Fraud Deflect | Partner Program

Fraud Deflect Merchant Agreement
Terms & Conditions

Fraud Deflect Merchant Agreement Terms s Conditions

This Fraud Deflect Merchant Agreement (the “Agreement”) by and between the following Merchant (“Merchant”) and Fraud Deflect LLC (“Fraud Deflect”), effective as of the Effective Date set forth below. Merchant and Fraud Deflect may each be referred to as a “Party” or together as the “Parties.”

Recitals

WHEREAS, Fraud Deflect provides its clients with electronic commerce services including, but not limited to, risk control management, chargeback deflection gateway, including, but not limited to, Visa VMPI, merchant tools and fraud screening, as may be further described in service orders placed under this Agreement (“Service Orders”);

WHEREAS, in the course of Merchant’s business, Merchant is engaged with consumers who buy goods or services from Merchant using various methods of payment including credit and debit cards.

WHEREAS, Merchant desires to retain Fraud Deflect’s services in order to utilize some of Fraud Deflect’s tools such as the chargeback deflection gateway, including, but not limited to Visa VMPI, fraud screening and other merchant tools; and

NOW THEREFORE, in consideration of the foregoing and the mutual covenants and promises set forth herein, and for other good and valuable consideration, the receipt of which the parties hereby acknowledge, the Parties hereby agree as follows:

AGREEMENT

1. Definitions. The definitions shall be as defined in Appendix Z of this agreement.

2. Services and Data Delivery

(a) Fraud Deflect will provide merchant with services, and Merchant agrees to terms and will take required actions, outlined in Appendix A under the title “Service Order.”

(b) Merchant will provide Fraud Deflect will any and all needed information to enroll and continually use services Merchant desires including but not limited to Billing Descriptors, Merchant Identification Numbers (MID), Merchant Category Codes and other required info to be outlined in Appendix B titled “Data Requirements”.

(c) Merchant is granted a license to use the Deliverables exclusively in accordance with the terms of this Agreement and only for their intended use.

3. Fees; Payment Terms; Taxes Fraud Deflect Merchant Agreement 07/2023

3.1 Fees. Merchant shall pay the fees and charges as specified in a Fraud Deflect Service Order (“Fees”) and any applicable Taxes in accordance with the payment terms herein.

3.2 Invoices; Payment. Fraud Deflect will invoice Merchant for all Fees weekly on Monday and will Direct Debit or other agreed upon payment method on Wednesday. In the event that any Fees, not subject to a good faith dispute, become overdue by five (5) days, Fraud Deflect may suspend the Fraud Deflect Services by written notice until such failure to pay is remedied.

3.3 Taxes. All federal and state and local VAT, transfer, sales and use taxes arising out of this Agreement will be paid by the Party required to pay such taxes under applicable law. The Party that is required by applicable law to make the filings, reports or returns and to handle any audits or controversies with respect to any such taxes will do so, and the other Party will cooperate with respect thereto as necessary.

3.4 Marks. Subject to the terms of this Agreement, Merchant hereby grants Fraud Deflect a non-exclusive, royalty-free, worldwide license to use Merchant’s proprietary trademarks and service marks (the “Merchant Marks”) solely for the permitted purposes set forth in this Agreement. Fraud Deflect agrees that it will use any such marks of Merchant or its affiliates only in the manner authorized by Merchant. Any goodwill arising through Fraud Deflect’s use of the Merchant Marks will inure to the benefit of Merchant, and Fraud Deflect hereby assigns such goodwill to Merchant on an ongoing basis.

4. Warranties

4.1 (a) Agreement; Mutual Warranties. Each Party represents and warrants to the other Party the following: that it has the power and authority to enter into and perform its obligations under this (b) that at all times during this Agreement, it has and will comply with all Laws applicable to the Agreement, which may include all rules, standards, and security requirements of the Payment Card Industry Data Security Standard (PCI-DSS) and any credit or debit card provider, gift card provider, or other stored value and loyalty program card provider, including, but not limited to, American Express, Visa, U.S.A., Inc., MasterCard International, Inc., Discover Financial Services, LLC, and JCB International, and all Laws relating to the collection, processing, sharing and disclosure of Personal Data (including, without limitation, in the United States and the European Union); and (c) each Party is solely responsible for the privacy and security of any and all data any time that Party accesses, stores, processes, transmits, or otherwise possesses such data.

5.Confidentiality

5.1 Confidential Information. Each Party may provide (the “Disclosing Party”) to the other Party (the “Receiving Party”) certain confidential, proprietary, and trade secret business or technical information of the Disclosing Party in connection with this Agreement and the services performed hereunder (“Confidential Information”). Whether Confidential Information is disclosed orally or in writing, such information shall be considered to be confidential if it is marked confidential, if it is accompanied by a verbal indication that it is confidential, or to the extent the nature of the information and the manner of disclosure are such that a reasonable person would understand it to be confidential.; provided, however, that Confidential Information will not include, and this Section will not apply to, any information that the Receiving Party can establish: (a) was, at the time of disclosure, generally available to the public through no fault of the Receiving Party; (b) was in the Receiving Party’s possession on the Effective Date and was not obtained from the Disclosing Party; or (c) was lawfully received from a third party who rightfully acquired it and did not obtain it in violation of any confidentiality agreement. For purposes of clarity, the Fraud Deflect Intellectual Property shall constitute Fraud Deflect’s Confidential Information and Personal Data provided to Fraud Deflect Merchant Agreement 07/2023-2 Fraud Deflect by Merchant shall constitute Merchant’s Confidential Information without the requirement of marking it as Confidential Information.

