PayPal Pro / Virtual Terminal Agreement

This PayPal Pro / Virtual Terminal Agreement ("Agreement") is a contract between you (the "Merchant") and PayPal, Inc., and applies to your use of Website Payments Pro, Website Payments Pro Payflow Edition, or Virtual Terminal (the "Products"). Each of the Products includes the Services listed herein. You must read, agree with and accept all of the terms and conditions contained in this Agreement. This Agreement applies in addition to the PayPal User Agreement and any other agreements to which you have entered into with PayPal (collectively "User Agreements"). We may amend this Agreement at any time by posting a revised version on our website. The revised version will be effective at the time we post it. In addition, if the revised version includes a Substantial Change, we will provide you with 30 Days' prior notice of Substantial Change by posting notice on the "Policy Updates" page of our website. All capitalized terms not defined herein are defined in the PayPal User Agreement. This Agreement was last updated on November 10, 2008.

  1. Credit Report Authorization.

    You understand and agree that you are providing PayPal with your "written instructions" in accordance with the Fair Credit Reporting Act, and you are authorizing PayPal to obtain your personal credit report from a credit bureau for the purpose of processing this application for Services. You further understand and agree that you are authorizing PayPal to obtain your credit report on an ongoing basis for account review purposes.

  2. Products and Fees.

    All fees are stated in U.S. Dollars.

    • Website Payments Pro:

      Services Included or Optional Fees
      Direct Payment API Included

      Monthly Fee: $30.00

      Transaction Fees Monthly Sales Volume
      2.9% + $0.30 $0.00 - $3,000.00
      2.5% + $0.30± $3,001.00 - $10,000.00
      2.2% + $0.30± $10,001.00 - $100,000.00
      1.9% + $0.30±* $100,001.00 and over

      Express Checkout
      Virtual Terminal: Optional
      Transaction Fees Monthly Sales Volume
      3.1% + $0.30 $0.00 - $3,000.00
      2.7% + $0.30± $3,001.00 - $10,000.00
      2.4% + $0.30± $10,001.00 - $100,000.00
      Risk Controls Optional No charge
      Recurring Payments Optional Monthly Fee: $30.00
      Fraud Management Filters Optional No charge
      Advanced Fraud Management Filters Optional $20 per month + $0.05 Per Direct Payment and Virtual Terminal Transaction
      "*" Applies only to Express Checkout
      "±" Merchant must complete one-time application and be approved by PayPal. Once approved, the rate is based upon the merchant’s prior month’s sales volume.

    • Website Payments Pro Payflow Edition:

      Services Included or Optional Fees
      Direct Payment API Included

      Monthly Fee: $30

      Transaction Fees Monthly Sales Volume
      2.9% + $0.30 $0.00 - $3,000.00
      2.5% + $0.30± $3,001.00 - $10,000.00
      2.2% + $0.30± $10,001.00 - $100,000.00
      1.9% + $0.30±* $100,001.00 and over

      Express Checkout
      Virtual Terminal: Optional
      Transaction Fees Monthly Sales Volume
      3.1% + $0.30 $0.00 - $3,000.00
      2.7% + $0.30± $3,001.00 - $10,000.00
      2.4% + $0.30± $10,001.00 - $100,000.00
      Fraud Protection Services Optional Basic:
      $29.95 one time set-up
      $19.95 per month + $0.05 per transaction


      Advanced:
      $89.95 one time set-up
      $49.95 per month + $0.10 per transaction
      Recurring Billing Optional $29.95 per month
      Account Monitoring Service Optional $29.95 one time set-up
      $19.95 per month
      Buyer Authentication Service Optional $150.00 one time set-up
      $9.95 per month + $0.10 per transaction
      "*" Applies only to Express Checkout
      "±" Merchant must complete one-time application and be approved by PayPal. Once approved, the rate is based upon the merchant’s prior month’s sales volume.

    • Virtual Terminal:

      Services Included or Optional Fees
      Virtual Terminal: Included

      Monthly Fee: $30.00

      Transaction Fees Monthly Sales Volume
      3.1% + $0.30 $0.00 - $3,000.00
      2.7% + $0.30± $3,001.00 - $10,000.00
      2.4% + $0.30± $10,001.00 - $100,000.00
      Recurring Payments Optional Monthly Fee: $30.00
      Risk Controls Optional No charge
      Fraud Management Filters Optional No charge
      Advanced Fraud Management Filters Optional $20.00 per month + $0.05 per Direct Payment and Virtual Terminal transaction
      "±" Merchant must complete one-time application and be approved by PayPal. Once approved, the rate is based upon the merchant’s prior month’s sales volume.

