This FraudDeflect Merchant Agreement (the “Agreement”) by and between the following Merchant (“Merchant”) and FraudDeflect LLC (“FraudDeflect”), effective as of the Effective Date set forth below. Merchant and FraudDeflect may each be referred to as a “Party” or
together as the “Parties.”

Recitals

WHEREAS, FraudDeflect provides its clients with electronic commerce services including, but not limited to, risk control management, chargeback deflection gateway, including, but not limited to, Visa VMPI, merchant tools and fraud screening, as may be further described in service orders placed under this Agreement (“Service Orders”);

WHEREAS, in the course of Merchant’s business, Merchant is engaged with consumers who buy goods or services from Merchant using various methods of payment including credit and debit cards.

WHEREAS, Merchant desires to retain FraudDeflect’s services in order to utilize some of FraudDeflect’s tools such as the chargeback deflection gateway, including, but not limited to Visa VMPI, fraud screening and other merchant tools; and

NOW THEREFORE, in consideration of the foregoing and the mutual covenants and promises set forth herein, and for other good and valuable consideration, the receipt of which the parties hereby acknowledge, the Parties hereby agree as follows:

AGREEMENT

1. Definitions. The definitions shall be as defined in Appendix Z of this agreement.

   
   

2. Services and Data Delivery
   (a) FraudDeflect will provide merchant with services, and Merchant agrees to terms and will take required actions, outlined in Appendix A under the title “Service Order.”

   (b) Merchant will provide FraudDeflect will any and all needed information to enroll and continually use services Merchant desires including but not limited to Billing Descriptors, Merchant Identification Numbers (MID), Merchant Category Codes and other required info to be outlined in Appendix B titled “Data Requirements”.

   (b) Merchant is granted a license to use the Deliverables exclusively in accordance with the terms of this Agreement and only for their intended use.

   
   

3. Fees; Payment Terms; Taxes FraudDeflect Merchant Agreement 07/2023

   
   

3.1 Fees. Merchant shall pay the fees and charges as specified in a FraudDeflect Service Order (“Fees”) and any applicable Taxes in accordance with the payment terms herein.

3.2 Invoices; Payment. FraudDeflect will invoice Merchant for all Fees weekly on Monday and will Direct Debit or other agreed upon payment method on Wednesday. In the event that any Fees, not subject to a good faith dispute, become overdue by five (5) days, FraudDeflect may suspend the FraudDeflect Services by written notice until such failure to pay is remedied.

3.3 Taxes. All federal and state and local VAT, transfer, sales and use taxes arising out of this Agreement will be paid by the Party required to pay such taxes under applicable law. The Party that is required by applicable law to make the filings, reports or returns and to handle any audits or controversies with respect to any such taxes will do so, and the other Party will cooperate with respect thereto as necessary.

3.4 Marks. Subject to the terms of this Agreement, Merchant hereby grants FraudDeflect a non-exclusive, royalty-free, worldwide license to use Merchant’s proprietary trademarks and service marks (the “Merchant Marks”) solely for the permitted purposes set forth in this Agreement. FraudDeflect agrees that it will use any such marks of Merchant or its affiliates only in the manner authorized by Merchant. Any goodwill arising through FraudDeflect’s use of the Merchant Marks will inure to the benefit of Merchant, and FraudDeflect hereby assigns such goodwill to Merchant on an ongoing basis.

4. Warranties 4.1 (a) Agreement; Mutual Warranties. Each Party represents and warrants to the other Party the following: that it has the power and authority to enter into and perform its obligations under this (b) that at all times during this Agreement, it has and will comply with all Laws applicable to the Agreement, which may include all rules, standards, and security requirements of the Payment Card Industry Data Security Standard (PCI-DSS) and any credit or debit card provider, gift card provider, or other stored value and loyalty program card provider, including, but not limited to, American Express, Visa, U.S.A., Inc., MasterCard International, Inc., Discover Financial Services, LLC, and JCB International, and all Laws relating to the collection, processing, sharing and disclosure of Personal Data (including, without limitation, in the United States and the European Union); and (c) each Party is solely responsible for the privacy and security of any and all data any time that Party accesses, stores, processes, transmits, or otherwise possesses such data.

5. Confidentiality.

   
   

5.1 Confidential Information. Each Party may provide (the “Disclosing Party”) to the other Party (the “Receiving Party”) certain confidential, proprietary, and trade secret business or technical information of the Disclosing Party in connection with this Agreement and the services performed hereunder (“Confidential Information”). Whether Confidential Information is disclosed orally or in writing, such information shall be considered to be confidential if it is marked confidential, if it is accompanied by a verbal indication that it is confidential, or to the extent the nature of the information and the manner of disclosure are such that a reasonable person would understand it to be confidential.; provided, however, that Confidential Information will not include, and this Section will not apply to, any information that the Receiving Party can establish: (a) was, at the time of disclosure, generally available to the public through no fault of the Receiving Party; (b) was in the Receiving Party’s possession on the Effective Date and was not obtained from the Disclosing Party; or (c) was lawfully received from a third party who rightfully acquired it and did not obtain it in violation of any confidentiality agreement. For purposes of clarity, the FraudDeflect Intellectual Property shall constitute FraudDeflect’s Confidential Information and Personal Data provided to FraudDeflect Merchant Agreement 07/2023-2 FraudDeflect by Merchant shall constitute Merchant’s Confidential Information without the requirement of marking it as Confidential Information.

5.2 Confidentiality Obligations; Permitted Disclosures. The Receiving Party shall preserve the confidentiality of all Confidential Information that is provided by the Disclosing Party, and will not, except as expressly permitted herein, disclose or make available Confidential Information to any person or use for its own or any other person’s benefit, other than in furtherance of performance of each Party’s respective obligations under this Agreement, any Confidential Information. The Receiving Party will exercise a commercially reasonable level of care to safeguard Confidential Information against improper disclosure or use. The Receiving Party may disclose the Confidential Information of Disclosing Party to employees, agents, or contractors of the Receiving Party who have a need to know such Confidential Information for purposes of this Agreement or who have a need to know such information for the Receiving Party’s internal business purposes and, in each case, who are bound by an obligation to maintain such information in confidence. A Receiving Party may disclose Confidential Information of Disclosing Party in response to a subpoena, court order, or other legal process served upon the Receiving Party or where Laws require the disclosure of such Confidential Information; provided that, if not prohibited under Laws, the Receiving Party shall give reasonable prior notice to the Disclosing Party sufficient to permit the Disclosing Party to seek a protective order if it so chooses and the Receiving Party discloses only that information that is legally required to be disclosed.

5.3 Return of Materials. Upon the request of either Party, each Party will return all Confidential Information to the other or erase and remove all copies of all Confidential Information from any computer equipment and media in such Party’s possession, custody, or control.

