4.1 HOSTED PAYMENT PAGES
The Services shall be used by the Merchant for Card Not Present Transactions via the Hosted Payment Pages unless agreed otherwise in the Merchant Agreement. The Merchant redirects the Account Holder to the secured Hosted Payment Page of Adyen. The Hosted Payment Pages can be tailored on some points by the Merchant by using the standard 'skin' options embedded therein.
Merchant shall not capture, register and/or have the Account Holder fill in, any Payment Details (expressly including Credit Card data) on its own site, but will use the Hosted Payment Pages instead to have the Account Holder submit its Payment Details there. Merchant will not use screen grabbing or other emulation technologies to input Payment Details onto the Hosted Payment Pages.
4.2 API INTERFACE
(The following is only applicable for Merchants with which Adyen expressly agreed to provide a Payment Interface via the API method for Card Not Present Transactions.)
Connections to the API interface are made with "SOAP" calls using HTTPS. Authentication is performed via a combination of username/password, IP and/or client certificate checks.
If Merchant does not activate 3D-Secure for Transactions offered via the API interface where such option is available, Merchant understands that a higher Interchange Fee may be applied by the Card Schemes / Acquirers and other restrictions may be applied by the Card Schemes / Acquirers.
The Merchant using the API interface must at all times fully comply with the then current PCI-DSS rules and on Adyen's first request demonstrate such compliance and provide its valid certification of its compliance. If the Merchant cannot prove the compliancy to the PCI-DSS rules or its certification/compliancy becomes invalid, Merchant will notify Adyen immediately. Adyen has the right to immediately suspend Transaction processing for Merchant in case Adyen has any indication that Merchant is not compliant with the PCI-DSS standards which Merchant cannot immediately prove to be not founded. Merchant shall fully indemnify and hold Adyen harmless from any losses, claims (including applied Fines by the Scheme Owners), costs or damage Adyen incurs as a result of Merchant's breach of this obligation.
4.3 MERCHANT EQUIPMENT AND SOFTWARE / POS TERMINALS
The Merchant shall be solely responsible for the installation, servicing, maintenance, security and operation of the equipment and software needed to connect to the Payment Interface and submit Transactions for processing by Adyen. Adyen provides standard software modules and installation guides to the Merchant to help enable the connection to the Payment Interface and may provide software tooling to interact with POS Terminals provided or approved by Adyen to connect to the API. Adyen shall ensure its input is provided in a professional manner, but Merchant remains responsible to ensure the correct implementation and use of the Services in its own systems in accordance with the then current installation and usage instructions and software updates provided by Adyen via the Customer Area.
Merchant may only submit POS Transactions to Adyen if this is explicitly agreed in the Merchant Agreement. Merchant may only submit POS Transactions for processing using POS Terminals approved by Adyen for such purpose from time to time, adhering strictly to any then current usage instructions as issued by Adyen with respect thereto via the Customer Area, including by updating the software embedded on the POS Terminal with software updates made available by Adyen.
Where a POS Terminal is provided by Adyen or recommended for use by Merchant in combination with a third party device like a tablet, I-pad, cash register etc., a "Third Party Device", Merchant must install the then current version of the software and related updates issued by Adyen for such Third Party Device on such Third Party Device. Adyen is not responsible or liable with respect to the proper functioning of the Third Party Device and use of such third party device will be subject to license and usage terms imposed by the relevant third party providers of such Third Party Device. Then current supported Third Party Devices are listed in the Customer Area.
Adyen may also provide Merchant with software building blocks (such as software libraries) to enable Merchant to create applications to interact with Adyen provided or Adyen approved POS Terminals. Support by Adyen with respect to the use of such tooling and software building blocks and the applications created therewith, is not included in the Services of Adyen and such tools are provided on an "as is" basis without any warranty.
4.4 HARDWARE WARRANTY POS TERMINALS PROVIDED BY ADYEN
Each POS Terminal is provided by Adyen with a four months limited hardware warranty, which starts on the day the POS Terminal is made available to Merchant. The hardware warranty solely entitles Merchant to the free reparation or replacement of an Adyen provided POS Terminal which through a defect in the POS Terminal cannot be used to submit Transactions to Adyen. In order to claim the reparation or replacement of a defective POS Terminal under the hardware warranty, Merchant must contact the Adyen Service Desk prior to the expiry of the term of the hardware warranty and obtain a return address to send the defective POS Terminal to, together with a filled out hardware claim form as provided to Merchant by Adyen for such purpose.
