The URL can be used to link to this page

R-2013-128-2013-08-26RESOLUTION NO. R2013-128 A RESOLUTION OF THE CITY COUNCIL OF THE CITY OF PEARLAND, TEXAS, AUTHORIZING THE CITY MANAGER OR HIS DESIGNEE TO ENTER INTO A CONTRACT FOR MERCHANT SERVICES. BE IT RESOLVED BY THE CITY COUNCIL OF THE CITY OF PEARLAND, TEXAS: Section 1. That certain contract for merchant services, a copy of which is attached hereto as Exhibit "A" and made a part hereof for all purposes, is hereby authorized and approved. Section 2. That the City Manager or his designee is hereby authorized to execute and the City Secretary to attest a contract for merchant services. PASSED, APPROVED and ADOPTED this the 26th day of August, A.D., 2013. TOM REID MAYOR ATTEST: NG LFI'P4G, SES(:' TARY APPROVED AS TO FORM: DARRIN M. COKER CITY ATTORNEY Operating Procedures Guide To Merchant Processing Agreement For: City of Pearland Provided By: Merrick Bank 135 Crossways Drive North Suite A Woodbury, NY 11797 And AUTOMATED MERCHANT SYSTEMS 1 N (' i; t; 1° () li A 1 1, 1) Experts In Electronic Payments 600 North Lake Blvd. Suite 230 Altamonte Springs, FL 32701 www.automatedmerchant.com Table of Contents GENERAL OBLIGATIONS OF MERCHANT 2 GENERAL REQUIREMENTS FOR CARD TRANSACTIONS 2 DATA CAPTURED TRANSACTIONS 6 AUTHORIZATIONS 7 DEPOSIT OF SALES DRAFTS 10 CREDIT TO MERCHANT; HOLDS ON MERCHANT ACCOUNT 11 ADJUSTMENTS OF CREDIT DRAFTS 12 ADJUSTMENTS AND CHARGEBACKS 13 CREDIT CARD MATERIALS AND IMPRINTER PLATES 15 DISPLAY OF SERVICE MARKS, ADVERTISING AND PROMOTIONAL MATERIALS 15 RECORDS; CONFIDENTIALITY 16 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS) 17 DEFINITIONS 18 BBB SECURITY & PRIVACY MADE SIMPLER 21 MERCHANT PROCESSING AGREEMENT W/ TERMS AND CONDITIONS 43 MERCHANT SUPPORT CONTACT INFORMATION APPENDIX A This Operating Procedure Guide is a part of and incorporated into the Merchant Processing Agreement between Merrick, AMS and Merchant. General Obligations of Merchant Any U.S. Merchant can choose to: 1. Accept all of VISA and MC's Cards, both credit and debit. 2. Accept credit and commercial VISA and MC Card products only. Those who choose this option must accept all credit and commercial Cards of VISA and MC. 3. Accept consumer debit VISA and MC Cards only. Those who choose this option must accept all debit Visa and MC Cards. If Merchant chooses option (B) or (C) and accepts a VISA or MC Card not within that Card type, Merchant agrees that AMS and Merrick may process the transaction and assess the appropriate fee and that all terms of the Merchant Agreement and this Operating Procedure Guide will apply to that transaction. ALL U.S. merchants must accept international Cards of all Card types. • Merchant agrees that Cardholders shall be entitled to the same services, return and adjustment privileges as Merchant extends to cash customers and Merchant shall not impose any surcharges or special Fees or conditions in connection with Card Transactions, including without limitation, a minimum or maximum dollar amount for Card Transaction (unless permitted by the applicable Payment Brand). Any purchase price advertised or otherwise disclosed by Merchant must be the price associated with the use of Cards. Merchant may offer a discount for cash purchases, provided that such discount is clearly disclosed to Merchant's customers as a discount from the standard price available for all means of payment other than cash. • Merchant may not engage in acceptance practices or procedures that discriminate against, or discourage the use of, one Payment Brand's Cards in favor of another Payment Brand's Cards. • Merchant shall not require that a Cardholder, as a condition for honoring a Card, sign a statement waiving the Cardholder's right to dispute the Card Transaction with the Issuer. • Merchant shall at all times be responsible for its employees' actions and for ensuring such employees' compliance with the terms of the Agreement. • Merchant shall provide Merrick and AMS at least ten (10) days prior written notice of its intent to change in any way the basic nature of its business. General Requirements for Card Transactions The Cardholder's obligation with respect to each Card Transaction shall be evidenced by a properly completed Sales Draft produced either manually or by a POS terminal, which Sales Draft shall be provided to the Cardholder upon completion of the Card Transaction. Except as otherwise provided in the Regulations with regard to particular types of Card Transactions, each Sales Draft shall include the following information: 1. Merchant name and street address of the location at which Card Transaction occurred. 2. Merchant location code. 3. Cardholder name (including any company name) and account number. 4. Card effective and/or expiration date. S. Date of the Card Transaction. Automated Merchant Systems, Inc. 2010 Operating Procedure Guide L 6. Authorization code, if applicable. 7. Description of the merchandise sold or services rendered. 8. Cardholder's signature. 9. Amount to be billed on the Cardholder account, including any gratuities or applicable taxes. Each Sales Draft which is not produced by a POS terminal shall have legibly imprinted on it the embossed data from the Card and from the Merchant plate on the imprinter. If a Card is presented but the Card Transaction is completed without a Card imprint for any reason, the Merchant must note legibly on the Sales Draft, in addition to the above information: 1. Type of Card. 2. Name or trade styles of the -Issuer as it appears on the face of the Card. 3. If a MC Card Transaction, the ICA number and MC initials. In addition, Merchant shall use its best efforts to record any other embossed data on the Card such as security symbols. This requirement does not apply to: (a) Sales Drafts resulting from a Card Transaction involving MSR ("Magnetic Stripe Reading")Terminals, provided the Sales Drafts comply with the identification requirements of the applicable Regulations: or (b) VISA Express Payment Service transactions. If Merchant completes transactions with MSR Terminals that produce transaction records, Merchant must ensure that the Cardholder account number encoded on the magnetic stripe and the Merchant's name and place of business are included on the Card Transaction record. Whenever the encoded account number cannot be read from the magnetic stripes, Merchant shall follow normal Authorization Procedures and complete the approved Card Transaction using a manual imprinter. • Merchant shall not require the Cardholder to supply personal information such as a home or business telephone number, a home or business address, driver's license number or other credit cards unless such information is specifically required under the applicable regulations. • Merchant may not make a photocopy of the Card under any circumstances, nor require that the Cardholder provide a photocopy of the Card as a condition for honoring the Card. Merchant may not require a Cardholder to complete a postcard or similar device that includes the Cardholder's account number, Card expiration date, signature or any other Card account data in plain vision when mailed. • Before completing a credit Card Transaction, Merchant shall determine in good faith and to the best of its ability that the Card is valid on its face, meaning that (1) the Card bears a termination date and that such date has not expired; (ii) if the Card bears an effective date, that the transaction date is not prior to the effective date (when the Card is embossed with an effective date in a month/day/year format, the Card is considered to be valid from the embossed date); (iii) if the Card is a VISA Card, the first four digits of the embossed account number are the same as the four digits printed above the account number; (iv) if the Card is a MC Card, the account number is not listed on a current MC Electronic Warning bulletin file or International Warning Notice(s), as applicable; and (v) in those cases where the optional Card security features are present, the Merchant shall compare the embossed account number on the face of the Card with the account number indent printed on the signature panel. Before completing a credit Card Transaction, Merchant shall cause the Sales Draft to be signed in the presence of Merchant and compare the Cardholder's signature on the Sales Draft to the signature panel on the Card to ascertain that they appear to be the same. If the Card has a photograph of the Cardholder, the Merchant must compare the photograph and the person presenting the Card to ascertain that they appear to be the same person. In those cases when the magnetic strip is read, the Merchant shall compare the embossed account number to the number displayed and/or printed from the authorizing POS device. Automated Merchant Systems, Inc. 2010 - 3 - Operating Procedure Guide • Merchant shall not deposit into its Account any Sales Draft or Adjustment of Credit Draft for any Card Transaction between a Cardholder and another entity. Merchant must deposit into its Account only Sales Drafts or Adjustments of Credit Drafts that directly result from Card Transactions with Merchant. • Merchant shall include the Cardholder's obligation for all merchandise and services purchased in a single Card Transaction in the total amount (including tax, if appropriate) shown on a single Sales Draft, unless: A. the Card Transaction is for purchases made in separate departments of a multi -department store; B. the balance of the amount due is paid by the Cardholder at the time of sale in cash, by check, with a different Card or Cards, or any combination thereof, provided that no part of the amount paid by other means is reflected on the Sales Draft; C. for individual airline, passenger railway or cruise tickets issued to each passenger if required by a carrier policy; D. The Cardholder executes two separate Sales Drafts in a delayed delivery Card Transaction. In such a case, a deposit is made by completion of a second Sales Draft, the latter Sales Draft being conditioned upon delivery of merchandise of performance of services. Authorization is required if the total amount of both Sales Drafts exceeds the applicable Floor Limit and, if obtained, shall be (ji) assigned separate Authorization numbers for each Sales Draft (obtained on each Card Transaction date) for VISA Card Transactions; and (ii) effective for both Sales Drafts for MC Card Transactions. Merchant shall note on the Sales Drafts (1) the words "Delayed Delivery"; (ii) the word "deposit" or "balance"; as appropriate; and (iii) the respective Authorization date and number, when applicable. The Sales Draft labeled "deposit" may be presented to Merrick prior to delivery of the merchandise or services. The Sales Draft labeled "balance" must not be presented to Merrick until the merchandise is delivered or services performed; or E. involves delayed or amended charges for a qualifying travel or entertainment Card Transaction where (i) the Cardholder consented to be liable for those charges; (ii) those charges consist of ancillary or corrected charges which may include room charges, food or beverage charges, taxes, fuel, insurance, rental fees, parking tickets and other traffic violations, but may not consist of any charges for loss, theft or damage; and (iii) Merchant sends the Cardholder copy of the amended or add-on Sales Draft to the Cardholder at the address shown on the guest folio or rental contract. Parking tickets or other traffic violations may be processed as ancillary changes if