INLÖSENAVTAL / ACQUIRING AGREEMENT

1 INTRODUCTION

These Instructions for Merchants, the "Instructions", apply to sales paid by Card through the use of a Terminal at the Merchant Stores. These Instructions form an integral part of the General Terms and the Agreement for Card Acquiring (the “Main Document”) that have been entered between the Merchant and Paytrim (both as defined in the Main Document).

In the event of any discrepancies between the Main Document and these Instructions, these Instructions shall take precedence.

2 DEFINITIONS

If not otherwise defined in these Instructions, words beginning with a capital letter shall have the meaning assigned to them in the Main Document.

“Cashback” shall mean the withdrawal of cash in conjunction with a purchase made by use of a Card.

“EEA” means the European Economic Area.

“Initiated Transactions” means a transaction initiated by the Merchant, whereby the relevant Cardholder has authorized the Merchant, based on an agreement between the Merchant and the Cardholder, to initiate a Transaction (or a number of Transactions) with the Cardholder’s Card Information.

“PAL” means the purchase amount limits set out and specified by applicable Card Scheme from time to time.

“SCA” means strong customer authentication; an authentication based on the use of two or more inherently independent elements categorised as knowledge (something only the user knows, e.g. a PIN code), possession (something only the user possesses, e.g. a Card) and inherence (something the user is) that is designed in such a way as to protect the confidentiality of the authentication data.

3 CONTROLLS

The following controls shall be made by the Merchant in connection with accepting any payment.

The Merchant shall always conduct authorization in connection with a payment, irrespective of the purchase amount for the relevant payment. However, certain exceptions can be made if the relevant purchase falls below the applicable PAL.

If, for any reason, the Card’s chip cannot be read, the Merchant may not process the relevant Transaction. If the Merchant receives a response that a Card is blacklisted, the Merchant shall (if reasonably possible) retain the Card.

Where the Card used by the Cardholder is issued within the EEA, identification of the Cardholder shall always be made in accordance with Section 5 below.

For other Cards, Paytrim accepts identification control by (i) PIN code, (ii) signature from the Cardholder on the receipt, and (iii) any other methods expressly accepted by the applicable Card Schemes from time to time.

Furthermore, identification controls are not required for Contactless Payments that don’t exceed the PAL.

When entering the PIN Code, the Cardholder shall be provided 3 attempts to enter the correct PIN code and shall always have the possibility to cancel the Transaction instead of making further attempts to enter the correct PIN code. The Merchant shall ensure that the Cardholder is aware of the relevant purchase amount when the PIN code is entered into the Terminal.

If the Cardholder has identified him-/herself by PIN Code (in accordance with Section 3.3 above), the Merchant must not check the signature of the Cardholder. However, in the following situations a written signature from the Cardholder must be provided, and in such case the Cardholder shall not be asked to use his or hers PIN Code:

(1) If the PIN Code cannot be verified;

(2) The Card number has been registered manually (i.e. the Terminal was not able to read the Card number); or

(3) If the relevant transaction is a Refund.

When gathering the Cardholder’s signature, the Merchant shall always compare the provided signature on the receipt with the signature on the Card and relevant identification document. The Card may not be accepted as a means of payment if the signatures does not match. Where the Card used by the Cardholder is issued within the EEA, identification of the Cardholder by the use of signature shall not be permitted.

In general, the Card shall always be read by the Terminal and never registered manually by Merchant, unless Paytrim has provided special permission to register the Card number and expiration date manually. In such situations the Merchant must be able to prove that the Card was present in conjunction with payment, such as with an imprint of the Card or a photocopy of the front of the Card. The photocopy or other proof shall be kept together with the corresponding signature receipt in a manner that is in agreement with the PCI regulations. However, manual registration is never permitted for a Card on which the number of the Card is not embossed.

Subject to the above, in cases where the Merchant manually registers the Card number in the Terminal, the Merchant must inspect the Card.

When inspecting the Card, the Merchant must check that (i) the Card has been signed by the Cardholder, (ii) the Card has not expired, (iii) the name on the Card corresponds with that of the identification document, (iv) the Card is marked with a card brand that is covered by the Agreement, and (v) the Card bears no sign of tampering or alteration.

In the event any one of (i) – (v) above are not met, the Merchant may not accept the Card as a means of payment.

For the avoidance of doubt, when the information of the Card is read without the Merchant’s manual involvement and where the Cardholder has approved the Transaction by providing his/hers PIN Code, the above requirements do not apply.