    • Additional Features:

      Features Fees
      Authorization Fee for each successful uncaptured Direct Payment API, or Virtual Terminal authorization $0.30 per transaction
      Cross-Border Fees for Direct Payment API, Virtual Terminal, or Express Checkout transactions (for receiving payments from buyers outside the United States) 1.0% added to the Transaction Fees
      Failure to use Express Checkout Fee (applies to Website Payments Pro and Website Payments Pro Payflow Edition) Up to 1.0% added to the Transaction Fees for failure to use Express Checkout as stated in section 2(g).
      Risk Factors Fee Up to 5.0% added to the Transaction Fees if PayPal determines that your Account presents Risk Factors as stated in section 2(h).
      Exchange Rate & Fee The currency exchange rate is determined by PayPal based on the current market price and includes a 2.5% Fee. This Fee only applies when PayPal performs the currency conversion.
      Chargeback Fee $10.00

    • Payment of Fees Due Under This Agreement. For Website Payments Pro and Virtual Terminal, you agree to allow PayPal to charge your PayPal Account every month in advance for fees that become due under this Agreement. For Website Payments Pro Payflow Edition, you agree to allow PayPal to charge your credit card or bank account for fees that become due under this Agreement. In the event that PayPal is unable to withdraw the Monthly Fee from your PayPal Account, PayPal may terminate your use of the Services within 30 days of the date that the Monthly Fee was due and you will remain obligated to pay PayPal for any unpaid amounts. All Monthly Fees are non-refundable.

    • Promotional Period. If you have signed up for the Services pursuant to a promotional period, you agree to pay the Monthly Fee immediately upon the expiration of a promotional period offered by PayPal.

    • Failure to Use Express Checkout. If you fail to comply with the requirement to use Express Checkout, you may be subject to a fee increase resulting in up to a 1% increase to your Transaction Fees. This Fee may be included in your initial rate when you first sign up for the Services, or may be added at any time by PayPal with 30 days' prior written notice of the fee increase. You agree to terminate your usage of the Services if you do not agree to this Fee.

    • Risk Factors Fee. If PayPal determines that your Account receives, or is likely to receive, a disproportionately high number of customer complaints, reversals, chargebacks, claims, fees, fines, penalties or other liability (collectively "Risk Factors"), you may be subject to a fee increase of up to 5% above your then current Transaction Fees. This Fee may be added to your initial rate when you first sign up for the Services, or may be added at any time by PayPal with 30 days' prior written notice of the fee increase. You agree to terminate your usage of the Services if you do not agree to this Fee.

  3. Merchant Obligations.

    1. Unless you receive the express consent of the cardholder, you may not retain, track, monitor, store or otherwise use beyond the scope of the specific transaction any personal or financial Card transaction information (defined as "Data"). Data must be completely removed from your systems, and any other place where you store Data, within 24 hours after you receive an authorization decision. To the extent that Data resides on your systems and other storage locations, it should do so only for the express purpose of processing your transactions and you agree to protect it in accordance with Exhibit "A" to this Agreement, and any applicable laws. Notwithstanding the forgoing, in no event may you store Card Verification Values ("CVV") and Card Identification Data ("CID").

    2. You may not perform dynamic currency conversion. This means that you may not list an item in one currency and then accept payment in a different currency. If you are accepting payments in more than one currency, you must separately list the price for each currency.

    3. In using the Services, PayPal will permit you to accept Visa, MasterCard, American Express, Discover, and Switch Solo (collectively "Cards"). With regard to the Cards, you agree to the following:

      1. Where you accept Cards on your website, you will display each Card's logo with equal size and prominence, and you shall not display a preference for one Card over another. You agree to comply with the logo usage standards located at: http://www.paypal.com/cgi-bin/webscr?cmd=xpt/general/OnlineLogoCenter-outside.

      2. You authorize PayPal to provide information regarding your business and individual Card transactions to third parties for the purpose of facilitating the acceptance and settlement of your Card transactions and in connection with items, including without limitation, chargebacks, refunds, disputes, adjustments, and other inquiries.

  4. Required Use of Express Checkout.

    1. In order to use PayPal Website Payments Pro or PayPal Website Payments Pro Payflow Edition, you must use Express Checkout as described herein.