the parking ticket(s) or traffic violation(s) was incurred while the Cardholder was in possession of the vehicle and the Sales Draft for that ancillary charge is processed with 90 calendar days of the car return date. Merchant must be able to support the charge with documentation from the appropriate civil authority, including the license number of the rental vehicle, date, time and location of the violation, stated violation and amount of penalty. Sales Drafts for those delayed or amended charges may be deposited without the Cardholder's signature on file, and the words "SIGNATURE ON FILE" are entered on the signature panel of the Sales Draft. • Merchant shall not accept cash payments from a Cardholder for previous Card Transactions. • Merchant shall not make a cash disbursement to a Cardholder arising out of a Card Transaction or any other use of a Card. • Except as specifically permitted by applicable Regulations, Merchant may not accept a Card Transaction for the purpose of purchasing cash, checks, scrip or other monetary equivalent, or to collect or refinance existing debt, including without limitation, collection of a dishonored check. Automated Merchant Systems, Inc. 2010 Operating Procedure Guide L • Merchant may not add tax to a Card Transaction unless applicable law provides that a Merchant is permitted or required to impose a tax. • Merchant agrees that each completed Sales Draft will evidence the Cardholder's valid Card Transaction obligation in the amount shown and will not involve any element of credit for any other purpose. • Merchant shall furnish a copy of the completed Sales Draft to the Cardholder at the time of delivery of the merchandise or performance of the services. • Merchant shall not complete a Card Transaction and use its best efforts to recover and retain, by reasonable and peaceful means (i) any Card which Merrick or AMS or any Payment Brand has specifically requested retention; or (ii) any Card which Merchant has reasonable grounds to believe is counterfeit, fraudulent or stolen (including but not limited to, through any notice Procedures by any Payment Brand). Merchant shall promptly notify Merrick or AMS if a Card has been retained and ask for further instructions. • Merchant shall not initiate or accept Card Transactions representing payment for a telephone call when the Card number is entered via touch tone key pad or provided to an operator. This prohibition does not include the following: Magnetic -stripe -reading telephone transactions; VISA PHONE service transactions; transactions for which the Issuer has a contract with the telephone service provider, transactions involving telephone services that have been explicitly approved by VISA and provide appropriate risk controls as specified by VISA; the purchase of goods or services via telephone order; or direct marketing service category transactions provided by Merchant if Merchant is classified as an "inbound teleservices" merchant in accordance with the VISANet Merchant Data Standards Handbook and approved by Merrick in writing. • Merchant may accept recurring Card Transactions as follows: A. If Merchant agrees to accept a recurring Card Transaction from a Cardholder for the purchase of merchandise or services which are delivered or performed periodically by Merchant, Merchant shall require the Cardholder to complete and deliver to Merchant an order form containing a written request for those merchandise or services to be charged to the Cardholder's account. The order form must at least specify the Card Transaction amount(s) to be charged to the Cardholder's account B. (Unless the recurring transactions are to be for varying amounts), the frequency of the recurring charges and the duration of time for which the Cardholder's permission is granted. If a recurring Card Transaction is renewed, Merchant shall require the Cardholder to complete and deliver to Merchant a subsequent order form for continuation of the merchandise or services to be charged to the Cardholder's account. A recurring Card Transaction may include the payment or recurring charges such as insurance premiums, subscriptions, membership fees, tuition or utility charges. Except as otherwise provided in the Agreement, a recurring Card Transaction may not include partial payments made to the Merchant for merchandise or service purchased in a single Card Transaction, nor may it be used for periodic payments of merchandise or services on which the Merchant assesses additional finance charges. Merchant must not complete an initial or subsequent recurring Card Transaction after being notified that a Card is not to be honored or receiving a cancellation notice from the Cardholder or Merrick or AMS. A copy of the recurring Card Transaction order form must be retained by Merchant for the duration of the recurring charges and provided in response to a request for original transaction documentation. C. If the recurring Card Transactions are to be for varying amounts, the following additional conditions apply: (a) the order form must allow space for the Cardholder to specify a minimum and maximum Card Transaction amount to be charged periodically to the Cardholder's account; and (b) Merchant shall inform the Cardholder that he or she has the right to receive, at least 10 Automated Merchant Systems, Inc. 2010 - 5 - Operating Procedure Guide days prior to each scheduled Card Transaction date, written notification of the amount and date of the next charge. The Cardholder may elect to receive the notice for every charge, only when the Card Transaction amount does not fall within the range of amounts specified on the order form or only when the Card Transaction amount will differ from the most recent charge by more than an agreed- upon amount. D. For each recurring Card Transaction, Merchant shall type or print legibly on the "signature line" of the Sales Draft the words "Recurring Transaction" for VISA Card Transactions and "Pre -authorized Order" for MC Card Transactions. • Merchant agrees to notify Merrick and AMS promptly of all claims and defenses asserted or alleged by any Cardholder with respect to any Card Transaction. • Merchant agrees that it will not attempt collection of any Card Transaction accepted by Merrick or make any claim relating to any such Card Transaction, except as authorized in writing by Merrick. In the event of such Authorization, Merchant agrees to hold all collection proceeds in trust for the Issuer and to deliver the same to Merrick in kind immediately upon request. • If the Merchant accepts a Mail/Telephone order from a Cardholder it must: A. Use the fraud controls including Address Verification Service, CVV2 (Visa) and CVC (MasterCard). The Merchant must receive an exact match on these fraud controls. If the Merchant accepts a response other than an exact match it will forfeit its Chargeback rights. B. The Merchant must perform Address Verification Service and enter an invoice number to qualify for the best rate available. • If the Merchant accepts purchasing Card, business Card or commercial Card transactions it must enter the invoice number and the tax amount from the sale to qualify for the best available rate. Merchant must not submit any Card Transaction that is illegal, or may in the sole discretion of the Payment Brands, Merrick or AMS, damage the goodwill or reflect negatively on the Payment Brands, Merrick or AMS. • Except as permitted by the Regulations, Merchant shall not request or use a Cardholder's account number for any purpose other than as payment for its goods or services. • Merchant shall not disburse funds in the form of traveler's checks, if the sole purpose is to allow Cardholder to make a purchase of goods or services from the Merchant. Data Captured Transactions • For Card Transactions which originate at and are data -captured using POS terminals, Merchant shall include on the Cardholder's copy of the Sales Draft: (i) the truncated Cardholder account number; (ii) Merchant's name; (iii) Merchant's location code or city and state; (iv) the amount of the Card Transaction, and (v) the Card Transaction date. • If an expired Card is presented for a Card Transaction at a POS terminal that is incapable of capturing the Card expiration date, Merchant shall request Voice Authorization (defined below) and verify fraud features: (i) if the Card is a VISA Card, the first four digits of the embossed account number are the same as the four digits printed above the account number; (ii) if the Card is a MC Card, the account number is not listed on a current MC Electronic Warning bulletin file or International Warning Notice(s), as applicable; (iii) in those cases where the optional card security features are present, the Merchant shall Automated Merchant Systems, Inc. 2010 - 6 - Operating Procedure Guide compare the embossed account number on the face of the Card with the account number indent printed on the signature panel; (iv) if the Card is a VISA the hologram of the "Dove" must appear on the right side of the Card; (v) if the Card is a MasterCard the hologram of the "World" must appear on the right hand side of the Card; (vi) if the Card is a VISA the flying "V" symbol must appear after the expiration date of the Card; (vii) if the Card is a MasterCard the flying "MC" symbol must appear after the expiration date of the Card; (viii) if the Card is a VISA the word VISA must appear in a diagonal slant in the signature panel of the Card located on the back side of the Card; (ix) if the Card is a MasterCard the word MasterCard must appear in a diagonal slant on the back side of the Card in the signature panel of the Card; (x) the 3 digit code referred to as "CVV2" for Visa and "CVC" for MasterCard" must appear in the signature panel of the Card located on the reverse side and; (xi) the Merchant must imprint the Card. • All Card Transaction records containing data as specified in the Regulations shall be produced for all Card Transactions which originate at and are data -captured using automated dispensing machines, self service terminals or limited -amount terminals, except for Card Transactions which originate at magnetic -stripe - reading telephones. Those Card Transaction records shall include at least (i) the Cardholder account number, (ii) the Merchant's name; (iii) the magnetic -stripe -reading terminal location code or city and state; (iv) the amount of the Transaction; and (v) the Card Transaction date. • Provided Merchant satisfies the conditions below, Merchant may designate a third party which does not have a direct agreement with Merrick as its agent for the purpose of delivering Card Transactions data - captured at the point of sale by that agent. If Merchant elects to use a third party as its agent for the direct delivery of data -captured Card Transactions to VISANet and BankNet for clearing and settlement, the following provisions shall apply: A. Merchant seeks approval of such third party from Merrick and AMS at least thirty (30) days prior to any use of such third party; B. The obligation that Merrick or AMS reimburse Merchant for Card Transactions shall be limited to the amount of the Card Transaction less any credits and applicable Fees delivered by that agent to VISANet or BankNet; and C. Merchant shall be responsible for and assume all liability for any failure by its agent to comply with applicable Regulations including, but not limited to, any violation which results in a Chargeback. Authorizations • Except as otherwise provided in the Agreement, the