4 CONTENTS OF RECEIPTS

The Merchant's copy of the receipt shall always include the following information:

• The Merchant's name, location and corporate ID number;
• The Merchant's ID;
• Date and time of the Transaction;
• The number of the Card (in truncated format);
• The transaction type (Purchase or Refund);
• Control number (proof of authorisation);
• Currency and amount;
• The text: "Authorised to debit my account as specified above" (this does not apply when a PIN code is used); and
• Unique identifier for the Transaction, normally through a reference or tracing number.

If the relevant Transaction is a Contactless Payment, the receipt shall further include (i) information that the Transaction is a Contactless Payment and (ii) the application ID of the Card.

If the Transaction is approved by the Cardholder’s signature, the receipt shall further include:

• A designated space for the Cardholder's signature;
• Number and type of identification used by Cardholder.

The copy of the receipt received by the Cardholder shall receive a copy of the receipt that includes the same information as set out in Section 4.1 above, however subject to the following deviations:

• The Cardholder’s copy need not specify the transaction type (this is only required if the copy of the receipt comprises a standalone terminal receipt);
• The Cardholder’s copy must not include the text "Authorised to debit my account as specified above"; and
• The Merchant ID must not be included.

The Merchant shall archive the signature receipt and the log for PIN codes for at least 18 months following the relevant payment. Upon the request of Paytrim, the Merchant shall be able to provide an individual Transaction receipt within 5 days (this applies also following the termination of the Agreement).

Furthermore, the Merchant shall keep a log detailing all Transactions (processed and cancelled). The log shall include at least the following information; (i) how the Transaction was processed, (ii) the Merchant's name, location and corporate ID number, (iii) the date and time, (iv) the number of the Card (in truncated format), (v) the payment method, (vi) the transaction type (payment or return/credit), (vii) point of sale identifier, (viii) control number as proof of authorisation, (ix) currency and amount, and (x) reference/tracing number.

5 SCA

The Merchant shall apply SCA for identification of the Cardholder in connection with payment, unless any of the exemptions in Section 5.1 below apply. The methods for SCA acceptable to Paytrim are limited to solutions approved and/or provided by the Card Schemes from time to time.

If the Card is issued by a card issuer outside the EEA, SCA is not required. Furthermore, exemptions from SCA may be granted by the card issuer in the following scenarios:

• Contactless Payments, where the purchase amount does not exceed EUR 50 (fifty euro) or below, provided however that the same card has not been used for payment five times in a row or has reached a total amount of EUR 150 or more, or
• CInitiated Transactions.

Please note that the above exemptions are subject to the card issuer’s final acceptance, and Paytrim cannot offer any guarantee that such acceptance will be provided in any given case.

6 COLLECTING TRANSACTIONS

Transactions that have been collected electronically shall be transferred to Paytrim within 2 days of the date of authorisation. With respect to hotels and similar businesses where so-called preliminary authorisation is used, payment Transactions shall be submitted to Paytrim within thirty (30) days.

Payment transactions with Cards may only be collected by use of a Terminal.

7 CASHBACK

Transactions that have been collected electronically shall be transferred to Paytrim within 2 days of the date of authorisation. With respect to hotels and similar businesses where so-called preliminary authorisation is used, payment Transactions shall be submitted to Paytrim within thirty (30) days.

Payment transactions with Cards may only be collected by use of a Terminal.

8 TERMINALS AND PSP’S

The Merchant shall inform Paytrim of the Terminal model and the PSP that the Merchant intends to use. Both are subject to Paytrim’s approval. The Merchant shall provide Paytrim with all information requested and necessary for Paytrim to provide its approval.

The Terminals shall be kept in a manner rendering the Terminals inaccessible to unauthorized persons.Prior to making any changes, installations, decommissions or similar of any equipment technically connected to Paytrim, the Merchant shall inform Paytrim hereof. Changes of Terminals which may have an impact on the Agreement may not be implemented without Paytrim’s prior written consent.

All Terminals used to process Transactions under the Agreement shall support EMV chip technology and Contactless Payments. Other Terminals may be accepted if agreed in writing between the Parties.

9 SECURITY

Terminals that deliver Transactions to Paytrim shall be approved by Paytrim. Paytrim can require special audits concerning the security of sensitive components.

If the Merchant uses a PSP as part of its payment solution for processing Transactions, the Merchant must ensure that said third party complies with all of the requirements of applicable PCI Standards.

10 LIABILITY

The Merchant remains fully liable (in its relation with Paytrim under the Main Document) for all losses attributable to Transactions made by magnetic stripe where the Card is equipped with a so-called EMV chip and the Merchant is using an EMV Terminal. Furthermore, the Merchant bears all the risk in relation to any manual registration made by Merchant in accordance with Section 8.2 above.

Lastly, in relation to Transactions where the Merchant has applied an exemption from the SCA (c.f. Section 5 above), the Merchant bears all risks.