Difference between revisions of "PayPal Terms and Conditions"

Notes

This is the text entitled "PayPal Terms and Conditions" when you sign up for Virtual Terminal service at PayPal. The text was retrieved on 2006-11-23.

Text

PayPal Payments Pro and Virtual Terminal Agreement

This PayPal Payment Pro and Virtual Terminal Agreement (“Agreement”) is a contract between you (the “Merchant”) and PayPal, Inc., and applies to your use of PayPal’s Payments Pro product suite and Virtual Terminal. This Agreement applies along with and in addition to the PayPal User Agreement and the other agreements incorporated therein (collectively “User Agreements”). PayPal Payments Pro is a suite of products which include the following products: (a) Virtual Terminal, (b) Direct Payment API, (c) Express Checkout, and (d) Risk Controls. In addition, you have the option of using Virtual Terminal as a stand-alone product. If you do not agree to be bound by this Agreement, then you should not use or access PayPal Payments Pro or Virtual Terminal.

1. Monthly Fee.

a. In addition to PayPal’s fees as set out in the User Agreements, you agree to pay a Monthly Fee of $20 (“Monthly Fee”) for use of PayPal Payments Pro or Virtual Terminal. You agree to allow PayPal to withdraw the Monthly Fee from your account or other funding sources. The Monthly Fee will be paid by you every month in advance, beginning in the next full month following acceptance of this agreement, and will be non-refundable. You may not receive an advance notice before PayPal withdraws the Monthly Fee from your account. In the event that PayPal is unable to withdraw this amount from your account, PayPal may terminate your use of PayPal Payments Pro or Virtual Terminal within 30 days of the date that the Monthly Fee was due, and you will remain obligated to pay PayPal for any unpaid Monthly Fees. This Monthly Fee is subject to change in PayPal’s sole discretion by providing you with 30 days’ advance notice. To the extent that you have signed up for PayPal Payments Pro pursuant to a promotional period, you agree to pay the Monthly Fee immediately upon the expiration of a promotional period offered by PayPal.

b. The Monthly Fee will be paid as follows: (1) PayPal will first use any amounts you have in your balance, (2) if you do not have a sufficient PayPal balance, PayPal will pull the Monthly Fee from either your bank account, credit card, or debit card (“Default Funding Sources”). For more information, please go to the User Agreements.

c. At any time, you may change the Default Funding Sources by setting up a Preferred Funding Source on the Account Profile Page in your PayPal Account. A Preferred Funding Source allows you to designate the funding source that will be used to pay your Monthly Fee. Please understand that even when you set up a Preferred Funding Source, PayPal will first pull any available amounts from your PayPal Balance before going to your Preferred Funding Source. You may disable funding sources for use for the Monthly Fee payments, with the exception that if you have one or more credit cards or debit cards in your PayPal account, then at least one of those cards must be enabled for the Monthly Fee payment as either a Preferred Funding Source or a Default Funding Source.

2. Usage of PayPal Payments Pro or Virtual Terminal.

a. As part of the application process for PayPal Payments Pro or Virtual Terminal and for ongoing eligibility purposes, you must provide PayPal with your social security number or your tax identification number, address, the type and nature of your business operation and other business and financial information as requested by PayPal from time to time. PayPal may use the social security number that it already has on file for your account to process your application. You agree to allow PayPal to obtain your credit history and financial information about your ability to comply with your obligations hereunder. You also agree to allow PayPal to store all such information and use it to evaluate your application and continuing eligibility for PayPal Payments Pro, Virtual Terminal, and other services offered by PayPal from time to time, as well as to share it with third parties involved in the payment transaction processing.

b. PayPal will accept or deny your application for PayPal Payments Pro or Virtual Terminal usually within one business day of submission. PayPal may deny your application due to your credit history, PayPal history, or for any other reason in PayPal’s discretion.

c. Unless you receive the express consent of the Cardholder or authorized user of a Card as defined below, you may not retain or store personal or financial Card transaction information, including but not limited to Cardholder and Card transaction information, Card expiration dates, Card Verification Values (“CVV”) and Card Identification Data (“CID”) (collectively defined as “Data”). Such Data must be completely removed from your Systems and any other place where you store Data within 24 hours after you receive an authorization decision. To the extent that Data resides on your Systems and other storage locations, which it should do only for the express purpose of processing your transactions, you agree to protect it as described in Section 5 and Exhibit “A”.

d. You may not perform dynamic currency conversion. This means that you may not list an item in one currency and then accept payment in a different currency. If you are accepting payments in more than one currency, you must separately list the initial price for each currency.