Merchant shall request Authorization from the Issuer for the total amount of a Card Transaction prior to completion of the sale and shall type or print the Authorization Code on every Sales Draft for which Authorization is required. Merchant shall use its best efforts, by reasonable and peaceful means, to retain a Card while making an Authorization request. If Merchant receives a negative response to its request for Authorization, the Merchant must not complete the Card Transaction and must (i) pick up the Card by reasonable and peaceful means if instructed by Merrick or AMS; and (ii) notify Merrick and AMS that the Card has been recovered and ask for further instructions. • The method designated by Merrick as the manner in which Merchant shall always first seek Authorizations is referred to as the "Primary Authorization Method." Any other method of obtaining an Authorization approved by Merrick is referred to as the "Secondary Authorization Method." A "Voice Authorization" is a process by which Merchant telephones a number provided by Merrick and requests Authorization from an operator. Merchant should only utilize a Secondary Authorization Method if instructed to do so by Merrick, or if the Primary Authorization Method is not operating at that time. If the Primary Authorization Method is not operating, Merchant shall promptly notify Merrick or AMS. The Automated Merchant Systems, Inc. 2010 - 7 - Operating Procedure Guide Merchant must perform fraud control tasks listed above and imprint the Card before obtaining the Cardholder signature. • Merchant acknowledges that a Payment Brand may establish and change at any time the minimum Card Transaction amount for which Authorization is required (the "Floor Limit"). A Merchant must not use multiple Sales Drafts to avoid making an Authorization request for a single transaction, provided that when multiple airlines, passenger railway or cruise tickets are purchased at the same time using the same Card, Merchant may obtain Authorization for each ticket individually. • Notwithstanding the Floor Limit, Merchant shall always request Authorization if (i) the Card Transaction is a partial payment for a single purchase; or (ii) the Merchant desires to make a delayed presentment of the Sales Draft. In such cases, the Merchant shall identify the reason for the Authorization request. • Notwithstanding the Floor Limit, in the following instances Merchant shall always request Voice Authorization for a Card Transaction, regardless of whether or not such method is its Primary Authorization Method, and in each case shall identify the specific reason for the Voice Authorization Request: A. If the Card Transaction involves: (i) a handwritten Sales Draft which does not contain the imprint of Merchant's imprinter plate or the Card; (ii) an unsigned Card, or (iii) an expired Card. B. If the signature panel of the Card is blank, in which case Merchant shall require that the Cardholder sign the signature panel prior to completing the Card Transaction. A signature panel with the words "See I.D." or equivalent language shall be treated by Merchant as a blank signature panel. C. If the account number of the Card is listed on a current restricted Card list issued by a Payment Brand, the Card Transaction involves suspicious or unusual circumstances, the Card is being used in some improper manner or the identification of the Cardholder or validity of the Card is uncertain. In this event, Merchant shall request a "Code 10" Voice Authorization. D. If so instructed by the response to a request processed by the Primary Authorization Method. In each of the aforementioned circumstances, Merchant shall, in addition to requesting Voice Authorization, review positive identification to determine that the user of the Card is the Cardholder. Such identification must consist of a current official government identification document that bears the Cardholder's signature. Prior to completing the Card Transaction, Merchant shall record the identification produced on the Sales Draft (including any serial number and expiration date). • If Merchant has requested a "Code Ten" authorization and if Authorization is granted, Merchant shall note the Authorization number on the Sales Draft and print thereon the Cardholder's name, address, Card number and expiration date. If Authorization is declined, Merchant shall not again seek to obtain an Authorization for the applicable Card Transaction. • In each case in which a Cardholder presents a Card, Merchant will complete the transaction only if the signature on the Sales Draft appears to be the same as the signature appearing on the Card (which signature may, but need not be, the name embossed or printed on that Card), or if the Cardholder resembles the person depicted in any picture which appears on the Card. If that identification is uncertain of if Merchant otherwise questions the validity of the Card, Merchant shall contact Merrick and AMS for instructions. Merchant must not require the Cardholder to sign a Sales Draft until the final amount of the Card Transaction is entered on the Sales Draft. Automated Merchant Systems, Inc. 2010 - 8 - Operating Procedure Guide • Merchant shall request Authorization for Card Transactions involving gratuities as follows: A. MC: if the amount of the Card Transaction, before a gratuity has been added by the Cardholder, exceeds the Floor Limit and Merchant has already obtained Authorization for that Card Transaction amount, an additional Authorization is not required if the gratuity does not exceed 20% of the Card Transaction amount. If the Cardholder adds a gratuity that exceeds 20% of the Card Transaction amount, Merchant is required to call the Issuer for Authorization on the additional amount. Merchant should indicate both Authorization numbers and amounts on the Sales Draft. If the amount of the Card Transaction, before a gratuity has been added by the Cardholder, is below the Floor Limit and the gratuity is within 20% of the Card Transaction amount, Merchant is not required to call for Authorization if the gratuity brings the total Card Transaction over the Floor Limit. If the Cardholder adds a gratuity in excess of 20% of the Card Transaction Amount and causes the Card Transaction to exceed the Floor Limit, Merchant is required to call for Authorization on the full amount of the Card Transaction. B. VISA: An Authorization involving a gratuity is considered to be valid if the Card Transaction amount is equal to the Authorization amount plus or minus 20% of the Incentive Interchange Fee (TIIF) provided (i) the Floor Limit is zero, (ii) each Card Transaction is authorized through the VISA V.I.P. System, and (iii) the transaction is processed in accordance with the applicable Regulations. • If Merchant provides VISA Phone Service, Merchant may attempt to obtain Authorization no more than five times over a period of no more than 30 calendar days after the date of the VISA PHONE Service transaction, in accordance with the VISA PHONE Service Description and Marketing Guide. An Authorization shall be deemed acceptable if Merchant obtains a positive response within the 30 calendar day period within five attempts. • For VISA Card Transactions affected at an automated gasoline dispenser, Merchant shall obtain Authorization for the exact amount of the Card Transaction or use the VISA Status Check Procedure. Merchants are prohibited from using an arbitrary Card Transaction amount estimate to obtain Authorization. A VISA Status Check may be requested, in lieu of an Authorization, provided that (i) Merchant's Floor Limit is zero and (11) the Card Transaction amount is $50 or less. Those VISA Card Transactions will qualify for the Transaction Incentive Interchange Fee provided that the Card Transaction is processed in accordance with applicable Regulations. • Merchant may use MSR Terminals to obtain Authorization and to capture Sales Draft data for interchange by reading data encoded on either tracks 1 or 2 on the magnetic stripe of Cards in accordance with the then current applicable Regulations. However, embossed on the front of the Card and shall not use MRS Terminals that contain any programming logic that prevents the acceptance of Cards encoded with unrecognized service code values. All Point of Transaction Terminals must be capable of accepting and transmitting all valid International Organization for Standardization account numbers of up to 19 digits in length, and must be capable of accepting a valid Card with an expiration date of January 2000 or later. • If Merchant completes a Card Transaction when (i) the Cardholder is present and does not have his or her Card, (ii) the Cardholder does not sign the Sales Draft, (iii) the signature on the Sales Draft or other credit card paper is unauthorized as compared to the signature appearing on the panel of the Card, (iv) the photo on the Card does not match the Cardholder; or (v) the signature panel on the Card is blank, Merchant shall be responsible for Chargebacks and any other applicable losses, regardless of any Authorization Merchant may have received. • Merrick or AMS will require Merchant to examine one or more Card security features prior to completing a transaction and Merchant shall comply fully and immediately with those requests. Automated Merchant Systems, Inc. 2010 - 9 - Operating Procedure Guide • With regard to VISA Card Transactions, if Merchant uses the National Card Recovery File ("NCRF"), Merchant shall check the NCRF for each Card Transaction which does not require Authorization. Merrick or AMS may also require Merchant to utilize its Account Number Verification ("ANV") service. The ANV service is a process by which Merrick and AMS determine if there is negative information on a Card in VISA's BASE I Exception File for VISA Card Transactions which do not require Authorization. Merrick or AMS shall notify Merchant in writing if ANV service will apply to Merchant. If Merchant receives a positive ANV response code for a Card Transaction, Merchant shall record this corresponding code on the Sales Draft. If Merchant receives a negative ANV response, Merchant shall not complete the Card Transaction and if instructed by Merrick or AMS to pick up the Card, it should do so by reasonable and peaceful means, notify Merrick and AMS when the Card has been recovered and ask for further instructions. • Merchant shall not consummate a VISA Card Transaction but shall use its best efforts to retain or recover any Card, by reasonable and peaceful means, and shall contact Merrick and AMS, if: (i) the account number on the Card is listed on NCRF, (ii) Merchant receives a negative ANV response code, (iii) the printed four digits above the embossed account number do not match the first four digits of the account number, (iv) there is no hologram on the lower right corner of the VISA Card face, (v) the embossed account number, imprinted account number and/or encoded account number do not all agree. If a recovered Card was retained by a law enforcement agency, Merchant shall forward a legible copy of the front and back of the Card to VISA Net Interchange Center (VIC), as appropriate, to support payment of any applicable reward. It is not necessary for an automated dispensing machine, self service terminal or a limited amount terminal to retain Cards. • Merchant shall not consummate a MC Card Transaction but shall use its best efforts to retain or recover any Card, by reasonable and peaceful means, and shall contact Merrick and AMS, if the