Cookies are not enabled in your browser

MASTERPASS OPERATING RULES

Audience

MasterCard provides these MasterPass Operating Rules for API and White Label MasterPass-connected Wallet Distributors (Customers, Registered Partners and Alternative Entities), MasterPass-connected Merchants, and Service Providers participating in the MasterPass Program.  

Contents

SECTION 1 – Overview & Definitions. 1

SECTION 2 – Program Participation and  Eligibility. 5

SECTION 3 – Wallet Distributors, Merchants and Service Providers Program Rules. 9

SECTION 4 – Wallet Distributor Rules. 12

SECTION 5 – Merchant Rules. 22

SECTION 6 – Service Provider Rules. 30

SECTION 7 – Europe Regional Rules. 36

 

SECTION 1 – Overview & Definitions

1.1 Overview

Wallet Distributors, MasterPass-connected Merchants and Service Providers participating in the MasterPass Program (the “Program”) agree to comply with the applicable Standards, including but not limited to these MasterPass Operating Rules.  These MasterPass Operating Rules apply to all MasterPass-connected Digital Wallets and govern the conduct of Wallet Distributors, MasterPass-connected Merchants and Service Providers, and activities related to their participation in the Program. The Corporation has the right in its sole discretion to interpret, amend, and enforce the Standards. The Corporation reserves the right to limit, suspend or terminate a Wallet Distributor’s, MasterPass-connected Merchant’s or Service Provider’s participation in the Program. 

1.2 Definitions

The following terms shall have the meanings ascribed below.  Any capitalized term not defined herein may be found in the Definitions portion of the MasterCard Rules as that document may be amended from time to time.  In the event of a conflict between the definition of a term set forth herein and the definition of a term set forth in the MasterCard Rules, the definition set forth herein shall apply.

1.2.1        Acquirer” means a Customer in its capacity as an acquirer of Transactions, including an acquirer that acquirers transactions from other payment networks, that is participating in the MasterPass Program. 

1.2.2        Alternative Entity” means a financial institution or other entity that the Corporation has permitted to distribute a MasterPass-connected Digital Wallet pursuant to Section 2.1.1.3.

1.2.3        “Ancillary Service” means any Program-related feature or service made available by MasterCard to Participants on a mandatory or optional basis.

1.2.4        “API Wallet Specifications” means the API Wallet Distributor Guide and any other technical and operational specifications provided or made available by the Corporation from time to time with respect to a MasterPass-connected Digital Wallet Distributor’s participation in the Program.

1.2.5        “Card Data” means a cardholder’s account number, expiration date, and CVV2 Data.

1.2.6        Customer” means a Member as defined in the MasterCard Rules.

1.2.7        “CVV2 Data” means the three or four digit number printed to right of the card number in the signature panel on the back of a payment card. (For American Express Cards it is on the front printed above the Card identification data.)

1.2.8        Digital Wallet” means functionality (a) by which account data provided by a consumer is stored electronically for purposes of effecting a payment transaction initiated by the consumer at a merchant and transmitted to the merchant or to its acquirer or the acquirer’s service provider to facilitate such payment transaction and (b) that may include value-added services. 

1.2.9        MasterPass API” means MasterCard’s application programming interface between a Wallet Distributor’s MasterPass-connected API Wallet and the MasterPass Network.

1.2.10    MasterPass Checkout Button“ means technology enabled on, and branding incorporated into, a MasterPass-connected Merchant’s web site or other e-commerce application through which consumers can initiate payment transactions using their MasterPass-connected Digital Wallet.  The MasterPass Checkout Button includes the MasterPass mark, which indicates a merchant’s participation in the MasterPass Network.

1.2.11    MasterPass-connected API Wallet” means a non-MasterCard-hosted Digital Wallet that is compliant with the API Wallet Specification and that has been approved by the Corporation to participate in the MasterPass Program.

1.2.12     MasterPass-connected Digital Wallet” means a Digital Wallet that has been approved by the Corporation to participate in the MasterPass Program.

1.2.13    MasterPass Marks” means the names, logos, trade names, logotypes, trademarks, service marks, trade designations, and other designations, symbols, and marks associated with the MasterPass Program made available for use by Wallet Distributors, MasterPass-connected Merchants, Service Provideres and other authorized entities.

1.2.14    “MasterPass Materials” means all materials made available by the Corporation to aWallet Distributor, a MasterPass-connected Merchant or a Service Provider that are relevant to that entity’s participation in the Program.  These materials include, without limitation, these MasterPass Operating Rules, the Wallet Distributor Program Guide, the MasterPass API, the MasterPass Marks, the MasterPass Checkout Button, and theSpecifications.

1.2.15    MasterPass Network” means a globally integrated network of MasterPass-connected Merchants that participate in the MasterPass Program.

1.2.16    MasterPass Portal” means an electronic connection through which a MasterPass-connected Merchant or Service Provider can manage its respective MasterPass-connected Merchant Account or Service Provider Account.

1.2.17    MasterPass Program,” or “Program,” means services offered by MasterCard, including but not limited to the transmission of payment information, shipping information or any other Personal Information between a MasterPass-connected Digital Wallet and a MasterPass-connected Merchant, to both enable payment using credentials stored in, and provide enhanced value-added services in connection with, MasterPass-connected Digital Wallets.   The MasterPass Program includes the MasterPass Network, MasterPass Checkout Button, and MasterPass-connected Digital Wallets.

1.2.18    MasterPass-connected Merchant” means a Merchant, including a Merchant that accepts payment cards from other payment networks, that is participating in the MasterPass Program.

1.2.19     MasterPass-connected Merchant Account” means an account established via the MasterPass Portal to allow a MasterPass-connected Merchant to access the resources needed to display the MasterPass Checkout Button.

1.2.20    Merchant Content” means any content provided or made available by Merchant in connection with the Program (including, without limitation, descriptions and images of products or services available for purchase in connection with the Program).

1.2.21    Merchant Marks” means a MasterPass-connected Merchant’s name, logo, url, service name or trademarks as designated by the MasterPass-connected Merchant or its Service Provider(s).

1.2.22    Merchant Specifications” means the MasterPass Merchant Integration Guide and any other technical and operational specifications provided or made available by the Corporation from time to time with respect to a Merchant’s participation in the Program.

1.2.23    “Personal Information” means any information relating to an identified or identifiable individual (such as name, postal address, email address, telephone number, date of birth, Social Security number (or its equivalent), driver’s license number, account number, credit or debit card number, personal identification number, health or medical information, or any other unique identifier or one or more factors specific to an individual’s physical, physiological, mental, economic or social identity that may be collected, stored or transferred in anticipation of, in connection with or incidental to the performance of services related to the MasterPass Program. 

1.2.24    Registered Partner” means an entity registered by a Customer to act as a Wallet Distributor that agrees to be bound by the applicable Standards, including these MasterPass Operating Rules.

1.2.25    Reports” means any report aWallet Distributor, a MasterPass-connected Merchant or a Service Provider is required to provide to the Corporation, whether on a one-time or repeated basis, pertaining to its participation in the MasterPass Program.

1.2.26    “Service Provider” means an agent of a Customer or Alternative Entity that receives or otherwise benefits from Program-related services, whether directly or indirectly, performed by such Service Provider. The Customer or Alternative Entity that receives or otherwise benefits from the Program-related services must register the Service Provider with the Corporation in accordance with the Standards.  The Corporation has the right in its sole discretion to determine whether an entity is a Service Provider and if so, the category of Service Provider as further described in the MasterCard Rules.

1.2.27    “Service Provider Account” means an account established via the MasterPass Portal to allow a Service Provider to access the resources needed to enable a MasterPass-connected Merchant to display the MasterPass Checkout Button. 

1.2.28    “Service Provider Specifications” means means the MasterPass Service Provider Integration Guide and any other technical and operational specifications provided or made available by the Corporation from time to time with respect to a Service Provider’s participation in the Program.

1.2.29    “Specifications” means the API Wallet Specifications, Merchant Specifications and the Service Provider Specifications.

1.2.30    “Wallet Distributor means a Customer, Registered Partner, or Alternative Entity that provides a consumer access to a MasterPass-connected Digital Wallet.

1.2.31    “Wallet Distributor Program Guide” means the MasterPass Wallet Distributor Program Guide and any other technical and operational specifications provided or made available by the Corporation from time to time with respect to a Wallet Distributor’s participation in the Program.

SECTION 2 – Program Participation and  Eligibility

2.1 Participation

2.1.1 Wallet Distributors

2.1.1.1 Customer Participation

A Customer may distribute its MasterPass-connected Digital Wallet and/or may use a Registered Partner to distribute that Customer’s MasterPass-connected Digital Wallet.  A Customer is responsible for and must itself manage, direct, and control all services performed by its Registered Partners and Service Providers in connection with the Program.

2.1.1.2 Registered Partner Participation

A Registered Partner may distribute a MasterPass-connected Digital Wallet on behalf of a Customer only if it has been registered with the Corporation by such Customer for such purpose.

2.1.1.3 Alternative Entity Participation

The Corporation may permit a financial institution or other entity to distribute a MasterPass-connected Digital Wallet solely if such institution or entity meets certain criteria, which criteria the Corporation may determine, consistent with the promotion of sound practices, on a regional, country-by-country or other basis for any reason.

2.1.2 Merchant Participation

To participate in the Program and display the MasterPass Checkout Button, a Merchant must (a) accept MasterCard-branded payment cards, (b) be in good standing with its Acquirer, and (c) either (i) register by creating a MasterPass-connected Merchant Account, selecting the services it will receive, and agree to be bound by these MasterPass Operating Rules; or (ii) if accessing the Program via a Service Provider that is using the Bulk Upload feature, as defined in the Service Provider Specifications, agree to be bound by these MasterPass Operating Rules.

2.1.3 Service Provider Participation

A Service Provider may participate in the Program and either (a) distribute the MasterPass Checkout Button to MasterPass-connected Merchants, or (b) perform Program-related services for Customers and Alternative Entities in connection with a MasterPass-connected Digital Wallet, only if the Service Provider has been registered by the Customer or Alternative Entity, as the case may be, for such purpose with the Corporation in accordance with the MasterCard Rules.

2.2 Prior Consent of the Corporation to Participate in the Program as a Wallet Distributor

A Wallet Distributor must not participate in the Program without the express prior consent of the Corporation.

2.2.1 Digital Wallet Registration

Prior to connecting to the MasterPass Network, Digital Wallets must be registered via the MasterPass Wallet registration process, which includes the MasterPass Wallet certification process. The Customer or Alternative Entity, as the case may be, must submit all information and material required by the Corporation in connection with the MasterPass-connected Digital Wallet registration to wallet_partners@mastercard.com at least 90 days prior to a planned consumer launch as a MasterPass-connected Digital Wallet.

2.3 Reservation of Rights

The Corporation reserves the right:

1.      To approve,  reject, or terminate any Wallet Distributor’s, MasterPass-connected Merchant’s or Service Provider’s participation in the Program, or any Digital Wallet associated therewith;

2.      To require that any previously approved MasterPass-connected Digital Wallet be modified;

3.      To withdraw its approval of any MasterPass-connected Digital Wallet and require its termination from the MasterPass Program; and

4.      To terminate any Wallet Distributor’s, MasterPass-connected Merchant’s, Service Provider’s or other entity’s participation in the Program in accordance with these MasterPass Operating Rules.

A Customer may request that the Corporation’s Chief Franchise Development Officer review the rejection or withdrawal of the approval of a Customer’s participation in the Program by written request to the Corporation within 30 days of receipt of the notice of rejection or withdrawal of approval. Any decision by the Corporation’s Chief Franchise Development Officer is final and not appealable.