3. Usage of Direct Payment API.

a. You may not use Direct Payment API as a stand-alone product. If you implement and use Direct Payment API, you must also implement and use Express Checkout.

b. In using the Direct Payment API, PayPal will permit you to accept Visa, MasterCard, American Express, and Discover® Card (collectively “Cards”). PayPal shall process and settle Card transactions with you. With regard to the Cards, you agree to the following:

i. Where you accept Cards on your website, you will display each Card’s logo with equal size and prominence, and you shall not display a preference for one Card over another. You agree to comply with the logo usage standards located at: http://www.paypal.com/cgi-bin/webscr?cmd=xpt/general/OnlineLogoCenter-outside.

ii. You authorize PayPal to provide information (Note: this is not “Data” as defined above) regarding your business and individual Card transactions to third parties for the purpose of facilitating the acceptance and settlement of your Card transactions and in connection with items, including without limitation, chargebacks, refunds, disputes, adjustments, and other inquiries.

iii. You must provide your customers with the option of not storing their personal information, including but not limited to their email address, shipping/billing address, and financial information.

iv. You understand and acknowledge that PayPal may immediately terminate your right to accept one or more Cards if: you fail to comply with the User Agreements, you become ineligible for Virtual Terminal or PayPal Payments Pro, or upon request by Visa, MasterCard, American Express, or Discover Financial Services, Inc. (collectively defined as “Card Companies”) In such an event, you must immediately following receipt of notice from us remove all logos for such Cards and stop taking Card transactions; provided that you shall complete all pending Card transactions and send transaction data to us for such Card transactions.

4. Usage of Express Checkout.

a. In order to use PayPal Payments Pro, you must use Express Checkout as described herein.

b. When using Express Checkout, you must include a PayPal Express Checkout button either: (a) before you request the shipping/billing address and other financial information from your customers or (b) on the same page that you collect such information if you only use one page for your checkout process.

c. You must provide PayPal as a payment option together with the other payment options you offer for Express Checkout. The PayPal logo must be displayed with equal prominence as the logos for your other payment options.

d. You must provide your customers with the option of not storing their personal information, including but not limited to their email address, shipping/billing address, and financial information.

5. Data Security.

If you are receiving, storing, transmitting, or otherwise have access to Cardholder information or Data, you must comply with the Data Security requirements in Exhibit “A” to this Agreement.

6. No Warranty.

PAYPAL PAYMENTS PRO, VIRTUAL TERMINAL, AND ALL ACCOMPANYING DOCUMENTATION (“SERVICES”) ARE PROVIDED TO YOU ON AN "AS IS" BASIS WITHOUT ANY WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. PAYPAL MAKES NO WARRANTY THAT THE SERVICES WILL BE ERROR-FREE

7. Audit.

You acknowledge that in the event that PayPal receives indication of a security breach or compromise of Data, PayPal may require you to have a third party auditor, approved by PayPal, conduct a security audit of your systems and facilities and issue a report to be provided to PayPal and the Card Companies. In the event that you fail to initiate an audit with 10 business days of PayPal’s request, PayPal may do so at your expense. You authorize PayPal to contact your customers, on your behalf, in the event that PayPal is investigating potential fraud.

8. Protective Actions.

a. Notwithstanding anything to the contrary in the User Agreements, we may, in our reasonable judgment, determine that it is necessary to withhold and offset amounts from payments we otherwise would make to you or require you to deposit funds with us as security for your obligations to us or third parties related to your use of the PayPal services. Such funds are called a Reserve.

b. Some of the events that may cause us to establish a Reserve include: (i) your ceasing a substantial portion of or adversely altering your operations; (ii) your suffering a material adverse change in your business; (iii) your becoming insolvent; (iv) our receiving a disproportionate number of chargebacks and/or buyer complaints from your customers; or (v) our reasonable belief that you will not be able to perform your obligations under the User Agreements.

c. If an event occurs that leads us to believe that we may need to create a Reserve, then we may immediately establish a Reserve or terminate this Agreement. We will inform you if we establish a Reserve. We have the right to increase or decrease the amount of the Reserve at any time; provided that the amount of the Reserve will not exceed an amount sufficient, in our reasonable judgment, to satisfy any financial exposure or risk to us or third parties related to your use of the PayPal services (including charges submitted by you for goods or services not yet received by your customers). In the event that your account is closed for any reason, PayPal shall have the right to hold the Reserve for a period of time not to exceed 180 days. Please note that if you are enrolled in the PayPal Money Market Fund, no interest will accrue on those amounts in the Reserve.

d. In addition to the Reserve, we may take other reasonable actions to protect our rights, including changing the speed or method of payment for charges.

e. You must provide to us promptly, upon request, information about your finances and operations, including your most recent certified financial statements and merchant processing statements.