      1. You must include a PayPal Express Checkout button either: (A) before you request the shipping/billing address and other financial information from your customers or (B) on the same page that you collect such information if you only use one page for your checkout process.

      2. You must offer PayPal as a payment option together with the other payment options you offer for Express Checkout. The PayPal logo must be displayed with equal or greater prominence as the logos for your other payment options.

      3. You must provide your customers with the option of not storing their personal information, including but not limited to their email address, shipping/billing address, and financial information.

  5. Risk Controls.

    1. Risk Controls provide you the choice of accepting transactions with a higher likelihood of risk. If you chose to adjust your Risk Controls accordingly, you are liable for all additional risk and it is your responsibility to adjust the Risk Controls to determine whether you want to accept or decline such transactions. You may adjust the Risk Controls on the Risk Controls Overview Page on the PayPal website. If you would like to remove your ability to access Risk Controls, please contact your account manager. Eligibility for Risk Controls is determined in PayPal's sole discretion.

    2. You may adjust your Risk Controls to accept certain payments, including, but not limited to

      1. Direct Payments through the Direct Payment API and Virtual Terminal payments that are unable to verify the cardholder's address through the Address Verification Services. This is also referred to as "AVS No Match".

      2. Direct through the Direct Payment API and Virtual Terminal payments that do not include a card security code. This is also referred to as "Card Security Code Not Submitted".

      3. All payment types that failed PayPal's proprietary risk models.

    3. You may adjust your Risk Controls to decline payments, including, but not limited to:

      1. Direct Payments and Virtual Terminal payments where the address entered by the cardholder only partially matches the information stored by the issuing bank.

      2. Direct Payments and Virtual Terminal payments where the Address Verification Service is unsupported or unavailable at the time the payment is processed.

    4. You may adjust your Risk Controls to review and manually accept payments. Reviewing a payment prevents the funds from being transferred to your account until you review the payment. If you do not accept a payment within 30 days, it will be reversed. Note that not all payment types can be reviewed.

    5. You may not reject a transaction unless, based on various combinations of authentication information, you reasonably determine that the individual requesting the transaction is misrepresenting his or her identity.

  6. Fraud Management Filters.

    1. Fraud Management Filters allow you to accept transactions with a higher likelihood of risk. Since you are liable for all additional risk, it is your responsibility to adjust the Fraud Management Filters to determine whether you want to accept or decline such transactions. If you would like to restrict the ability to access Fraud Management Filters, please contact your account manager.

    2. You may adjust your Fraud Management Filters to accept, flag, review or deny certain payments, including but not limited to:

      1. Direct Payments and Virtual Terminal payments that are unable to verify the cardholder’s address through the Address Verification Services. This is also referred to as “AVS No Match”.

      2. Direct Payments and Virtual Terminal payments that do not include a card security code. This is also referred to as “Card Security Code Not Submitted”.

      3. Direct Payments and Virtual Terminal payments that failed PayPal’s proprietary risk models.

    3. You may adjust your Fraud Management Filters to accept, flag, review or deny payments, including but not limited to:

      1. Direct Payments and Virtual Terminal payments where the address entered by the cardholder only partially matches the information stored by the issuing bank.

      2. Direct Payments and Virtual Terminal payments where the Address Verification Service is unsupported or unavailable at the time the payment is processed.

    4. Reviewing a payment prevents the funds from being transferred to your account until you decide to accept that payment.

    5. If you do not accept a payment, that payment may be reversed after 30 days.

    6. Not all payment types will be reviewed. In cases where a payment type cannot be reviewed, the payment will be flagged instead.

    7. Rejecting Transactions. You may not reject a Transaction unless, based on various combinations of authentication information, you reasonably determine that the individual requesting the Transaction is likely not the consumer they are representing themselves to be.

  7. Fraud Protection Services.

    You are liable for setting preferences for the PayPal Fraud Protection Services. It is your responsibility to determine which transactions the Fraud Protection Services will accept or reject based on the authentication information provided by PayPal.

  8. Account Monitoring Services.

    PayPal does not guarantee, represent or warrant that the PayPal Account Monitoring services will discover or prevent all non-valid, fraudulent transactions. PayPal is not responsible for any non-valid transactions that are processed.

  9. No Warranty.

    THE SERVICES AND ALL ACCOMPANYING DOCUMENTATION ARE PROVIDED TO YOU ON AN "AS IS" BASIS WITHOUT ANY WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. PAYPAL MAKES NO WARRANTY THAT THE SERVICES WILL BE CONTINUOUS OR ERROR-FREE.

