Professional Documents
Culture Documents
Amex PF Merchat
Amex PF Merchat
Payment Aggregator
This section outlines the policies and rules that apply to entities (third
parties or S/Es) that operate as Payment Aggregators in either the Card
Present or Card Not Present payment environment. Payment Aggregators
are entities that contract with an Acquirer to provide Payment Services to
Sponsored Merchants. These Sponsored Merchants may or may not have a
direct relationship with the Acquirer.
Acquirers that contract with Payment Aggregators are liable for all acts,
omissions and other adverse conditions caused by the Payment
Aggregators and their respective Sponsored Merchants. In the event that a
Payment Aggregator is unable to fulfill their obligations to their Sponsored
Merchants, the Acquirer will be responsible for Transaction processing and
Settlement with Sponsored Merchant(s). The Acquirer will hold AEGNS
harmless against any claims made by a Sponsored Merchant or its
representatives that it has not received accurate, complete and timely
Settlement from the Payment Aggregator. As a result, the Acquirer must at
all times be responsible for and manage, direct, and control all aspects of
its Payment Aggregator activities and enforce all program management and
operating policies applicable to Payment Aggregators and Sponsored
Merchants in accordance with Section
2.8.3.5 and other sections referenced in the
Business and Operational Policies manual. AEGNS or its designee reserves the
right to conduct audits of an Acquirer, its Payment Aggregators, and the
Payment Aggregator’s sponsored
Merchants at any time for the purpose of determining compliance with
these Payment Aggregator rules and other applicable policies provided in
the Business and Operational Policies manual.
1
2.8.3.5.2. General Requirements for Acquirers, Payment Aggregators, and
Sponsored Merchants
(check list)
• Payment Aggregators have been assessed and, based on the Acquirer’s
assessment, have adequate resources, financial and otherwise, to meet
their obligations and deliver the services in accordance with applicable law
prior to entering into a Payment Aggregator Agreement.
2
Brand Protection policy as provided in Section 2.8.5, “Brand Protection,”
See attached documentation.
1. The list of data elements in Table 2-9 is not an exhaustive list and
AEGNS may, in its sole discretion, request other data elements.
Table 2-9. Data Elements for Payment Aggregators
Data Elements
• Acquirer ID Number
• Payment Aggregator Start Date
• Payment Aggregator Termination Date (when applicable)
• Payment Aggregator Status: new/renew/termination
• Payment Aggregator Doing Business As (DBA) name
• Payment Aggregator Legal Name
• Payment Aggregator Business function
• Payment Aggregator S/E#
• Payment Aggregator Contact information:
• Legal address
• Principal owner name
• Business phone
• Business address
• Business URL
5
• Payment Aggregators must perform due diligence and “Know Your
Customer (KYC)” screening for each of its Sponsored Merchants, which
must include a financial review and background check of their principal or
controlling owner.
• Payment Aggregators must provide the names of owner(s) for each of their
Sponsored Merchants on the Network through the Sponsored Merchant
Reporting as outlined in Section 2.8.3.5.6, “Sponsored Merchant Reporting
Requirements,” see page 13 below.
6
ADDEDUM TO DOCUMENT BASED ON REFERENCED PAGES
8
Participant joining AEGNS, risk assessment update at least annually,
update of Compliance due diligence periodically based on the risk
assessment, onsite inspection and testing, reporting of metrics relevant
to Participant’s AML/ATF programs, and other requests for information
about Participant's AML/ATF program as may be required by AEGNS or
by law. AEGNS will determine and communicate specific requirements to
the Participant at the time it is requested.
Participants must also ensure their agreements with S/Es and Service
Providers include:
• A requirement to comply with the following:
- PCI DSS
- PCI PTS
- PCI Software-based PIN Entry on COTS
- PCI PIN Security
- PCI PA-DSS
- PCI SSS
- PCI Secure SLC
• Provisions requiring that S/Es and Service Providers report all instances of a Data
Compromise immediately to the Participant, and in no case later than twenty-four (24)
hours after discovery of the incident. See Section 2.4.11, “Notification of Data
Compromise from AEGNS to Potentially Impacted Issuers,” on page 71 for details.