6. Term; Termination

6.1 Initial Term; Renewal. Subject to Section 6.2, the term of this Agreement will commence on the Effective Date and will continue thereafter for one (1) year (the “Initial Term”). Thereafter, this Agreement will automatically renew for successive one (1) year renewal terms (each a “Renewal Term,” together with the Initial Term, the “Term”), unless either Party provides notice of its intent not to renew at least thirty (30) days prior to the expiration of the then-current Term. Each Service Order shall remain in full force and effect in accordance with its terms, unless terminated in accordance with Section 6.2. If any Service Order remains in effect as of the termination or expiration of this Agreement, then, notwithstanding anything to the contrary in this Agreement shall continue in effect for the remainder of any Service Order term. FraudDeflect may terminate this Agreement with thirty (30) days’ notice. Merchant may terminate this Agreement within the first 90 days with 15 days written notice and all fees paid in full.

6.2 Suspension or Termination.
(a) This Agreement may be terminated by either Party prior to its expiration: (i) by notice if the other Party has materially breached the Agreement and the other Party has not cured such material breach within thirty (30) days of receipt of notice to the Party identifying such breach; (ii) continuation of a Force Majeure Event that prevents either Party from performing its obligations under the terms of this Agreement for a period of sixty (60) days or longer; (iii) by notice if the other Party makes a general assignment for the benefit of creditors, files a voluntary petition in bankruptcy or for reorganization or arrangement under the bankruptcy laws, or if a petition in bankruptcy is filed against the other Party, or if a receiver or trustee is appointed for all or any part of the property or assets of the other Party (each a “Bankruptcy Event”); or (iv) by mutual written agreement of the Parties.
(b) FraudDeflect may suspend provision of FraudDeflect Services immediately: (i) in the event of a Security Incident involving Merchant until such time as Merchant is able to certify to FraudDeflect, in FraudDeflect’s reasonable discretion, that the causes of such Security Incident have been remedied in full; or (ii) if Merchant fails to timely pay any FraudDeflect invoice until Merchant pays all amounts then due and owing pursuant to the terms of this Agreement. FraudDeflect Merchant Agreement 07/2023-3

7. Indemnification

   
   

7.1 By FraudDeflect. FraudDeflect agrees to protect, defend, indemnify, and hold harmless Merchant, its officers, directors, employees or their invitees, and any working interest owner or outside party for whom Merchant is obligated to perform services, from and against all third-party claims, demands, and causes of action of every kind and character without limit arising out of FraudDeflect’s performance or nonperformance of this Agreement, except for such as may be caused by the negligence of Merchant, its agents, or employees. FraudDeflect’s indemnity under this Section shall be without regard to and without any right to contribution from any insurance maintained by Merchant.

7.2 By Merchant. Merchant agrees to protect, defend, indemnify, and hold harmless FraudDeflect, its officers, directors, employees or their invitees, and any working interest owner or outside party for whom FraudDeflect is obligated to perform services, from and against all claims, demands, and causes of action of every kind and character without limit arising out of Merchant’s or its subcontractor’s performance or nonperformance of this Agreement, except for such as may be caused by the negligence of FraudDeflect, its agents or employees. Merchant’s indemnity under this Section shall be without regard to and without any right to contribution from any insurance maintained by FraudDeflect.

7.3 Procedure. The obligations of either Party to provide indemnification under this Agreement shall be contingent upon the Party seeking indemnification: (a) providing the indemnifying Party with prompt written notice of any claim for which indemnification is sought; (b) cooperating fully with the indemnifying Party (at the indemnifying Party’s
expense); and (c) allowing the indemnifying Party to control the defense and settlement of such claim. The Party seeking indemnification will have the right to participate, at its own expense, in the defense of any claim.

8. Limitation of Liability.

8.1 NEITHER PARTY WILL BE LIABLE TO THE OTHER PARTY OR ANY OTHER PERSON FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, INCLUDING LOSS OF PROFIT OR GOODWILL, FOR ANY MATTER ARISING OUT OF OR RELATING TO THIS
AGREEMENT OR ITS SUBJECT MATTER, WHETHER SUCH LIABILITYIS ASSERTED ON THE BASIS OF CONTRACT, TORT OR OTHERWISE EVEN IF EITHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT WILL A PARTY’S TOTAL LIABILITY FOR ANY AND ALL DAMAGES ARISING UNDER THIS AGREEMENT FROM ALL CAUSES OF ACTION AND UNDER ALL THEORIES OF LIABILITY EXCEED U.S. $250,000. THE PARTIES HAVE AGREED THAT THESE LIMITATIONS WILL SURVIVE TERMINATION OF THIS
AGREEMENT AND APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THIS AGREEMENT IS FOUND TO HAVE FAILED OF ITSESSENTIAL PURPOSE.

8.2 FraudDeflect SHALL HAVE NO LIABILITY FOR MERCHANT’S USE OF VMPI DATA AND MERCHANT ASSUMES TOTAL RESPONSIBILITY FOR ITS USE OF THE VMPI DATA AND USES THE SAME AT ITS OWN RISK. FraudDeflect EXERCISES NO CONTROL OVER AND HAS NO RESPONSIBILITY WHATSOEVER FOR ANY REFUNDS, REVERSALS, FRAUD LOSSES, CHARGEBACKS, OR FRAUDULENT ACCESS TO VMPI DATA IN CONNECTION WITH THE PERFORMANCE OF THIS AGREEMENT OR FOR MERCHANT ACTIONS OR INACTIONS IN CONNECTION WITH USE OF THE VMPI DATA. FraudDeflect DOES NOT GUARANTEE THE ACCURACY OF PROVIDED DATA. EXCEPT AS MAY BE SPECIFICALLY PROVIDED ELSEWHERE IN THIS AGREEMENT FraudDeflect MAKES NO REPRESENTATIONS OR WARRANTIES—EXPRESS OR IMPLIED—REGARDING THE VMPI DATA, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, DATA ACCURACY, OR THAT FraudDeflect’s PROVISION OF THE SERVICES WILL BE UNINTERRUPTED OR ERROR FREE, AND ALL SUCH FraudDeflect Merchant Agreement 07/2023-4 WARRANTIES ARE HEREBY DISCLAIMED BY FraudDeflect AND WAIVED BY MERCHANT TO THE EXTENT NOT PROHIBITED BY LAWS.

G. General Provisions

G.1 Non-Exclusivity. This agreement is non-exclusive. Nothing in this agreement shall prevent either Party, now or in the future, from using, integrating or offering its product or services, or allowing such use, integration or offer, with any direct or indirect competitor of the other Party.

G.2 Employee Non-Solicitation. During the term of this Agreement and for a period of twelve (12) months thereafter, neither Party will recruit or otherwise solicit for employment any employees or subcontractors of the other Party who participated in the performance of FraudDeflect Services without such other Party’s express prior written approval. It is understood and agreed that untargeted recruiting, such as advertising and job fairs, and responses to unsolicited inquiries are not prohibited by this Section.

G.3 Assignment. Neither Party may assign any of its rights, duties or obligations under this Agreement to any person or entity, in whole or in part, without the consent of the other Party; provided, however, that either Party may assign this Agreement to a successor of that Party as a result of a merger, reorganization or sale of all or substantially all of the assets to which this Agreement pertains. Any attempted assignment in violation of the foregoing is void and will be a material breach of this Agreement. Subject to the foregoing, this
Agreement is binding upon and will inure to the benefit of the Parties’ respective successors, heirs and assigns.