2.4 Indemnification

Each Customer and Alternative Entity (each, for the purposes of this Rule 2.4, an “Indemnifying Customer”) must protect, indemnify, and hold harmless the Corporation and the Corporation’s parent and subsidiaries and affiliated entities, and each of the directors, officers, employees and agents of the Corporation and the Corporation’s parent and subsidiaries and affiliated entities from any actual or threatened claim, demand, obligation, loss, cost, liability and/or expense (including, without limitation, actual attorneys’ fees, costs of investigation, and disbursements) resulting from and/or arising in connection with any act or omission of the Indemnifying Customer, its subsidiaries, or any person associated with the Indemnifying Customer or its subsidiaries (including, without limitation, such Indemnifying Customer’s directors, officers, employees and agents, all direct and indirect parents, subsidiaries, and affiliates of the Indemnifying Customer, the Indemnifying Customer’s customers in connection with its participation in the Program and/or other business, and the Indemnifying Customer’s suppliers, including, without limitation, Service Providers, Registered Partners, and other persons acting for, on behalf of, or in connection with, the Indemnifying Customer or a MasterPass-connected Merchant for which the Indemnifying Customer acquires Transactions or transactions of another payment network, and/or any such MasterPass-connected Merchant’s employees, representatives, agents, suppliers, or customers including any Data Storage Entity (“DSE”) ,with respect to, or relating to:

1.      Any activities of the Indemnifying Customer related to its participation in the Program;

2.      Any activities of any person, including but not limited to a Registered Partner, Merchant or Service Provider, associated with the Indemnifying Customer and/or its subsidiaries related to their respective participation in the Program;

3.      The compliance or non-compliance with the Standards by the Indemnifying Customer;

4.      The compliance or non-compliance with the Standards by any person, including but not limited to a Registered Partner, Merchant or Service Provider, associated with the Indemnifying Customer and its subsidiaries;

5.      Any other activity of the Indemnifying Customer;

6.      Direct or indirect access to and/or use of the Program or any MasterPass Materials (it being understood that the Corporation does not represent or warrant that the Program or any MasterPass Materials or any part thereof is or will be defect-free or error-free and that each Wallet Distributor, Merchant or Service Provider chooses to access and use or distribute, as the case may be, the MasterPass Network or access thereto at the Wallet Disttributor’s, Merchant’s or Service Provider’s sole risk and at no risk to the Corporation);

7.      Any other activity and any omission of the Indemnifying Customer and any activity and any omission of any person associated with the Indemnifying Customer, its subsidiaries, or both, including but not limited to any activity that used and/or otherwise involved any of the MasterPass Materials or other assets;

8.      Any failure of another Customer to perform as required by the Standards or applicable law; or

9.      The Corporation’s interpretation, enforcement, or failure to enforce any Standard(s)

The Corporation does not represent or warrant that the MasterPass Program or any other system, process or activity administered, operated, controlled or provided by or on behalf of the Corporation (collectively, for purposes of this Rule, the “Systems”) or any of the MasterPass Materials is free of defect and/or mistake and, unless otherwise specifically stated in the Standards or in a writing executed by and between the Corporation and a Customer or an Alternative Entity, as the case may be, the Systems and MasterPass Materials are provided on an “as-is” basis and without any express or implied warranty of any type, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose or non-infringement of third party intellectual property rights. IN NO EVENT WILL THE CORPORATION BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES, OR DAMAGES FOR LOSS OF PROFITS, OR ANY OTHER COST OR EXPENSE INCURRED BY A CUSTOMER, AN ALTERNATIVE ENTITY OR ANY THIRD PARTY ARISING FROM OR RELATED TO USE OR RECEIPT OF THE SYSTEMS OR MASTERPASS MATERIALS, WHETHER IN AN ACTION IN CONTRACT OR IN TORT, AND EVEN IF THE CUSTOMER, ALTERNATIVE ENTITY OR ANY THIRD PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. EACH CUSTOMER AND ALTERNATIVE ENTITY ASSUMES THE ENTIRE RISK OF USE OR RECEIPT OF THE SYSTEMS AND MASTERPASS MATERIALS.

Only in the event the limitation of liability set forth in the immediately preceding paragraph is deemed by a court of competent jurisdiction to be contrary to applicable law, the total liability, in the aggregate, of the Corporation to a Customer or Alternative Entity, as the case may be, and anyone claiming by or through the Customer or Alternative Entity,for any and all claims, losses, costs or damages, including attorneys’ fees and costs and expert-witness fees and costs of any nature whatsoever or claims expenses resulting from or in any way related to the Systems and/or MasterPass Materials shall not exceed the total compensation received by the Corporation from the Customer or Alternative Entity for the particular use or receipt of or access to the Systems or MasterPass Materials during the twelve (12) months ending on the date that the Corporation was advised by the Customer or Alternative Entity of the Systems’ or MasterPass Materials’ concern or the total amount of USD 250,000.00, whichever is less. It is intended that this limitation apply to any and all liability or cause of action however alleged or arising; to the fullest extent permitted by law; unless otherwise prohibited by law; and notwithstanding any other provision of the Standards.

A payment or credit by the Corporation to or for the benefit of a Customer or Alternative Entity that is not required to be made by the Standards will not be construed to be a waiver or modification of any Standard by the Corporation. A failure or delay by the Corporation to enforce any Standard or exercise any right of the Corporation set forth in the Standards will not be construed to be a waiver or modification of the Standard or of any of the Corporation’s rights therein.

 

 


 

SECTION 3 – Wallet Distributors, Merchants and Service Providers Program Rules

3.1 Participation Obligations

Each Wallet Distributor, each MasterPass-connected Merchant and each Service Provider must conduct activities related to their participation in the Program in full compliance with all applicable laws and regulations. Each Wallet Distributor, each MasterPass-connected Merchant and each Service Provider must conduct all activity and otherwise operate in a manner that is financially sound and so as to avoid risk to the Corporation and to other participants in the Program.

3.2 Conflict with Law

A Wallet Distributor, a MasterPass-connected Merchant or a Service Provider is not required to undertake any act as part of its participation in the Program that is unambiguously prohibited by applicable law or regulation. 

3.3 Compliance     

Each Wallet Distributor, MasterPass-connected Merchant or Service Provider must fully cooperate with any effort by the Corporation and the Corporation’s representatives to evaluate a Wallet Distributor’s, MasterPass-connected Merchant’s or Service Provider’s compliance with the Standards, including but not limited to these MasterPass Operating Rules.   In the event that the Corporation determines that a Wallet Distributor, MasterPass-connected Merchant or Service Provider is not complying or may not on an ongoing basis comply with the aforementioned requirements, the Corporation may require a Wallet Distributor, a MasterPass-connected Merchant or a Service Provider to take action and the Corporation itself may take action as the Corporation deems necessary or appropriate to address noncompliance with the MasterPass Operating Rules and to otherwise safeguard the integrity of the MasterPass Program.

3.4 Choice of Laws

The substantive laws of the State of New York govern all disputes involving the Corporation, the Standards, and/or the Wallet Distributor’s, MasterPass-connected Merchant’s or Service Provider’s participation in the Program without regard to conflicts. Any action initiated by a Wallet Distributor, MasterPass-connected Merchant or Service Provider regarding and/or involving the Corporation, the Standards and/or any Wallet Distributor, MasterPass-connected Merchant or Service Provider must be brought only in the United States District Court for the Southern District of New York or the New York Supreme Court for the County of Westchester, and any Wallet Distributor, MasterPass-connected Merchant or Service Provider involved in an action hereby submits to the jurisdiction of such courts and waives any claim of lack of personal jurisdiction, improper venue, and forum non conveniens.

EachWallet Distributor, MasterPass-connected Merchant and Service Provider agrees that the Standards are construed under, and governed by, the substantive laws of the State of New York without regard to conflicts.

3.5 Examination and Audit

The Corporation reserves the right to conduct an audit or examination of any Wallet Distributor, MasterPass-connected Merchant or Service Provider to ensure full compliance with the Standards. Any such audit or examination is at the expense of the Wallet Distributor, MasterPass-connected Merchant or Service Provider, and a copy of the audit or examination results must be provided promptly to the Corporation upon request.  For the avoidance of doubt, should a MasterPass-connected Merchant or Service Provider be unable to cover the cost of such audit or examination, the audit or examination shall be at the responsible Customer’s expense.

3.6 Provision and Use of Information

3.6.1 Obligation to Provide Information

Upon request by the Corporation, and subject to applicable law and regulation, a Wallet Distributor,  MasterPass-connected Merchant or Service Provider must provide Reports to the Corporation, or to the Corporation’s designee; provided, compliance with the foregoing obligation does not require a Wallet Distributor,, MasterPass-connected Merchant or  Service Provider to furnish any information the disclosure of which, in the written opinion of this Corporation’s legal counsel, is likely to create a significant potential legal risk to this Corporation and/or its Customer(s). To the extent that there is an obligation to provide a Report to the Corporation that the Wallet Distributor,,  MasterPass-connected Merchant or  Service Provider deems to disclose proprietary information of the Customer, such information will be treated by the Corporation with the degree of care deemed appropriate by the Corporation to maintain its confidentiality.

3.6.2 Use of Corporation Information

The Corporation is not responsible and disclaims any responsibility for the accuracy, completeness, or timeliness of any information disclosed by the Corporation to aWallet Distributor, a MasterPass-connected Merchant or a Service Provider. The Corporation makes no warranty, express or implied, including, but not limited to, any warranty of merchantability or fitness for any particular purpose with respect to any information disclosed by or on behalf of the Corporation to anyWallet Distributor, a MasterPass-connected Merchant or a Service Provider.

3.6.3 Limitation on the use of Reporting

The Corporation may use or disclose  the Reports furnished by a Wallet Distributor,   MasterPass-connected Merchant or  Service Provider to the extent allowed by applicable law and as specified herein, including but not limited to protecting against and preventing fraud, unauthorized transactions, claims and other liabilities; managing risk exposure and franchise quality; operating, evaluating and improving our business (including by developing new products and services; managing our communications; determining the effectiveness of our advertising; analyzing our products, services and websites; facilitating the functionality of the MasterPass Program; and performing accounting, auditing, billing, reconciliation and collection activities); monitoring the use of and improve our interactive assets; and perform data analyses (including anonymization of Personal Information) to determine, among other measurements, business performance, number of registrants, channels, transaction spend and performance of the MasterPass Program.

3.6.4 Confidential Information

A Wallet Distributor,, a MasterPass-connected Merchant or a Service Provider may receive information (whether written, oral, electronic, or otherwise) as part of participation in the MasterPass Program relating to the Corporation or to the MasterPass Program that is not freely available to the general public (“Confidential Information”). Each Wallet Distributor,, MasterPass-connected Merchant and Service Provider agrees that: (a) all Confidential Information will remain exclusive property of the Corporation, unless otherwise agreed to by the parties in writing; (b) it will use Confidential Information only as is necessary for its participation in the MasterPass Program; and (c) it will not otherwise disclose Confidential Information to any individual, company, or other third party.

3.7 Safeguard Card Account and Transaction Information

Each Customer and each Alternative Entity, for itself and any third party, including,  but not limited to, its Registered Partners, each MasterPass-connected Merchant and each Service Provider that may be afforded access to Transaction or Personal Information, or both, by or on behalf of the Customer or Alternative Entity, must safeguard and use or permit use of such information in accordance with the Standards .  A Wallet Distributor, a MasterPass-connected Merchant or a Service Provider may also have access to transaction or card account information from other payment networks, and must use such information in accordance with those payment network rules.

3.8 Integrity of Brand and Network

In connection with the Program, a Wallet Distributor, a MasterPass-connected Merchant or a Service Provider must not directly or indirectly engage in or facilitate any action that is illegal, or that, in the opinion of the Corporation and whether or not addressed elsewhere in the Standards, damages or may damage the goodwill or reputation of the Corporation or of any MasterPass Mark, and the Wallet Distributor, the MasterPass-connected Merchant or the Service Provider will promptly cease engaging in or facilitating such action upon request of the Corporation.

In connection with the Program, a Wallet Distributor, a MasterPass-connected Merchant or a Service Provider may be required to provide notice, obtain consent from consumers, or file any necessary documents with the local regulatory authorities as required by applicable law in connection with fraud solutions implemented by the Corporation designed to protect the integrity of the brand and/or MasterPass Network. Specific obligations will be defined in the MasterPass Materials.

3.9 Export

Wallet Distributors, MasterPass-connected Merchants and Service Providers shall not import or export any of the MasterPass Materials without first obtaining MasterCard’s written approval.  If so permitted to import or export MasterPass Materials, then Wallet Distributors, MasterPass-connected Merchants and Service Providers shall comply with all foreign and U.S. export and import regulations applicable with respect to the MasterPass Materials.


 

SECTION 4 - Wallet Distributor Rules 

4.1 License of MasterPass Property 

The Customer or the Alternative Entity, as applicable, as a condition of Program participation must complete and execute a MasterPass-connected Digital Wallet registration form as required by the Corporation.  See section 1.2 of these MasterPass Operating Rules for additional information.   Effective upon approval of the MasterPass Registration Form by the Corporation, the Corporation grants to the Customer and its Registered Partner(s), or the Alternative Entity, as applicable, a non-exclusive, non-transferable license to:  (i) use, access and connect to the MasterPass API to connect a Customer’s or an Alternative Entity’s, as applicable, Digital Wallet to the MasterPass Network; (ii) use, access, connect to, publicly perform and display any other portion of the MasterPass intellectual property, as applicable, for the purposes of operating a MasterPass-connected Digital Wallet; and (iii) use the MasterPass Marks in accordance with Rule 4.9 below and the current brand requirements as set forth in the MasterPass Branding Requirements, which are incorporated into these MasterPass Operating Rules by reference.  This  license shall remain in effect until the Customer’s and/or its Registered Partner(s)’, or the Alternative Entity’s, as the case may be, participation in the Program is terminated in accordance with the Standards and these MasterPass Operating Rules.

Wallet Distributors must demonstrate compliance with any certification processes required by the Corporation, including the MasterPass Wallet certification process, prior to distributing a MasterPass-connected Digital Wallet.   MasterPass-connected Digital Wallets may not be distributed to consumers and/or bear the MasterPass Mark prior to approval of compliance by the Corporation.