5.2 Confidentiality Obligations; Permitted Disclosures. The Receiving Party shall preserve the confidentiality of all Confidential Information that is provided by the Disclosing Party, and will not, except as expressly permitted herein, disclose or make available Confidential Information to any person or use for its own or any other person’s benefit, other than in furtherance of performance of each Party’s respective obligations under this Agreement, any Confidential Information. The Receiving Party will exercise a commercially reasonable level of care to safeguard Confidential Information against improper disclosure or use. The Receiving Party may disclose the Confidential Information of Disclosing Party to employees, agents, or contractors of the Receiving Party who have a need to know such Confidential Information for purposes of this Agreement or who have a need to know such information for the Receiving Party’s internal business purposes and, in each case, who are bound by an obligation to maintain such information in confidence. A Receiving Party may disclose Confidential Information of Disclosing Party in response to a subpoena, court order, or other legal process served upon the Receiving Party or where Laws require the disclosure of such Confidential Information; provided that, if not prohibited under Laws, the Receiving Party shall give reasonable prior notice to the Disclosing Party sufficient to permit the Disclosing Party to seek a protective order if it so chooses and the Receiving Party discloses only that information that is legally required to be disclosed.

5.3 Return of Materials. Upon the request of either Party, each Party will return all Confidential Information to the other or erase and remove all copies of all Confidential Information from any computer equipment and media in such Party’s possession, custody, or control.

6. Term; Termination

6.1 Initial Term; Renewal. Subject to Section 6.2, the term of this Agreement will commence on the Effective Date and will continue thereafter for one (1) year (the “Initial Term”). Thereafter, this Agreement will automatically renew for successive one (1) year renewal terms (each a “Renewal Term,” together with the Initial Term, the “Term”), unless either Party provides notice of its intent not to renew at least thirty (30) days prior to the expiration of the then-current Term. Each Service Order shall remain in full force and effect in accordance with its terms, unless terminated in accordance with Section 6.2. If any Service Order remains in effect as of the termination or expiration of this Agreement, then, notwithstanding anything to the contrary in this Agreement shall continue in effect for the remainder of any Service Order term. Fraud Deflect may terminate this Agreement with thirty (30) days’ notice. Merchant may terminate this Agreement within the first 90 days with 15 days written notice and all fees paid in full.

6.2 Suspension or Termination.

(a) This Agreement may be terminated by either Party prior to its expiration: (i) by notice if the other Party has materially breached the Agreement and the other Party has not cured such material breach within thirty (30) days of receipt of notice to the Party identifying such breach; (ii) continuation of a Force Majeure Event that prevents either Party from performing its obligations under the terms of this Agreement for a period of sixty (60) days or longer; (iii) by notice if the other Party makes a general assignment for the benefit of creditors, files a voluntary petition in bankruptcy or for reorganization or arrangement under the bankruptcy laws, or if a petition in bankruptcy is filed against the other Party, or if a receiver or trustee is appointed for all or any part of the property or assets of the other Party (each a “Bankruptcy Event”); or (iv) by mutual written agreement of the Parties.

(b) Fraud Deflect may suspend provision of Fraud Deflect Services immediately: (i) in the event of a Security Incident involving Merchant until such time as Merchant is able to certify to Fraud Deflect, in Fraud Deflect’s reasonable discretion, that the causes of such Security Incident have been remedied in full; or (ii) if Merchant fails to timely pay any Fraud Deflect invoice until Merchant pays all amounts then due and owing pursuant to the terms of this Agreement.

6.3 Effects of Termination. Upon termination of this Agreement for any reason, Fraud Deflect shall issue a final advance payment invoice in an amount calculated as follows: taking the average of the four most recent invoices and multiplying such amount by two. The same calculation method shall be applied to Merchants who are not billed on a weekly basis, provided that such number shall be adjusted proportionally so that the invoice represents the average amount invoiced to the Merchant over a 15 days period. The Fraud Deflect Services shall continue to be provided to the Merchant until the Merchant has been fully “offboarded” from the Fraud Deflect platform, including the transfer of descriptors and alerts to the Ethoca and Verifi platforms (the “Transition Period”). Fraud Deflect may use all such invoiced amounts to cover alerts and related Services provided by Fraud Deflect during the Transition Period.

7. Indemnification

7.1 By Fraud Deflect. Fraud Deflect agrees to protect, defend, indemnify, and hold harmless Merchant, its

officers, directors, employees or their invitees, and any working interest owner or outside party for whom Merchant is obligated to perform services, from and against all third-party claims, demands, and causes of action of every kind and character without limit arising out of Fraud Deflect’s performance or nonperformance of this Agreement, except for such as may be caused by the negligence of Merchant, its agents, or employees. Fraud Deflect’s indemnity under this Section shall be without regard to and without any right to contribution from any insurance maintained by Merchant.

7.2 By Merchant. Merchant agrees to protect, defend, indemnify, and hold harmless Fraud Deflect, its officers, directors, employees or their invitees, and any working interest owner or outside party for whom Fraud Deflect is obligated to perform services, from and against all claims, demands, and causes of action of every kind and character without limit arising out of Merchant’s or its subcontractor’s performance or nonperformance of this Agreement, except for such as may be caused by the negligence of Fraud Deflect, its agents or employees. Merchant’s indemnity under this Section shall be without regard to and without any right to contribution from any insurance maintained by Fraud Deflect.