G.4 Force Majeure. Neither Party is responsible for delays or failures in performance (other than payment) resulting from acts of God, strikes, lockouts, riots, acts of war and terrorism, embargoes, changes in governmental regulations, epidemics, fire, communication line failures, power failures, earthquakes and other disasters, interruption or failure of telecommunications or digital transmission links, hostile network attacks, network congestion, or other failures beyond the reasonable control of such Party (each, a “Force Majeure Event”). Neither Party is entitled to relief under this Section to the extent that any event otherwise constituting a Force Majeure Event results from the negligence or fault of such Party or its employees or agents.

G.5 Waiver. No waiver of any provision hereof or of any right or remedy hereunder will be effective unless in writing and signed by the Party against which such waiver is sought to be enforced. No delay in exercising, no course of dealing with respect to, or no partial exercise of any right or remedy hereunder will constitute a waiver of any other right or remedy, or future exercise thereof.

G.6 Severability. If any provision of this Agreement is determined to be invalid under any Laws or by a governmental, legal, or regulatory authority with jurisdiction over the Parties, it is to that extent to be deemed omitted, and the balance of the Agreement will remain enforceable. In such event, the Party that has been deprived of any material benefit of such provision may notify the other and the Parties promptly thereafter shall use commercially reasonable efforts to replace or modify the invalid provision with a provision that, to the extent not prohibited by Laws, achieves the purposes intended under the invalid provision.

G.7 Notice. All notices will be in writing and will be deemed to be delivered when received by certified mail, postage prepaid, return receipt requested, or when sent by facsimile with machine-generated confirmation of transmission without notation of error, or by electronic mail (e-mail) with receipt of delivery confirmation. All notices will be directed to the Parties at the respective addresses, facsimile numbers given below, e-mail addresses, or to such other address or facsimile number as either Party may, from time to time, designate by notice to the other Party.

G.8 Entire Agreement; Amendment. This Agreement, together with all Exhibits attached hereto and any subsequent Service Orders accepted by FraudDeflect, which are incorporated herein by FraudDeflect Merchant Agreement 07/2023-5 reference, constitutes the complete and exclusive statement of all mutual understandings between the Parties with respect to the subject matter hereof, superseding all prior or contemporaneous proposals, communications and understandings, oral or written. To the extent that the terms of this Agreement or any Service Order are inconsistent with the terms of this Agreement, the express terms of the Service Order shall control. No amendment or change will be valid unless in writing and signed by both Parties.

G.9 Governing Law. The interpretation, validity and enforcement of this Agreement, and all legal actions brought under or in connection with the subject matter of this Agreement, shall be governed by the law of the State of Florida. Any legal action brought under or in connection with the subject matter of this Agreement shall be brought only in the United States federal courts or Florida state courts located in Jacksonville, Florida. Each Party submits to the exclusive jurisdiction of these courts and agrees not to commence any legal action under or in connection with the subject matter of this Agreement in any other court or forum. Each Party waives any objection to the laying of the venue of any legal action brought under or in connection with the subject matter of this Agreement in the federal or state courts sitting in Jacksonville, Florida, and agrees not to plead or claim in such courts that any such action has been brought in an inconvenient forum. EACH PARTY HEREBY IRREVOCABLY WAIVES ITS RIGHT TO A JURY TRIAL IN CONNECTION WITH A DISPUTE ARISING OUT OF OR UNDER THIS AGREEMENT.

G.10 Counterparts; Electronic Signature. The Parties agree to conduct business under this Agreement using electronic means including using electronic records and electronic signatures. This Agreement may be executed in any number of counterparts and each such executed counterpart will be deemed to be an original instrument, but all such executed counterparts together will constitute one and the same instrument. Counterparts may be delivered via facsimile, electronic mail (including pdf or any electronic signature complying with the U.S. federal ESIGN Act of 2000, e.g., www.docusign.com. or www.rightsignature.com) or other transmission method, and any counterpart so delivered shall be deemed to have been duly and validly delivered and be valid and effective for all purposes.

G.11 Further Assurances. Each Party agrees at its own expense, to execute, acknowledge, and deliver any further documents and instruments reasonably requested by the other Party, and to take any other action consistent with the terms of this Agreement that may
reasonably be requested by the other Party, for the purpose of consummating the transactions contemplated by this Agreement.

List of Exhibits

List of Exhibits

Exhibit A: Service A
Exhibit B: Payment Authorization Form
Exhibit C: Verifi and Ethoca Specific Terms and Rules

Exhibit D: Data Requirements
Exhibit E: Data Processing Agreement

Exhibit A Service Order

Services ordered from FraudDeflect by merchant: Once agreement is signed, we will send out a form for information needed to enroll the merchant in selected services.

Risk Level is based on Visa’s MCC Tier Chart.

*For pricing see merchant contract

Definitions of Services:

FraudDeflect Platform - Required - Access to our User Interface and Reporting

FraudDeflect consulting services - FraudDeflect will provide merchant diagnostic consulting services to help them figure out how to lower their chargeback rate. Discuss with FraudDeflect team for pricing. Starts at $500.

FraudDeflect’s Order Inquiry Service - Customer called the Issuer who engaged Order Inquiry Services for further information which prevented the chargeback. Merchant keeps a happy customer. No refund. No chargeback.

FraudDeflect’s Real Time Compelling Evidence Service - This service uses the Order Inquiry system but the issuer presses chargeback. If we provide enough information on past transactions, Visa will stop the chargeback. No Chargeback. No Refund.

FraudDeflect’s Alert Services - Alert services include but are not limited to Verifi CDRN, Verifi/Visa Rapid Dispute Resolution, Ethoca Alerts FraudDeflect will alert the merchant by email or other agreed upon means. Fees are due for all received.

FraudDeflect’s Real Time Notification Service - Required. Notifications of Visa Fraud Flagged Transactions, Compelling Evidence Acceptance or Decline, and Chargebacks are charged per notification.

FraudDeflect’s Automations Service: If subscribed, one example is, FraudDeflect systems will match and refund all Alerts or Notifications, based on the client’s settings. These actions will be charged by automation.

FraudDeflect’s Chargeback Representment Service. Let’s our team work your chargeback representments for you provided you give us access to the needed data. We only charge a flat rate for the work and then the % only when we Win. Our definition of winning is when you win the initial chargeback and then do not receive a second chargeback notification on that same transaction.

Exhibit B -Direct Debit ACH Payment Authorization Form

Please complete all fields. You may cancel this authorization at any time by contacting us and providing other agreed-upon payment arrangements. This authorization will remain in effect until it is cancelled.

Banking Information
Name of Financial Institution: Mercury Bank

Routing Number: 091311229
Account Number: 202441118487

FraudDeflect LLC will provide an invoice or online reporting by Monday for charges from the previous week and will debit Client’s account on Wednesday.

The merchant authorizes Fraud Deflect LLC to debit my bank account above for agreed upon purchases. I understand that my information will be saved to file for future transactions on my account.