4.2 Program Services

Wallet Distributors must use the MasterPass Network, which is deemed to be proprietary to the Corporation, for the sole purpose of providing Program-related services and must not use or permit use for any other purpose without the prior express written consent of the Corporation.

4.3 Ownership and Control of the MasterPass-connected Digital Wallet

A MasterPass-connected Digital Wallet must be Owned and Controlled by the Customer or the Alternative Entity, as the case may be, at all times even when the MasterPass-connected Digital Wallet is distributed by a Registered Partner on behalf of the Customer. 

4.4 Responsibility for the MasterPass-connected Digital Wallet

The Customer or Alternative Entity, as the case may be, is responsible for its MasterPass-connected Digital Wallet and the actions (or inactions) of any Registered Partners (in the case of Customers) or Service Providers it uses in connection with its participation in the Program. The Customer or Alternative Entity must exercise a good faith commercial effort to implement and use best practices in performing Program-related services.

4.5 Area of Use

Each Wallet Distributor may distribute or operate a MasterPass-connected Digital Wallet solely in the Area of Use in which the Customer has been granted a License. If the License does not specify an Area of Use, the License is deemed to authorize the Wallet Distributor to use the Mark only in the country or countries the Corporation determines to be the Customer’s Area of Use. In the case of Alternative Entities the Corporation will authorize the Wallet Distributor to use the Mark only in the country or countries the Corporation determines to be the Alternative Entity’s Area of Use.

4.6 Obligations of a Sponsor

Each Principal and Association Customer that sponsors one or more Affiliate Customers must cause such Affiliate Customer to comply with the Standards applicable to that Affiliate Customer’s participation in the Program.  The Principal and Association Customer is liable to the Corporation and to all Customers for Program-related activity of any Affiliate Customer sponsored by the Principal and Association Customer and for any failure by such sponsored Affiliate Customer to comply with a Standard or with applicable law or regulation.

Each Principal or Association Customer must advise the Corporation promptly if an Affiliate Customer offering a MasterPass-connected Digital Wallet ceases to be sponsored by the Principal or Association Customer or changes its name or has a transfer of Ownership or Control. 

4.7 Name Change

A Customer or Alternative Entity, as the case may be, must provide written notice received by the Corporation at least thirty (30) calendar days before the effective date of any proposed Customer or MasterPass-connected Digital Wallet name change. A Wallet Distributor that proposes to change its name must promptly undertake necessary or appropriate action to ensure that its participation in the Program discloses the true identity of the Wallet Distributor.

4.8 Fees, Assessments, and Other Payment Obligations

Each Customer, both for itself and on behalf of its Registered Partners and each Alternative Entity, is responsible to timely pay to the Corporation all fees, charges, assessments and the like applicable to participation in the Program as may be in effect from time to time.

4.9 Trademarks and Service Marks

4.9.1 Right to Use the Marks

Wallet Distributors participating in the Program have the right to use one or more of the MasterPass Mark(s) pursuant to Rule 4.1 above.   

No additional interest in the MasterPass Mark(s) is granted with the grant of a right to use the MasterPass Mark(s). A Customer or an Alternative Entity is responsible for all costs and liabilities resulting from or related to its use of a MasterPass Mark(s). The right to use the MasterPass Mark(s) is non-exclusive and non-transferable.

The right to use the MasterPass Mark(s) cannot be sublicensed or assigned, whether by sale, consolidation, merger, amalgamation, operation of law, or otherwise, without the express written consent of the Corporation.

The Corporation makes no express or implied representations or warranties in connection with the MasterPass Mark(s) and the Corporation specifically disclaims all such representations and warranties.

4.9.2 Misuse of a Mark

Each Customer and each Alternative Entity must promptly notify the Corporation whenever it learns of any misuse of any MasterPass Mark or of any attempt to copy or infringe on any of the MasterPass Mark(s).

4.9.3 Required Use

MasterPass Mark(s) must be used in accordance with the current brand requirements as set forth in the MasterPass Branding Requirements, which are incorporated into these MasterPass Operating Rules by reference.

4.9.4 Review of Solicitations

The Corporation reserves the right to review samples and approve or refuse to approve use of a Solicitation. Amended samples, if required as a result of this review, also must be forwarded to the Corporation for review.

4.10 Participation and License Not Transferable

A Customer and its Registered Partner(s), or an Alternative Customer, as the case may be, may not transfer or assign any rights or responsibilities it may have in connection with its participation in the Program or any License to use the MasterPass Marks whether by sale, consolidation, merger, operation of law, or otherwise, without the express written consent of the Corporation.

4.11 Sanctions Compliance Program

A Wallet Distributor must have implemented a sanctions compliance program that, at a minimum, contains the following elements:

Each Service Provider, and each consumer for which the Wallet Distributor has access to name information, is checked against the Specially Designated Nationals and Blocked Persons List (the “SDN List”) issued by the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”), at the time the relationship is established and on an ongoing basis; any Digital Wallet activity with a Service Provider or consumer that is found to be on the SDN List is immediately terminated.

 

No Digital Wallet activity is conducted in a country subject to OFAC sanctions programs that impact payment services, or with the government of such a country. The list of countries subject to OFAC sanctions programs may change from time to time.  More information on U.S. sanctions is available at http://www.treasury.gov/resource-center/sanctions.

 

Any questions regarding sanctions compliance can be directed to trade_sanctions@mastercard.com.

 

4.12 Product Requirements

4.12.1 Functionality Requirements

4.12.1.1  Compliance with Specifications

A MasterPass-connected Digital Wallet must comply with all required elements of the then-current version of the API Wallet Specifications and satisfy any testing and certification or re-certification requirements that may be imposed by the Corporation from time to time. The Corporation will provide a Wallet Distributor participating in the Program with notice of any new features or functionality or modification to the API Wallet Specifications prior to the release of those features in the live production environment.  A Wallet Distributor will have six months from the time the new functionality is released in production to implement any necessary system changes required by the new version of the API Wallet Specifications. The Corporation reserves the right to shorten compatibility support period to correct a specific security issue or for emergency update.

4.12.1.2  Customer Support   

The Wallet Distributor must establish customer support policies and procedures.

4.12.1.3  No Interference 

The Wallet Distributor must not engage in forced steering away from a consumer’s chosen payment option after a consumer has initiated a purchase transaction via a MasterPass-connected Digital Wallet.  The Wallet Distributor must prohibit the advertisement of competitive checkout solutions when a consumer is conducting a transaction via a MasterPass-connected Digital Wallet (noncompetitive marketing is permitted).

4.12.2 Security Requirements

A MasterPass-connected Digital Wallet must at all times be compliant with the Payment Card Industry Data Security Rules (PCI DSS) and the Payment Application Data Security Rules (PA DSS), as applicable.  The Wallet Distributor agrees to promptly provide the Corporation with documentation evidencing their MasterPass-connected API Wallet’s or Wallet Distributor-hosted features of the Digital Wallet including, but not limited to, partner log-in and direct provisioning as described in the API Specifications compliance with PCI DSS and/or PA DSS when requested by the Corporation. This compliance must be determined by a Qualified Security Assessor (QSA). Customers and Alternative Entities will ensure only PCI compliant service providers are used in connection with their MasterPass-connected Digital Wallet.

In addition, the Customer or Alternative Entity must:

1.      Establish a multi-layered system for consumer login/wallet access. (i.e., user name and password is one layer; shared secret or device cookie is a second layer)

2.      Provide, upon request, a summary of vulnerability assessment, including the date and scope of the testing, and the process invoked

3.      Ensure continued compliance with PCI standards including but not limited to yearly recertification of the MasterPass-connected API Wallet.

4.      Ensure security treatment for all account data stored in the MasterPass-connected API Wallet is equal if not exactly the same, regardless of the Customer or other issuer that issued  the consumer’s payment cards

5.      Establish methods for the secure handling of production and sandbox keys

The Corporation, via the MasterPass System, will provide program level security functions and services that a Wallet Distributor will be required to accommodate in its MasterPass-connected API Wallet.

4.12.3 Testing Requirements

Wallet Distributors must perform testing as mandated by the Corporation.  This testing must demonstrate that a MasterPass-connected API Wallet is able to successfully complete transactions prior to any consumer launch.  The MasterPass-connected API Wallet must also be successfully tested after each new version of the code is released. Advance notice regarding testing will be provided to Wallet Distributors.  All testing described in this Rule 4.12 is at the Customer’s or Alternative Entity’s expense.

 4.12.4 Additional Requirements

In addition to the aforementioned requirements, a Wallet Distributor, must:

1.      Maintain minimum service levels (to be determined) relating to MasterPass-connected API Wallet response time and overall availability, and MasterPass-connected Digital Wallet customer support availability.

2.      Complete any necessary security due diligence review as may be required by the Corporation

3.      Complete the MasterPass-connected Digital Wallet registration form and obtain a MasterPass Digital Wallet Identifier

4.      Each time a system release introduces a material change to how Personal Information is processed, the Corporation will provide a Wallet Distributor with notice of such material change and such entity must update its notice, obtain consent from consumers, or file any necessary documents with the local regulatory authority prior to updating its systems with the relevant system release.

4.13  Termination

A Wallet Distributor’s participation in the Program may terminate in one of two ways: termination by the Corporation or voluntary termination.

4.13.1 Termination by the Corporation

The Corporation, at its sole discretion, may terminate a Wallet Distributor’s participation in the Program effective immediately and without prior notice, if:

1.      The Customer or Alternative Entity suspends payments within the meaning of Article IV of the Uniform Commercial Code in effect at the time in the State of Delaware, regardless of whether, in fact, the Customer or Alternative Entity is subject to the provisions thereof; or

2.      The Wallet Distributor takes the required action by vote of its directors, stockholders, members, or other persons with the legal power to do so, or otherwise acts, to cease operations and to wind up the business of the Wallet Distributor, such participation termination in Program-related activities to be effective upon the date of the vote or other action; or

3.      The Wallet Distributor fails or refuses to make payments in the ordinary course of business or becomes insolvent, makes an assignment for the benefit of creditors, or seeks the protection, by the filing of a petition or otherwise, of any bankruptcy or similar statute governing creditors’ rights generally; or

4.      The government or the governmental regulatory authority having jurisdiction over the Customer or Alternative Entity serves a notice of intention to suspend or revoke, or suspends or revokes, the operations or the charter of the Customer or Alternative Entity; or

5.      A liquidating agent, conservator, or receiver is appointed for the Wallet Distributor, or the Wallet Distributor is placed in liquidation by any appropriate governmental, regulatory, or judicial authority; or

6.      The Wallet Distributor’s right to engage in Program-related activity is suspended by the Corporation due to the Wallet Distributor’s failure to comply with the Corporation’s AML Program or applicable law or regulation, and such suspension continues for twenty-six (26) consecutive weeks; or

7.      A Wallet Distributor fails to engage in Program-related activity for thirty (30) consecutive days; or

8.      The Customer is no longer Licensed to use any of the Marks; or

9.      The Wallet Distributor (i) directly or indirectly engages in or facilitates any action or activity that is illegal, or that, in the good faith opinion of the Corporation, and whether or not addressed elsewhere in the Standards, has damaged or threatens to damage the goodwill or reputation of the Corporation or of any of its Marks; or (ii) makes or continues an association with a person or entity which association, in the good faith opinion of the Corporation, has damaged or threatens to damage the goodwill or reputation of the Corporation or of any of its Marks; or

10.  The Wallet Distributor (i) provides to the Corporation inaccurate material information or fails to disclose responsive material information in or in connection with its Program-related registration or certification or (ii) at any other time, in connection with its Program-related participation fails to timely provide to the Corporation information requested by the Corporation and that the Wallet Distributor is required to provide pursuant to its Program-related registration, certification or the Standards.

11.  The Wallet Distributor fails at any time to satisfy any of the applicable Participation eligibility criteria set forth in the Standards; or

12.  The Corporation has reason to believe that the Wallet Distributor is, or is a front for, or is assisting in the concealment of, a person or entity that engages in, attempts or threatens to engage in, or facilitates terrorist activity, narcotics trafficking, trafficking in persons, activities related to the proliferation of weapons of mass destruction, activity that violates or threatens to violate human rights or principles of national sovereignty, or money laundering to conceal any such activity.  In this regard, and although not dispositive, the Corporation may consider the appearance of the Wallet Distributor, its owner or a related person or entity on a United Nations or domestic or foreign governmental sanction list that identifies persons or entities believed to engage in such illicit activity. 

13.  The Corporation, at any time and by written notice, may require a Wallet Distributor to confirm the accuracy of information provided by the Wallet Distributor to the Corporation pursuant to its Program-related registration, certification or the Standards.  Within thirty (30) days of receipt of such a notice, the Wallet Distributor must demonstrate to the satisfaction of the Corporation that either:  (i) the information provided was accurate; or (ii) with respect to any inaccurate information, such inaccurate information was provided to the Corporation through inadvertence or with a reasonable belief as to its truth and provide information sufficient to correct such inaccuracy.  Without limiting any Corporation right of immediate termination set forth in Rule 4.13.1, the Corporation may terminate a Wallet Distributor’s Program-related participation, without further notice should the Corporation determine that the Customer or its Registered Partner has failed to make a sufficient showing under (i) or (ii) above, that any Wallet Distributor representation or demonstration under (i) or (ii) above was false, or should the Wallet Distributor otherwise fail to comply with the obligations set forth in this Rule.