9. Termination by Merchant.

You may terminate your use of PayPal Payments Pro or Virtual Terminal at any time on the PayPal website. If you terminate either of these services, your use of the service will immediately end and you will not be refunded the remainder of the Monthly Fees that you have paid for such services.

10. Termination by PayPal.

PayPal may terminate your use of PayPal Payments Pro and Virtual Terminal if: you fail to comply with the User Agreements, you become ineligible for Virtual Terminal or PayPal Payments Pro, or upon request by any one or more of the Card Companies. Upon receipt of notice of termination, you will immediately cease usage of Virtual Terminal or PayPal Payments Pro, immediately remove all logos for Cards, and stop taking Card transactions; provided, that you shall complete all pending Card transactions and submit transaction data to us for such transactions.

Exhibit "A"

Data Security

Password and Implementation Materials

Promptly on or following the Effective Date, you will be allowed to access and utilize the Virtual Terminal and/or PayPal Payments Pro Card Services and you will be provided with some information and materials to utilize the Virtual Terminal and/or PayPal Payments Pro Card Services. Such information and materials and all intellectual property rights associated therewith will remain the property of PayPal or Wells Fargo, as appropriate. You agree to restrict use and access to your password and log-on ID to your employees and agents as may be reasonably necessary, and will ensure that each such employee or agent complies with all applicable provisions contained herein. You will not give, transfer, assign, sell, resell or otherwise dispose of the information and materials provided to you to utilize Virtual Terminal and/or PayPal Payments Pro Card Services. You are solely responsible for maintaining adequate security and control of any and all IDs, passwords, or any other codes that are issued to you by PayPal or Wells Fargo.

Compliance with Data Security Requirements

You will: (i) comply with all then-current legal obligations and guidelines, including without limitation those issued by Associations and the Federal Trade Commission, associated with the collection, security and dissemination of data on your website, and expressly including the Visa Cardholder Information Security Program (CISP). (For details of this program log onto www.visabrc.com) and the MasterCard Site Data Protection Program (SDP); and (ii) conspicuously post on your website a privacy policy that meets all applicable legal and Association requirements and is consistent with good business practices with respect to the collection and use of customers' personally identifiable information. You shall not store Cardholder Verification Value 2 (CVV2) information or any other payment method information of any cardholder (whether received electronically or by fax or hardcopy) and will be liable for any fines for violation of such Association Rule. If you fail to comply with the requirements of this Section, we may terminate your use of Virtual Terminal and/or PayPal Payments Pro Card Services

You are fully responsible for the security of data on your website or otherwise in your possession. You will: (i) comply with all then-current legal obligations and guidelines, including without limitation those issued by Visa USA, Inc., MasterCard International Incorporated or other applicable card associations (collectively, the “Associations”, and the “Association Rules”) and the Federal Trade Commission, associated with the collection, security and dissemination of data on your website, and expressly including the Visa Cardholder Information Security Program (CISP) and MasterCard’s Site Data Protection (SDP) Program. These programs include without limitation requirements that you: maintain a network firewall, keep security patches up-to-date, encrypt stored data, maintain updated anti-virus software, restrict access to data (including physical access), maintain unique user identification, user tracking and password requirements, conduct regular testing of security systems and procedures, maintain a security information policy for employees and contractors. For details of these programs log onto www.visa.com/cisp or MasterCard’s SDP Program website ); (ii) conspicuously post on your website a privacy policy that meets all applicable legal and Association requirements and is consistent with good business practices with respect to the collection and use of customers' personally identifiable information; and (iii) notify us of any agent, including any web hosting service, gateway, shopping cart, or other third party provider, that has access to cardholder data and ensure that such agent is compliant with all then-current legal obligations associated with the collection, security and dissemination of data; (iv) provide information or access to records as needed for us to evaluate your compliance with this section, and (v) notify us immediately of any security breach to your data records or system as it relates to your use of Virtual Terminal and/or PayPal Payments Pro Card Services . If you fail to comply with the requirements contained herein, or we have indication of an actual or potential security breach, we may suspend or terminate your use of Virtual Terminal and/or PayPal Payments Pro Card Services. If you are suspended, the notice will explain the basis for such suspension, including measures reasonably calculated to rectify the failure or security breach. The suspension will remain in effect and until such time as we are satisfied that you have cured your failure or properly addressed the security breach. You shall not store or retain PIN data, AVS data, or Card Validation Codes (three-digit values printed in the signature panel of most Cards, and a four-digit code printed on the front of an American Express Card) of any cardholder and will be liable for any fines for violation of such Association Rule. You acknowledge that in the event that we receive indication of a security breach or compromise of cardholder data relating to you, you may be required to have a third party forensic auditor certified by the Associations, conduct a security review of your systems and facilities and issue a report to be provided to us and the Associations. In the event that you fail to initiate such process after our request you authorize us to take such action, at your expense.