Exhibit C - Verifi and Ethoca Specific Terms

1. Verifi Order Insights
   a. Client will provide a minimum set of data based on FraudDeflect’s Data Requirements Document and Data Requirements Document during initial integration and arrange for the data to remain up to date within a 3-day window.
   b. Client is responsible for making sure the data provided is accurate, secure and timely.
   c. In the event that a CE Deflection is reversed after an exception review FraudDeflect will credit the client once it has been credited by Verifi
   d. If the client chooses to not host data with FraudDeflect, they must ensure API responses times are less than 1 second. If the response times are slower than FraudDeflect will notify the client. The client then has 5 days to remedy. If they cannot, then data will be required to be hosted at FraudDeflect.
   e. Client will not use Order Insight or CE3 data to refund or provide credits back to consumer.
   f. Fees accrue and are due even if Client API does not respond in the 1 second window.

   
   

2. Verifi RDR
   a. Client will report to FraudDeflect Accept and Deny rules for RDR Transactions
   b. Client acknowledges and agrees that it shall pay the applicable fees (Schedule A) for each RDR case received, irrelevant as to whether or not the case is processed.

   
   

3. Verifi RDR Zero Defect Guarantee
   a. To the extent a RDR Case has been Accepted during pre-dispute processing and becomes a Dispute or the Participating Issuer recalls the pre-dispute after initial submission and processing, the RDR Case will be eligible for credit of the
   associated RDR Case Fee. The credit will be contingent upon Client providing valid proof of a Dispute and any such data must be submitted to FraudDeflect within twenty (20) days of receipt of the Dispute by Client.

   
   

4. Verifi CDRN
   a. CDRN enrollment uses Descriptors, MIDs and MCC codes.
   b. Once a descriptor is enrolled the client is response for reviewing and acting upon cases, unless they’ve contracted for FraudDeflect to Automate this process.
   c. Client may resolve or decline a case.

   d. All cases must be resolved within 72 hours. Any case not actioned upon by that time will be closed and not eligible for processing.

   
   

5. Verifi CDRN Zero Defect Guarantee.
   a. Cases that are Resolved within 72 hours of receipt and the Case subsequently becomes a Dispute, and further provided that Client submits proof of said Dispute(s) to FraudDeflect, Client will be credited the CDRN Case Fee
   associated with said Dispute. The foregoing credit shall be contingent upon Client providing valid proof of a Dispute and any such data must be submitted to FraudDeflect within twenty (20) days of receipt of the Dispute by Client. The client will be refunded the fees charged by FraudDeflect once Verifi has approved the dispute and refunded fees charged to FraudDeflect. Proof must be sent to refundrequests@frauddeflect.com

   
   

6. Verifi Fraud and Dispute Notifications
   a. Clients leverage a direct delivery of fraud and dispute notifications to reduce payment risk and improve profit margins. Via FraudDeflect APIs or the Portal, Clients can receive real-time, transaction level notification, to enhance and inform fraud detection and modeling. Clients can also stop order fulfillment/shipment when possible.

   
   

7. Ethoca Consumer Clarity and First Party Trust
   a. Client will provide a minimum set of data based on FraudDeflect’s Data Requirements Document and Data Requirements Document during initial integration and arrange for the data to remain up to date within a 3-day window.
   b. Client is responsible for making sure the data provided is accurate, secure and timely.
   c. In the event that a Clarity or First Party Trust Deflection is reversed after an exception review FraudDeflect will credit the client once it has been credited by Ethoca
   d. If the client chooses to not host data with FraudDeflect, they must ensure API responses times are less than 1 second. If the response times are slower than FraudDeflect will notify the client. The client then has 5 days to remedy. If they cannot, then data will be required to be hosted at FraudDeflect.
   e. Client will not use Consumer Clarity or First Party Trust data to refund or provide credits back to consumer.
   f. Fees accrue and are due even if Client API does not respond in the 1 second window.

   
   

8. Ethoca Alerts
   e. Ethoca Alerts enrollment uses Descriptors, MIDs, Legal Address, Legal Entity Name and MCC codes.
   f. Once enrolled the client is responsible for reviewing and acting upon cases, unless they’ve contracted for FraudDeflect to Automate this process.
   g. Client may resolve or decline a case. Fees are due for all cases received regardless of declining or resolving the case.
   h. All cases must be resolved within 24 hours. Any case not actioned upon by that time will not be guaranteed to be effective.

   
   

9. Ethoca Zero Defect Guarantee.
   a. Cases that are Resolved within 24 hours of receipt and the Case
   subsequently becomes a Chargeback or Proved to be a Duplicate (Defect defined as multiple Ethoca alerts on the same transaction or a Chargeback on the transaction identified by the Ethoca Alert), and further provided that Client submits proof of said Defect(s) to FraudDeflect, Client will be credited the Ethoca Fee associated with said Defect. The foregoing credit shall be contingent upon Client providing valid proof of a Dispute and any such data must be submitted to FraudDeflect within twenty (20) days of receipt of the Dispute or Defect by Client. The client will be refunded the fees charged by FraudDeflect Ethoca has approved the dispute and refunded fees charged to FraudDeflect. Proof must be sent to refundrequests@frauddeflect.com

   
   

Exhibit D Data Requirements

There are two data requirements categories for the FraudDeflect Inquiry services:

Enrollment Data Requirements:

Merchant will provide FraudDeflect with all required data listed below in order to enroll in the inquiry and/or compelling evidence program.

1. Merchant full company name and other information as connected to their merchant account

   
   

2. All merchant’s Card Acceptor IDs (otherwise known as MIDs or Merchant IDs)
   a. Many acquirers truncate the MID they give to merchants. Merchants should require their full mids from their acquirer stating they need them to enroll in the Visa VMPI program.

   
   

3. All merchant Acquirer BINs a. This ID is not generally known to merchants so they will
   need to contact their acquirer and ask for these stating that they will be using this to enroll in the inquiry and/or compelling evidence program.

   
   

4. 1year of back transaction and informational data (see Ongoing data delivery section
   below for descriptions of this data) including merchant transaction unique ids that are sent to the acquirer, date/time of authorization, amount of transaction in the mid’s native currency, currency code, and, if applicable, refund status and refund date/time

   
   

The above, along with this signed agreement, need to be delivered to FraudDeflect to start the enrollment process. The process will take from a few days to a few weeks depending on processing time of data and depending on Visa’s backlog loading MIDs. Once this is completed, the merchant will be live and incur fees as described in the Service Order.

Ongoing Data Delivery:

Merchant will provide FraudDeflect with ongoing data on, at a minimum, daily basis, via mutually agreed upon technology such as secure file transfer protocol (sFtp), application programmers interface (API), FraudDeflect’s Portal UI Uploads, or via an agreed upon FraudDeflect data partner. Data shall be in either CSV or JSON format based on FraudDeflect’s specifications.

At a minimum, the data shall include the following fields:

1. Unique Transaction ID as sent to your acquirer

   
   

2. Transaction Date and Time of authorization

   
   

3. Transaction Description

   
   

4. Transaction Amount in transaction’s currency

   
   

5. Transaction currency code FraudDeflect Merchant Agreement 07/2023-11

   
   

6. If multiple mids are submitted, then we need the mid of the transaction

   
   

7. If applicable, Refund status and Refund date/time
   
   

   The above is the minimum data though we accept more than 100 fields of information. This list along with data format, to be agreed upon, will be discussed and provided as onboarding of Merchant is started.