10
• An accurate description of Goods/Services offered, including the
currency type for the Transaction (e.g., U.S. Dollars, Canadian Dollars)
• An email address and a telephone number for customer service disputes
• The S/E’s return/refund policy
• A description of the S/E’s delivery policy (e.g., No COD, No overnight)
• A description of the S/E’s security practices (e.g., information highlighting
security practices the S/E uses to secure Transactions conducted on the
Internet)
• A statement of known export restrictions, tariffs, and any other regulations
• The name of the country in which the S/E is located
• A privacy statement regarding the type of personal information collected
and how the information is used. Additionally, S/Es must provide to
consumers the option to decline being included in marketing campaigns or
having their personal information included on lists sold to third parties. S/Es
may use the following privacy statement, provided that their practices
comply with this statement:
At [S/E name] we are committed to protecting the privacy of all our
customers. We collect only customer information that is needed and we
inform all customers how we use it. On a regular basis, we give customers
choices about how their data will be used including the option to decide
whether or not they wish to have their names removed from lists used for
marketing campaigns. All customer information is stored securely and access
to it is limited to those employees who specifically need it to conduct their
business responsibilities. All [S/E name] employees and business partners
are responsible for upholding our privacy principles.
11
• Internet adult digital content
• Individuals and organizations that the U.S. government identifies as
supporting terrorism and which are listed on the Internet at:
www.treasury.gov/offices/enforcement/ofac/sdn/index.shtml
• Sale of Infringing Products
12
2.3. R e q u i r e m e n t s fo r C o n d u c t i n g
M e r c h a n t Ac q u i r i n g B u s i ne ss
This section provides policies and rules specific to Acquirers.
Each Acquirer is required to (i) purchase all Charges made by
Cardmembers on any Card and submitted to such Acquirer by its S/Es
(ii) pay for the same in accordance with the schedule of payments set
forth in its S/E agreements with such S/Es. Charges incurred by
Cardmembers, must be submitted to Clearing Centers at the times and
in the formats designated by AEGNS. Acquirers shall allow Charges to
be submitted by S/Es, and shall pay for Charges submitted by such
S/Es, only in the Authorized Currency.
Each Acquirer must be a party to all of its S/E agreements. The
authority to act as an Acquirer and be the named contractual party on
the relevant agreement cannot be transferred, outsourced or delegated.
Acquirers must ensure that all agreements, disclosures,
communications, and solicitations comply with applicable laws and
regulations and this AEGNS manual, including, without limitation,
Section 2.8.3.3, “Compliant S/E Agreement Design,” on page 109.
Subject to this AEGNS manual and the Issuer's and Acquirer's
rights to be reimbursed pursuant to the Chargeback policy, each
Acquirer alone bears all financial risk (for example, fraud risk)
arising from or associated with its Merchant Acquiring Business.
Acquirers shall provide each of their S/Es with adequate operating
materials and equipment (including the means to obtain Authorizations
for Charges in the most expeditious manner), instructions on the
procedures for honoring Cards and processing record of charge forms,
and details as to the Acquirer's different payment options. Acquirers
shall ensure that all S/Es display at least one (1) decal denoting
acceptance of American Express® Cards on parity terms with all other
general purpose card networks.
In carrying out its S/E acquisition and servicing duties, an Acquirer may
require an S/E to own a bank account in the Territory but shall not
require existing or prospective S/Es to establish a banking relationship
with such Acquirer or any other specific banking institution, or to service
S/Es that have not established such a banking relationship differently in
any way from those that have.
Acquirers must follow the neutrality principles listed in “Exhibit 19.
Neutrality Principles for Conducting Merchant Acquiring Business” on
page 589 with regard to the manner in which S/E offers, promotions
and network capabilities will be made available to Issuers and their
13
Cardmembers.
14