facility at your bank must appear underneath your chosen E-PATH displayed name on both your E-PATH payment and receipt pages.
Credit card payments received by your gateway are to be submitted for charging into ONLY the merchant account facility identified to us at time of application to which is clearly displayed on your gateway system.
2.2 Merchant Account Facility Provider Approval
As of December 8, 2008, E-PATH gateway applicants are required to confirm their merchant account at their bank is of the type that allows the manual charging of CARD NOT PRESENT credit card payment authorisations. This means your merchant account must be specifically approved to allow you to accept and charge through it credit card payments received over the phone, via fax machine or via E-PATH from the internet. This is usually called MOTO (Mail Order Telephone Order) or MST (Merchant Submitted Transaction) enabeling/approved. Merchants agree it is the sole responsibility of the merchant (you) to obtain the correct merchant account facility with the correct usage approvals from your merchant account facility provider (bank).
2.3 Application Information:
You agree to provide true, accurate and complete information at time of applying for the E-PATH Service and to promptly advise E-PATH if your information changes. If any information you provide is untrue, inaccurate, not current, or incomplete, without limiting other remedies, E-PATH has the right to terminate your use of the Service.
If your application is for a Multiple Licence account, you may be required to furnish more detailed information in order to be in compliance with the various external legal requirements.
Payment for the E-PATH Service is charged in Australian Dollars (AU$) and is made at time of application approval only. The actual cost paid in your currency will be dependant upon exchange rates applicable at the moment your credit card is charged. Exchange rates are determined by the relevant institutions, E-PATH has no control over exchange rates.
E-PATH shall maintain the yearly cost quoted to you at application irrespective of whether the E-PATH Service has risen in price since your application date. The yearly fee is the singular fee or cost a merchant pays to E-PATH for the full E-PATH gateway service.
E-PATH will charge you the exact AU$ price that was current at your application date, however, if you are not located in Australia then the amount charged to your credit card may differ from one renewal to the next due to fluctuating exchange rates.
2.5 Prohibited Transactions:
You agree that you will not use E-PATH to accept payment for illegal products or services, including but not limited to materials that infringe the intellectual property rights of third parties. you will not use the Service, the E-PATH website or any of the services offered therein for any unlawful or fraudulent activity. If E-PATH has reason to believe that you may be engaging in or have engaged in fraudulent, unlawful, or improper activity, including without limitation any violation of any terms and conditions of this Agreement, your gateway will be suspended or terminated.
You also agree not to use your secure E-PATH payment gateway account to sell goods with delivery dates delayed more than 30 days from the date of payment, or to sell securities, business opportunities, franchises or multi-level marketing or goods with delivery delayed more than 30 days from the date of payment.
Exceptions to this rule are permitted when your website or shopping cart clearly states delivery of product or service being purchased will be effected later than 30 days, for example, an accommodation venue collecting an accommodation reservation deposit online for accommodation to be taken up at a later date or a tour/service operator collecting a deposit or payment online for a tour or service to be effected at a later date.
2.6 Electronic Communications:
To the fullest extent permitted by applicable law, this Agreement and any other agreements, notices or other communications regarding your account and/or your use of the Service ("Communications"), may be provided to you electronically and you agree to receive all Communications from E-PATH in electronic form. Electronic Communication in this case shall mean EMAIL.
2.7 No Framing, No Masking:
You are not permitted to display your secure E-PATH payment or receipt pages inside frames on your website. "Framing" your E-PATH payment and/or receipt page may denigrate the security of the service and is expressly forbidden. you are not permitted to mask the E-PATH payment of receipt pages in anyway. Customer must cleanly be redirected to your secure gateway without any measure of impedance or disguise.
2.8 Key Passes:
You may not reveal your account Key Pass 1, Key Pass 2 and Key Pass 3 to anyone other than the rightful and authorised persons in your organisation assigned to process the transactions that E-PATH collects. Key Pass 2 and Key Pass 3 are not recoverable. If you lose your Key Pass 2 or Key Pass 3 or feel it is compromised you must notify E-PATH. A new Key Pass encryption system will be created for your E-PATH gateway account. Your new encryption Key Pass keys will be phoned through to you. Key Pass 3 is never emailed.
If you use, or attempt to use the Service for purposes other for which it is expressly designed, including but not limited to tampering, hacking, modifying or otherwise corrupting the security or functionality of Service, your account will be terminated and you will be subject to damages and other penalties, including criminal prosecution where and if applicable.
You may not transfer any rights or obligations you may have under this Agreement without the prior written consent of E-PATH.