Card is listed on the current MC Restricted Card list. If Merrick or AMS cannot be reached, the Merchant shall use its best efforts, by reasonable and peaceful means, to retain the Card until Merrick or AMS can be reached. • An Authorization response for any Card Transaction shall not excuse Merchant's performance of its other obligations under the Agreement. MERCHANT ACKNOWLEDGES THAT AN AUTHORIZATION RECEIVED FROM AN ISSUER INDICATES ONLY THAT THE ACCOUNT IS A VALID AND OPEN ACCOUNT AND THAT THE AMOUNT OF THE REQUESTED CARD TRANSACTION IS AVAILABLE AS "OPEN TO BUY" ON THE ACCOUNT AT THE TIME THE AUTHORIZATION IS GIVEN. MERRICK OR AMS'S AUTHORIZATION OF A CARD TRANSACTION DOES NOT CONSTITUTE A WARRANTY, REPRESENTATION OR GUARANTEE THAT THE PERSON PRESENTING THE CARD IS THE RIGHTFUL CARDHOLDER, OR AN UNCONDITIONAL PROMISE OR GUARANTEE BY MERRICK OR AMS THAT CREDIT WILL BE GIVEN FOR THE SALES DRAFT WHEN DEPOSITED OR THAT IT WILL NOT BE CHARGED BACK TO MERCHANT'S ACCOUNT. Deposit of Sales Draft • Except as follows, Merchant (i) must deposit all Sales Drafts within three (3) Business Days after the applicable Card Transaction date; and (ii)may not deposit or deliver a Sales Draft to Merrick or AMS until the merchandise is delivered or shipped, the services are performed or the Cardholder has provided his or her consent to a recurring Card Transaction: A. Merchant may deposit a Sales Draft representing a deposit in a delayed delivery sale, provided that proper disclosure of immediate billing is given to the Cardholder at the time of the deposit Card Transaction. In this case, Merchant must deposit the Sales Draft within three (3) Business Days of the date of both the deposit and final payment. B. Merchant may request Authorization for a delayed presentment Card Transaction. If authorization is given, the Authorization number and the words "Delayed Presentment" shall be Automated Merchant Systems, Inc. 2010 - 10 - Operating Procedure Guide legibly noted on the Sales Draft and presentment shall be made within the time period permitted for the delayed presentment. C. If Merchant is obligated by law to retain the Sales Draft or return it to a Cardholder upon timely cancellation, presentment of the Sales Draft shall be made within ten (10) Business Days after the date of the Card Transaction. D. If the Merchant has multiple locations and delivers Sales Drafts to Merrick or AMS through a central office or facility, the time for delivery of Sales Drafts shall be the time proscribed by the Regulations. E. Merchant has given proper disclosure of the immediate billing to the Cardholder at the time of the Card Transaction (this exception does not include the deposit of a Sales Draft representing only an estimate of services to be provided). In this case, the Sales Draft Merchant may deposit a Sales Draft representing the prepayment of services, provided it shall be deposited within three (3) Business Days of the Card Transaction date. F. Merchant may deposit a Sales Draft representing full prepayment of custom -ordered goods (manufactured to the Cardholder's specifications), provided the Cardholder has been advised of the immediate billing. • All Sales Drafts and Adjustments of Credit Drafts presented by Merchants who do not provide electronic transmission of credit Card Transaction data shall be enclosed in an envelope together with a deposit transmittal or merchant summary card. Each deposit transmittal card shall be completed by Merchant to show the "net deposit amount," that is, the total amount of Sales Drafts less the total amount of Adjustments of Credit Drafts. • Merchant may not deposit any Sales Draft for a Card Transaction that was previously charged back to Merchant, irrespective of Cardholder approval. • Merchant may not deposit a Sales Draft resulting from any Card Transaction involving a Card between a Cardholder and another entity. • If Merchant has multiple locations in a city, Merchant must deliver all Sales Drafts in such a manner that Merrick and AMS are able to identify the Card Transactions originating at each respective Location. • Permissible time periods for deposit of Sales Drafts shall include the date of the Card Transaction and the date of receipt by Merrick. • Merchant shall not deposit a Sales Draft or Adjustment or Credit Draft which Merchant knows or should have known to be either fraudulent or not authorized by the Cardholder. Credit to Merchant; Holds on Merchant Account; Merchant Reserve Account • As a financial accommodation to Merchant, Merrick shall credit Merchant's Account for Sales Drafts deposited by Merchant, subject to set -offs and/or revocations for Fees, Chargebacks, fines and penalties for Chargebacks or Merchant's failure to comply with the Agreement. This extension of credit shall generally be given the next Business Day following the date the Sales Drafts are deposited but may be delayed so long as is necessary to evaluate the legitimacy of the Sales Drafts within local law or banking regulation. The Merchant is responsible for notifying Merrick and AMS in writing within 60 days of any errors on Merchant's account. Automated Merchant Systems, Inc. 2010 - 11 - Operating Procedure Guide • TO SECURE THE EXTENSION OF CREDIT AND MERCHANT'S OBLIGATIONS UNDER THIS AGREEMENT INCLUDING, WITHOUT LIMITATION, MERCHANT'S OBLIGATION TO PAY CHARGEBACKS, MERCHANT GRANTS TO MERRICK AND AMS A SECURITY INTEREST IN ITS DEPOSITED SALES DRAFTS AND ALL FUNDS MAINTAINED IN MERCHANT'S ACCOUNT(S). IF MERRICK OR AMS, IN EITHER OF THEIR SOLE DISCRETION, DETERMINES THAT THERE IS A REASONABLE POSSIBILITY THAT SALES DRAFTS DEPOSITED BY MERCHANT WILL BE CHARGED BACK, MERRICK OR AMS MAY PLACE A HOLD ON MERCHANT'S ACCOUNT(S) TO RETAIN AN AMOUNT SUFFICIENT TO COVER THE AMOUNT OF SUCH CHARGEBACKS. MERRICK AND AMS SHALL PROMPTLY NOTIFY MERCHANT OF SUCH AN ACTION AND MERCHANT SHALL, UPON RECEIPT OF THAT NOTICE, SUPPLY ANY ADDITIONAL FUNDS NECESSARY TO COVER OUTSTANDING ITEMS IN MERCHANT'S ACCOUNT(S). MERRICK AND AMS SHALL NOT BE LIABLE FOR THE DISHONOR OF ANY ITEM AS THE RESULT OF A HOLD BEING PLACED ON MERCHANT'S ACCOUNT(S). ALL UNUSED AND RETAINED FUNDS FROM MERCHANT'S ACCOUNT(S) SHALL BE RETURNED TO MERCHANT AFTER THE EXPIRATION OF THE APPLICABLE CHARGEBACK PERIOD, AS DETERMINED BY THE REGULATIONS, AND AFTER MERCHANT HAS MET ALL OF ITS OBLIGATIONS TO MERRICK AND AMS UNDER THE AGREEMENT. • Notwithstanding anything to the contrary in the Agreement or this Guide, Merrick may establish (without notice to Merchant) and Merchant agrees to fund a non-interest bearing chargeback reserve account (the "Reserve Account"), or demand other security or raise any discount, transaction or other fees. This account may be established at any time or for any reason. Specific examples might include: (a) Merchant engages in any charge processing that creates an overcharge to a Cardholder by duplicating charges; (b) any activity designed by Merchant to circumvent a "call center" message when attempting to process a transaction; (c) Merchant breaches this Agreement, violates any representation, covenant or warranty herein, violates any applicable Regulation or applicable law; (d) Merchant's application is in any way inaccurate or becomes inaccurate subsequent to Merrick's approval of the application; (e) Merchant changes its type of business without Merrick's or AMS prior written approval; (f) fraud, Merchant processes an unauthorized charge, or other action that violates Merrick's applicable risk management standards or is likely to cause a loss; (g) Merchant has chargebacks exceeding the standards set by Merrick or AMS; (h) excessive numbers of requests from consumers or issuing banks to retrieve documentation; (i) Merchant's financial stability is in question or Merchant ceases doing business; or (j) Merchant terminates this Agreement. Once the Reserve Account is established, collected funds will be placed in the Reserve Account. Before releasing funds after this Agreement is terminated, Merchant will pay any equipment cancellation fees and any outstanding charges, losses or amounts, and Chargebacks for which Merchant has provided indemnification under this Agreement. Further, Merrick may require Merchant to deposit additional amounts based upon Merchant's processing history and/or anticipated risk of loss to Merrick into the Reserve Account. Once established, unless Merrick determines otherwise at its sole discretion, the Reserve Account will remain in place for 180 days and a reasonable period thereafter during which Cardholder disputes may remain valid under applicable Regulations. The provisions of this Agreement relating to account debits and credits apply to the Reserve Account and survive this Agreement's termination until Merrick terminates the Reserve Account. Any balance remaining after chargeback rights have expired and all of Merrick's other expenses, losses and damages have been paid will be disbursed to Merchant. Adjustments of Credit Drafts • The refund or adjustment indicated on an Adjustment of Credit Draft must relate to a previously completed Card Transaction with Merchant and may not exceed the original Card Transaction amount. Each Adjustment of Credit Draft shall contain in legible form (i) Merchant name and address; (ii) the name and truncated account number embossed on the Cardholder's Card; (iii) the interbank number (if applicable); (iv) the date of the credit represented by the Adjustment of Credit Draft; (v) identification of the original Card Transaction; (vi) a description of the merchandise or services for which credit is being given; (vii) the amount of credit for each item; (viii) applicable taxes, if any; (ix) the initials of the persons completing and approving the Adjustment of Credit Draft; and (x) Merchant's signature. Automated Merchant Systems, Inc. 2010 - 12 - Operating Procedure Guide • Merchant shall give the Cardholder a true copy of the fully completed Adjustment or Credit Draft at the time of the Adjustment of Credit Draft transaction. Merchant shall present Adjustments of Credit Drafts to Merrick within the same time limit in which Sales Drafts are presented under the Agreement, provided that Adjustment of Credit Drafts for Merchants with multiple locations which present Adjustments to Credit Drafts through a central office shall deposit each Adjustment to Credit Draft within nine (9) calendar days of the Date of the Adjustment of Credit Draft transaction. Merchant only may deposit adjustment of Credit Drafts which relate to Sales Drafts previously deposited with Merrick. Upon receipt of the Adjustment of Credit Drafts, Merrick will debit Merchant's Account for the amount shown thereon and transmit the Adjustments of Credit Drafts for credit to the Cardholder by the Issuer of the applicable Card. • Notwithstanding the foregoing, Merchant may limit its acceptance of returned merchandise or establish a policy to make price adjustments for any Card Transaction, provided that proper disclosure is made in accordance with applicable law and purchased merchandise or services are delivered to the Cardholder at the time the Card Transaction takes place. In the absence of a controlling statutory or regulatory requirement, proper disclosure by Merchant shall be determined to have been given at the time of the Card Transaction if the following words are, or similar wording is, legibly printed on all copies of the Sales Draft, in letters approximately ''A inch high and in close proximity to the space provided for the Cardholder's