4.13.2 Voluntary Termination

A Wallet Distributor may voluntarily terminate Program-related participation by providing written notice and submitting documentation as then required by the Corporation. The notice must fix a date on which the termination will be effective, which must be at least thirty (30) days after date on which the notice is received by the Corporation.

 

4.13.3 Suspension and Amendment of Participation in Lieu of Termination

The Corporation may, in its sole discretion:

1.      Suspend the participation of a Wallet Distributor in the MasterPass Program; or

2.      Amend the rights or obligations or both of a Wallet Distributor with regard to the Program.

A Wallet Distributor whose participation in the Program has been suspended must continue to comply with the Standards.

4.13.4 Survival 

The termination, for any reason, of the CustomerWallet Distributor’s participation in the Program will not affect: (a) the rights or obligations of the Customer or the Corporation against the other that have accrued on or prior to the termination; or (b) any rights or obligations that by their nature survive the termination.

4.13.5 Effect of Termination; Wind Down Period 

Unless otherwise directed by the Corporation, for ninety (90) days immediately following the effective date of termination, the Wallet Distributor must reasonably cooperate with the Corporation to cease the display, distribution and any other use of marketing materials related to the Wallet Distributor’s participation in the Program, to  ensure that users of the MasterPass-connected Digital Wallet do not experience an abrupt cessation of service and otherwise to ensure an orderly winding up, continuation or transfer of the suspended or terminated MasterPass-connected Digital Wallet.

MasterCard reserves the right to solicit consumers  of a MasterPass-connected Digital Wallet to transfer their account to a MasterPass by MasterCard wallet in the event a Wallet Distributor’s participation in the MasterPass Program is terminated.

4.14 Corporation’s Use of Personal Information

A Wallet Distributor must provide notice and obtain consent from all consumers necessary to ensure that, at a minimum, the Corporation has the right to use Personal Information collected, stored or processed in connection with a MasterPass-connected Digital Wallet for the following purposes:

  1. Create and manage an online account, provide Program related products and services, respond to consumer inquiries and provide customer service to respond to inquiries made by consumers;

2.      Validate payment card information;

3.      Provide, administer and communicate with consumers about Program related products, services and promotions, including the display of customized content, offers and advertising;

4.      Protect against and prevent fraud, unauthorized transactions, claims and other liabilities, and manage risk exposure and franchise quality;

5.      Operate, evaluate and improve the Program (including by developing new product features and services; managing communications; determining the effectiveness of advertising; analyzing Program related products, services and websites; facilitating the functionality of our websites; and performing accounting, auditing, billing, reconciliation and collection activities);

6.      Assist third parties, including but not limited to, a MasterPass-connected Merchant or a Service Provider, in the provision of products or services that are requested by a consumer;

7.      Perform data analyses (including anonymization of Personal Information) to determine, among other measurements, business performance, number of registrants, channels, transaction spend and site performance, and creation of analytical models;

8.      Enforce these MasterPass Operating Rules or the MasterPass Wallet Consumer Terms of Use;

9.      Comply with applicable legal requirements and industry standards and Corporation policies;

10.  Perform auditing, research and analysis in order to maintain, protect and improve our services; and

11.  For any additional use of Personal Information necessary to implement a Program feature incorporated by Wallet Distributor into its MasterPass-connected Digital Wallet.

4.15 MasterPass-connected Digital Wallet Registered Partners

4.15.1 Additional Registered Partner Obligations

A Registered Partner must:

1.      Provide accurate information to the Corporation regarding the MasterPass-connected Digital Wallet(s) that it has distributed;

2.      Provide and maintain at its cost any necessary items required for its own access, or on behalf of a Customer, to the MasterPass API;

3.      Not use the MasterPass Network, and not facilitate any Customer’s use of the MasterPass Network, in any manner that adversely affects the MasterPass Network or that in any manner could damage, disable, overburden, threaten the security of or impair any of Corporation's proprietary technology (including, without limitation, servers or networks); and

4.      Comply and will continue to comply with the Standards and all applicable laws and regulations in connection with providing Program related services to Customers, and ensure each Customer complies and will continue to comply with all Standards and applicable laws and regulations in connection with its access and use of the MasterPass Network.

4.15.2 Updates

The Corporation may make modifications, updates or upgrades to the MasterPass Network, Program, or related Specifications.  In such event, the Registered Partner or its Service Provider(s) will test and, if necessary, promptly modify their MasterPass-connected Digital Wallet, at their own expense, to ensure that it continues to operate properly with the then-current version of the API Wallet Specifications and the Program. 

4.15.3 PCI Compliance

Registered Partners agree that at all times they will be compliant with the Payment Card Industry Data Security Rules (PCI DSS) and the Payment Application Data Security Rules (PA DSS), as applicable.  Registered Partners agree to promptly provide the Corporation with documentation evidencing compliance with PCI DSS and/or PA DSS if requested by the Corporation. This compliance must be determined by a Qualified Security Assessor (QSA). Registered Partners also agree to use only PCI compliant Service Providers in connection with the storage, or transmission of Card Data

4.15.4 Indemnfication

The Registered Partner will indemnify and hold harmless MasterCard and its Affiliates (and its and their respective employees, directors, officers, shareholders, agents and representatives) from and against any and all claims, costs, losses, damages, judgments, tax assessments, penalties, interest, and expenses (including without limitation reasonable attorneys' fees) arising out of any claim, action, audit, investigation, inquiry, or other proceeding instituted by a person or entity that arises out of or relates to: (a) any actual or alleged breach of a Registered Partner’s obligations set forth in these MasterPass Operating Rules, including without limitation any violation of the MasterCard Rules; (b) a Registered Partner’s use of the services; (c) the actions of any person (developer and/or administrator) or entity (including any Service Provider) the Registered Partner authorizes to deliver the services to them or on their behalf, or integrate with or access the services on their behalf; and (d) any Transaction initiated by a Merchant or by a Service Provider on behalf of a Merchant using payment information provided by the Registered Partner.   

4.15.5 Disclaimer

THE MASTERPASS PROGRAM AND MATERPASS MATERIALS ARE PROVIDED ON AN “AS IS” BASIS WITHOUT ANY WARRANTY WHATSOEVER. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, THE CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, REGARDING THE MASTERPASS MATERIALS, THE PROGRAM OR ANY ANCILLARY SERVICE INCLUDING WITHOUT LIMITATION: (A) ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, OR NON-INFRINGEMENT; (B) THAT THE MASTERPASS MATERIALS, THE PROGRAM, OR ANY APPLICATION WILL MEET THE REGISTERED PARTNER’S REQUIREMENTS, WILL ALWAYS BE AVAILABLE, ACCESSIBLE, UNINTERRUPTED, TIMELY, SECURE, FREE OF BUGS, VIRUSES, OPERATE WITHOUT ERROR OR OTHER DEFECTS, OR WILL CONTAIN ANY PARTICULAR FEATURES OR FUNCTIONALITY; OR (C) ANY IMPLIED WARRANTY ARISING FROM COURSE OF DEALING OR TRADE USAGE.

4.15.6 Limitation of Liability

TO THE EXTENT PERMITTED BY APPLICABLE LAW, MASTERCARD AND ITS AFFILIATES (AND MASTERCARD’S AND ITS AFFILIATES’ RESPECTIVE EMPLOYEES, DIRECTORS, OFFICERS, SHAREHOLDERS, AGENTS AND REPRESENTATIVES) WILL NOT BE LIABLE TO ANY REGISTERED PARTNER THAT PARTICIPATES IN THE PROGRAM OR TO ANY THIRD PARTY FOR ANY INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN CONNECTION WITH THE PROGRAM (INCLUDING THE INABILITY TO USE THE PROGRAM), THE MASTERPASS MATERIALS, ANY ANCILLARY SERVICE, ANY SERVICES OR GOODS PURCHASED OR TRANSACTIONS ENTERED INTO THROUGH THE PROGRAM, OR ANY CONTENT PROVIDED BY THIRD PARTIES (INCLUDING, WITHOUT LIMITATION, MERCHANT MARKS OR MERCHANT CONTENT) DISPLAYED WITHIN OR IN CONNECTION WITH THE PROGRAM. TO THE EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL AGGREGATE LIABILITY OF MASTERCARD OR ITS AFFILIATES (AND MASTERCARD’S AND ITS AFFILIATES’ RESPECTIVE EMPLOYEES, DIRECTORS, AGENTS AND REPRESENTATIVES) ARISING OUT OF OR IN CONNECTION WITH THE PROGRAM OR THE TRANSACTIONS CONTEMPLATED HEREBY, TO ANY REGISTERED PARTNER THAT PARTICIPATES IN THE PROGRAM OR TO ANY THIRD PARTY, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE, PRODUCT LIABILITY OR OTHER THEORY) OR OTHERWISE, EXCEED TWENTY-FIVE THOUSAND ($25,000) DOLLARS.


 

SECTION 5 – Merchant Rules

5.1 Merchant Rules

A MasterPass-connected Merchant and its Service Provider(s) must agree to comply with the Standards, including but not limited to these MasterPass Operating Rules, prior to displaying the MasterPass Checkout Button.

5.2 Merchant Obligations

Each MasterPass-connected Merchant must:

1.      notify its Acquirer in writing of its use of any Service Provider(s) in connection with its participation in the Program.  

2.      submit to its Acquirer any Wallet Identification Number (“WID”), as supplied by the Corporation.  

3.      be eligible to register and participate in the Program and have the right, power, and ability to comply with these MasterPass Operating Rules.

4.      provide to the Corporation, either directly or through its Service Provider, the name or business name under which it sell goods and services;

5.      ensure that it and all payment transactions initiated by it will comply with all laws, rules, and regulations applicable to its business, including any applicable tax laws and regulations;

6.      accurately describe, in a privacy notice available on its website or other e-commerce applications, its use of personal information received in connection with its participation in the Program in its privacy policy;  

7.      provide all necessary notices to and obtain all necessary consents from consumers as required by law to transfer Personal Information to the Corporation for its use in connection with  the Program pursuant to these MasterPass Operating Rules;

8.      not facilitate transactions that are prohibited by the Corporation’s Acceptable Use Policy (see Rule 5.6.1 for additional information);

9.      not use participation in the Program, directly or indirectly, for any fraudulent undertaking;

10.  have or obtain all rights, consents, licenses, permissions and releases, including all intellectual property rights, necessary to provide or make available the Merchant Content for MasterCard’s use in connection with the Program;

11.  provide and make available to the Corporation only true, accurate and complete information (including, without limitation, description and images) of and regarding any product or service available for purchase from Merchant in connection with the Program, and update such information as necessary such that it remains true, accurate and complete;

12.  only use third-party developer and/or administrator Personal Information provided by the Corporation for purposes of participating in the Program as contemplated in these MasterPass Operating Rules; and

13.  not, by performing its obligations hereunder, violate any other agreement to which it is a party. 

5.3 Use of the Marks

Any use of the MasterPass Marks by a MasterPass-connected Merchant, including in acceptance advertising, acceptance decals, or signs, must be in accordance with the Standards, including but not limited to the MasterPass Branding Requirements, which are incorporated into these MasterPass Operating Rules by reference.

A MasterPass-connected Merchant’s use or display of the MasterPass Marks will terminate effective with the termination of the Merchant’s participation in the Program.

The use or display of the any MasterPass Marks does not give a MasterPass-connected Merchant any ownership or interest in the MasterPass Marks.

5.3.1 Grant of License

During the term of the MasterPass-connected Merchant’s participation in the Program, the Corporation grants, and by its use of the MasterPass Checkout Button the MasterPass-connected Merchant accepts, a non-exclusive, non-transferable, non-sublicensable, royalty-free, revocable, worldwide license to use the MasterPass Checkout Button and MasterPass Marks (including “MasterPass,” “MasterPass Online,” “Buy with MasterPass,” “MasterPass Wallet,” “MasterPass Checkout Services,” “MasterPass Checkout Button,” “MasterPass Network,” “MasterPass API,” and other related designs, graphics, logos, page headers, button icons, scripts, and service names as may be designated by the Corporation from time to time), solely (a) to identify that MasterPass is available as a checkout method on its website or other e-commerce application,  and (b) in accordance with the Corporation’s most up-to-date MasterPass Branding Requirements and such other documentation as the Corporation may provide from time to time. The license shall remain in effect until the MasterPass-connected Merchant’s participation in the MasterPass Program is terminated in accordance with the Standards and these MasterPass Operating Rules.  The MasterPass-connected Merchant shall promptly cease use of the MasterPass Marks and MasterPass Checkout Button if its participation in the Program has been suspended or terminated.   

5.3.2 Merchant Must Display the MasterPass Checkout Button

A MasterPass-connected Merchant must prominently display the MasterPass Checkout Button in accordance with the Standards, including but not limited to the MasterPass Branding Requirements, wherever payment options are presented to indicate that MasterPass is a checkout option.