  10. Audit.

    If PayPal receives an indication of a security breach or compromise of Data, PayPal may require you to have a third party auditor, approved by PayPal, conduct a security audit of your systems and facilities and issue a report to be provided to PayPal and the Card Companies. In the event that you fail to initiate an audit with 10 business days of PayPal's request, PayPal may conduct or obtain such an audit at your expense. PayPal may contact your customers, on your behalf, in the event that PayPal is investigating potential fraud.

  11. Reserves.

    PayPal, in its sole discretion, may place a Reserve on funds held in your Account when PayPal believes there may be a high level of risk associated with your Account. If PayPal places a Reserve on funds in your Account, they will be shown as “pending” in your PayPal Balance. If your Account is subject to a Reserve, PayPal will provide you with notice specifying the terms of the reserve. The terms may require that a certain percentage of the amounts received into your Account are held for a certain period of time, or that a certain amount of money is held in reserve, or anything else that PayPal determines is necessary to protect against the risk associated with your Account. PayPal may change the terms of the Reserve at any time by providing you with notice of the new terms.

  12. Termination by Merchant.

    You may terminate your use of the Services at any time. If you terminate the Services, your use of the Service will immediately end and you will not be refunded any remainder of the Monthly Fees that you have paid for such Services.

  13. Termination by PayPal.

    We reserve the right to reassess your eligibility for this product if your business is materially different from the information you provided in your application. PayPal may terminate your use of the Services if you fail to comply with the User Agreements, in our discretion become ineligible for the Services, or upon request by any of the Card Companies. Upon receipt of notice of termination, you agree to complete all pending Card transactions, immediately remove all logos for Cards, and stop taking new Card transactions. In the event that PayPal terminates your use of the Services, you will not be refunded the remainder of the Monthly Fees that you have paid for such Services.




Exhibit "A"
Data Security

Password and Implementation Materials

All information provided to you by PayPal in relationship to the Services with will remain the property of PayPal or its payment processor as appropriate. You agree to restrict use and access to your password and log-on ID to your employees and agents as may be reasonably necessary, and will ensure that each such employee or agent complies with all applicable provisions contained herein. You will not give, transfer, assign, sell, resell or otherwise dispose of the information and materials provided to you to utilize the Services. You are solely responsible for maintaining adequate security and control of any and all IDs, passwords, or any other codes that are issued to you by PayPal or PayPal's payment processor.