Exhibit D DATA PROCESSING AGREEMENT

10. Definitions. In addition to the defined terms specified in the first paragraph, recitals and substantive provisions of this Addendum, the following terms have the meanings set forth below:

10.1 “Applicable Privacy Law” shall mean the relevant data protection and privacy law (including GDPR) to which Merchant is subject, and any guidance or statutory codes of practice issued by the relevant Privacy Authority.

10.2 “Claim” means any third-party action, claim, assertion, demand or proceeding.

10.3 “GDPR” shall mean from 25th May 2018 onwards, Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “General Data Protection Regulation”).

10.4 “Losses” means any Claim, direct loss, damage, cost, charge, fine, fees, levies, award, expense, or other liability of any nature (whether foreseeable or contingent or not) and including any direct, indirect or consequential losses.

10.5 “Personal Data” shall mean any information provided or made available to Processor in connection with its provision of the Services, including but not limited to VMPI Data as defined in the Agreement, and to the extent the same relates to an identified or
identifiable natural person as defined by the Applicable Privacy Law;

10.6 “Privacy Authority” shall mean the relevant supervisory authority with responsibility for privacy or data protection matters in the jurisdiction of Merchant.

10.7 “Process”, “Processing”, or “Processed” shall mean any operation or set of operations which is performed upon Personal Data whether or not by automatic means, including collecting, recording, organizing, storing, adapting or altering, retrieving,
consulting, using, disclosing, making available, aligning, combining, blocking, erasing, and destroying Personal Data as defined in the Applicable Privacy Law;

10.8 “Services” shall mean the services provided by Processor in relation to the Processing of Personal Data as described in the Services Agreement; and

10.9 “Transfer Contract Clauses” shall mean the model contract clauses set out in the European Commission’s Decision of 5 February 2010 on standard contractual clauses for the transfer of Personal Data to Processors established in third countries, under the Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data as may be amended or replaced by the European Commission from time to time.

11. Processing Requirements.

11.1 Processor represents and warrants, with respect to all Personal Data that it Processes on behalf of Merchant, that at all times:

(a) it shall Process such Personal Data only for the purposes of providing the Services and as may subsequently be agreed between the Parties in writing and, in so doing, shall act solely on the instructions of Merchant. In particular, the Processor shall not itself exercise control, nor shall it transfer, or purport to transfer, control of such Personal Data to a third party, except as it may be specifically instructed, in documented form, to do so by Merchant.

(b) it shall not Process, apply, or use, the Personal Data for any purpose other than as required and necessary to provide the Services; and

(c) it shall not Process Personal Data for its own purposes or include Personal Data in any product or service offered to third parties.

11.2 In order to ensure that Merchant’s instructions in respect of any Personal Data can be carried out as required under this Addendum, Processor shall have in place, and maintain, appropriate processes and any associated technical measures that will ensure that Merchant’s reasonable and lawful instructions can be complied with, including the following:

(a) requests by individual data subjects to Merchant, or any exercise of privacy rights, in respect of their Personal Data from time to time can be implemented.

(b) provision of appropriate interfaces or support for other processes of Merchant in ensuring information is provided to data subjects as required by Applicable Privacy Law.

(c) updating, amending, or correcting the Personal Data of any individual upon request of Merchant from time to time.

(d) cancelling or blocking access to any Personal Data upon receipt of instructions from merchant and.

(e) the flagging of Personal Data files or accounts to enable Merchant to apply particular rules to individual data subjects’ Personal Data, such as the suppression of marketing activity.

11.3 Processor shall comply with all Applicable Privacy Law and shall not perform its obligations under this Agreement in relation to the Personal Data in such a way as to cause Merchant to breach any of its obligations under Applicable Privacy Law.

11.4 Processor shall provide to Merchant such co-operation, assistance, and information as Merchant may reasonably request to enable it to comply with its obligations under any Applicable Privacy Law and co-operate and comply with the directions or decisions of a relevant Privacy Authority, in each case within such reasonable time as would enable Merchant to meet any time limit imposed by the Privacy Authority.

11.5 Prior to commencing the Processing, and any time thereafter, Processor shall promptly inform Merchant if, in its opinion, (a) (b) an instruction from Merchant infringes any Applicable Privacy Law; or Processor is subject to legal requirements that would make it unlawful or otherwise impossible for the Processor to act according to Merchant’s instructions or to comply with Applicable Privacy Law.

11.6 The Parties acknowledge and agree that Processor shall not be entitled to reimbursement of any costs which Processor may incur as a result of or in connection with complying with Merchant’s instructions for the purposes of providing the Services and/or with any of its obligations under this Addendum or any Applicable Privacy Law.

11.7 Processor shall provide within five (5) calendar days following the receipt of Merchant’s request, a written record, including such information as Merchant shall reasonably require, of the Processing of Personal Data by Processor on behalf of Merchant.

12. Security of Personal Data.

12.1 Processor shall keep Personal Data logically separate to data Processed on behalf of any other third party.

12.2 Processor shall keep Personal Data logically separate to data Processed on behalf of any Processor shall implement and maintain appropriate technical and organizational security measures to protect the Personal Data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access, in particular where the Processing involves the transmission of data over a network, and against all other unlawful forms of Processing, and in addition shall comply with the Merchant Minimum Security Requirements.

13. Security of Communications. Processor shall undertake appropriate technical and organizational measures to safeguard the security of any electronic communications networks or services provided to Merchant or utilized to transfer or transmit Personal Data (including measures designed to ensure the secrecy of communications and prevent unlawful surveillance or interception of communications and gaining unauthorized access to any computer or system and thus guaranteeing the security of the communications).

14. Processor Employees– Confidentiality. Processor shall ensure the reliability (as such term is used in the GDPR) of any employees and Sub-Processor (as defined below) personnel who access the Personal Data and ensure that such personnel have undergone appropriate training in the care, protection and handling of Personal Data, and have entered into an agreement, in relation to the Processing of Personal Data, the terms of which are no less onerous than those found in the Services Agreement. Processor will remain liable for any disclosure of Personal Data by each such Sub-Processor as if it had made such disclosure itself.

15. Use of Sub-Processors.

15.1 Processor shall not sub-contract or outsource any Processing of Personal Data to any other person or entity (each a “Sub-Processor”) unless and until:

(a) Processor has notified Merchant by way of formal written notice of the full name and registered office or principal place of business of the Sub-Processor by completing Schedule 3.

(b) Processor has notified Merchant of any changes required to be made to Schedule 3 in accordance with Section 6.1.

(c) Processor has provided to Merchant details (including categories) of the Processing to be carried out by the Sub-Processor in relation to the Services; and such other information as may be requested by Merchant in order for Merchant to comply with Applicable Privacy Law, including notifying the relevant Privacy Authority.

(d) Processor has imposed legally binding terms no less onerous than those contained in this Addendum on such Sub-Processor.

(e) Merchant has not reasonably objected to the sub-contracting or outsourcing within ten (10) working days from receiving Processor’s written notification set forth in Section 6.1(a) including the information set forth in Section 6.1(c); and

(f) Processor has, entered into Transfer Contract Clauses with the Sub-Processor, if and to the extent the scope of sub-processing involves the transmission of Personal Data to, the storage of Personal Data in, or the Processing of Personal Data by any other means in, third countries.