2.11 Credit Card Data Security - No Data Stored by E-PATH:
You understand that upon you receiving your secure data from E-PATH, that data does NOT exist on the E-PATH servers. E-PATH does not permanently store credit card data or data of any type relating to the transaction made to you from your customer.
Therefore, E-PATH is unable to recover any details of any information entered into your secure E-PATH gateway, including credit card numbers, at any stage. It is your responsibility to manage sensitive information and to take the appropriate steps to ensure continued security of the sensitive information once E-PATH has fulfilled its service in collecting and delivering it securely for you and to you. See # 2.12
2.12 Credit Card Data Security - After E-PATH:
As from March 2, 2008, it is now a conditional requirement of the E-PATH service that you agree to secure the credit card data in your possession after E-PATH has completed its service in strict accordance with the Terms & Conditions and/or recommendation and/or requirements of your manual merchant account facility provided to you by your bank.
Please confer with your merchant account facility provider (your bank) on what is required in order to comply with the appropriate credit card data security requirements of the service they are providing you. For example, if they are providing you with a merchant account approved to allow you to process card not present payments into it, they will [should] require you to destroy the credit card data once collected from over the phone, by fax or via e-Path once you have performed the charge on the card.
2.13 Credit Card Validation:
You understand E-PATH does not interfere with, modify or challenge the validity or accuracy of any information, including credit card details, expiry date, entered into your secure gateway payment page. Therefore E-PATH can not and does not make any determination on the validity or accuracy of information entered into your secure gateway by your customers or any person directed to your secure E-PATH gateway by any means. See # 2.14
2.14 Preprocess Verification Validation (PVV) or Merchant Side Fraud Detection:
You agree to undertake preprocess verification validation (PVV) on all orders/payments received. PVV is a points based ID standard, yet to officially ratified (at time of writing), that provides guidelines for manual (MOTO) and (MST) merchant account holders who accept card-not-present credit card payments for the purpose of checking the buyer and order details, like buyers name, physical address, phone number, fax number etc., to assist in identifying fake or fraudulent transaction attempts.
Notwithstanding that your merchant account facility at your bank will have the required security and fraud detection processes running as specified by Visa, Master Card etc., which will provide you with either an "approved" or otherwise transaction response at the time or at some point after manually entering the credit card details into your merchant account, you agree to perform a checking process prior to submitting your customers credit card for processing.
If no official PVV guidelines (or similar) exist from your merchant account facility provider (your bank) then you agree to perform a checking process in accordance with E-PATH's own recommendations which are provided within E-PATH's RISK GUIDE pdf delivered to you along with our "Welcome email".
E-PATH is sent numbers and letters from your website or shopping cart that will appear on your secure E-PATH gateway payment page. Therefore E-PATH is non-currency specific. your website or shopping cart will clearly display the currency your merchant account will transact in. The currency your customer's credit card will be charge in is solely determined by the merchant account facility at your bank.
2.16 Single Licence/Multiple Licence/Multiple Gateways:
Your E-PATH licence is provided on the basis of the information you declared at time of application. If you applied for a Single Licence (single website feeding your gateway) and it is determined you are feeding your gateway from multiple websites then your service may be suspended or terminated.
a) If you are communicating with your E-PATH gateway from multiple website locations where customers credit cards are being charged into the same merchant account facility then an E-PATH multiple licence account is required.
b) If you are communicating with your E-PATH gateway from multiple website locations where customers credit cards are being charged into different merchant account facilities then you will need a new gateway for each charging merchant account. One E-PATH gateway per merchant account facility.
2.17 Credit Card Handling - Disclosure to your Customers:
You agree to install a graphic supplied to you free of charge by E-PATH on at least on your home page (first page of your site) complete with link to http://e-path.com.au/accept-credit-cards-online.html with correct image ALT and TITLE tags in place as supplied by E-PATH. This will be provided to you for the purpose of:
a) Displaying the credit card types you accept.
b) Disclosing to your online customers exactly what happens to their credit card details.
You may request E-PATH provide you with a custom graphic should you require a graphic with an alternative coloured background.
It is a strict condition of our service that cardholders have easy access to information that informs them of exactly what is happening to their credit card details. Open and honest disclosure to cardholders is achieved by installing a graphic/link on your website as this 2.17 condition details.
If you do not intend to place the correctly formatted graphic (as described above) on your index page of your website, please do NOT
apply for a E-PATH gateway.
If at any time after you have placed the correctly formatted graphic on your site and then remove it at a later time you fully agree that your gateway will be terminated and no refund will be due.