7.3 Procedure. The obligations of either Party to provide indemnification under this Agreement shall be contingent upon the Party seeking indemnification:

(a) providing the indemnifying Party with prompt written notice of any claim for which indemnification is sought;

(b) cooperating fully with the indemnifying Party (at the indemnifying Party’s expense); and

(c) allowing the indemnifying Party to control the defense and settlement of such claim. The Party seeking indemnification will have the right to participate, at its own expense, in the defense of any claim.

8. Limitation of Liability.

8.1 NEITHER PARTY WILL BE LIABLE TO THE OTHER PARTY OR ANY OTHER PERSON FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, INCLUDING LOSS OF PROFIT OR GOODWILL, FOR ANY MATTER ARISING OUT OF OR RELATING TO THIS

AGREEMENT OR ITS SUBJECT MATTER, WHETHER SUCH LIABILITYIS ASSERTED ON THE BASIS OF CONTRACT, TORT OR OTHERWISE EVEN IF EITHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT WILL A PARTY’S TOTAL LIABILITY FOR ANY AND ALL DAMAGES ARISING UNDER THIS AGREEMENT FROM ALL CAUSES OF ACTION AND UNDER ALL THEORIES OF LIABILITY EXCEED U.S. $250,000. THE PARTIES HAVE AGREED THAT THESE LIMITATIONS WILL SURVIVE TERMINATION OF THIS

AGREEMENT AND APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THIS AGREEMENT IS FOUND TO HAVE FAILED OF ITSESSENTIAL PURPOSE.

8.2 Fraud Deflect SHALL HAVE NO LIABILITY FOR MERCHANT’S USE OF VMPI DATA AND MERCHANT ASSUMES TOTAL RESPONSIBILITY FOR ITS USEOF THE VMPI DATA AND USES THE SAME AT ITS OWN RISK. Fraud Deflect EXERCISES NO CONTROL OVER AND HAS NO RESPONSIBILITY WHATSOEVER FOR ANY REFUNDS, REVERSALS, FRAUD LOSSES, CHARGEBACKS, OR FRAUDULENT ACCESS TO VMPI DATA IN CONNECTION WITH THE PERFORMANCE OF THIS AGREEMENT OR FOR MERCHANT ACTIONS OR INACTIONS IN CONNECTION WITH USE OF THE VMPI DATA. Fraud Deflect DOES NOT GUARANTEE THE ACCURACY OF PROVIDED DATA. EXCEPT AS MAY BE SPECIFICALLY PROVIDED ELSEWHERE IN THIS AGREEMENT Fraud Deflect MAKES NO REPRESENTATIONS OR WARRANTIES—EXPRESS OR IMPLIED—REGARDING THE VMPI DATA, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, DATA ACCURACY, OR THAT Fraud Deflect’s PROVISION OF THE SERVICES WILL BE UNINTERRUPTED OR ERROR FREE, AND ALL SUCH Fraud Deflect Merchant Agreement 07/2023-4 WARRANTIES ARE HEREBY DISCLAIMED BY Fraud Deflect AND WAIVED BY MERCHANT TO THE EXTENT NOT PROHIBITED BY LAWS.

G. General Provisions

G.1 Non-Exclusivity. This agreement is non-exclusive. Nothing in this agreement shall prevent either Party, now or in the future, from using, integrating or offering its product or services, or allowing such use, integration or offer, with any direct or indirect competitor of the other Party.

G.2 Employee Non-Solicitation. During the term of this Agreement and for a period of

twelve (12) months thereafter, neither Party will recruit or otherwise solicit for employment any employees or subcontractors of the other Party who participated in the performance of Fraud Deflect Services without such other Party’s express prior written approval. It is understood and agreed that untargeted recruiting, such as advertising and job fairs, and responses to unsolicited inquiries are not prohibited by this Section.

G.3 Assignment. Neither Party may assign any of its rights, duties or obligations under this Agreement to any person or entity, in whole or in part, without the consent of the other Party; provided, however, that either Party may assign this Agreement to a successor of that Party as a result of a merger, reorganization or sale of all or substantially all of the assets to which this Agreement pertains. Any attempted assignment in violation of the foregoing is void and will be a material breach of this Agreement. Subject to the foregoing, this

Agreement is binding upon and will inure to the benefit of the Parties’ respective successors, heirs and assigns.

G.4 Force Majeure. Neither Party is responsible for delays or failures in performance (other than payment) resulting from acts of God, strikes, lockouts, riots, acts of war and terrorism, embargoes, changes in governmental regulations, epidemics, fire, communication line failures, power failures, earthquakes and other disasters, interruption or failure of

telecommunications or digital transmission links, hostile network attacks, network congestion, or other failures beyond the reasonable control of such Party (each, a “Force Majeure Event”). Neither Party is entitled to relief under this Section to the extent that any event otherwise constituting a Force Majeure Event result from the negligence or fault of such Party or its employees or agents.

G.5 Waiver. No waiver of any provision hereof or of any right or remedy hereunder will be effective unless in writing and signed by the Party against which such waiver is sought to be enforced. No delay in exercising, no course of dealing with respect to, or no partial exercise of any right or remedy hereunder will constitute a waiver of any other right or remedy, or future exercise thereof.