15.2 Where requested by Merchant, Processor shall procure that any third-party Sub-Processor appointed by Processor pursuant to this Section 6 shall enter into a data processing agreement with Merchant on substantially the same terms as this Addendum.

15.3 In all cases, Processor shall remain fully liable to Merchant for any act or omission performed by Sub-Processor or any other third party appointed by it as if they were the acts or omissions of the Processor, irrespective of whether Processor complied with its obligations specified in the above Section 6.1.

15.4 In the event of a breach of this Addendum caused by the actions of a Sub- Processor, the Processor shall, if requested by Merchant, assign the right to Merchant to take action under the Processor’s contract with the Sub-Processor as it deems necessary in order to protect and safeguard Personal Data.

16. Personal Data Breach and Notification Requirements.

16.1 Processor shall notify Merchant in the most expedient time possible under the circumstances but no later than within 24 hours after becoming aware of any accidental, unauthorized, or unlawful destruction, loss, alteration, or disclosure of, or access to, Personal Data (“Security Breach”). Such notification shall include (a) a detailed description of the Security Breach, (b) the type of data that was the subject of the Security Breach, and (c) the identity of each affected person (or, where not possible, the approximate number of data subjects and of Personal Data records concerned). Processor shall communicate to Merchant: (i) the name and contact details of Processor’s data protection officer or other point of contact where more information can be obtained; (ii) a description of the likely consequences of the Security Breach; (iii) a description of the measures taken or proposed to be taken by Processor to address the Security Breach, including, where appropriate, measures to mitigate its possible adverse effects; and additionally in such notification; or, thereafter (iv) as soon as such information can be collected or otherwise becomes available, any other information Merchant may reasonably request relating to the Security Breach.

16.2 Processor shall take immediate action to investigate the Security Breach and to identify, prevent, and make best efforts to mitigate the effects of any such Security Breach in accordance with its obligations hereunder, and, subject to Merchant’s prior agreement,
to carry out any recovery or other action necessary to remedy the Security Breach. Processor shall not release or publish any filing, communication, notice, press release, or report concerning any Security Breach in respect of Personal Date (“Notices”) without Merchant’s prior written approval. The actions and steps described in this Section 7 shall, without prejudice to Merchant’s right to seek any legal remedy as a result of the breach, be undertaken at the expense of the Processor and the Processor shall pay for or reimburse Merchant for all costs, losses, and expenses relating to the cost of preparing and publishing Notices.

16.3 If the Security Breach will impact more Processor’s customers, Processor shall prioritize Merchant in providing support and implement necessary actions and remedies.

17. Privacy Impact Assessment. Where requested to do so by Merchant, Processor shall promptly make available to Merchant all information necessary to demonstrate Merchant’s compliance with Applicable Privacy Law and shall assist Merchant in carrying out a privacy impact assessment of the Services and cooperate with Merchant to implement agreed mitigation actions to address privacy risks identified in any such privacy impact assessment.

18. Audit Rights. Processor shall and shall procure that any Sub-Processor shall permit Merchant, its customers (including Merchant’s and customers’ respective subcontractors, auditors, and/or other authorized agents), and/or Privacy Authorities (each an “Auditing Party”) to access Processor’s premises, computer, and other information systems, records, documents, and agreements as reasonably required by the Auditing Party in order to confirm that Processor and/or its Sub-Processors are complying with their obligations under this Addendum (or any subsequent sub-Processing contract) or any Applicable Privacy Law, provided always that any such audit does not involve the review of any third party data and that such reviewing entity enters into such confidentiality obligations with the Processor or with the relevant Sub-Processor as may be reasonably necessary to respect the confidentiality of the Processor’s or Sub-Processor’s business interests and third party data and information of which the reviewing entity may become aware in the course of undertaking the review. The Auditing Party shall bear its own costs in relation to such audit, unless the audit FraudDeflect Merchant Agreement 07/2023-16 reveals any non-compliance with Processor’s or Sub-Processor’s obligations under any Applicable Privacy Law or this Addendum or any subsequent sub-Processing contract, in which case the costs of the audit shall be borne by Processor.

19. Deletion of Personal Data.

19.1 Processor shall delete Personal Data from its records in accordance with the retention policies set out in the relevant Processing Appendix for the Services and comply with all reasonable instructions from Merchant with respect to the deletion of any remaining Personal Data.

19.2 Upon termination or expiry of any of the relevant Services, in respect of such Services any remaining Personal Data shall, at Merchant’s option, be destroyed or returned to Merchant, along with any medium or document containing Personal Data.

19.3 Upon termination or expiry of the Services Agreement, any remaining Personal Data shall, at Merchant’s option, be destroyed or returned to Merchant, along with any medium or document containing Personal Data.

20. Notices.

20.1 Formal written notices to be given under or in connection with this Addendum shall be made in writing in English and shall be deemed to have been duly given: (a) when delivered, if delivered by messenger during the hours of 9:00 a.m. to 5:00 p.m.; (b) when sent, if transmitted by facsimile transmission (transmission confirmed) during the hours of 9:00 a.m. to 5:00 p.m.; and (c) on the 5th business day following posting, if posted by signed for (postage pre-paid) mail or the equivalent in the country of posting. The addresses for Services shall be set out in the relevant Processing Appendix.

20.2 Communications not requiring formal written notices may be affected by email.

21. Third Party Disclosure Requests.

21.1 Unless prohibited by Applicable Privacy Law, Processor shall, and shall procure that any Sub-Processor shall, inform Merchant promptly (and in any event within one business day of receipt or sooner if required to meet with any earlier time lime) of any inquiry, communication, request or complaint from:

(a) any governmental, regulatory or supervisory authority, including Privacy Authorities or the U.S. Federal Trade Commission; and/or

(b) any data subject, relating to the Services, any Personal Data, or any obligations under Applicable Privacy Law, and shall provide all reasonable assistance to Merchant free of any costs to enable Merchant to respond to such inquiries, communications, requests, or complaints and to meet applicable statutory or regulatory deadlines. Processor shall, and shall procure that any Sub-Processor shall, not disclose Personal Data to any of the persons or entities listed in (a) or (b) above unless it is legally required to do so and has otherwise complied with the obligations in this Section 12.1.

21.2 Unless prohibited by Applicable Privacy Law, in the event that Processor or any Sub- Processor is required by law, court order, warrant, subpoena, or other legal judicial process (“Legal Request”) to disclose any Personal Data to any person or entity other than Merchant, Processor shall, and shall procure that any Sub-Processor shall, notify Merchant promptly (and in any event within one business day of receipt or sooner if required to meet with any time limit in the Legal Request) and shall provide all reasonable assistance to Merchant to enable Merchant to respond or object to, or challenge, any such FraudDeflect Merchant Agreement 07/2023-17 demands, requests, inquiries, or complaints and to meet applicable statutory or regulatory deadlines. Processor shall, and shall procure that any Sub-Processor shall, not disclose Personal Data pursuant to a Legal Request unless it is legally prohibited from doing so and has otherwise complied with the obligations in this Section 12.2.