5.3.3 Merchant Advertising

A MasterPass-connected Merchant may use the MasterPass Marks in advertising material and/or to indicate participation. 

Other marks, symbols, logos, or combination thereof may appear in the same material or image with the MasterPass Marks, if no other mark, symbol, or logo is more prominent or likely to cause confusion concerning the Merchant’s participation in the Program.

In marketing or referencing MasterPass, the MasterPass-connected Merchant or its Service Providers will portray the Program accurately and fairly and not make any representations, warranties or guaranties inconsistent with any information provided by the Corporation. Except as expressly provided in the MasterPass Branding Requirements or approved by the Corporation in writing, a MasterPass-connected Merchant or its Service Providers may not use any of the MasterPass Marks in an offline promotion or other offline materials (e.g., in printed material, mailings or documentation) that they intend to distribute.  The MasterPass-connected Merchant and its Service Providers shall not use the MasterPass Marks in connection with any product or service that is not related to the MasterPass Program, in any manner that is likely to cause confusion among consumers or in any manner that disparages or discredits the Corporation.  All other trademarks not owned by the Corporation that appear in connection with the Program are the property of their respective owners, which may or may not be affiliated with, connected to, or sponsored by the Corporation. 

5.4 Merchant Marks, Product Descriptions and Images

The Corporation  may use the Merchant Marks and the Merchant Content (i) as necessary to provide Program-related services in accordance with the MasterPass Materials and the Standards (including without limitation on co-branded web pages used to initiate and/or process orders), and (ii) to identify the MasterPass-connected Merchant as participating in the Program in databases, press releases, descriptions of the MasterPass  Network and/or the Program and related promotional or marketing materials.  Wallet Distributors may use the Merchant Marks and Merchant Content (i) as necessary to provide Program-related services in accordance with the Specifications and the Standards (including without limitation on co-branded web pages used to initiate and/or process orders), and (ii) to identify the MasterPass-connected Merchant as participating in the Program on websites or in descriptions of the MasterPass  Network, the MasterPass Program, and/or a MasterPass-connected Digital Wallet.

5.5 MasterPass-connected Digital Wallet Acceptance Requirements

5.5.1 Non-Discrimination

MasterPass-connected Merchants must accept valid consumer payment information properly presented from any MasterPass-connected Digital Wallet.  A MasterPass-connected Merchant must maintain a policy that does not discriminate against a consumer using one MasterPass-connected Digital Wallet over another.

5.5.2 Specifications

A MasterPass-connected Merchant and its Service Providers must comply with the Merchant Specifications. The Corporation reserves the right to update or modify these Merchant Specifications at any time.  Prior to a MasterPass-connected Merchant or its Service Providers making a website or other e-commerce application generally available for use with the Program, it must test each to ensure that it operates properly with the Merchant Specifications. A MasterPass-connected Merchant or its Service Providers must correct any material errors, defects or other non-compliance of which they become aware, including from review and test results provided by the Corporation.

5.5.2.1 Updates

The Corporation may make modifications, updates or upgrades to the MasterPass Network, Program, or related Specifications.  In such event, a MasterPass-connected Merchant or its Service Provider will test and, if necessary, promptly modify its integration and/or any MasterPass-connected websites or other e-commerce applications, at its own expense, to ensure that they continue to operate properly with the then-current version of the Specifications and the Program.

5.5.3 CVV2/CVC2/CID Requirements

A MasterPass-connected Merchant must not require a consumer to enter CVV2/CVC2/CID in connection with a Transaction intiated via a MasterPass-connected Digital Wallet without the express written consent of the Corporation except where such collection is specifically required by the MasterCard Rules or other networks’ rules.  A MasterPass-connected Merchant must not store CVV2/CVC2/CID at any time.

5.5.4 Implementing Checkout Postback

A MasterPass-connected Merchant shall implement checkout postback expressly as described in the MasterPass Merchant Integration Guide without modification and shall apply it to every Transaction and transactions with other payment networks conducted via a MasterPass-connected Digital Wallet.

A MasterPass-connected Merchant must communicate the result (success or failure) of the transaction conducted via a MasterPass-connected Digital Wallet per the most current MasterPass Merchant Integration Guide. Abandoned transactions do not need to be reported.

5.5.5 Merchant Customer Service

A MasterPass-connected Merchant is solely responsible for all customer service relating to its website and other e-commerce application used in connection with the promotion or sale of goods or services; its business; the goods or services (including but not limited to pricing, rebates, item information, availability, technical support, functionality and warranty) offered; order fulfillment (including but not limited to shipping and handling); payment for goods or services; order cancellation by the MasterPass-connected Merchant or a consumer; returns, refunds and adjustments; and feedback concerning experiences with the MasterPass-connected Merchant’s or its Service Provider(s)’ personnel, policies or processes.  In performing customer service, a MasterPass-connected Merchant and its Service Providers will always present themselves as a separate entity from the Corporation.

5.6 MasterPass Prohibited Practices

5.6.1 Merchant Acceptable Use Requirements

MasterPass-connected Merchants are prohibited from engaging in the sale of the following items and activities because they are illegal, inappropriate, or often connected with a high measure of fraud.

Failure to comply adversely affects the MasterPass Mark and all of the Corporation’s Customers and undermines the integrity of the MasterPass Network. The Corporation reserves the right to take any corrective action that it deems appropriate, including suspending or restricting the MasterPass-connected Merchant’s participation in the Program, requiring the removal of the MasterPass Checkout Button, or any other corrective action, including but not limited to the imposition of financial assessments on the Acquirer.

The following activities and items are prohibited:

Illegal Activities

·         The sale of any good or service that violates any applicable law or regulation. 

Certain Adult-Oriented Products and Services

·         Child pornography (in all media types such as Internet, phone, and printed materials).

·         Any depiction of forcible sex or bestiality is prohibited.

Illegal Drugs

·         The sale of illegal pharmaceuticals, illegal drugs and/or drug paraphernalia.

Counterfeit Goods

·         The sale or marketing of any counterfeit good.

Gambling Businesses

·         Illegal online gambling, lotteries (including sale of lottery tickets), games of chance (including sweepstakes and raffles), sports forecasting, or odds-making.

Money Making ("Get Rich") Businesses

·         Including information guides, warranty fees, mortgage reduction services, and any product or service where a prize is guaranteed, marketing media is unavailable, premiums/incentives are offered, promises of future guaranteed results are made, or any rebate or reward program.

Tobacco Products

·         Any activity violating applicable laws or industry regulations regarding the sale of tobacco products.

Illegal Products

·         The sale of synthetic stimulants which are products that contain plant substance laced with synthetic cannabinoids. The street names for the synthetic stimulants in which these substances may be found including but not limited to Bath Salts, K2, Spice, Genie and Kronic

·         The sale of fake IDs and other government documents

5.6.2 Minimum/Maximum Transaction Amount Prohibited

Except as expressly permitted by law, a MasterPass-connected Merchant must not require, or indicate that it requires, a minimum or maximum transaction amount to accept transaction information from a MasterPass-connected Digital Wallet.

5.6.3 Transaction Processing without Confirmation Prohibited

A MasterPass-connected Merchant must not treat a consumer’s request to use payment information stored in his or her MasterPass-connected Digital Wallet as confirmation to finalize a checkout. 

A MasterPass-connected Merchant must provide consumers an opportunity to review their purchase after being returned to the Merchant from the MasterPass-connected Digital Wallet.  No authorization requests should be submitted without consumer confirmation of the transaction.

5.7 Merchant Not to Charge Fees

A MasterPass-connected Merchant may not charge any fees to a consumer for his/her use of the MasterPass Network, whether on a per transaction or other basis. Notwithstanding the foregoing, a MasterPass-connected Merchant is free to charge any fees for the underlying purchase transaction to the extent permitted by the payment network/brand associated with the purchase transaction.

5.8 Existing Network Requirements

Participation in the Program in no way relieves a MasterPass-connected Merchant or its Service Providers from its or their obligations under applicable payment networks’ rules with regard to transaction processing.

5.9 Data Usage

5.9.1 Merchant Use

Unless a MasterPass-connected Merchant or its Service Provider provides notice and receives the consent of the consumer if and to the extent required by applicable law, it may not retain, track, monitor, store or otherwise use Personal Information regarding the consumer for any purpose other than to process the payment transaction facilitated by its participation in the Program. Absent notice and/or consent of the consumer and to the extent that Personal Information resides on a MasterPass-connected Merchant’s or its Service Provider’s systems or other storage locations: (a) Merchant may use the Personal Information only for the purpose of processing the related transaction; and (b) all Personal Information and other information provided to a MasterPass-connected Merchant or its Service Providers by the Corporation in relationship to participation in the Program will remain the property of the Corporation. 

If a MasterPass-connected Merchant engages a third-party developer and/or administrator in implementing and/or managing its participation in the Program and such third-party obtains from the Corporation any Personal Information, the third-party may not use any such Personal Information other than for the purpose of implementing and/or managing the MasterPass-connected Merchant’s participation in the Program. The third-party must destroy or otherwise cease to retain any Personal Information as soon as it is no longer necessary to fulfill the purpose for which it was received.  The MasterPass-connected Merchant shall ensure that its employees, agents and sub-contractors who may receive or have access to Personal Information are aware of the obligations specified under these MasterPass Operating Rules, and agree to comply with such obligations.

5.9.2 Use by the Corporation

The Corporation shall have the right to use and disclose Personal Information it receives from a MasterPass-connected Merchant or its Service Provider for the following purposes:

1.      Create and manage an online account, provide Program related products and services, respond to consumer inquiries and provide customer service to respond to inquiries made by consumers;

2.      Protect against and prevent fraud, unauthorized transactions, claims and other liabilities, and manage risk exposure and franchise quality;

3.      Operate, evaluate and improve the Program (including by developing new product features and services; managing communications; determining the effectiveness of advertising; analyzing Program related products, services and websites; facilitating the functionality of our websites; and performing accounting, auditing, billing, reconciliation and collection activities);

4.      Assist a Customer or its Registered Partner in the provision of products, services or Program features incorporated into its MasterPass-connected Digital Wallet;

5.      Perform data analyses (including anonymization of Personal Information) to determine, among other measurements, business performance, number of registrants, channels, transaction spend and site performance, and creation of analytical models;

6.      Enforce these MasterPass Operating Rules or the MasterPass Wallet Consumer Terms of Use;

7.      Comply with applicable legal requirements and industry standards and Corporation policies; and

8.      Perform auditing, research and analysis in order to maintain, protect and improve our services.

5.10 Indemnification.

The Merchant will indemnify and hold harmless MasterCard and its Affiliates (and its and their respective employees, directors, officers, shareholders, agents and representatives) from and against any and all claims, costs, losses, damages, judgments, tax assessments, penalties, interest, and expenses (including without limitation reasonable attorneys' fees) arising out of any claim, action, audit, investigation, inquiry, or other proceeding instituted by a person or entity that arises out of or relates to: (a) any actual or alleged breach of the Merchant’s obligations set forth in these MasterPass Operating Rules, including without limitation any violation of MasterCard’s policies; (b) wrongful or improper use of the Program; (c) the actions of any person (including any developer and/or administrator) or entity authorized by the Merchant to integrate with or access the Program on the Merchant’s behalf; (d) any actual or alleged infringement, violation, or misappropriation of any intellectual property right, proprietary right or privacy right based upon any of the Merchant Marks, Merchant Content and/or equipment, processes, and other resources used by Merchant or others on its behalf in connection with the Program; (e) any dispute with a consumer relating to any product or service made available for purchase by Merchant in connection with the Program; (f) any personal injury, product liability or property damage related to any product or service made available for purchase by Merchant in connection with the Program; and (g) any payment card transaction initiated by the Merchant using payment information provided by the Program.

5.11 Disclaimer

THE MASTERPASS PROGRAM AND MATERPASS MATERIALS ARE PROVIDED ON AN “AS IS” BASIS WITHOUT ANY WARRANTY WHATSOEVER. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, THE CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, REGARDING THE MASTERPASS MATERIALS, THE PROGRAM OR ANY ANCILLARY SERVICE INCLUDING WITHOUT LIMITATION: (A) ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, OR NON-INFRINGEMENT; (B) THAT THE MASTERPASS MATERIALS, THE PROGRAM, OR ANY APPLICATION WILL MEET MERCHANT’S REQUIREMENTS, WILL ALWAYS BE AVAILABLE, ACCESSIBLE, UNINTERRUPTED, TIMELY, SECURE, FREE OF BUGS, VIRUSES, OPERATE WITHOUT ERROR OR OTHER DEFECTS, OR WILL CONTAIN ANY PARTICULAR FEATURES OR FUNCTIONALITY; OR (C) ANY IMPLIED WARRANTY ARISING FROM COURSE OF DEALING OR TRADE USAGE.