Under certain circumstances, and contingent upon receipt of our express permission, you may utilize third parties in order to perform certain of your obligations contained herein (each such party, a “Technical Services Provider”). The data security standards set forth above apply to any Technical Service Provider that you may use to store, process or transmit Cardholder data to us. Because such Technical Service Provider must be registered with the applicable Association(s), you must (1) notify us of any Technical Service Provider that engages in, or proposes to engage in, the storing, processing or transmitting of Cardholder data on your behalf, regardless of the manner or duration of such activities and (2) ensure that all such Technical Service Providers are (A) registered with the applicable Association and (B) comply with all applicable data security standards, including, without limitation, CISP and SDP Program requirements. Your failure to comply with these requirements, or the failure of your Gateway processor to register and/or comply with applicable data security requirements, may result in fines or penalties for which you are liable and termination of this Agreement. In the event that such a Technical Service Provider is being used by you and we deem it necessary, you: (a) give us permission to register you with such Technical Service Provider, if needed; and (b) agree that you are solely responsible for your relationship with such Technical Service Provider and any data transmitted or made available to such Technical Service Provider, including complying with any requirements of such provider with respect to its services, hardware or software and obtaining any required end-user consents for transmission of data through such Technical Service Provider.

Use of Cardholder Information

Unless you obtain consents from us and each applicable Association, card issuing bank and Cardholder, you must not use, disclose, sell or disseminate any Cardholder information obtained in connection with a Card transaction (including the names, addresses and Card account numbers of Cardholders) except for purposes of authorizing, completing and settling Card transactions and resolving any chargebacks, retrieval requests or similar issues involving Card transactions, other than pursuant to a court or governmental agency request, subpoena or order. You shall use proper controls for and limit access to, and render unreadable prior to discarding, all records containing Cardholder account numbers and Card imprints. You may not retain or store magnetic stripe data or hardcopies containing cardholder data (including faxes) after a transaction has been authorized. If you store any electronically captured signature of a Cardholder, you may not reproduce such signature except upon our specific request. Association rules prohibit the sale or disclosure of databases containing Cardholder account numbers, personal information, or other Visa transaction information to third parties as an asset of a failed business. In such cases, transaction information is required to be returned to the acquiring bank (Wells Fargo Bank, N.A.) or acceptable proof of destruction of this data provided. You are responsible for compliance with this section by any third party processor, hosting service or other agent of yours engaged in the processing or storage of cardholder data. You must notify us of any such third party so engaged, and notify us of any access to transaction data by any unauthorized person. Unless you obtain consents from us and each applicable Association, card issuing bank and cardholder, you must not use, disclose, sell or disseminate any cardholder information obtained in connection with a Card transaction (including the names, addresses and Card account numbers of Cardholders) except for purposes of authorizing, completing and settling Card transactions and resolving any chargebacks, retrieval requests or similar issues involving Card transactions, other than pursuant to a court or governmental agency request, subpoena or order. You shall use proper controls for and limit access to, and render unreadable prior to discarding, all records, in whatever format they may exist, containing Cardholder account numbers and Card imprints. You may not retain or store magnetic stripe data after a transaction has been authorized. If you store any electronically captured signature of a Cardholder, you may not reproduce such signature except upon our specific request. Association Rules prohibit the sale or disclosure of databases containing cardholder account numbers, personal information, or other Visa transaction information to third parties as an asset of a failed business. In such cases, transaction information is required to be returned to the acquiring bank (Wells Fargo Bank, N.A.) or acceptable proof of destruction of this data provided.