The hardware warranty does not apply in case: (i) the defect is caused by any undue external influence (e.g. contact with water, extreme temperatures, dropping the device etc.); (ii) the defect is caused by any (attempt to) open, change, repair or add to the POS Terminal by parties other than Adyen or approved by Adyen in writing; (iii) the defect is caused by use contrary to the operating instructions in the then current usage guides and operating instructions issued by Adyen for such POS Terminal via the Customer Area; (iv) the defect is caused by use of the POS Terminal in combination with any third party software or device other than the then current Adyen approved versions of Third Party Devices, using then current approved versions of Adyen released software applications for the relevant Third Party Device.
Any discontinued approval by Adyen for connection to the API by means of a type of POS Terminal provided or previously approved by Adyen, will where reasonably possible be announced at least 3 months in advance by Adyen via the Customer Area. Adyen will use commercially reasonable efforts to continue to support a specific model of POS Terminal it previously provided to Merchant for at least 2 years from the date it is made available for use by Merchant. Adyen reserves the right to apply a shorter notice period where reasonably deemed necessary: (i) to comply with new Scheme Owner requirements; (ii) to comply with changes in applicable laws; or (iii) to address an imminent security threat identified by Adyen. If Adyen discontinues support of a previously provided POS Terminal during the applicable hardware warranty period as specified in this clause 4, Adyen will on Merchant's request replace such POS Terminal at no additional charge.
4.5 MERCHANT INTEGRATION RESPONSIBILITY
It is the responsibility of the Merchant to comply with the relevant instructions and installation manuals issued by Adyen regarding its integration into the Adyen Services and Software, including updates issued from time to time to Merchant via the Customer Interface. Adyen is not obliged to provide notification of changes to the Software and the interfaces thereto which would not impact Merchant's use of the Services if it had correctly followed the integration instructions and other usage manuals.
4.6 DEFENSIVE PROGRAMMING
Adyen strongly advises to use "defensive programming" when integrating with the Adyen Services. This implies for example that automated decisions programmed into the systems of Merchant should be defaulted to non-delivery of products and services. E.g. program your systems only to deliver products or services after receiving an express authorization of the payment requested and not program you system to deliver in case no explicit rejection is received.
4.7 MEANING OF PAYMENT STATUS "AUTHORISED"
If a payment request receives the status "Authorised" (or similarly worded status), this means the payment transaction is likely to be successful. However, this is not 100% certain. Payment may still be blocked or subject to Chargeback by the Account Holder (where Chargeback is possible under the relevant Scheme Rules). The likelihood of a payment marked as "Authorised" being blocked or unsuccessful depends on the Payment Method which is used. For example for direct debit transactions this risk is significant because in most cases the status "Authorised" only means the Account Holder's bank account exists and not that there are enough funds on the bank account to actually perform the payment.
4.8 CHANGES TO SOFTWARE
Adyen reserves the right to change or amend the Software and the interface to it at any time, to provide the Merchant with a new version thereof, and/or to change the functionalities and characteristics of the Software. No changes will be implemented by Adyen which materially reduce functionality of the Services which was explicitly committed to be provided under the Merchant Agreement, except where this is made necessary by: (i) the need to follow generally accepted changes in industry standards, (ii) changes in applicable laws or Scheme Rules, (iii) the need for increased security due to security risks identified by Adyen (iv) other reasonable grounds which warrant the reduction of functionality. If Merchant is significantly impacted by a material reduction of functionality due to a change in the Software, it may terminate the Merchant Agreement by giving written notice to Adyen within one month after Adyen announced the change.
Adyen will announce material changes to the API Interface for the Merchant where reasonably possible at least 12 months in advance to allow Merchant to prepare for any impact. Adyen endeavours to minimise changes to the API Interface. Shorter notice periods may have to be made to comply with applicable laws, changes in requirements from Acquirers or Scheme Owners or the need for increased security due to security risks identified by Adyen.
4.9 SECURITY OF PAYMENT DETAILS
Merchant guarantees not to copy, capture or intercept Payment Details such as credit card numbers, CVM Codes, 'PIN' codes that are entered on the Hosted Payment Page or on the POS Terminal. This rule is imposed by the Scheme Owners to protect Account Holders against misuse of their Payment Details (like credit card numbers) and is strictly enforced by the Scheme Owners, and a violation of this rule can lead to the application of high Fines by the Schemes Owners. If Adyen has reason to believe that Merchant is copying, capturing or intercepting Payment Details, Adyen has the right to suspend processing of Transactions and Settlement. Merchant shall fully indemnify and hold Adyen harmless from any losses, claims (including applied Fines by the Scheme Owners), costs or damage Adyen incurs as a result of Merchant's breach of this obligation.