signature or invoice being presented to the Cardholder for signature: 1. "NO REFUND" — if Merchant does or will not accept merchandise in return or exchange and does or will not issue a refund to the Cardholder; 2. "EXCHANGE ONLY" — if Merchant does or will only accept merchandise in immediate exchange for similar merchandise of a price equal to the amount of the original Card Transaction; or 3. "IN STORE CREDIT ONLY" — if Merchant does or will accept merchandise in return and deliver to the Cardholder a credit for the value of the merchandise returned which may be used only at Merchant. • Merchant may, if permitted by applicable law, stipulate special circumstances agreed to by the Cardholder (e.g., late delivery, delivery charges, insurance charges or restocking charges) as terms of the Card Transaction, but under no circumstances shall a surcharge be assessed for the use of a Card. If special circumstances are agreed to by the Cardholder, the Sales Draft must describe such special circumstances in the manner set forth in subsection 8 (c) above. • Merchant shall not accept money from a Cardholder to prepare and deposit an Adjustment of Credit Draft for the purpose of affecting a deposit to the Cardholder's account with the Issuer of the applicable Card. Adjustments and Chargebacks • Merrick or AMS may refuse to accept or may revoke its acceptance of any Card Transaction, or the electronic transmission thereof if applicable, and Merrick may, without prior notice to Merchant, debit, charge or credit (as appropriate) Merchant's Account in the corresponding amount, in any of the following instances: A. The merchandise or services covered by the Card Transaction are returned or rejected, whether or not reported to Merrick or AMS by Merchant. B. The Cardholder disputes any aspect of the Card Transaction, including the sale, quality, fitness or delivery of merchandise or the performance or quality of services covered by the Card Transaction. Automated Merchant Systems, Inc. 2010 - 13 - Operating Procedure Guide C. The merchandise or services are not delivered or performed. D. Any set off or counterclaim exists in favor of the Cardholder against Merchant that may be asserted in defense of an action for payment. E. Any information required to be included on the Sales Draft or Adjustment of Credit Draft is lacking, illegible or incorrect. F. The Card Transaction was completed prior to any required Authorization. G. The Cardholder alleges that the Sales Draft or Adjustment of Credit Draft was drawn or signed improperly. H. The Sales Draft is executed, accepted or endorsed incorrectly or fraudulently. I. The Sales Draft or Adjustment of Credit Draft was not completed, presented, or notified electronically by Merchant in accordance with the provisions of the Agreement. J. The Card Transaction or extension of credit was in violation of any applicable laws or regulation (federal, state, municipal or otherwise) or a Payment Brand's Regulations. K. The Card used in the Card Transaction is a counterfeit, invalid, voided, expired, revoked or stolen Card. L. A Payment Brand or Issuer generated the Chargeback. M. A Payment Brand grants the Cardholder a right to dispute the Card Transaction. N. The Card used in the Card Transaction had expired prior to the transaction date of such Card Transaction, or the Card validation date was after the date of such Card Transaction. 0. The related Card Transaction was not made with respect to the sale of merchandise or services by Merchant. P. The original or microfilm copy of the Sales Draft cannot be produced by Merchant at Merrick or AMS's request within the time limit specified by a Payment Brand. Q. Merrick or AMS is unable to present a Sales Draft or Adjustment to Credit Draft for collection pursuant to Payment Brand's Regulations or a Sales Draft or Adjustment to Credit Draft is rejected or charged back to Merrick by an Issuer pursuant to Payment Brand Regulations. R. Regardless of whether Merchant obtained an Authorization, (i) the Cardholder is present at the time of the Card Transaction and does not have his or her Card; (ii) the Cardholder does not sign the Sales Draft; (iii) the signature on the Sales Draft does not match the signature appearing on the signature panel of the Card; or (iv) the signature panel of the Card is blank. S. The Card Transaction was an Unacceptable Transaction or the circumstances surrounding the Card Transaction constitute a breach of any of the terms of the Agreement or the Regulations. • Merchant must ensure that its ratio of counterfeit, fraud or other Chargeback volume to total Card sales volume does not exceed any Payment Brand's standards. If Merchant is found by any Payment Brand to have an excessive ratio of counterfeit or fraudulent Card Transactions, Merchant shall initiate a control program approved by an applicable Payment Brand. If Merchant refuses to do so or ceases doing so after Automated Merchant Systems, Inc. 2010 - 14 - Operating Procedure Guide instituting such a program, or if excessive counterfeit or fraudulent activity continues, Merrick or AMS may terminate the Agreement. Credit Card Materials and Imprinter Plates Merchant shall use a suitable imprinter to imprint legibly on each Sales Draft and Credit Draft the embossed legends from a Card and from the imprinter plate. Merrick shall provide Sales Drafts, Credit Drafts, imprinter plates, advertising aids and promotional materials to Merchant to assist in accepting Cards for the Fees listed in the Fee Schedule or Merchant may obtain those items from any qualified third party at its own expense. Merchant shall not alter the imprinter plates furnished by Merrick nor allow anyone other than an authorized representative of Merrick to do so. Merchant shall notify Merrick in the event that the information contained on an imprinter plate is changed. All items and materials provided by Merrick or AMS to Merchant under this subsection shall remain the exclusive property of Merrick and shall be returned to Merrick or AMS upon termination of this Agreement or upon the written request of Merrick or AMS. Display of Service Marks, Advertising and Promotional Materials • Merchant shall provide the highest standard of customer service and merchandise quality and shall not take any action which would cause the name or Service Marks of Merrick, AMS or any Payment Brand to be disparaged. • Merchant's right to use or display the Service Marks shall continue so long as this Agreement remains in effect unless Merrick directs that such use or display cease. Merchant acknowledges that the Service Marks are the property of Merrick, AMS or the applicable Payment Brand and Merchant shall not infringe upon the Service Marks. Merchant shall not use the Service Marks on its stationary, letterhead, envelopes, or the like nor in its solicitations provided, however, that Merchant may use one of the Service Marks in close proximity to the payment or enrollment space in a solicitation of a size not to exceed 1 '/4 inches in horizontal length if a logo is employed, or, if a Service mark text is used, in type not to exceed the size of the type used in the major portion of the text on the same page; provided further that the legend, "Accepted for Payment" must accompany the Service Provided used and must be the equivalent size of the Service Mark. In no case, however, shall Merchant use any of the Service Marks on the front or first page of its solicitations. One truthful statement that Merchant is directing or limiting its solicitation to Cardholders may appear in the body of the solicitation, other than in close proximity to the payment or enrollment space, subject to the limitation that (1) only a word Service Mark may be used; (2) the Service Mark may not (ii) exceed in type size the size of any other type on the same page, (ii) differ in color from the type used in the text (as differentiated from the titles) on the same page, (iii) be as large and as prominent as the name of Merchant, (iv) be the first item appearing on any page, nor (v) in any other way be the most prominent element of the page; (3) Merchant's name and/or logo must appear prominently on the same page as the Service Mark; and (4) the applicable following disclaimer must appear in close proximity to the Service Mark on the same page and in an equal size and type of print: "MasterCard International Incorporated is not affiliated in any way with [Merchant] and has not endorsed or sponsored this offer." or "VISA U.S.A. International is not affiliated in any way with [Merchant] and has not endorsed or sponsored this offer." Or "DFS Services, LLC is not affiliated in any way with [Merchant] and has not endorsed or sponsored this offer." "MasterCard International, VISA U.S.A. International, and DFS Services, LLC are not affiliated in any way with [Merchant] and have not endorsed or sponsored this offer." Automated Merchant Systems, Inc. 2010 - 15 - Operating Procedure Guide • With regard to MC Card Transactions, Merchant agrees to submit its first direct mail solicitation(s), prior to mailing, to the MC Law Department, to be reviewed only for compliance with MC trademark rules and shall furthermore not distribute in any manner such solicitations until Merchant shall have obtained MC written approval of the manner in which it uses MC Service marks on such solicitations. Merchant shall likewise, upon request, submit MC any amended solicitations prior to mailing. Records; Confidentiality • Merchant agrees to preserve copies of all Sales Drafts and Adjustments of Credit Drafts for at least the longer of (i) three years from the transaction dates of such items, (ii) such period of time as may be required by the applicable Payment Brand or Networks, as applicable, and (iii) such period of time as may be required by applicable law or the rules or regulations of any governmental agency, Federal, state or municipal or otherwise. Merchant hereby assumes all liability (including the liability for any resulting Chargebacks) should it fail to so preserve Sales Drafts and Adjustments of Credit Drafts. In addition, Merchant agrees, that should Merrick or AMS request from Merchant a copy of any Sales Draft or Adjustment of Credit Draft within three years of the date of the transaction, Merchant shall deliver to Merrick and AMS, not later than five (5) Business Days after a request is made, a copy of such Sales Draft or Adjustment of Credit Draft. If Merchant does not provide said copy within five (5) days, Merrick is authorized to debit or charge Merchant's Account for the amount of such Sales Draft or Adjustment of Credit Draft. The Merchant or any agent of Merchant must not retain or store magnetic strip data, discretionary card -read data, PIN data, address verification data or any other prohibited information, subsequent to Authorization of a Card Transaction in any system or in any manner. Merrick, AMS or any Payment Brand or the duly authorized representatives of any of those entities may, without prior notice, visit Merchant's business premises and may examine that part of the books and records of Merchant pertaining to Merchant's practices regarding Card Transactions, including, without limitation, Merchant's books and records concerning the Sales Drafts and Credit Drafts previously deposited. These entities may also examine, verify, audit and copy at any reasonable time, all records of Merchant pertaining to Sales Draft and Credit Drafts previously deposited. Merchant acknowledges and agrees that from