G.6 Severability. If any provision of this Agreement is determined to be invalid under any Laws or by a governmental, legal, or regulatory authority with jurisdiction over the Parties, it is to that extent to be deemed omitted, and the balance of the Agreement will remain enforceable. In such event, the Party that has been deprived of any material benefit of such provision may notify the other and the Parties promptly thereafter shall use commercially reasonable efforts to replace or modify the invalid provision with a provision that, to the extent not prohibited by Laws, achieves the purposes intended under the invalid provision.

G.7 Notice. All notices will be in writing and will be deemed to be delivered when received by certified mail, postage prepaid, return receipt requested, or when sent by facsimile with machine-generated confirmation of transmission without notation of error, or by electronic mail (e-mail) with receipt of delivery confirmation. All notices will be directed to the Parties at the respective addresses, facsimile numbers given below, e-mail addresses, or to such other address or facsimile number as either Party may, from time to time, designate by notice to the other Party.

G.8 Entire Agreement; Amendment. This Agreement, together with all Exhibits attached hereto and any subsequent Service Orders accepted by Fraud Deflect, which are

incorporated herein by Fraud Deflect Merchant Agreement 07/2023-5 reference, constitutes the complete and exclusive statement of all mutual understandings between the Parties with respect to the subject matter hereof, superseding all prior or contemporaneous proposals, communications and understandings, oral or written. To the extent that the terms of this Agreement or any Service Order are inconsistent with the terms of this Agreement, the express terms of the Service Order shall control. No amendment or change will be valid unless in writing and signed by both Parties.

G.G Governing Law. The interpretation, validity and enforcement of this Agreement, and all legal actions brought under or in connection with the subject matter of this Agreement, shall be governed by the law of the State of Florida. Any legal action brought under or in connection with the subject matter of this Agreement shall be brought only in the United States federal courts or Florida state courts located in Jacksonville, Florida. Each Party submits to the exclusive jurisdiction of these courts and agrees not to commence any legal action under or in connection with the subject matter of this Agreement in any other court or forum. Each Party waives any objection to the laying of the venue of any legal action brought under or in connection with the subject matter of this Agreement in the federal or state courts sitting in Jacksonville, Florida, and agrees not to plead or claim in such courts that any such action has been brought in an inconvenient forum. EACH PARTY HEREBY IRREVOCABLY WAIVES ITS RIGHT TO A JURY TRIAL IN CONNECTION WITH A DISPUTE ARISING OUT OF OR UNDER THIS AGREEMENT.

G.10 Counterparts; Electronic Signature. The Parties agree to conduct business under this Agreement using electronic means including using electronic records and electronic signatures. This Agreement may be executed in any number of counterparts and each such executed counterpart will be deemed to be an original instrument, but all such executed counterparts together will constitute one and the same instrument. Counterparts may be delivered via facsimile, electronic mail (including pdf or any electronic signature complying with the U.S. federal ESIGN Act of 2000, e.g., www.docusign.com. or www.rightsignature.com) or other transmission method, and any counterpart so delivered shall be deemed to have been duly and validly delivered and be valid and effective for all purposes.

G.11 Further Assurances. Each Party agrees at its own expense, to execute, acknowledge, and deliver any further documents and instruments reasonably requested by the other Party, and to take any other action consistent with the terms of this Agreement that may

reasonably be requested by the other Party, for the purpose of consummating the transactions contemplated by this Agreement.

List of Exhibits

Exhibit A: Service A

Exhibit B: Payment Authorization Form

Exhibit C: Verifi and Ethoca Specific Terms and Rules

Exhibit D: Data Requirements

Exhibit E: Data Processing Agreement

Exhibit A - Service Order

Services ordered from Fraud Deflect by merchant: Once agreement is signed, we will send out a form for information needed to enroll the merchant in selected services.

Risk Level is based on Visa’s MCC Tier Chart.

*For pricing see merchant contract

Definitions of Services:

Fraud Deflect Platform - Required - Access to our User Interface and Reporting

Fraud Deflect consulting services - Fraud Deflect will provide merchant diagnostic consulting services to help them figure out how to lower their chargeback rate. Discuss with Fraud Deflect team for pricing. Starts at $500.

Fraud Deflect’s Order Inquiry Service - Customer called the Issuer who engaged Order Inquiry Services for further information which prevented the chargeback. Merchant keeps a happy customer. No refund. No chargeback.

Fraud Deflect’s Real Time Compelling Evidence Service - This service uses the Order Inquiry system but the issuer presses chargeback. If we provide enough information on past transactions, Visa will stop the chargeback. No Chargeback. No Refund.

Fraud Deflect’s Alert Services - Alert services include but are not limited to Verifi CDRN, Verifi/Visa Rapid Dispute Resolution, Ethoca Alerts Fraud Deflect will alert the merchant by email or other agreed upon means. Fees are due for all received.

Fraud Deflect’s Real Time Notification Service- Required. Notifications of Visa Fraud Flagged Transactions, Compelling Evidence Acceptance or Decline, and Chargebacks are charged per notification.

Fraud Deflect’s Automations Service - If subscribed, one example is, Fraud Deflect

systems will match and refund all Alerts or Notifications, based on the client’s settings. These actions will be charged by automation.

Fraud Deflect’s Chargeback Representment Service - Let’s our team work your chargeback representments for you provided you give us access to the needed data. We only charge a flat rate for the work and then the % only when we Win. Our definition of winning is when you win the initial chargeback and then do not receive a second chargeback notification on that same transaction.