22. Transfers of Personal Data Outside of the European Economic Area. Where Personal Data originating in the European Economic Area is Processed by Processor outside the European Economic Area, in a territory that has not been designated by the European
Commission as ensuring an adequate level of protection pursuant to Applicable Privacy Law, Processor and Merchant agree that the transfer will be subject to the Transfer Contract Clauses which shall be deemed to apply in respect of such Processing. Processor shall ensure that the Processing of such Personal Data does not commence until Merchant has confirmed to the Processor that it has obtained any approvals required from relevant Privacy Authorities.

23. Indemnity. Notwithstanding any other indemnity provided by the Processor in connection with the Processing subject to the Services Agreement, the Processor shall indemnify Merchant (and each of its respective officers, employees and agents) against all Losses arising out of or in connection with any failure by the Processor (and by any Sub- Processor, of whatever tier) to comply with the provisions of this Addendum or any Applicable Privacy Law.

Exhibit D SERVICE LEVEL AGREEMENT

1. SERVICE AVAILABILITY.

   Subject to the terms within this Service Level Agreement (“SLA”), FraudDeflect’s services will have a Service Availability of no less than 99.9%, 24x7x365. “Service Availability” shall be determined by measuring the uptime of FraudDeflect’s services, excluding Scheduled Downtime and events outside FraudDeflect’s Span of Control. “Span of Control” means those areas of functionality and technology,
   including hardware and software used in the provision of the FraudDeflect Services, which are reasonably under the direct control of FraudDeflect, including without limitation actions of subcontractors, subsidiaries, agents and/or affiliates.

   
   

2. SCHEDULED DOWNTIME/MAINTENANCE.
   FraudDeflect will notify Merchant via email at the address provided herein of any proposed scheduled downtime for FraudDeflect’s services (“Scheduled Downtime”). FraudDeflect will work with FraudDeflect to ensure Scheduled Downtime does not conflict with critical activities. FraudDeflect will, through Merchant’s escalation contacts, promptly notify Merchant in writing (including via
   email) of any event or unplanned outage that impacts or may impact FraudDeflect’s services or Merchant’s usage thereof. Activity will be followed by a post-mortem report detailing the accomplishments, including as set forth herein.

   
   

3. MERCHANT ESCALATION CONTACT INFORMATION. Contact Name C Title Phone 1st Level Escalation 2nd Level Escalation 3rdLevel Escalation 4th Level Escalation shall be provided to FraudDeflect provided in contract signature form.

   
   

4. FRAUDDEFLECT ESCALATION CONTACT INFORMATION.

   
   

Primary Contact: Merchant Support

Phone: (904)467-7030
Email : Support@FraudDeflect.com

1st Level Escalation: Mari Perroni, Chief Operating Officer Phone: (904)467-7030
Email: Mari@FraudDeflect.com

2nd Level Support: Scott Adams, Chief Executive Officer Phone: (386) 589 -7465
Email: Scott@FraudDeflect.com

10. . SERVICE AVAILABILITY MEASUREMENT AND REPORTING.
    The Service Availability will be measured in monthly increments using complete calendar months (determined using Pacific Standard Time), beginning the first day of the first month following Commercial Use of the FraudDeflect Services. “Commercial Use” means the availability of FraudDeflect’s services to Merchant.

    
    

11. . NOTIFICATION OF SCHEDULED MAINTENANCE.
    FraudDeflect will, through Merchant’s escalation contacts, advise Merchant of all scheduled maintenance and/or unplanned outages of FraudDeflect’s services that are reasonably likely to adversely affect in any manner Merchant’s services.

    
    

Appendix Z Definitions

DEFINITIONS. As used in the Agreement, the terms listed below shall have the following meanings ascribed to them:

ACH shall mean and refer to the “Automated Clearing House” and is an electronic payment network which exchanges funds via electronic funds transfer. Accepted shall mean and refer to an RDR Case, automatically refunded (in accordance with the RDR Rules configured by Seller) to the Consumer by the acquirer-initiated funds reversal process.
Acquirer BIN shall mean and refer to the unique Bank Identification Number which identifies the institution under contract with the Seller to enable the Seller to process card transactions.
Adjusted Lookup shall mean and refer to requests that are categorized to be unique based on data attributes available on the request and received within 120 days from the date of the original transaction referenced by the request.
Affiliates shall mean, as to any entity, any other entity that controls, is controlled by, or is under common control with the initial entity. For purposes of this definition, the term “control” means the possession, directly or indirectly, of the power to direct or cause the direction of the management policies of such third party, whether through the ownership of voting securities or by contract or otherwise, as of the Effective Date.
Applicable Laws shall mean and refer to laws and regulations that are directly applicable to a Party, including but not limited to the following: (i) prior to May 25, 2018, Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data on the free movement of such data; (ii) after May 25, 2018 GDPR and repealing Directive

95/46/EC; (iii) the California Consumer Privacy Act, that enhances privacy rights and consumer protection for residents of California; (iv) any applicable member state law with respect to Personal Data; (v) any applicable export laws and regulations, including but not limited to the Export Administration Act of 1979, as amended, and the Export Administration Regulations issued by the U.S. Department of Commerce, Bureau of Industry and Security and any successor legislation; (vi) any regulation administered by the U.S. Department of Treasury’s Office of Foreign Assets Control, the United Nations, the Council of the European Union and the individual Governments of Member States of the European Union; and (vii) any anti-bribery and anti-money laundering laws and regulations.
Approved Transaction shall mean and refer to any Transaction that is processed pursuant to the terms of this Agreement and for the benefit of the Seller.
Authorization shall mean and refer to an inquiry with the Customer’s Payment Brand to confirm available credit and reserve a portion of the Customer’s available funds for a Transaction.
Association means any of the companies or associations which provide for the branding and issuance of credit and/or debit cards, including without limitation, VISA, MasterCard, Discover, and American Express.
Card Acceptor ID (CAID) shall mean and refer to the unique identifier assigned by the Acquirer to identify the merchant account.
Card Network shall mean and refer to Visa, MasterCard, American Express, Discover, ACH, prepaid debit cards or any other association comprised of issuers that provide a Payment Brand(s) (defined below) that is accepted by a Seller.
Case(s) shall mean and refer to an action by a Consumer disputing a transaction that qualifies under CDRN and RDR. As applicable, this includes Accepted, Resolved, Declined, and cancelled Cases.
CDRN shall mean and refer to Verifi’s patent Cardholder Dispute Resolution Network, which enables a participating Seller to resolve cardholder billing disputes directly with an issuer, before the dispute is escalated via the Dispute process through an Association.
CDRN Case Fee shall mean and refer to the amount paid by Seller per CDRN Case and listed in the applicable SOW. CDRN Zero Defect Guarantee To the extent that Cases are Resolved in a timely fashion, as set forth in an applicable CDRN SOW of this Agreement, and the Case subsequently becomes a Dispute, provided that Seller submits proof of said Dispute(s) to Verifi, Seller will be credited the CDRN fee associated with said Dispute. The foregoing shall be contingent upon Seller providing valid proof of a Dispute and any such data must be submitted within thirty (30) days of receipt of the Dispute by Seller). FraudDeflect Merchant Agreement 07/2023-21
Compelling Evidence Deflection Fee shall mean and refer to the amount paid by Seller per CE Deflection as listed in the applicable SOW.
Compelling Evidence Deflection Negation shall mean and refer to a CE Deflection Fee invoiced and subsequently reversed after an exception review initiated by the Issuer.
Consumer shall mean and refer to an individual or entity that presents a Payment Brand to purchase goods or services from the Seller and submits a Payment Brand (defined below) to facilitate said payment.
Decline shall mean and refer to (i) Sellers’ action in CDRN of declining to resolve a Dispute via CDRN, no credit or refund is issued, and the CDRN Case will most likely result in a Dispute; and (ii) a RDR Case which is not refunded, as a result of the rules set by the Seller.
Digital Inquiry shall mean and refer to a Lookup that originates from a Participating Issuers mobile or online application.
Disclosing Party shall have the meaning as is set forth in Section 10.1 “Confidential Information”.
Dispute shall mean and refer to a disputed settled Transaction that has been returned to the Seller by the Merchant Processor, in correspondence with a Consumer dispute, and in accordance with the Rules as defined below.
Dispute Representment shall mean and refer to Verifi’s action of responding to a Dispute or Retrieval Request on behalf of the Seller if called for pursuant to the Agreement; Verifi’s duties with respect to Dispute Representment will be limited to submitting documentation and information to the Merchant Bank who, at the Merchant Bank’s discretion, represents the Transaction to the respective Card Association via the appropriate process in an attempt to resolve the dispute on behalf of their Seller.
Dispute Source shall mean and refer to any distinct Merchant Processor acquirer of Seller.
Intellectual Property Rights means all patents (including all reissues, divisions, continuations, and extensions thereof) and patent applications, trade names, trademarks, service marks, logos, trade dress, copyrights, trade secrets, mask works, rights in technology, know-how, or other intellectual property rights that are in each case protected under the laws of any governmental authority having
jurisdiction.