time to time Merrick or AMS may obtain credit and other information on Merchant from others and that Merrick or AMS may furnish information on Merchant's relationship with M and AMS and Merrick and AMS's experience with Merchant to others seeking such information, including credit bureaus. Merchant or Merchant's agents shall not sell, purchase, provide, exchange or disclose a Cardholder's account information or other personal information to third parties in any form including, but not limited to, imprinted Sales Drafts or Adjustment of Credit Drafts, carbon copies of imprinted Sales Drafts or Adjustment of Credit Drafts, mailing lists, tapes or other media obtained by reason of a Card Transaction, other than (i) to the Merchant's agents for the purpose of assisting Merchant in completing the Card Transaction; (ii) to Merrick, AMS or a Payment Brand, as applicable; and (iii) as specifically required by law. Merchant and Merchant's authorized agent shall store in an area limited to selected personnel and, prior to discarding, shall destroy in a manner rendering data unreadable, all material containing Cardholder account numbers such as Card imprints, Sales Drafts and Credit Drafts, car rental agreements and carbons. • Merchant must notify Merrick and AMS of its use of any agent that will have access to Cardholder data. • If a data security compromise occurs, Merchant must notify Merrick and AMS immediately. Automated Merchant Systems, Inc. 2010 -16 - Operating Procedure Guide Payment Card Industry Data Security Standard (PCI DSS) The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. Essentially any merchant that has a Merchant ID (MID). PCI applies to ALL organizations or merchants, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data. Any merchant that stores, processes or transmits cardholder data must validate their agency or business with the PCI mandate. All merchants will fall into one of the four merchant levels based on Visa transaction volume over a 12 -month period. Transaction volume is based on the aggregate number of Visa transactions. Merchant levels as defined by Visa: (1) Any merchant -- regardless of acceptance channel -- processing over 6M Visa transactions per year. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system. (2) Any merchant -- regardless of acceptance channel -- processing 1M to 6M Visa transactions per year. (3) Any merchant processing 20,000 to 1M Visa e-commerce transactions per year. (4) Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants -- regardless of acceptance channel -- processing up to 1M Visa transactions per year. To satisfy the requirements of PCI, a merchant must complete the following steps: • Identify your Validation Type as defined by PCI DSS — see below. This is used to determine which Self Assessment Questionnaire is appropriate for your business. SAQ Validation Type Description SAQ 1 2 3 4 5 Card -not -present (e-commerce or mai&telcphone-order) merchants, all cardholder data functions outsourced. This would never apply ro lace. to -face merchants. Imprint-cnly merchants with no cardholder data storage Stand-alone dial-up terminal merchants, no cardholder data storage Merchants with payment application systems connected to the Internet, no cardholder data storage All other merchants (not included in descriptions for SAQs A -C above) and all service providers defined by a payment brand as eligible to complete an SAO. A B B C 0 • Complete the Self -Assessment Questionnaire according to the instructions in the Self- Assessment Questionnaire Instructions and Guidelines. • Complete and obtain evidence of a passing vulnerability scan with a PCI SSC Approved Scanning Vendor (ASV). Note scanning does not apply to all merchants. It is required for Validation Type 4 and 5 — those merchants with external facing IP addresses. If you electronically store cardholder information or if your processing systems have any Internet connectivity, a quarterly scan by an approved scanning vendor is required. Merchants can meet these requirements by contacting SecurityMetrics at 801.705.5665. SecurityMetrics as in industry leading provider of merchant security testing programs and Partner Company of AMS. Automated Merchant Systems, Inc. 2010 - 17 - Operating Procedure Guide Definitions The following terms used in this agreement shall have the following meanings: Accounts - hall mean one or more demand deposit accounts maintained by Merchant with an Institution to which credits and debits shall be made arising from Card Transactions presented to Merrick and AMS, as provided in these Operating Procedures. Adjustments - shall mean one or more transactions involving: a Credit Draft which reflects a credit to a Cardholder; a credit to a Cardholder arising from a claim or complaint of the Cardholder; the correction of any error in posting to the Account resulting from the processing of Card Transactions, or correction of the Account as a result of failure by the Merchant to follow the proper procedures described herein. Affiliate - of Merrick or AMS shall mean any entity which is now or hereafter becomes Merrick's or AMS's parent, subsidiary or an entity under common ownership with Merrick or AMS. Agreement - shall mean the Merrick/AMS Merchant Processing Agreement and all exhibits and materials incorporated therein, including the Application and this Operating Procedures Guide. AMS - shall mean Automated Merchant Systems, Inc., a sales agent for Merrick. Authorization - shall mean the process by which Merchant shall obtain advance approval for a specified amount prior to completing a Card Transaction, as more fully described herein. An Authorization is NOT a guarantee of payment from Cardholder, but an acknowledgement that Cardholder has a valid and open account and there remains a sufficient credit line from which the transaction can be made. Application - shall mean the first four pages of that document called the Merchant Processing Agreement Application and Fee Schedule. Authorized Location - shall mean one or more addresses approved by Merrick and AMS and listed in the Agreement (as amended from time to time), at which Merchant conducts its business and honors Cards. Business Day - shall mean any day that the Institution is open to the public. Card - shall mean a credit or debit card bearing the logo and trade style of VISA, MC, Discover®, debit cards issued by a Network Member and any other cards which Merrick, AMS and Merchant agree in writing that Merchant may honor under the Agreement. Card Transaction - shall mean the honoring of a Card by Merchant for the purchase of Merchant's goods or services, but shall not include cash advances. Cardholder - shall mean the person named on the Card and to whom the Card has been issued or another authorized user of the Card. Chargeback - shall mean an Item returned by the Issuer in accordance with the applicable Procedures which shall result in Merchant's liability for the amount of the Card Transaction. Credit Draft - shall mean an Item, printed form supplied or approved by Merrick and AMS or electronic record or transmittal which evidences a refund or price adjustment to be credited to a Cardholder's account at Issuer. Discover - shall mean DFS Services, LLC. Automated Merchant Systems, Inc. 2010 - 18 - Operating Procedure Guide L Fees - shall mean all fees or discounts imposed under the Agreement as set forth in the Fee Schedule that is part of the Merchant Processing Agreement, Application and Fee Schedule. Floor Limit - shall mean the minimum total Card Transaction amount for which Authorization is required, as established by Merrick and AMS or the Payment Brands from time to time and communicated to Merchant. Institution - shall mean the federally insured depository institution designated by Merchant at which Merchant maintains an Account. Issuer - shall mean the organization which has issued a Card to a Cardholder. Item - shall mean a properly completed Sales Draft, Credit Draft, electronic record or transmittal, transaction form or other evidence of Cardholder's obligation in a form acceptable to Merrick and AMS. MC - shall mean MasterCard International, Inc. Merchant - shall mean the party identified on the Application portion of the Agreement, Merrick - shall mean Merrick Bank Corporation, a Utah state chartered bank. Network - shall mean each debit network listed in the Fee Schedule and each additional network added to this Agreement pursuant to a written agreement between Merrick, AMS and Merchant. Network Member - shall mean a debit Card Issuer that is a participant in a particular Network. Network Rules - shall mean the rules and regulations of each Network, as amended from time to time. Payment Brand - shall mean MC, VISA, or Discover and Payment Brands shall mean all of them. PIN - shall mean personal identification number. POS - shall mean point of sale. Procedures - shall mean all operating rules and regulations which govern Card Transactions conducted pursuant to the Agreement, including without limitation, the rules and regulations contained in this Operating Procedures Guide, the Regulations and Network Rules. Regulations - shall mean the Payment Brand Regulations as defined in the Agreement. Sales Draft - shall mean an Item used by Merchant in a Card Transaction to evidence a Cardholder's obligation. VISA - shall mean VISA U.S.A., Inc. Automated Merchant Systems, Inc. 2010 - 19 - Operating Procedure Guide BBB _.T l3etter Business I3ureau' Manageable Guidelines to Help You Protect Your Customers' Security & Privacy From Identity Theft & Fraud Supported By VISA PRIVACY & A M E N S C A M BUSINESS Security and privacy expertise contributed by Dr. Alan F. Westin and Dr. Lance J. Hoffman Mk NM AMM /WM IMMMMIM M. 401M .1MP EQUiFAx verizon wireless THE WALL STREETJOLJR\AL. PayPal Published March 2006 BBB -T- Security & Privacy Made Simpler" User's Guide No matter what type of business you are in, you probably collect, store and share information about your customers. Whether it is providing a necessary service, completing a financial transaction or creating a mailing list, customer data has become a key currency of today's information - based economy. As a business owner, you make important strategic decisions that affect your bottom line. Each day, how you manage the security and pri- vacy of the data you collect has become a core part of those strategic business decisions, because it can influence the success or failure of your business. Data security and privacy management may appear complex and overwhelming, but you really don't need to become a privacy and security expert to manage it. All you need to do is to acquire the basic understanding of the issues and the business tools that will protect your customers...and your business. Security and Privacy — Made Simpler, is your Guide to getting your arms around many of today's data security and privacy challenges that affect small businesses, including: • Recognizing attempts at theft and fraud. • Understanding the importance of offline and online security and privacy practices. • Developing a security and privacy policy, training your employees to comply with it, and communicating it to your customers. • Handling, managing and protecting sensitive customer information. Security and Privacy — Made Simpler. VISA • Managing employees as they interact with customers and their personal data. • Credit card/debit card security—both during and after the actual transaction. • Taking advantage of the latest