Whilst there is no doubt that payments/getting paid is a critical topic for merchants it is surprising that many merchants overlook the contracts governing the provision of payment services (i.e. contracts for the provision of gateway and/or acquiring services) (payments contract(s)), often accepting them “as is” or with little amendments because they are incorrectly viewed as standard/low risk and simple.
Nothing could be further from the truth: if things go wrong under a payments contract, then merchants may be unable to accept payments from customers meaning lost revenue and they are complex agreements, being a hybrid of a tech and finance agreement, and so involve input from various subject matter experts including commercial/tech, regulatory and data protection.
This article sets out some of the key legal and commercial issues for in-house lawyers to consider when contracting with a supplier under payments contracts.
NB. often there are two suppliers providing the relevant services under a payments contract: a gateway supplier for the provision of gateway services and an acquirer for the provision of acquiring services. This means the payment contract is often a tri-partite agreement between two suppliers and the merchant customer. Unless otherwise set out in this article, references to suppliers means the gateway supplier and the acquirer.
It is important to spend time with the business to understand the set-up underpinning the payments contract. Questions to consider include:
Understanding the answers to these questions is important to ensure that the services are being provided in a way which is suitable for the business.
Often the payments contract will be very light touch on technology related commitments which is peculiar given how much they rely on technology.
Normally the set-up is as follows (assuming the merchant procures gateway and acquiring services):
However, the payments contract doesn’t provide much detail on the following:
In addition, there are very limited service level commitments around the availability of the gateway platform and acquiring platform and even when these commitments are provided they are subject to a number of exceptions/carve outs (e.g. service credits are the sole and exclusive remedy for the relevant service level failures).
This links to our note above around the importance of understanding the payments set-up. If the merchant already has a number of incumbents, then it already has built-in resilience if, for example, the gateway or acquiring platforms of the relevant supplier go down and the merchant can’t use them to help it accept payments (because the merchant can then re-route transactions to the incumbents and their platforms).
The acquirer is a regulated entity so will often include numerous termination and suspension rights for a variety of circumstances. Some of these termination rights can be quite hair-trigger, including for example where the acquirer believes the risk profile of the merchant has become unacceptable or in circumstances where the merchant damages the reputation of the acquirer or the card schemes.
It is important to try to narrow down the scope of these triggers wherever possible to avoid continuity of service issues. However, it should be recognised that as regulated entities that also need to comply with various card scheme rules, the acquirer will need to impose a variety of termination rights in the payments contract.
In some situations, to help mitigate the impact of the trigger, the merchant could try to argue the relevant event should only warrant termination of a particular service (e.g. acquiring services but not gateway services) given the nature of the termination event is only relevant to a particular service (e.g. the acquirer is worried about excessive chargebacks so perhaps it can terminate the acquiring service but not the gateway service).
One of the key issues to get right is when the merchant gets paid and how the payments contract deals with payment by the merchant of the fees (comprising acquirer fees and pass-through fees such as card scheme fees and interchange fees), chargebacks, refunds and card scheme assessments.
You will want to ensure there is clarity around payout schedules and how long after a card payment is approved, settlement is paid to you (e.g. T+1, T+2). There is often a number of working days between a card payment being approved, settlement to the card schemes and payment then to the acquirer.
In respect of dealing with the payment of fees, chargebacks, refunds and assessments, a good position for the merchant (subject to specific preferences of the business) is:
Typically suppliers will seek to set out a very exhaustive list of non-recoverable losses. Merchants should keep an eye out for exclusions such as “loss or corruption of data”, “loss of use” or “replacement supplier costs” as they are some of the key losses they might seek to recover. It is generally standard for suppliers to state that loss of profits, revenue or business are non-recoverable. Merchants should consider mitigations to reduce any potential loss of sales as a result of problems with the relevant supplier’s systems such as having alternative replacement suppliers/incumbents in place to accept payments and/or insurance.
It is standard for a supplier to provide an indemnity for losses the merchant may suffer or incur as a result of losses arising as a result of claims from third parties that their use of the suppliers’ systems infringes a third party’s IP. Merchants should look out for any restrictions on these types of indemnities. For example, attempts by the supplier to: (i) make such indemnities capped; (ii) make recoverability under the indemnities conditional on complying with a conduct of proceedings clause; or (iii) limit the scope of the indemnity to only certain IP.
The suppliers may also ask for an indemnity from the merchant in respect of losses they suffer arising from claims from third parties. The suppliers’ position is they are intermediaries acting between the merchant and the card schemes, card issuers, cardholders and so if they suffer a claim from such third parties as a result of something committed by the merchant then they should be indemnified. Merchants could try to cap the indemnity and limit it to losses caused by them by they may receive push back. For example, the suppliers may state that the indemnity should cover any third party claims other than those arising because of their default.
The suppliers will seek to include various provisions giving them the ability to change the terms of the payments contract (including the fees) and the services and software on notice. This could be for various reasons. For example:
It is important that the merchant has visibility on what changes can be made and what notice is provided.
For example:
Merchants should carefully consider what the supplier can (and can’t) do with their transaction data. For example, it is fine for the suppliers to use the transaction data to provide the services but any further use (such as using the transaction data to develop other products or services or for the benefit of the suppliers’ business more generally) should be carefully considered.
Merchants should have a clear understanding of the role of the supplier – when exactly is the supplier acting as a controller and when is it acting as a processor under the particular services being provided? This should be clearly reflected in the payments contract and appropriate data protection provisions should be implemented, including mandatory Article 28 processor terms to the extent they are relevant.
The merchant should consider whether there will be transfers of personal data to the supplier in non-adequate third countries and ensure that a suitable transfer safeguard is in place as necessary.
The card scheme rules of Visa and Mastercard impose obligations on the acquirer as the acquirer is a participant of their card scheme system. However, these card scheme rules also impose requirements on the acquirer to procure certain requirements from the merchant even if the card scheme rules do not directly apply to merchants. Such rules include not providing goods or services in prohibited categories and ensuring that chargebacks or refunds do not hit certain thresholds or if they do, certain penalties must be paid. As a result, expect the payments contracts to include obligations on the merchant to comply with the card scheme rules. However, this is a very broad obligation and merchants should consider narrowing this to certain rules relating to them that are, ideally, incorporated into the payments contract so there is clarity as to the merchant’s obligations.
Payment services and Fintech more generally is developing at a fast pace and requires input from multiple stakeholders given its intersection between tech and regulation. The above issues are a useful starting point for a review of these types of agreements but please reach out to the Fintech team contacts below if you would like to discuss anything further.