Compliance with Data Security Requirements

You will: (i) comply with all then-current legal obligations and guidelines, including without limitation those issued by Associations and the Federal Trade Commission, associated with the collection, security and dissemination of data on your website, and expressly including the Visa Cardholder Information Security Program (CISP) and the MasterCard Site Data Protection Program (SDP) requirements. For details log onto www.visa.com and www.mastercard.com and (ii) conspicuously post on your website a privacy policy that meets all applicable legal and Association requirements and is consistent with good business practices with respect to the collection and use of customers' personally identifiable information. You shall not store Cardholder Verification Value 2 (CVV2) information or any other credit card information of any cardholder (whether received electronically or by fax or hardcopy) and will be liable for any fines for violation of such Association Rule. If you fail to comply with the requirements of this Section, we may terminate your use of the Services.
You are fully responsible for the security of data on your website or otherwise in your possession. You will: (i) comply with all then-current legal obligations and guidelines, including without limitation those issued by Visa USA, Inc., MasterCard International Incorporated or other applicable card associations (collectively, the "Associations", and the "Association Rules") and the Federal Trade Commission, associated with the collection, security and dissemination of data on your website, and expressly including the Visa Cardholder Information Security Program (CISP) and MasterCard's Site Data Protection (SDP) Program. These programs include without limitation requirements that you: maintain a network firewall, keep security patches up-to-date, encrypt stored data, maintain updated anti-virus software, restrict access to data (including physical access), maintain unique user identification, user tracking and password requirements, conduct regular testing of security systems and procedures, maintain a security information policy for employees and contractors. For details of these programs log onto www.visa.com/cisp or MasterCard's SDP Program website ); (ii) conspicuously post on your website a privacy policy that meets all applicable legal and Association requirements and is consistent with good business practices with respect to the collection and use of customers' personally identifiable information; and (iii) notify us of any agent, including any web hosting service, gateway, shopping cart, or other third party provider, that has access to cardholder data and ensure that such agent is compliant with all then-current legal obligations associated with the collection, security and dissemination of data; (iv) provide information or access to records as needed for us to evaluate your compliance with this section, and (v) notify us immediately of any security breach to your data records or system as it relates to your use of the Services . If you fail to comply with the requirements contained herein, or we have indication of an actual or potential security breach, we may suspend or terminate your use of the Services. If you are suspended, the notice will explain the basis for such suspension, including measures reasonably calculated to rectify the failure or security breach. The suspension will remain in effect and until such time as we are satisfied that you have cured your failure or properly addressed the security breach. You shall not store or retain PIN data, AVS data, or Card Validation Codes (three-digit values printed in the signature panel of most Cards, and a four-digit code printed on the front of an American Express Card) of any cardholder and will be liable for any fines for violation of such Association Rule. You acknowledge that in the event that we receive indication of a security breach or compromise of cardholder data relating to you, you may be required to have a third party forensic auditor certified by the Associations, conduct a security review of your systems and facilities and issue a report to be provided to us and the Associations. In the event that you fail to initiate such process after our request you authorize us to take such action, at your expense.
Under certain circumstances, and contingent upon receipt of our express permission, you may utilize third parties in order to perform certain of your obligations contained herein (each such party, a "Technical Services Provider"). The data security standards set forth above apply to any Technical Service Provider that you may use to store, process or transmit Cardholder data to us. Because such Technical Service Provider must be registered with the applicable Association(s), you must (1) notify us of any Technical Service Provider that engages in, or proposes to engage in, the storing, processing or transmitting of Cardholder data on your behalf, regardless of the manner or duration of such activities and (2) ensure that all such Technical Service Providers are (A) registered with the applicable Association and (B) comply with all applicable data security standards, including, without limitation, CISP and SDP Program requirements. Your failure to comply with these requirements, or the failure of your Gateway processor to register and/or comply with applicable data security requirements, may result in fines or penalties for which you are liable and termination of this Agreement. In the event that such a Technical Service Provider is being used by you and we deem it necessary, you: (a) give us permission to register you with such Technical Service Provider, if needed; and (b) agree that you are solely responsible for your relationship with such Technical Service Provider and any data transmitted or made available to such Technical Service Provider, including complying with any requirements of such provider with respect to its services, hardware or software and obtaining any required end-user consents for transmission of data through such Technical Service Provider.

Use of Cardholder Information

Unless you obtain consents from us and each applicable Association, card issuing bank and Cardholder, you must not use, disclose, sell or disseminate any Cardholder information obtained in connection with a Card transaction (including the names, addresses and Card account numbers of Cardholders) except for purposes of authorizing, completing and settling Card transactions and resolving any chargebacks, retrieval requests or similar issues involving Card transactions, other than pursuant to a court or governmental agency request, subpoena or order. You shall use proper controls for and limit access to, and render unreadable prior to discarding, all records containing Cardholder account numbers and Card imprints. You may not retain or store magnetic stripe data or hardcopies containing cardholder data (including faxes) after a transaction has been authorized. If you store any electronically captured signature of a Cardholder, you may not reproduce such signature except upon our specific request. Association rules prohibit the sale or disclosure of databases containing Cardholder account numbers, personal information, or other Visa transaction information to third parties as an asset of a failed business. In such cases, transaction information is required to be returned to PayPal's processor or acceptable proof of destruction of this data provided. You are responsible for compliance with this section by any third party processor, hosting service or other agent of yours engaged in the processing or storage of cardholder data. You must notify us of any such third party so engaged, and notify us of any access to transaction data by any unauthorized person. Unless you obtain consents from us and each applicable Association, card issuing bank and cardholder, you must not use, disclose, sell or disseminate any cardholder information obtained in connection with a Card transaction (including the names, addresses and Card account numbers of Cardholders) except for purposes of authorizing, completing and settling Card transactions and resolving any chargebacks, retrieval requests or similar issues involving Card transactions, other than pursuant to a court or governmental agency request, subpoena or order. You shall use proper controls for and limit access to, and render unreadable prior to discarding, all records, in whatever format they may exist, containing Cardholder account numbers and Card imprints. You may not retain or store magnetic stripe data after a transaction has been authorized. If you store any electronically captured signature of a Cardholder, you may not reproduce such signature except upon our specific request. Association Rules prohibit the sale or disclosure of databases containing cardholder account numbers, personal information, or other Visa transaction information to third parties as an asset of a failed business. In such cases, transaction information is required to be returned to PayPal's processor or acceptable proof of destruction of this data provided.