Exhibit B - Direct Debit ACH Payment Authorization Form

Please complete all fields. You may cancel this authorization at any time by contacting us and providing other agreed-upon payment arrangements. This authorization will remain in effect until it is cancelled.

Banking Information

Name of Financial Institution: Mercury Bank

Routing Number: 091311229

Account Number: 202441118487

Fraud Deflect LLC will provide an invoice or online reporting by Monday for charges from the previous week and will debit Client’s account on Wednesday.

The merchant authorizes Fraud Deflect LLC to debit my bank account above for agreed upon purchases. I understand that my information will be saved to file for future transactions on my account.

Exhibit C - Verifi and Ethoca Specific Terms

1. Verifi Order Insights

a. Client will provide a minimum set of data based on Fraud Deflect’s Data Requirements Document and Data Requirements Document during initial

integration and arrange for the data to remain up to date within a 3-day window.

b. Client is responsible for making sure the data provided is accurate, secure and timely.

c. In the event that a CE Deflection is reversed after an exception review Fraud Deflect will credit the client once it has been credited by Verifi

d. If the client chooses to not host data with Fraud Deflect, they must ensure API responses times are less than 1 second. If the response times are slower than Fraud Deflect will notify the client. The client then has 5 days to remedy. If they cannot, then data will be required to be hosted at Fraud Deflect.

e. Client will not use Order Insight or CE3 data to refund or provide credits back to consumer.

f. Fees accrue and are due even if Client API does not respond in the 1 second window.

2. Verifi RDR

Client will report to Fraud Deflect Accept and Deny rules for RDR Transactions

b. Client acknowledges and agrees that it shall pay the applicable fees (Schedule A) for each RDR case received, irrelevant as to whether or not the case is processed.

3. Verifi RDR Zero Defect Guarantee

a. To the extent a RDR Case has been Accepted during pre-dispute processing and becomes a Dispute or the Participating Issuer recalls the pre-dispute after initial submission and processing, the RDR Case will be eligible for credit of the associated RDR Case Fee. The credit will be contingent upon Client providing valid proof of a Dispute and any such data must be submitted to Fraud Deflect within twenty (20) days of receipt of the Dispute by Client.

4. Verifi CDRN

CDRN enrollment uses Descriptors, MIDs and MCC codes.

b. Once a descriptor is enrolled the client is response for reviewing and acting upon cases, unless they’ve contracted for Fraud Deflect to Automate this process.

c. Client may resolve or decline a case.

d. All cases must be resolved within 72 hours. Any case not actioned upon by that time will be closed and not eligible for processing.

5. Verifi CDRN Zero Defect Guarantee.

a. Cases that are Resolved within 72 hours of receipt and the Case subsequently becomes a Dispute, and further provided that Client submits proof of said Dispute(s) to Fraud Deflect, Client will be credited the CDRN Case Fee associated with said Dispute. The foregoing credit shall be contingent upon Client providing valid proof of a Dispute and any such data must be submitted to Fraud Deflect within twenty (20) days of receipt of the Dispute by Client. The client will be refunded the fees charged by Fraud Deflect once Verifi has

approved the dispute and refunded fees charged to Fraud Deflect. Proof must be sent to refundrequests@FraudDeflect.com

6. Verifi Fraud and Dispute Notifications

a. Clients leverage a direct delivery of fraud and dispute notifications to reduce payment risk and improve profit margins. Via Fraud Deflect APIs or the Portal, Clients can receive real-time, transaction level notification, to enhance and inform fraud detection and modeling. Clients can also stop order fulfillment/shipment when possible.

7. Ethoca Consumer Clarity and First Party Trust

a. Client will provide a minimum set of data based on Fraud Deflect’s Data Requirements Document and Data Requirements Document during initial integration and arrange for the data to remain up to date within a 3-day

window.

b. Client is responsible for making sure the data provided is accurate, secure and timely.

c. In the event that a Clarity or First Party Trust Deflection is reversed after an exception review Fraud Deflect will credit the client once it has been credited by Ethoca

e. Client will not use Consumer Clarity or First Party Trust data to refund or provide credits back to consumer.

f. Fees accrue and are due even if Client API does not respond in the 1 second window.

8. Ethoca Alerts

a. Ethoca Alerts enrollment uses Descriptors, MIDs, Legal Address, Legal Entity Name and MCC codes.

b. Once enrolled the client is responsible for reviewing and acting upon cases, unless they’ve contracted for Fraud Deflect to Automate this process.

c. Client may resolve or decline a case. Fees are due for all cases received regardless of declining or resolving the case.

d. All cases must be resolved within 24 hours. Any case not actioned upon by that time will not be guaranteed to be effective.

9. Ethoca Zero Defect Guarantee.

a. Cases that are Resolved within 24 hours of receipt and the Case subsequently becomes a Chargeback or Proved to be a Duplicate (Defect defined as multiple Ethoca alerts on the same transaction or a Chargeback on the transaction identified by the Ethoca Alert), and further provided that Client submits proof of said Defect(s) to Fraud Deflect, Client will be credited the Ethoca Fee associated with said Defect. The foregoing credit shall be contingent upon Client providing valid proof of a Dispute and any such data must be submitted to Fraud Deflect within twenty (20) days of receipt of the Dispute or Defect by Client. The client will be refunded the fees charged by Fraud Deflect Ethoca has approved the dispute and refunded fees charged to Fraud Deflect. Proof must be sent to refundrequests@FraudDeflect.com

Exhibit D - Data Requirements

There are two data requirements categories for the Fraud Deflect Inquiry services:

Enrollment Data Requirements:

Merchant will provide Fraud Deflect with all required data listed below in order to enroll in the inquiry and/or compelling evidence program.