5.12 Limitation of Liability

TO THE EXTENT PERMITTED BY APPLICABLE LAW, MASTERCARD AND ITS AFFILIATES (AND MASTERCARD’S AND ITS AFFILIATES’ RESPECTIVE EMPLOYEES, DIRECTORS, OFFICERS, SHAREHOLDERS, AGENTS AND REPRESENTATIVES) WILL NOT BE LIABLE TO ANY MASTERPASS-CONNECTED MERCHANT THAT PARTICIPATES IN THE PROGRAM OR TO ANY THIRD PARTY FOR ANY INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN CONNECTION WITH THE PROGRAM (INCLUDING THE INABILITY TO USE THE PROGRAM), THE MASTERPASS MATERIALS, ANY ANCILLARY SERVICE, OR ANY SERVICES OR GOODS PURCHASED OR TRANSACTIONS ENTERED INTO THROUGH THE PROGRAM. TO THE EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL AGGREGATE LIABILITY OF MASTERCARD OR ITS AFFILIATES (AND MASTERCARD’S AND ITS AFFILIATES’ RESPECTIVE EMPLOYEES, DIRECTORS, AGENTS AND REPRESENTATIVES) ARISING OUT OF OR IN CONNECTION WITH THE PROGRAM OR THE TRANSACTIONS CONTEMPLATED HEREBY, TO ANY MASTERPASS-CONNECTED MERCHANT THAT PARTICIPATES IN THE PROGRAM OR TO ANY THIRD PARTY, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE, PRODUCT LIABILITY OR OTHER THEORY) OR OTHERWISE, EXCEED ONE THOUSAND ($1,000) DOLLARS.


 

SECTION 6 – Service Provider Rules

6.1   Service Providers Must be Registered

Before an entity performs services on behalf of a Customer or Alternative Entity in support of its participation in the Program, the Custome or Alternative Entity must ensure that the entity is registered with the Corporation as a Service Provider.

A Service Provider may perform only the type of Program Service that it is registered to perform. A corporate affiliate of a Customer or Alternative Entity that is owned and controlled by the Customer or Alternative Entity or by the Customer’s or Alternative Entity’s ultimate parent and that performs Program Service exclusively for the Customer or Alternative Entity and not for any other Customer or Alternative Entity is not deemed to be a Service Provider.

The Customer or Alternative Entity must ensure that any entity performing services that directly or indirectly supports or otherwise benefits the Customer’s or Alternative Entity’s MasterPass-connected Digital Wallet or a MasterPass-connected Merchant, whether or not such entity is registered by the Corporation as a Service Provider:

1.      Complies with all Standards applicable to services provided in relation to participation in the Program (including, by way of example and not limitation, data use and protection, confidentiality and privacy Standards) for so long as such entity performs such service. This Customer and Alternative Entity obligation arises and continues regardless of the nature of the service performed and whether the entity is performing service pursuant to an agreement or other arrangement with the Customer, Alternative Entity, a MasterPass-connected Merchant, a Service Provider of the Customer or Alternative Entity, or any other person.

2.      Promptly provides to the Corporation any information requested by the Corporation pertaining to the Program Service or the performance thereof.

6.1.2 MasterCard Service Provider Termination

A Service Provider that is terminated pursuant to the MasterCard Rules can no longer perform Program-related services.

6.2 Merchant Service Providers

Service Providers may, on behalf of one or more Acquirers, provide certain Program-related services to MasterPass-connected Merchants related to participating in the Program, including display or distribution of the MasterPass Checkout Button, subject to compliance with these MasterPass Operating Rules.  Program-related services performed by any entity, which services directly or indirectly support or otherwise benefit a Customer’s participation in the Program and regardless of whether such entity is or was registered with the Corporation as a Service Provider or whether the entity is itself a Customer, subjects the Customer to the indemnification and other obligations as set forth in the Standards, including without limitation these MasterPass Operating Rules.

6.2.1 Merchant Service Provider Eligibility

An entity may be eligible to provide services to a MasterPass-connected Merchant only if it is currently  registered with the Corporation as a Service Provider by an Acquirer on behalf of which it is providing services to a MasterPass-connected Merchant, via the Service Provider registration process, (see the MasterCard Rules for additional information). The entity must maintain its registration as a Service Provider in good standing with the Corporation while it is providing Program-related services. 

 

Additionally, any entity performing Program-related services must create a Service Provider account on the MasterPass Portal and must continue to update registration and account information promptly.  

6.2.2 Service Provider Agreement with MasterPass-connected Merchants

A Service Provider may only enable a merchant to participate in the Program and become a MasterPass-connected Merchant if (i) it has entered into an agreement with such merchant regarding the Program-related services, and (ii) it has been provided by each merchant with all necessary power and authority to enable Program-related services for such merchant.  In such agreement with each merchant, the Service Provider must obligate such merchant to be bound by these MasterPass Operating Rules, as applicable, and each MasterPass-connnected Merchant must agree to be so bound.  Such agreement must also include an indemnity substantially as set forth below, and such indemnity shall not be subject to any limitation of liability or other limitation or restriction.

“MasterPass-Connected Merchant will indemnify and hold harmless Service Provider and its service providers (and its and their respective employees, directors, officers, shareholders, agents and representatives, acknowledging that MasterCard is one such service provider) from and against any and all claims, costs, losses, damages, judgments, tax assessments, penalties, interest, and expenses (including without limitation reasonable attorneys' fees) arising out of any claim, action, audit, investigation, inquiry, or other proceeding instituted by a person or entity that arises out of or relates to: (a) any actual or alleged breach of a MasterPass-Connected Merchant’s obligations set forth in the MasterPass Operating Rules, including without limitation any violation of the MasterCard Rules; (b) a MasterPass-connected Merchant’s use of the services; (c) the actions of any person (including any developer and/or administrator) or entity the MasterPass-connected Merchant authorizes to integrate with or access the services on their behalf; and (d) any Transaction initiated by a MasterPass-connected Merchant using payment information provided to the Service Provider by the services.” 

A MasterPass-connected Merchant’s receipt of Program-related services from or through a Service Provider, including connection to the MasterPass Network and display of the MasterPass Checkout Button or other MasterPass Marks, regardless of whether receives such services pursuant to an agreement with the Service Provider, subjects the Service Provider and the Customer(s) by which such Service Provider is or should be registered with the Corporation to the indemnification and other obligations as set forth in the Standards, including without limitation these MasterPass Operating Rules.

6.2.3 Merchant Service Provider Obligations

A Service Provider that is, on behalf of one or more Acquirers, providing Program-related services to MasterPass-connected Merchants must:

 

1.      Provide accurate information to the Corporation regarding the MasterPass-connected Merchants that are implemented to display the MasterPass Checkout Button. 

2.      Provide and maintain at its cost any necessary items required for its own access, on behalf of MasterPass-connected Merchants,  to MasterPass;

3.      Not use the MasterPass Network, and shall ensure each MasterPass-connected Merchant does not to use the MasterPass Network, in any manner that adversely affects the MasterPass Network or that in any manner could damage, disable, overburden, threaten the security of or impair any of the Corporation's proprietary technology (including, without limitation, servers or networks); and

4.      Comply and will continue to comply with the Standards and all applicable laws and regulations in connection with providing Program-related services to MasterPass-connected Merchants, and ensure each MasterPass-connected Merchant complies and will continue to comply with all Standards and applicable laws and regulations in connection with its access and use of the MasterPass Network.

6.2.4 Updates

The Corporation may make modifications, updates or upgrades to the MasterPass Network, Program, or related  Specifications.  In such event, the Service Provider must test and, if necessary, promptly modify its integration and/or any MasterPass-connected websites or other e-commerce applications for which it is responsible, at its own expense, to ensure that each continues to operate properly with all required elements of the then-current version of the Specifications and the Program.  

6.2.5 Service Provider Account Inspections

The Corporation may inspect a Service Provider Account for any reason, at any time, including without limitation to investigate any third party complaint or any alleged violation of the Standards.

6.2.6 Implementing Checkout Postback

Without limiting any other requirement set forth these MasterPass Operating Rules, to the extent a Service Provider or a Merchant’s participation is necessary, the Service Provider shall, and shall ensure the Service Provider’s Merchants, implement “checkout post-back” expressly as described in the MasterPass Merchant Integration Guide and the MasterPass Service Provider Integration Guide without modification and ensure the result (success or failure) of the transaction is communicated via the Specifications.

6.2.7 Merchant Not to Charge Fees 

A Service Provider may not charge any fees, and must ensure that a MasterPass-connected Merchant does not charge any fees, to a consumer for his/her use of the MasterPass Network, whether on a per transaction or other basis.  Notwithstanding the foregoing, a MasterPass-connected Merchant is free to charge any fees for the underlying purchase transaction to the extent permitted by the payment network/brand associated with the purchase transaction.

6.2.8 PCI Compliance

Service Providers must at all times be, and must ensure that all MasterPass-connected Merchants for which they are performing Program-related services are (if applicable), compliant with the Payment Card Industry Data Security Rules (PCI DSS) and the Payment Application Data Security Rules (PA DSS), as applicable.  Service Providers must promptly provide the Corporation with documentation evidencing compliance with PCI DSS and/or PA DSS if requested by the Corporation. This compliance must be determined by a Qualified Security Assessor (QSA). Service Providers must  use only PCI compliant service providers in connection with the storage, or transmission of Card Data.  A Service Provider must not store CVV2 Data at any time.

6.2.9 Service Provider Termination

6.2.9.1 Service Provider Rights

A Service Provider may terminate its participation in the Program by closing its Service Provider Account at any time. 

6.2.9.2 Suspension or Termination by the Corporation

The Corporation may terminate a Service Provider’s participation in the Program and close its Service Provider Account at any time for any reason or for no reason, in its sole discretion, without any prior notice to the Service Provider. Without limiting the foregoing, the Corporation may suspend the participation of  Service Provider and access to its Service Provider Account if in its sole discretion (a) the Service Provider has violated the terms of these MasterPass Operating Rules (including any Standards), (b) the Service Provider or any Merchant poses an unacceptable fraud risk to the Corporation, or (c) the Service Provider provides false, incomplete, inaccurate, or misleading information (including, without limitation, any registration information) or otherwise engage in fraudulent or illegal conduct.  In addition, the Corporation may suspend and/or terminate Service Provider’s right to provide the Services to a Merchant at any time for any reason or no reason, in its sole discretion, subject to the Corporation providing notice to a Service Provider of such suspension.  The Service Provider must, upon receipt of such notice, immediately terminate the Services to and for each such Merchant listed in such notice.

6.2.9.3 Effect of Termination 

Upon termination of a Service Provider’s participation in the Program, the Corporation will cease providing any access to the MasterPass Network to the Service Provider and all Merchants who receive the access to the MasterPass Network through the Service Provider, and the Service Provider and each Merchant’s rights to access, use and/or participate in the Program (and any other rights) shall immediately cease.  Without limiting Section 5.5 hereof, MasterCard will not be liable to the Service Provider or any Merchant for any termination or suspension of access to the MasterPass Network, whether upon termination of the Service Provider’s participation the Program or termination with respect to a particular Merchant, including without limitation for compensation, reimbursement, or damages on account of the loss of prospective profits, anticipated sales, goodwill, or on account of expenditures, investments, or commitments in connection with the Service Provider or a Merchant’s use of the MasterPass Network. 

6.2.10 Service Provider Obligations

A Service Provider  must:

1.      be eligible to register and use and access the Services and have the right, power, and ability to enter into and perform under these MasterPass Operating Rules;

2.      provide to the Corporation the name or business name under which it sell goods and services;

3.      ensure that all Transactions initiated by a Merchant, or the Service Provider on a Merchant’s behalf, will comply with all applicable laws, including all United States federal, state, and local laws, rules, and regulations applicable to the Service Provider’s business, including any applicable tax laws and regulations, in connection with the Services;

4.      not, and ensure that Merchants do not, use the Services, directly or indirectly, for any fraudulent undertaking or in any manner so as to interfere with the use of the Services;

5.      only use third-party developer and/or administrator Personal Information provided by MasterCard for purposes of integrating the Services as contemplated in these MasterPass Operating Rules;

6.      in the event Service Provider has access to any Personal Information in connection with its provision of the Services, only use such Personal Information to provide the Services and for no other purposes,  and

a.       not, by performing its obligations hereunder, violate any other agreement to which it is a party.

6.2.11 Indemnification

The Service Provider will indemnify and hold harmless MasterCard and its Affiliates (and its and their respective employees, directors, officers, shareholders, agents and representatives) from and against any and all claims, costs, losses, damages, judgments, tax assessments, penalties, interest, and expenses (including without limitation reasonable attorneys' fees) arising out of any claim, action, audit, investigation, inquiry, or other proceeding instituted by a person or entity that arises out of or relates to: (a) any actual or alleged breach of a Service Provider’s obligations set forth in these MasterPass Operating Rules, including without limitation any violation of the MasterCard Rules; (b) a Service Provider’s use of the services and/or a Merchant’s use of the services; (c) the actions of any person (including any developer and/or administrator) or entity the Service Provider authorizes to integrate with or access the services on their behalf; and (d) any Transaction initiated by a Service Provider on behalf of a Merchant using payment information provided by the services. 