technologies without compromising data security. • Conducting international transactions securely. Security and Privacy — Made Simpler° advises you on how to incorporate basic security and privacy practices into your every- day business operations, offering you options, tips and advice that are right -sized for smaller businesses and will help you get started. It is not intended to provide specific legal advice. The information is crafted—but not guaranteed—to be accurate, complete and up-to-date at the time of publication. Some of the information may not apply in your state or your particular line of business. Therefore, it is wise to consult an attorney familiar with the law in your jurisdiction and with your industry. Security and Privacy — Made Simpler. was developed through a partnership between the Better Business Bureau, a leader in promoting trust between businesses and the customers they serve, and Privacy & American Business, a leader in consumer and employee privacy and data protection issues and education. This Guide is made possible through the support of corporate sponsors—industry leaders who are committed to the success of their small business customers. EEe*.1 'Ax um.., S3111 4151 Et 04.strdl Powered by PRI l l 1\ RI BBB T Better Business Bureau` Security & Privacy Made SimplerTM PRIVACY & • r c w c • ■ BUSINESS Security is a complex issue. You can manage it. This Guide will help. Click here for more security and privacy tools and resources for small business. www.bbb.org/ securityandprivccy • 85% of Americans are worried about becoming victims of identity theft. • 58% of Consumers say if they were confident a business followed its security and privacy policies, they would be likely to recommend that business When your customers know you treat their personal information with the care it deserves, they will become more loyal and active customers. VISA Till: w11.1. STREI: f J01 - R\,11.. Supported by: 7-- _fi . ;E UIFAX ebY veri7n wireless PayPal I. Customer Data Security & Privacy —A Key To Your Success 4 2. Security Challenges Facing Small Businesses 5 3. Developing Your Own Data Security & Privacy Plans 5 4. Creating & Communicating Your Security & Privacy Policies 6 5. Spotting Cyber Criminals 7 t,. Fighting Identity Theft 8 Guidelines For Good Employee Practices 10 8. Collecting, Protecting & Disposing Of Customer Data 12 ". Securing Data In lour Office & Online 13 10. Internet Security Fundamentals 15 11. Payment Card Security Requirements 17 12. If You Have Data Lost Or Stolen 19 13. Managing Official Requests For Your Data 20 14. If You Do Business Globally 20 15. Additional Resources 22 BBB Security & Privacy Made Simpler' 1. Customer Data Security & Privacy—A Key To Your Success Customers Care — You Should, too WWhen your customers know that you treat their personal information with care and apply good security and privacy practices, their trust and confidence in your business will grow. You're Responsible For Customer Data Businesses of all sizes—not just the big corpo- rations—are held responsible for complying with federal and state customer data security and privacy laws. Here is a sample of how existing privacy laws may affect your small business: Security & Privacy Drive Consumer Purchasing Decisions • 85% of Americans are worried about becom- ing victims of identity theft. • 64% of consumers say they had decided not to buy a company's product or service because they did not know how the company would use their personal information. • 58% of consumers say if they were confident a business followed their declared security & privacy policies, they would recommend that business to family & friends. Source: Privacy & American Business. Here is a snapshot of existing federal privacy laws with which your small business might need to comply: • All small businesses must comply with the federal and state Fair Credit Reporting Act (FCRA) when seeking to obtain consumer reports, such as credit reports and employ- ment reports, about potential customers and employees. • Many small businesses in the healthcare field must follow the privacy requirements of the federal Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and its data security requirements. • Small financial businesses must comply with rules established by the federal Gramm - Leach -Bliley (GLB) Privacy Rules and Safeguard Rules and the federal banking agency guidance under GLB. Companies that need to comply with GLB include those that might not necessarily think of themselves as "financial," such as automobile dealers, tax planners, and some travel agents. • Currently, twenty-three states have laws on reporting data breaches (outlined on page 19 of this Guide), with potential penalties for security lapses that apply to both large and small businesses. As a business owner, it is your responsibility to stay current on privacy and security laws affect- ing your business...and your customers. An Ounce of Prevention ... Establish good security and privacy practices now. The alternative is decidedly distasteful. If you have a data breach resulting from weak security practices, you and your business can face lawsuits from federal or state agencies or your customers. The Federal Trade Commission (FTC) recently sued 12 companies it accused of having inadequate data security practices in violation of federal law. Lawsuits stemming from inadequate security practices can erode business equity, consumer trust and, ultimately, your bottom line. Even if you don't face legal action, your good reputation could be signifi- cantly compromised. Security and Privacy — Made Simpler • VISA Frtuu,ax ,;,rim, •UI \t �. di Y gvaty Powered by I'Itl\11 \ Security & Privacy Made Simpler' 2. Security Challenges Facing Small Businesses Firewalls Are Not Enough n today's tech -heavy business world, you might think that the right combination of hardware and software will prevent data security and privacy exposures. But technology is just one piece of the security and privacy equation. Effective policies, along with proper employee training and business -wide implemen- tation, are the other parts. Suppose you've equipped your computer with the latest network security software -firewalls, encryption—and you think you've deployed strong security tools. One day a "customer" calls your business to ask what credit card you have on file for his "account." He gives his "name" and "address" to an employee who then looks up the "customer's" information on your computer. Your employee reads the credit card number to the caller. But the caller is not a "customer." He is a crim- inal who found the name and address of one of your customers in a trash bin. This happens. To prevent it, you need a data security plan that \0460 ye includes simple steps, such as properly verify- ing a caller's identity, and employee training. Software alone can't prevent employee error. Employee training can. Modern technologies, such as e-mail, e-com- merce, and cell phones, have given us wonderful new tools to do business more effectively and efficiently. They have also created new layers of security that businesses need to secure to pro- tect their customers' information. If you use these new tools, you must also take reasonable steps to secure them. Security & Privacy Challenges Facing Small Business • Customer and business ID theft. • Data loss and theft. • Noncompliance with federal and state data protection laws. • Employee fraud and theft. • Loss of trust ... and customers. • Costly lawsuits stemming from sloppy security practices. • Computer and hardware damage from viruses. 3. Developing Your Own Data Security & Privacy Plans Find Your Weak Spots Take a few moments with a blank piece of paper and a pen, or at your keyboard. List all the different ways your business collects, stores and uses personally identifiable customer and business information. Now list who handles or has access to the information—employees, relatives, customers, service providers or visi- tors. Personal information may include names, addresses, account numbers, Social Security numbers, credit/debit card numbers and phone numbers, as well as account patterns and transaction records. Anyone who appears on your list is a data handler and should play a significant role in protecting sensitive information. They need to be properly trained to follow your security and privacy policies and practices. You may want to involve managers or employees from each business area in this Security and Privacy — Made Simpler. VISA F( PI FAN veri,,on to, •.ni N011 .1 h111 Powered b PRI %ACT Security & Privacy Made Simpler' exercise, to be sure that you are not overlooking any potential security weak spots. Making your employees a part of the security and privacy planning process will make them feel like valuable contributors to the team, and will also make it easier for them to remember your policies and follow them on the job. One Size Does Not Fit All All businesses are not alike. Review your security and privacy issues in light of your particular business and its operations, identify weaknesses, and take stock of your current abil- ity to address them. You may discover areas where you need input from a lawyer or technology consultant. It is important to be fully informed about your business' security risks so you can make the most appropriate, reliable and cost-efficient choices for your business. Security & Privacy Reality Check • Do you transact business on the Internet? • Do you collect names, addresses, phone numbers, e-mail addresses or Social Security numbers or other personal information about your customers or employees? • Do you accept credit or debit cards? • Do you share customer information with other companies? • Do you engage in direct mail marketing or telemarketing? • Are you storing customer information for any period of time? If you answered "yes" to any of these questions, your small busi- ness is in serious need of a data security and privacy plan. Security and Privacy — Made Simpler- VISA 4. Creating & Communicating Your Security & Privacy Policies Once you identify your security needs, you can begin to write a security and privacy policy for your comp any. Your security and privacy policy tells your customers how you will treat their personal information—how you will collect it, use it, and keep it secure. It should also give your customers the ability to commu- nicate to you if they wish to receive ("opt -in") or not receive ("opt -out"), "subscribe" or "unsubscribe" information from you and how they wish to receive marketing communications (e-mail, US postal mail, etc.). Smart companies offer meaningful privacy choices, and effectively carry them out. Those that don't, risk losing their customers. Resources to Help You Write a Policy • The Privacy Planner from BBBOnLine can help you generate a simple, but solid online privacy policy for your business http://www.prlvacyplanner.com. • The Direct Marketing Association (DMA) offers a small business -friendly online privacy policy generator http://www.the-dma.org/prlvacy/ prlvacypollcygenerator.shtml. How to Communicate Your Policies to Your Customers Once you have a written policy that accurately describes your intended actions with customer data, it is wise to communicate these policies to your customers. • Post it on a prominent sign in your store or office. • Give customers a copy of it when they complete a transaction with you. • Post it on the homepage of your web site. Ec WFax ami„ ",.uic.u,sou E j £%l7 Powered by PRI NU RI !.,l\1:!