1) Merchant full company name and other information as connected to their merchant account

2) All merchant’s Card Acceptor IDs (otherwise known as MIDs or Merchant IDs)

a. Many acquirers truncate the MID they give to merchants. Merchants should require their full mids from their acquirer stating they need them to enroll in the Visa VMPI program.

3) All merchant Acquirer BINs a. This ID is not generally known to merchants so they will

need to contact their acquirer and ask for these stating that they will be using this to enroll in the inquiry and/or compelling evidence program.

4) 1year of back transaction and informational data (see Ongoing data delivery section

below for descriptions of this data) including merchant transaction unique ids that are sent to the acquirer, date/time of authorization, amount of transaction in the mid’s native

currency, currency code, and, if applicable, refund status and refund date/time

The above, along with this signed agreement, need to be delivered to Fraud Deflect to start the enrollment process. The process will take from a few days to a few weeks depending on processing time of data and depending on Visa’s backlog loading MIDs. Once this is completed, the merchant will be live and incur fees as described in the Service Order.

Ongoing Data Delivery:

Merchant will provide Fraud Deflect with ongoing data on, at a minimum, daily basis, via mutually agreed upon technology such as secure file transfer protocol (sFtp), application programmers interface (API), Fraud Deflect’s Portal UI Uploads, or via an agreed upon Fraud Deflect data partner. Data shall be in either CSV or JSON format based on Fraud Deflect’s specifications.

At a minimum, the data shall include the following fields:

1) Unique Transaction ID as sent to your acquirer

2) Transaction Date and Time of authorization

3) Transaction Description

4) Transaction Amount in transaction’s currency

5) Transaction currency code Fraud Deflect Merchant Agreement 07/2023-11

6) If multiple mids are submitted, then we need the mid of the transaction

7) If applicable, Refund status and Refund date/time

The above is the minimum data though we accept more than 100 fields of information. This list along with data format, to be agreed upon, will be discussed and provided as onboarding of Merchant is started.

Exhibit E - SERVICE LEVEL AGREEMENT

1. SERVICE AVAILABILITY.

Subject to the terms within this Service Level Agreement (“SLA”), Fraud Deflect’s services will have a Service Availability of no less than 99.9%, 24x7x365. “Service Availability” shall be determined by measuring the uptime of Fraud Deflect’s

services, excluding Scheduled Downtime and events outside Fraud Deflect’s Span of Control. “Span of Control” means those areas of functionality and technology, including hardware and software used in the provision of the Fraud Deflect Services, which are reasonably under the direct control of Fraud Deflect, including without limitation actions of subcontractors, subsidiaries, agents and/or affiliates.

2. SCHEDULED DOWNTIME/MAINTENANCE.

Fraud Deflect will notify Merchant via email at the address provided herein of any proposed scheduled downtime for Fraud Deflect’s services (“Scheduled Downtime”). Fraud Deflect will work with Fraud Deflect to ensure Scheduled Downtime does not conflict with critical activities. Fraud Deflect will, through Merchant’s escalation contacts, promptly notify Merchant in writing (including via

email) of any event or unplanned outage that impacts or may impact Fraud Deflect’s services or Merchant’s usage thereof. Activity will be followed by a post-mortem report detailing the accomplishments, including as set forth herein.

3. MERCHANT ESCALATION CONTACT INFORMATION.

Contact Name C Title Phone. 1st Level Escalation 2nd Level Escalation 3rdLevel Escalation 4th Level Escalation shall be provided to Fraud Deflect provided in contract signature form.

4. FRAUD DEFLECT ESCALATION CONTACT INFORMATION.

Primary Contact: Merchant Support

Phone: (904)467-7030

Email : Support@FraudDeflect.com

1st Level Escalation: Mari Perroni, Chief Operating Officer

Phone: (904)467-7030

Email: Mari@FraudDeflect.com

2nd Level Support: Scott Adams, Chief Executive Officer

Phone: (386) 589 -7465

Email: Scott@FraudDeflect.com

10. SERVICE AVAILABILITY MEASUREMENT AND REPORTING.

The Service Availability will be measured in monthly increments using complete calendar months (determined using Pacific Standard Time), beginning the first day of the first month following Commercial Use of the Fraud Deflect Services. “Commercial Use” means the availability of Fraud Deflect’s services to Merchant.

11. NOTIFICATION OF SCHEDULED MAINTENANCE.

Fraud Deflect will, through Merchant’s escalation contacts, advise Merchant of all scheduled maintenance and/or unplanned outages of Fraud Deflect’s services that are reasonably likely to adversely affect in any manner Merchant’s services.

Appendix Z Definitions

DEFINITIONS. As used in the Agreement, the terms listed below shall have the following meanings ascribed to them:

ACH shall mean and refer to the “Automated Clearing House” and is an electronic payment network which exchanges funds via electronic funds transfer. Accepted shall mean and refer to an RDR Case, automatically refunded (in accordance with the RDR Rules configured by Seller) to the Consumer by the acquirer-initiated funds reversal process.