6.3 Data Usage

A Service Provider may only retain, track, monitor, store or otherwise use Personal Information in accordance with its provision of Services to a Merchant,  or to a Wallet Distributor, and in compliance with these MasterPass Operating Rules (including, for the avoidance of doubt, in accordance with applicable law, all applicable privacy policies including those of a Merchant and/or Issuer (as defined in the Rules), as applicable, respecting such Personal Information, and the MasterCard Rules and/or other networks’ rules, as applicable).  A Service Provider agrees that it will not use nor disclose Personal Information, or provide it to any party (other than MasterCard in accordance with the terms hereof) for any purpose other than to support its provision of Services to a Merchant or Wallet Distributor in accordance with the terms hereof.  If a Service Provider engages a third-party developer and/or administrator in performing Program-related services, including implementing and/or managing the MasterPass Checkout Button on a Merchant website or other Service Provider applications, and, in connection therewith, obtains from MasterCard any Personal Information regarding such developer and/or administrator, unless the Service Provider receives consent from such developer and/or administrator and provides any notices required in connection with the use thereof, a Service Provider may not use any such Personal Information other than for the purpose for which it was received.

6.4 Limitation of Liability

TO THE EXTENT PERMITTED BY APPLICABLE LAW, MASTERCARD AND ITS AFFILIATES (AND MASTERCARD’S AND ITS AFFILIATES’ RESPECTIVE EMPLOYEES, DIRECTORS, OFFICERS, SHAREHOLDERS, AGENTS AND REPRESENTATIVES) WILL NOT BE LIABLE TO A SERVICE PROVIDER OR ANY THIRD PARTY, INCLUDING ANY MERCHANT, FOR ANY INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN CONNECTION WITH THESE MASTERPASS OPERATING RULES, THE MASTERPASS MATERIALS, THE PROGRAM (INCLUDING THE INABILITY TO USE THE PROGRAM), ANY APPLICATION, MERCHANT MARKS OR MERCHANT CONTENT, OR ANY SERVICES OR GOODS PURCHASED OR TRANSACTIONS ENTERED INTO OR INITIATEDTHROUGH OR BY THE PROGRAM. TO THE EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL THE AGGREGATE LIABILITY OF MASTERCARD OR ITS AFFILIATES (AND MASTERCARD AND ITS AFFILIATES’ RESPECTIVE EMPLOYEES, DIRECTORS, AGENTS AND REPRESENTATIVES) ARISING OUT OF OR IN CONNECTION WITH THESE MASTERPASS OPERATING RULES OR THE TRANSACTIONS CONTEMPLATED HEREBY, WHETHER TO A SERVICE PROVIDER OR TO ANY THIRD PARTY, INCLUDING ANY MERCHANT OR WALLET DISTRIBUTOR, AND WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE, PRODUCT LIABILITY OR OTHER THEORY) OR OTHERWISE EXCEED TWENTY-FIVE THOUSAND ($25,000) DOLLARS IN THE AGGREGATE.   


 

SECTION 7 – Europe Regional Rules

 

Organization of this Section

 

The Rules in this Section [7] are variances and additions to the “global” MasterPass Rules that apply to the Europe Region.

 

Refer to Appendix A of the MasterCard Rules for the A.3 Europe Region geographic listing.

SECTION A

2.4 Indemnification

The following additional provision shall apply in relation to the Europe Region:

IN NO EVENT WILL THE CORPORATION BE LIABLE FOR LOSS OF BUSINESS OR PROFITS OR ANY INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES, (INCLUDING DAMAGES FOR LOSS OF BUSINESS OR PROFITS), OR ANY OTHER COST OR EXPENSE INCURRED BY A CUSTOMER OR ANY THIRD PARTY ARISING FROM OR RELATED TO USE OR RECEIPT OF THE SYSTEMS, WHETHER IN AN ACTION IN CONTRACT OR IN TORT, AND EVEN IF THE WALLET DISTRIBUTOROR ANY THIRD PARTY HAS BEEN ADVISED OF THE POSSIBILITYOF SUCH DAMAGES. EACH WALLET DISTRIBUTORASSUMES THE ENTIRE RISK OF USE OR RECEIPT OF THE SYSTEMS.

 

NOTHING IN THESE MASTERPASS OPERATING RULES EXCLUDES OR LIMITS MASTERCARD'S LIABILITY (I) FOR DEATH OR PERSONAL INJURY CAUSED BY ITS NEGLIGENCE, (II) FOR FRAUD OR FRAUDULENT MISREPRESENTATION, OR (III) FOR ANY MATTER WHICH IT WOULD BE ILLEGAL FOR MASTERCARD TO EXCLUDE OR ATTEMPT TO EXCLUDE ITS LIABILITY.

3.4 Choice of Laws

Rule 3.4. of Section 3 of the MasterPass Operating Rules is replaced in its entirety by the following in the Europe Region.

Governing law and Venue.  The MasterPass Operating Rules (including any non-contractual obligations or liabilities arising out of them or in connection with them) are governed by and are to be construed in accordance with English law. Each party irrevocably agrees that: (i) the English courts have exclusive jurisdiction to hear and determine any proceedings and to settle any disputes and each party irrevocably submits to the exclusive jurisdiction of the English courts;  (ii) any proceedings must be taken in the English courts; (iii) any judgment in proceedings taken in the English courts shall be conclusive and binding on it and may be enforced in any other jurisdiction. Each party also irrevocably waives (and irrevocably agrees not to raise) any objection which it might at any time have on the ground of forum non conveniens or on any other ground to proceedings being taken in the English courts. This jurisdiction agreement is not concluded for the benefit of only one party.

 

Contracts (Rights Of Third Parties) Act. A person who is not a party to these MasterPass Operating Rules has no right under the Contracts (Rights of Third Parties) Act 1999 to enforce any provision of these MasterPass Operating Rules.  This does not affect any right or remedy of a third party which exists or is available apart from the Contracts (Rights of Third Parties) Act 1999.

3.6.2 Use of Corporation Information

Rule 4.6.2 of Section 3 of the MasterPass Operating Rules is replaced in its entirety by the following in the Europe Region:

Except in the case of MasterCard’s willful misconduct or gross negligence (a)  the Corporation is not responsible and disclaims any responsibility for the accuracy, completeness, or timeliness of any information disclosed by the Corporation to aWallet Distributor, a MasterPass-connected Merchant or a Service Provider and (b)  The Corporation makes no warranty, express or implied, including, but not limited to, any warranty of merchantability or fitness for any particular purpose with respect to any information disclosed by or on behalf of the Corporation to anyWallet Distributor, a MasterPass-connected Merchant or a Service Provider.

4.15.6 Limitation of Liability

Rule 4.15.6 of Section 4 of the MasterPass Operating Rules is replaced in its entirety by the following in the Europe Region:

TO THE EXTENT PERMITTED BY APPLICABLE LAW, MASTERCARD AND ITS AFFILIATES (AND MASTERCARD’S AND ITS AFFILIATES’ RESPECTIVE EMPLOYEES, DIRECTORS, OFFICERS, SHAREHOLDERS, AGENTS AND REPRESENTATIVES) WILL NOT BE LIABLE TO ANY REGISTERED PARTNER THAT PARTICIPATES IN THE PROGRAM OR TO ANY THIRD PARTY FOR ANY LOSS OF BUSINESS OR PROFITS O  ANY INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN CONNECTION WITH THE PROGRAM (INCLUDING THE INABILITY TO USE THE PROGRAM), THE MASTERPASS MATERIALS, ANY ANCILLARY SERVICE, OR ANY SERVICES OR GOODS PURCHASED OR TRANSACTIONS ENTERED INTO THROUGH THE PROGRAM. TO THE EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL AGGREGATE LIABILITY OF MASTERCARD OR ITS AFFILIATES (AND MASTERCARD’S AND ITS AFFILIATES’ RESPECTIVE EMPLOYEES, DIRECTORS, AGENTS AND REPRESENTATIVES) ARISING OUT OF OR IN CONNECTION WITH THE PROGRAM OR THE TRANSACTIONS CONTEMPLATED HEREBY, TO ANY REGISTERED PARTNER THAT PARTICIPATES IN THE PROGRAM OR TO ANY THIRD PARTY, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE, PRODUCT LIABILITY OR OTHER THEORY) OR OTHERWISE, EXCEED TWENTY-FIVE THOUSAND ($25,000) DOLLARS.

 

NOTHING IN THESE MASTERPASS OPERATING RULES EXCLUDES OR LIMITS MASTERCARD'S LIABILITY (I) FOR DEATH OR PERSONAL INJURY CAUSED BY ITS NEGLIGENCE, (II) FOR FRAUD OR FRAUDULENT MISREPRESENTATION, OR (III) FOR ANY MATTER WHICH IT WOULD BE ILLEGAL FOR MASTERCARD TO EXCLUDE OR ATTEMPT TO EXCLUDE ITS LIABILITY.

5.12 Limitation of Liability

Rule 5.12 of Chapter 5 of the MasterPass Operating Rules is replaced in its entirety by the following in the Europe Region:

TO THE EXTENT PERMITTED BY APPLICABLE LAW, MASTERCARD AND ITS

AFFILIATES (AND MASTERCARD’S AND ITS AFFILIATES’ RESPECTIVE EMPLOYEES, DIRECTORS, OFFICERS, SHAREHOLDERS, AGENTS AND REPRESENTATIVES) WILL NOT BE LIABLE TO ANY MASTERPASS-CONNECTED MERCHANT THAT PARTICIPATES IN THE PROGRAM OR TO ANY THIRD PARTY FOR ANY LOSS OF BUSINESS OR PROFITS OR ANY INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN CONNECTION WITH THE PROGRAM (INCLUDING THE INABILITY TO USE THE PROGRAM), THE MASTERPASS MATERIALS, ANY ANCILLARY SERVICE, OR ANY SERVICES OR GOODS PURCHASED OR TRANSACTIONS ENTERED INTO THROUGH THE PROGRAM. TO THE EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL AGGREGATE LIABILITY OF MASTERCARD OR ITS AFFILIATES (AND MASTERCARD’S AND ITS AFFILIATES’ RESPECTIVE EMPLOYEES, DIRECTORS, AGENTS AND REPRESENTATIVES) ARISING OUT OF OR IN CONNECTION WITH THE PROGRAM OR THE TRANSACTIONS CONTEMPLATED HEREBY, TO ANY MASTERPASS-CONNECTED MERCHANT THAT PARTICIPATES IN THE PROGRAM OR TO ANY THIRD PARTY, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE,PRODUCT LIABILITY OR OTHER THEORY) OR OTHERWISE, EXCEED ONE THOUSAND ($1,000) DOLLARS.

 

NOTHING IN THESE MASTERPASS OPERATING RULES EXCLUDES OR LIMITS MASTERCARD'S LIABILITY (I) FOR DEATH OR PERSONAL INJURY CAUSED BY ITS NEGLIGENCE, (II) FOR FRAUD OR FRAUDULENT MISREPRESENTATION, OR (III) FOR ANY MATTER WHICH IT WOULD BE ILLEGAL FOR MASTERCARD TO EXCLUDE OR ATTEMPT TO EXCLUDE ITS LIABILITY.

6.2.9.2 Suspension or Termination by the Corporation

Rule 6.9.2 of Section 6 of the MasterPass Operating Rules is replaced in its entirety by the following in the Europe Region:

The Corporation may terminate a Service Provider’s participation in the Program and close its Service Provider Account at any time for any reason or for no reason, in its sole discretion, by giving thirty (30) days prior’ notice to the Service Provider. The Corporation may terminate Service Provider’s participation in the Program and close its Service Provider Account at any time when a justified reason occurs. Without limiting the foregoing, the Corporation may suspend the participation of Service Provider and access to its Service Provider Account if in its sole discretion if it has reasonable grounds to believe that (a) the Service Provider has violated the terms of these MasterPass Operating Rules (including any Standards), (b) the Service Provider or any Merchant poses an unacceptable fraud risk to the Corporation, or (c) the Service Provider provides false, incomplete, inaccurate, or misleading information (including, without limitation, any registration information) or otherwise engage in fraudulent or illegal conduct. In addition, the Corporation may suspend and/or terminate Service Provider’s right to provide the Services to a Merchant at any time for any reason or no reason, in its sole discretion, subject to the Corporation providing notice to a Service Provider of such suspension. The Service Provider must, upon receipt of such notice, immediately terminate the Services to and for each such Merchant listed in such notice.

