Engaging a vendor to provide payment processing services for a retail operation can be a daunting task, especially without an adequate understanding of the complex roles and relationships of those involved in the payments chain.
The merchant is typically presented with a form PPA from its processors. Still, counsel should review and negotiate key provisions relating to compliance with industry standards, data security, confidentiality, use of third parties, reserves, and more. Additional standards and guidelines are often incorporated by reference and should be part of the review.
Among other things, data security is a fundamental issue in PPAs, and a merchant's obligations under PCI Data Security Standards or otherwise may vary depending on the size of its business and the payment types accepted. Contractual liabilities that flow from a data breach often exceed all other financial liabilities, including the cost to defend litigation or regulatory investigation.
Listen as our authoritative panel discusses standard terms in PPAs, provisions that may be non-negotiable due to regulatory or network requirements, and the negotiating points that may mitigate the vendor's potential liability.
Additional information and the agenda available here.
Theodore Monroe, TFM Law
Linda Odom, K&L Gates