Acquirer BIN shall mean and refer to the unique Bank Identification Number which identifies the institution under contract with the Seller to enable the Seller to process card transactions.

Adjusted Lookup shall mean and refer to requests that are categorized to be unique based on data attributes available on the request and received within 120 days from the date of the original transaction referenced by the request.

Affiliates shall mean, as to any entity, any other entity that controls, is controlled by, or is under common control with the initial entity. For purposes of this definition, the term “control” means the possession, directly or indirectly, of the power to direct or cause the direction of the management policies of such third party, whether through the ownership of voting securities or by contract or otherwise, as of the Effective Date.

Applicable Laws shall mean and refer to laws and regulations that are directly applicable to a Party, including but not limited to the following: (i) prior to May 25, 2018, Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data on the free movement of such data; (ii) after May 25, 2018 GDPR and repealing Directive

95/46/EC; (iii) the California Consumer Privacy Act, that enhances privacy rights and consumer protection for residents of California; (iv) any applicable member state law with respect to Personal Data; (v) any applicable export laws and regulations,

including but not limited to the Export Administration Act of 1979, as amended, and the Export Administration Regulations issued by the U.S. Department of Commerce, Bureau of Industry and Security and any successor legislation; (vi) any regulation administered by the U.S. Department of Treasury’s Office of Foreign Assets Control, the United Nations, the Council of the European Union and the individual

Governments of Member States of the European Union; and (vii) any anti-bribery and anti-money laundering laws and regulations.

Approved Transaction shall mean and refer to any Transaction that is processed pursuant to the terms of this Agreement and for the benefit of the Seller.

Authorization shall mean and refer to an inquiry with the Customer’s Payment Brand to confirm available credit and reserve a portion of the Customer’s available funds for a Transaction.

Association means any of the companies or associations which provide for the branding and issuance of credit and/or debit cards, including without limitation, VISA, MasterCard, Discover, and American Express.

Card Acceptor ID (CAID) shall mean and refer to the unique identifier assigned by the Acquirer to identify the merchant account.

Card Network shall mean and refer to Visa, MasterCard, American Express, Discover, ACH, prepaid debit cards or any other association comprised of issuers that provide a Payment Brand(s) (defined below) that is accepted by a Seller.

Case(s) shall mean and refer to an action by a Consumer disputing a transaction that qualifies under CDRN and RDR. As applicable, this includes Accepted, Resolved, Declined, and cancelled Cases.

CDRN shall mean and refer to Verifi’s patent Cardholder Dispute Resolution

Network, which enables a participating Seller to resolve cardholder billing disputes directly with an issuer, before the dispute is escalated via the Dispute process through an Association.

CDRN Case Fee shall mean and refer to the amount paid by Seller per CDRN Case and listed in the applicable SOW. CDRN Zero Defect Guarantee To the extent that Cases are Resolved in a timely fashion, as set forth in an applicable CDRN SOW of this Agreement, and the Case subsequently becomes a Dispute, provided that Seller submits proof of said Dispute(s) to Verifi, Seller will be credited the CDRN fee associated with said Dispute. The foregoing shall be contingent upon Seller providing valid proof of a Dispute and any such data must be submitted within thirty (30) days of receipt of the Dispute by Seller). Fraud Deflect Merchant Agreement 07/2023-21

Compelling Evidence Deflection Fee shall mean and refer to the amount paid by Seller per CE Deflection as listed in the applicable SOW.

Compelling Evidence Deflection Negation shall mean and refer to a CE Deflection Fee invoiced and subsequently reversed after an exception review initiated by the Issuer.

Consumer shall mean and refer to an individual or entity that presents a Payment Brand to purchase goods or services from the Seller and submits a Payment Brand (defined below) to facilitate said payment.

Decline shall mean and refer to (i) Sellers’ action in CDRN of declining to resolve a Dispute via CDRN, no credit or refund is issued, and the CDRN Case will most likely result in a Dispute; and (ii) a RDR Case which is not refunded, as a result of the rules set by the Seller.

Digital Inquiry shall mean and refer to a Lookup that originates from a Participating Issuers mobile or online application.

Disclosing Party shall have the meaning as is set forth in Section 10.1 “Confidential Information”.

Dispute shall mean and refer to a disputed settled Transaction that has been returned to the Seller by the Merchant Processor, in correspondence with a Consumer dispute, and in accordance with the Rules as defined below.

Dispute Representment shall mean and refer to Verifi’s action of responding to a Dispute or Retrieval Request on behalf of the Seller if called for pursuant to the Agreement; Verifi’s duties with respect to Dispute Representment will be limited to submitting documentation and information to the Merchant Bank who, at the Merchant Bank’s discretion, represents the Transaction to the respective Card Association via the appropriate process in an attempt to resolve the dispute on behalf of their Seller.

Dispute Source shall mean and refer to any distinct Merchant Processor acquirer of Seller.

Intellectual Property Rights means all patents (including all reissues, divisions, continuations, and extensions thereof) and patent applications, trade names, trademarks, service marks, logos, trade dress, copyrights, trade secrets, mask works, rights in technology, know-how, or other intellectual property rights that are in each case protected under the laws of any governmental authority having

jurisdiction.

Issuer shall mean and refer to an issuing bank that offers card association branded payment cards directly to consumers, such as credit cards, debit cards, contactless devices such as key fobs as well as prepaid cards.