6.4 Limitation of Liability

 

Rule 6.4 of Section 6 of the MasterPass Operating Rules is replaced in its entirety by the following in the Europe Region:

TO THE EXTENT PERMITTED BY APPLICABLE LAW, MASTERCARD AND ITS

AFFILIATES (AND MASTERCARD’S AND ITS AFFILIATES’ RESPECTIVE EMPLOYEES, DIRECTORS, OFFICERS, SHAREHOLDERS, AGENTS AND REPRESENTATIVES) WILL NOT BE LIABLE TO A SERVICE PROVIDER OR ANY THIRD PARTY, INCLUDING ANY MERCHANT, FOR ANY LOSS OR BUSINESS OR PROFITS INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN CONNECTION WITH THESE MASTERPASS OPERATING RULES, THE MASTERPASS MATERIALS, THE SERVICES (INCLUDING THE INABILITY TO USE THE SERVICES), ANY APPLICATION, THE CONTENT, OR ANY SERVICES OR GOODS PURCHASED OR TRANSACTIONS ENTERED INTO OR INITIATEDTHROUGH OR BY THE SERVICES. TO THE EXTENT PERMITTED BYAPPLICABLE LAW, IN NO EVENT WILL THE AGGREGATE LIABILITY OF MASTERCARD OR ITS AFFILIATES (AND MASTERCARD AND ITS AFFILIATES’

RESPECTIVE EMPLOYEES, DIRECTORS, AGENTS AND REPRESENTATIVES) ARISING OUT OF OR IN CONNECTION WITH THESE MASTERPASS OPERATING RULES OR THE TRANSACTIONS CONTEMPLATED HEREBY, WHETHER TO A SERVICE PROVIDER OR TO ANY THIRD PARTY, INCLUDING ANY MERCHANT OR REIGSTERED PARTNER, AND WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE, PRODUCT LIABILITY OR OTHER THEORY) OR OTHERWISE EXCEED TWENTY-FIVE THOUSAND ($25,000) DOLLARS IN THE AGGREGATE.

NOTHING IN THESE MASTERPASS OPERATING RULES EXCLUDES OR LIMITS MASTERCARD'S LIABILITY (I) FOR DEATH OR PERSONAL INJURY CAUSED BY ITS NEGLIGENCE, (II) FOR FRAUD OR FRAUDULENT MISREPRESENTATION, OR (III) FOR ANY MATTER WHICH IT WOULD BE ILLEGAL FOR MASTERCARD TO EXCLUDE OR ATTEMPT TO EXCLUDE ITS LIABILITY.

SECTION B Data Protection:  Europe Region only

1.     Definitions:

1.      “Joint Controller” means the entity which jointly with others determines the purposes and the means of the Processing of Personal Data.

2.      “Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.

3.      “Privacy and Data Protection Laws” means all applicable laws, rules, regulations, directives and governmental requirements relating in any way to the privacy, confidentiality, security and protection of Personal Data, including, without limitation, the EU Data Protection Directive 95/46/EC and e-Privacy Directive 2002/58/EC as amended by Directive 2009/136/EC and any relevant national implementing legislation, as well as guidance and recommendations from the competent Regulators.

4.      “Data Processor” means the entity which processes Personal Data on behalf of a Joint Controller.

5.      “Process or Processing of Personal Data” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction of such data.

6.      “Regulators” means a public authority responsible for monitoring the application within its territory of the applicable Privacy and Data Protection Laws.

2.     Processing of Personal Data

1.      Customer or Alternative Entity and the Corporation shall be Joint Controllers with regard to the Processing of Personal Data in connection with a MasterPass-connected Digital Wallet and shall perform all obligations in compliance with applicable Privacy and Data Protection Laws.

3.     Data Subject Notice and Consent

1.      Wallet Distributor must ensure that Data Subjects are properly informed and have given proper consent in accordance with applicable Privacy and Data Protection Law that Personal Data relating to them and Processed in connection with a MasterPass-connected Digital Wallet may be collected, used, disclosed or otherwise Processed by the Corporation for the purposes provided for in Rule 4.14 of the MasterPass Operating Rules.

2.      In accordance with applicable Privacy and Data Protection Law, Customer or Alternative Entity must ensure that Data Subjects are properly informed, at a minimum:

                                i.      That Data Subjects have the right to (a) request access to and receive information about Personal Data Processed by Customer or the Corporation, (b) update and correct inaccuracies in the Personal Data and (c) have the Personal Data blocked or deleted as appropriate including, but not limited to, any Personal Data provisioned into the MasterPass-connected Digital Wallet by the Wallet Distributor;

                              ii.      That Data Subjects may withdraw any consent they previously provided to the Customer or Alternative Entity or the Corporation or object at any time on legitimate grounds to the Processing of Personal Data;

                            iii.      That Personal Data may be Processed outside the EEA or Switzerland, including in the United States of America, as provided for in Section 7 below.

4.     Data Subjects’ Requests

1.      In accordance with applicable Privacy and Data Protection Law, Customer or Alternative Entity must develop and implement appropriate procedures for handling requests by Data Subjects for access to, correction and/or deletion of Personal Data Processed by Customer or Alternative Entity or the Corporation in connection with a MasterPass-connected Digital Wallet.

2.      In accordance with applicable Privacy and Data Protection Law, Customer or Alternative Entity must establish a process for allowing a Data Subject to withdraw his or her consent and for providing such opt-outs to the Corporation as well as with respect to the implementation of any other choices that may be exercised by Data Subjects.

3.      Without delay, Customer or Alternative Entity must inform the Corporation in writing of any request for access to, correction and/or deletion of Personal Data received from Data Subjects and provide a copy of any such request to the Corporation.  Customer or Alternative Entity must cooperate with the Corporation in determining the appropriate response. If such a request is made directly with the Corporation, Customer or Alternative Entity must cooperate with the Corporation in promptly responding to the request. Each party shall be responsible for responding to such requests for access to, correction and/or deletion of Personal Data.

4.      Each Party shall cooperate with the other party in responding to requests for access to, correction and/or deletion of Personal Data. The Corporation shall provide access to Personal Data Processed by the Corporation to assist the Customer or Alternative Entity in complying with requests for access to such Personal Data.

5.     Integrity of Personal Data

1.      Each Customer or Alternative Entity must take reasonable steps to ensure that Personal Data the Customer provides to the Corporation in connection with a MasterPass-connected Digital Wallet is reliable for its intended use and is accurate, complete, relevant and current.

6.     Security Requirements

1.      Customer or Alternative Entity and the Corporation must develop, implement, maintain and adhere to a comprehensive written information security program that complies with all applicable Privacy and Data Protection Laws.  Without limitation, each Party’s information security program shall include technical, physical, administrative and organizational safeguards designed to (1) ensure the security and confidentiality of Personal Data; (2) protect against any anticipated threats or hazards to the security and integrity of Personal Data; and (3) protect against any actual unauthorized Processing, destruction, loss, alteration, use, disclosure or acquisition of or access to any Personal Data ( “Data Breach”).

2.      Customer’s or Alternative Entity’s and the Corporation’s information security program shall include regular testing or otherwise monitoring of the effectiveness of its information safeguards.

3.      Customer or Alternative Entity and the Corporation must inform each other in writing as soon as reasonably possible, and in any event, no later than the time period required under applicable law, of any confirmed material Data Breach and in particular of (i) any incident or breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed; and (ii) any known security issue pertaining to the Services in connection with a  MasterPass-connected Digital Wallet that may result in such incidents. 

4.      Customer or Alternative Entity and the Corporation shall each be solely responsible for any legally required notices to Regulators as a result of a Data Breach to its information security program.

5.      Customer or Alternative Entity shall be solely responsible for any notices to Data Subjects as a result of any Data Breach, in accordance with applicable Privacy and Data Protection Law.

6.      Customer or Alternative Entity and the Corporation shall reasonably cooperate with each other in all matters relating to Data Breaches.

7.     Data Transfer Requirements

1.      Personal Data Processed in connection with a MasterPass-connected Digital Wallet shall be transferred to and stored by the Corporation in the United States.

2.      MasterCard International Incorporated is self-certified under the U.S. Safe Harbor Program administered by the U.S. Department of Commerce regarding the transfer of Personal Data from the European Economic Area and Switzerland to the U.S.   The Corporation’s Processing of Personal Data shall comply with the seven Safe Harbor Privacy Principles required by the U.S. Department of Commerce’s Safe Harbor Program.

8.     Public Authority’s or Regulator’s Requests

1.      Except to the extent prohibited by applicable legal, regulatory or law enforcement requirements, Customer or Alternative Entity and the Corporation must immediately inform each other in writing if any Regulator or public authority of any jurisdiction requests disclosure of, or information about, the Personal Data that are Processed in connection with a MasterPass-connected Digital Wallet.

2.      Customer or Alternative Entity and the Corporation shall reasonably cooperate with each other in seeking a protective order or other appropriate protection for the Personal Data and in deciding on an appropriate response to that request.

SECTION C – Country Specific Variations

The Rules in this Section are variances and additions to the “global” MasterPass Operating Rules and the MasterCard Operating Rules – Europe Region that apply in the country specified below.

C.1 Israel

Rule 3.4. of Chapter 3 of the MasterPass Operating Rules is replaced in its entirety by the following in Israel, in relation to Merchants and Service Providers only:

Governing Law; Venue. MasterPass Operating Rules  (including any non-contractual obligations or liabilities arising out of them or in connection with them) are governed by and are to be construed in accordance with Israeli law. Each party irrevocably agrees that: (i) the Israeli courts have exclusive jurisdiction to hear and determine any proceedings and to settle any disputes and each party irrevocably submits to the exclusive jurisdiction of the Israeli courts; (ii) any proceedings must be taken in the applicable Israeli courts; (iii) any judgment in proceedings taken in the Israeli courts shall be conclusive and binding on it and may be enforced in any other jurisdiction. Each party also irrevocably waives (and irrevocably agrees not to raise) any objection which it might at any time have on the ground of forum non conveniens or on any other ground to proceedings being taken in the Israeli courts. This jurisdiction agreement is not concluded for the benefit of only one party.

5.10

Subsection (a) of Rule 5.10 of Chapter 5 of the MasterPass Operating Rules shall be replaced with the following in Israel:

(a) breach of the Merchant’s obligations set forth in these MasterPass Operating Rules, including without limitation any violation of MasterCard’s policies.

5.12

Rule 5.12 of Chapter 5 of the MasterPass Operating Rules is replaced in its entirety by the following in the Europe Region:

 

NOTHING IN THESE MASTERPASS OPERATING RULES EXCLUDES OR LIMITS MASTERCARD'S LIABILITY (I) FOR DEATH OR PERSONAL INJURY CAUSED BY ITS NEGLIGENCE, (II) FOR FRAUD OR FRAUDULENT MISREPRESENTATION, OR (III) NEGLIGENCE OR WILLFUL MISCONDUCT (IV) FOR ANY MATTER WHICH IT WOULD BE ILLEGAL FOR MASTERCARD TO EXCLUDE OR ATTEMPT TO EXCLUDE ITS LIABILITY.

C.2 Romania

The following addition rules apply in Romania, in relation to Merchants and Service Providers only:

Each party, in full awareness of the contents and nature of the transactions contemplated by these MasterPass Operating Rules, hereby assumes the risk of change of the circumstances under which these MasterPass Operating Rules are entered into, in accordance with Article 1271 paragraph 3 letter (c) of the Romanian Civil Code, and hereby waives right to raise defences based on hardship (in Romanian: impreviziune)”

For the purposes of Article 1203 of the Romanian Civil Code, each party hereby expressly accepts all clauses in MasterPass Operating Rules which (A) provide in favour of the other party (i) the limitation of liability, (ii) the right to unilaterally terminate (in Romanian: denuntare unilaterala) the MasterPass Operating Rules or (iii) the right to suspend performing its obligations, or (B) provide to its detriment (i) the forfeiture of rights (in Romanian: decadere din drepturi), (ii) the forfeiture of the benefit of a timeline (in Romanian: decaderea din beneficiul termenului), (iii) the limitation of the right to raise defenses (in Romanian: dreptul de a opune exceptii), (iv) the limitation of the right to contract with third parties, (v) the tacit renewal of the agreement, (vi) the applicable law, or clauses derogating from the rules of court jurisdiction.

C.3 Russia

 

Rule 3.4. of Chapter 3 of the MasterPass Operating Rules is replaced in its entirety by the following in Russia, in relation to Merchants and Service Providers only:

Governing Law; Venue. MasterPass Operating Rules (including any non-contractual obligations or liabilities arising out of them or in connection with them) are governed by and are to be construed in accordance with Russian law. Each party irrevocably agrees that any dispute arising out of or in connection with these MasterPass Operating Rules (including any question regarding the existence, scope, validity or termination of these MasterPass Operating Rules or any non-contractual obligation or liability arising out of or in connection with them) shall be referred to and finally resolved by arbitration under the LCIA Rules, which Rules are deemed to be incorporated by reference into this clause. There shall be one arbitrator and the appointing authority shall be the LCIA, such appointment to be made by the LCIA in accordance with the Rules.  The seat of arbitration shall be London, all hearings shall take place in London, England, and the arbitration proceedings shall be conducted in English.

The following applies in Russia, in relation to Merchants and Service Providers only:

Communications will not be distributed in paper unless the Corporation is contacted with a request for a paper version of a particular document.  The Corporation reserves the right to charge handling fee for any notices that MasterCard physically mails on request or because any e-mail address fails.