Cardholders have an absolute right to know what is going to happen with their highly sensitive credit card and identity data. You as a business owner are required to provide this information to your cardholder customers in accordance with the Australian Privacy Act. See Australian Government Office of the Australian Information Commissioner
. Therefore, not only does this clause of our TOS demonstrate how serious E-PATH is to ensure all cardholders have access to the required information but it also ensures our gateway clients (you) are complying with Australian Privary laws.
E-PATH understands the importance of graphic design, therefore, should you require a custom graphic that more suits your site's design, please let us know, we are happy to develop one for you.
2.18 Merchant Facility/Interfacing Method to be PCI Compliant:
The merchant account facility/interfacing system provided to you by your bank to which you intend to utilise to charge credit cards received from card not present means, including from over the phone, by fax machine and via E-PATH is to be fully PCI compliant certified.
You further agree to operate their merchant account facility/card handling method in accordance with the PCI requirements that are applicable to the specific merchant account facility/card handling method you are utilising with your bank. For example, when collecting credit card data from over the phone, by fax or via e-Path to be transacted into your merchant account you may be required to destroy that data once you have processed the charge on the credit card. There are exceptions to this rule so please confer with your merchant account provider.
2.19 Refund Policy:
E-PATH shall refund for services cancelled within the first 30 days only. There is a $99.00AU$ (incl GST) cancellation fee which is retained from your paid amount. Therefore, you will be refunded the full amount less the cancellation fee should cancellation be requested within the first 30 days. Beyond this point you agree that no refunds will be given.
It must be understood that E-PATH creates a unique secure gateway merchant account for each individual merchant. This includes a unique secure directory, payment page, receipt page, unique key and associated exclusive secure systems for your account. There are considerable costs involved.
Therefore, you agree, that in the event of you cancelling the service within 30 days you accept the total amount of your refund will be your initial amount paid by you to E-PATH for your E-PATH service less the E-PATH cancellation fee.
2.20 Gateway Cancellations
Cancel Gateway by Merchant
There is no cost to cancel your E-PATH gateway service. However, you agree to notify us in writing (email) should you wish to cancel your E-PATH gateway service. Without a cancellation notification from you, you agree and accept to pay whatever the continuing costs are applicable to your particular gateway service up to the point of providing E-PATH with your advice to cancel your service.
Cancel Gateway by E-PATH - Failure to Renew
You agree that failure to pay to renew your gateway service will result in your gateway being suspended within 14 days past your renewal date. You further agree that your gateway will be terminated (non-recoverable) if more than 30 days has passed since renewal date where payment for renewal has not been received by E-PATH.
Cancel Gateway by E-PATH - Breach of TOS
You agree that E-PATH unconditionally reserves the right to cancel its gateway service to you if it deems such action is warranted either under the terms and conditions of this agreement, and/or if it deems the continuation of service reflects negatively on the E-PATH brand name, and without providing an explanation.
2.21 Refusal Of Service:
You agree that:
a) E-PATH unconditionally reserves the right to not approve an application for its services without providing an explanation.
b) E-PATH unconditionally reserves the right to cancel its services if it deems such action is warranted either under the terms and conditions of this agreement, and/or if it deems the continuation of service reflects negatively on the E-PATH brand name, and without providing an explanation.
You agree to indemnify and hold E-PATH, its affiliates, officers, directors and employees harmless from any claim, action, demand, loss, cost or damages (including legal fees) made or incurred arising out of or relating to your use of the Service.
You agree that E-PATH is not responsible for or liable for any claim, action, demand, loss, cost or damages (including legal fees) made or incurred arising out of or relating to your use of the Service.
You agree that E-PATH is not responsible for or liable for any claim, action, demand, loss, cost or damages (including legal fees) made or incurred arising out of or relating to any outage of the Service that may be caused by hosting hardware or device failure, operating software failure, network failure, act of God or for any other reason that may cause the service to not be available.
2.22b Indemnification - PCI Compliance Related Outage Of Service
You agree and accept that security is the over-riding priority of E-PATH and that if a Service outage is required in order to update, modify or correct our systems to ensure continued PCI Compliance that you agree to hold E-PATH not responsible for or liable for any claim, action, demand, loss, cost or damages (including legal fees) made or incurred or resulting from said Service outage.
2.23 Choice of Law:
This Agreement is governed by and interpreted under the laws of Australia as such laws are applied to agreements entered into and performed within the borders of Australia, irrespective of whether your location is within or outside of Australian borders.