Managed Services shall refer to the extent that Seller opts to leverage upon the CDRN Managed Services whereby Verifi manages the CDRN Portal on the Merchant’s behalf (as noted in applicable SOW).

Member Bank shall mean and refer to any member of the Card Associations that provides merchant services to a merchant.

Merchant Account shall mean and refer is a type of bank account that allows

businesses to accept payments in multiple ways, typically debit or credit cards. A merchant account is established under an agreement between an acceptor and a merchant acquiring bank for the settlement of payment card transactions. In some cases, a payment processor, independent sales organization (ISO), or member service provider (MSP) is also a party to the merchant agreement. Whether a merchant enters into a merchant agreement directly with an acquiring bank or through an aggregator, the agreement contractually binds the merchant to obey the operating regulations established by the card associations.

Merchant Category Code (MCC) shall mean and refer to the four-digit number used by credit card companies to classify businesses into market segments. A business MCC indicates the types of services or goods being sold to customers.

Merchant Descriptor shall mean and refer to the line of copy that identifies transactions on a cardholder’s account activity and statement.

Monthly Minimum Fees shall mean and refer to the total minimum Fees which must be paid by the Seller to Verifi for each full calendar month of the applicable SOW, commencing upon the Effective Date (as defined in the applicable SOW). The Monthly Minimum Fee shall be deemed satisfied when the total Fees accrued for Service exceed the amount designated in the applicable SOW.

MID shall mean and refer to a merchant identification number.

NACHA shall mean and refers to the “National Automated Clearing House Association”.

Offline Transaction Fee shall mean and refer to the Fees associated with each Transaction which is Authorized and Captured by the Merchant Processor and provided to Verifi in its defined file format so that Verifi may provide the Services.

Payment Brand shall mean and refer to the type of payment submitted by a Consumer for services, products or otherwise, including, but not limited to, Visa, MasterCard, American Express, Discover, PayPal, ACH, "Bill Me Later", or any credit card, charge card, debit card, gift card, loyalty card, prepaid card or other alternative method accepted as payment by Seller.

Participating Issuer shall mean and refer to a financial institution that issues a debit and credit card to a Consumer and that is also under contract with Verifi to participate in the Services.

Participating Seller shall mean and refer to the legal business entity that utilizes the Verifi Services through the legal agreement with the Seller.

Payment Card Industry (PCI) shall mean and refer to the segment of the financial industry that governs the use of all electronic forms of payment.

Personal Data has the meaning given in the applicable data protection law.

Processing shall mean and refer to the actioning of Accept, Decline, Resolve or Cancel a Case.

Platform (i) shall mean Verifi’s software services, which includes the source code, object code or underlying structure, ideas or algorithms of the Services or any software, documentation or data related to the Services.

Qualified Transaction Data shall mean and refer to the data elements (i.e. User ID; IP Address; Shipping Address; Device ID; Device Fingerprint) which are provided via Order Insight to satisfy the requirement for Compelling Evidence.

RDR shall mean and refer to Rapid Dispute Resolution which allows Participating Sellers to process non-fraud pre-disputes and confirmed fraud pre-disputes thereby avoiding a Dispute.

RDR Case Fee shall mean and refer to amount paid by Seller per RDR Case listed in the applicable SOW.

RDR Zero Defect Guarantee. To the extent a RDR Case has been Accepted during pre-dispute processing and becomes a Dispute or the Participating Issuer recalls the pre-dispute after initial submission and processing, the RDR Case will be

eligible for credit of the associated RDR Case Fee. The credit will be contingent upon Seller providing valid proof of a Dispute and any such data must be submitted to Fraud Deflect within twenty (20) days of receipt of the Dispute by Seller.

Receiving Party shall have the meaning as is set forth in Section 10.1 “Confidential Information”. A refund shall mean and refer to reversing a previously settled Sale.

Refunds may be equal to or less than the amount settled on the original Transaction. Multiple refunds may be submitted for a given Transaction so long as the total Refund does not exceed the initial Sale or capture Transaction balance. Representatives shall have the meaning as is set forth in Section 10.2 “Disclosure of Confidential Information”.

Service(s) shall mean and refer to any and all Verifi services, including but not limited to future products or services developed by Verifi and/or its Affiliates.

Third Party Code shall mean and refer to Fraud Deflect’s products which may contain or be provided with components which are licensed to third parties.

Third-Party Integrator shall mean and refer to Verifi approved third-party platforms, such as Fraud Deflect.

Threatening Condition. The seller’s conduct including, without limitation, transmitting harmful, inaccurate or incomplete data to Fraud Deflect, poses a threat to Fraud Deflect’s systems, services, equipment, processes, or Intellectual Property.

Transaction shall mean and refer to the sale of goods or services, for any of the Seller’s products for which the Customer issues payment through the use of a Payment Brand which is then presented to a Member Bank for processing and collection. Transaction also pertains to non-sale events, such as voids, declines, credits and refunds.

U.S. Bankruptcy Code Tax implications of bankruptcy are found in Title 26 of the United States Code.

Seller Information shall mean and refer to the Information Questionnaire, including the Schedule of Fees (as is identified in in an applicable agreements), Business Questionnaire, Personal Guarantee and Payment Authorization Form, all of which shall be incorporated into this Agreement as though fully set forth herein.

Fraud Deflect Merchant Agreement

Fraud Deflect Merchant Agreement Terms & Conditions

Fraud Deflect Merchant Agreement
Terms & Conditions