Issuer shall mean and refer to an issuing bank that offers card association branded payment cards directly to consumers, such as credit cards, debit cards, contactless devices such as key fobs as well as prepaid cards.
Managed Services shall refer to the extent that Seller opts to leverage upon the CDRN Managed Services whereby Verifi manages the CDRN Portal on the Merchant’s behalf (as noted in applicable SOW).
Member Bank shall mean and refer to any member of the Card Associations that provides merchant services to a merchant.
Merchant Account shall mean and refer is a type of bank account that allows businesses to accept payments in multiple ways, typically debit or credit cards. A merchant account is established under an agreement between an acceptor and a merchant acquiring bank for the settlement of payment card transactions. In some cases, a payment processor, independent sales organization (ISO), or member service provider (MSP) is also a party to the merchant agreement. Whether a merchant enters into a merchant agreement directly with an acquiring bank or through an aggregator, the agreement contractually binds the merchant to obey the operating regulations established by the card associations.
Merchant Category Code (MCC) shall mean and refer to the four-digit number used by credit card companies to classify businesses into market segments. A business MCC indicates the types of services or goods being sold to customers.
Merchant Descriptor shall mean and refer to the line of copy that identifies transactions on a cardholder’s account activity and statement.
Monthly Minimum Fees shall mean and refer to the total minimum Fees which must be paid by the Seller to Verifi for each full calendar month of the applicable SOW, commencing upon the Effective Date (as defined in the applicable SOW). The Monthly Minimum Fee shall be deemed satisfied when the total Fees accrued for Service exceed the amount designated in the applicable SOW.
MID shall mean and refer to a merchant identification number.
NACHA shall mean and refers to the “National Automated Clearing House Association”.
Offline Transaction Fee shall mean and refer to the Fees associated with each Transaction which is Authorized and Captured by the Merchant Processor and provided to Verifi in its defined file format so that Verifi may provide the Services

Payment Brand shall mean and refer to the type of payment submitted by a Consumer for services, products or otherwise, including, but not limited to, Visa, MasterCard, American Express, Discover, PayPal, ACH, "Bill Me Later", or any credit card, charge card, debit card, gift card, loyalty card, prepaid card or other alternative method accepted as payment by Seller.

Participating Issuer shall mean and refer to a financial institution that issues a debit and credit card to a Consumer and that is also under contract with Verifi to participate in the Services.
Participating Seller shall mean and refer to the legal business entity that utilizes the Verifi Services through the legal agreement with the Seller.
Payment Card Industry (PCI) shall mean and refer to the segment of the financial industry that governs the use of all electronic forms of payment.
Personal Data has the meaning given in the applicable data protection law.

Processing shall mean and refer to the actioning of Accept, Decline, Resolve or Cancel a Case.
Platform (i) shall mean Verifi’s software services, which includes the source code, object code or underlying structure, ideas or algorithms of the Services or any software, documentation or data related to the Services.
Qualified Transaction Data shall mean and refer to the data elements (i.e. User ID; IP Address; Shipping Address; Device ID; Device Fingerprint) which are provided via Order Insight to satisfy the requirement for Compelling Evidence.
RDR shall mean and refer to Rapid Dispute Resolution which allows Participating Sellers to process non-fraud pre-disputes and confirmed fraud pre-disputes thereby avoiding a Dispute.
RDR Case Fee shall mean and refer to amount paid by Seller per RDR Case listed in the applicable SOW.
RDR Zero Defect Guarantee. To the extent a RDR Case has been Accepted during pre-dispute processing and becomes a Dispute or the Participating Issuer recalls the pre-dispute after initial submission and processing, the RDR Case will be eligible for credit of the associated RDR Case Fee. The credit will be contingent upon Seller providing valid proof of a Dispute and any such data must be submitted to FraudDeflect within twenty (20) days of receipt of the Dispute by Seller.
Receiving Party shall have the meaning as is set forth in Section 10.1 “Confidential Information”. A refund shall mean and refer to reversing a previously settled Sale.
Refunds may be equal to or less than the amount settled on the original
Transaction. Multiple refunds may be submitted for a given Transaction so long as the total Refund does not exceed the initial Sale or capture Transaction balance.

Representatives shall have the meaning as is set forth in Section 10.2 “Disclosure of Confidential Information”.
Service(s) shall mean and refer to any and all Verifi services, including but not limited to future products or services developed by Verifi and/or its Affiliates.

Third Party Code shall mean and refer to FraudDeflect’s products which may contain or be provided with components which are licensed to third parties.

Third-Party Integrator shall mean and refer to Verifi approved third-party platforms, such as FraudDeflect.
Threatening Condition. The seller’s conduct including, without limitation, transmitting harmful, inaccurate or incomplete data to FraudDeflect, poses a threat to FraudDeflect’s systems, services, equipment, processes, or Intellectual Property. Transaction shall mean and refer to the sale of goods or services, for any of the Seller’s products for which the Customer issues payment through the use of a Payment Brand which is then presented to a Member Bank for processing and collection. Transaction also pertains to non-sale events, such as voids, declines, credits and refunds.
U.S. Bankruptcy Code. Tax implications of bankruptcy are found in Title 26 of the United States Code.
Seller Information shall mean and refer to the Information Questionnaire, including the Schedule of Fees (as is identified in in an applicable agreements), Business Questionnaire, Personal Guarantee and Payment Authorization Form, all of which shall be incorporated into this Agreement as though fully set forth herein.

FraudDeflect Merchant Agreement