•• BBB Security & Privacy Made Simpler"' • If your customers have agreed to receive e-mail notices from you, tell them about your security and privacy notice in an e-mail, and let them know where they can find the full notice. • Mail it to your customers as a separate promotional piece. Posting a Security & Privacy Policy Provides a Competitive Advantage Having and following a security and privacy policy will: • Increase the trust and confidence your customers have in your business. When they know that you plan to use their information carefully and keep it secure, they will be more likely to share it with you. • Help distinguish your business from your competition. Prominent Security & Privacy Policies Build Businesses • 89% of consumers felt more confident in giving personal information to a business that had a detailed but readable privacy policy. • 58% of consumers said that if they were confident a business followed the privacy policies it presented, the consumer would be likely to recommend the business to family and friends. Source: Privacy & American Business Study 5. Spotting Cyber Criminals The number and sophistication of online fraud attacks is increasing. Here are some ways crim- inals attempt to get sensitive information from computers and individuals: • Viruses: man-made programs or pieces of code that are loaded onto your computer without your knowledge. Viruses result in a wide range of disruptive consequences on a computer or network, including the deletion or corruption of files. New viruses are introduced to the Internet every day. • Spyware: software that secretly collects information from a computer, such as what Internet sites are visited and what key- strokes (including passwords and credit/debit card numbers) are entered. Spyware transmits that information to a third party for a variety of uses, ranging from presenting tailored advertising or general spam to credit/debit card fraud and ID theft. Spyware is often installed on your computer as part of a downloaded applica- tion or via a downloaded e-mail attachment. • Phishing: uses fake e-mails and web sites that closely replicate their authentic coun- terparts to trick recipients into "verifying" their personal information. • Pharming: redirects an individual's web site request to a fraudulent site that closely replicates its authentic counterpart. • Keyloggers, Bots, Trojans and more: appli- cations that may appear to be benign or even helpful, but are actually destructive to files on your computer. These introduce viruses or malicious code onto your computer that can be programmed to execute any number of disastrous actions, and send sensitive information to a third party. Consider installing a web browser tool bar to help protect you from known phishing web sites. Earthlink offers such a free tool, called ScamBlocker, at: http://www.earthllnk.net/software/free/toolbar. eBay also offers an anti-phishing and account protection toolbar that alerts users when they're on a potentially fake eBay or PayPal site http://pages.ebay.com/ebay_toolbar/. Security and Prlvace ;1 dr Sr ,r,nlrr VISA FCc.10fAX vsrhon nr •ui violin nu E P, '.! Powered b PRIMY SNYBBB Security & Privacy Made Simpler' 8 Ways to Avoid Being a Victim of Online Fraud • Always verify whom you are doing business with before revealing personal information. • Ensure your browser is current with all security patches installed. • Use anti-virus and anti-spyware software, and keep it updated. • Be suspicious of any e-mail with "urgent" requests to validate or verify personal information. • Don't download anything that comes from a source you don't know. This includes e-mail graphics, screen savers, free soft- ware, etc. • Don't fill out any forms that come to you in an e-mail and request personal informa- tion, unless you definitely know and trust the source. • Don't allow your children to use your business computers. Children are not aware of online threats, and can down- load items without considering what might be attached to them. 6. Fighting Identity Theft How Identity Theft Happens ID and data thieves have an arsenal of high-tech and low-tech ways to steal personal informa- tion. Once they have your information, they will be able to assume—and misuse—the identity of your customers. They may even try to assume your identity. How Identity Thieves Strike Low -Tech Methods Dumpster Diving: thieves steal mail or papers with personal information left in the trash of your business or someone's home and not properly destroyed or shredded. Mailbox Theft: thieves steal mail left in your business' unsecured mailbox or at someone's home. Employee Theft: thieves within your business steal the personal information of your customers or of fellow employees. General Theft: thieves steal an individual's wallet, check, credit/debit card with personal information, desk top and lap top computers—crimes often carried out by friends, relatives, in-home workers or others known by the victim. High -Tech Methods Computer Hacking: hackers get unauthorized access to your business computer or comput- er network and steal customer information from your database. Phishing: thieves send fraudulent e-mails that appear to be from a legitimate company, and create a fake web site that looks like the legitimate company site. They do this to trick your customers into revealing their personal information. Pretexting: thieves make phone calls to your business and others in a "victim's" name, in an attempt to find out more information about the "victim." Or, they will call a consumer claiming to be from a legitimate company, and attempt to obtain personal information. Security and Privacy — 11ade Simpler• visit EQUIFAX ;,.,,f; AI•&I\I..fl ,9 Powered b; rlll\AC1 ',111110BI'SI\ES BBB Security & Privacy Made Simpler' y Real Data Theft Examples • An old laptop, with a company's customer records still on it, was sold via a news- paper ad. The records were still openly readable and could have been used to commit fraud by the purchaser; who alerted the seller about what he'd found. • Two computers were stolen from a medical practice's unlocked computer room. They contained easily accessible billing records and unencrypted sensitive personal infor- mation in the form of billing codes. • A courier service driver, carrying a pack- age of customer data, left his unlocked vehicle running while he made another delivery. While he was away from his vehicle, the package was stolen. • Perfectly readable, discarded printouts of personal records were thrown into a dumpster. They were later put to practi- cal use by the finder to wrap fish at an outdoor market. • In Florida, print-outs of thousands of medical records were found in various trash bins across the area. The records included details of sexually -transmitted diseases, psychological problems, addictions, and even intimate details about a patient's sex life. • An employee in an accountant's office used client data to file false income tax returns in order to receive tax refunds ... until that employee was finally caught. What ID Thieves Want—Your Customers' Personal Information Criminals are after credit/debit card numbers, Social Security numbers, driver's license infor- mation and numbers, mailing addresses, e-mail addresses, and telephone numbers. They also look for this information in your product orders, account statements and mail. How They Use This Information Data thieves will open fraudulent credit card accounts in your customers' names, make purchases without their knowledge, get a loan in your customers' name, or open a fraudulent bank account in your customers' name and write checks on that account. In addition, they can open fraudulent accounts with your business and make fraudulent charges to your customers' accounts...with you. Small Businesses Can Be ID Theft Victims, Too Business identity theft occurs when someone steals information about a business to commit fraud. Thieves may specifically target small and medium sized businesses because their data security programs may not be as strong as those of larger companies. They want your business credit/debit card account numbers, your bank account numbers, your Federal Employer Identification Number, and other federal and state governmental identification numbers. How They Use This Information ID thieves can use your stolen business infor- mation to open a credit card account in your business' name, make purchases without your knowledge or get a loan in the name of your business. They will open a bank account in the name of your business, write checks on that account, and take out money from the existing accounts of your business. In some cases, ID thieves may secure enough information that they can actually sell your business or commercial property without your knowledge. �prurlty and Privacy — Made Sinrnlrr vice Fnrurner r ,.,l h., PI{1 V %CT -r - Security BBB & Privacy Made Simpler' What You Can Do Here is a checklist of things you can do to protect your business from identity theft. You will find more details in Chapters 7, 8, 9, and 11. Physical Security Tips To Protect Your Business & Your Customers • Shred or cross -shred papers with person- ally -identifiable customer or business data before throwing them away, or use a document disposal company to destroy the papers for you. • Send and receive business mail from a secured mailbox or a post office box. • Conduct regular software audits of computers. • Train employees to watch for suspicious activity among other employees, customers, or people coming to your business premises. • Consider telling your customers how they can spot phishing efforts, and how they should verify that it's your commu- nication before releasing any personal information • Verify the identity of a customer before discussing or providing any customer account information by telephone or e-mail. Then take appropriate steps to provide it in a manner that is secure. • Secure your physical space with locks and alarms. • Secure your business, customer and employee records in locked cabinets. 7. Guidelines for Good Employee Practices Screen Your Employees Identity theft can originate in the workplace. Exercising care to hire honest employees is one of the best ways to help secure your business and reduce the risk of identity theft or fraud to you or your customers. Past behavior is widely considered to be the best predictor of future behavior, though it is not a perfect tool. Conducting background spot-checks can assist you in learning and assessing the character pattern of prospective employees (or of your current employees—if you did not use a background spot-check before hiring them). The type of background spot-check to use depends on the size and nature of your business. If you handle lots of sensitive personal information, especially financial or health information, you might want to consider a full criminal background check. But if your business does not handle much customer person- al information, a credit report can give you a useful snapshot of an applicant. Because background spot-checks, themselves, raise privacy issues, handle this carefully. If you see a "red flag" in a background spot-check, confirm the accuracy of the information with the source before making a hiring decision. Other factors to consider in this process might include: • Whenever you order a background check on a prospective or current employee, state and federal laws require that you notify the per- son (in writing) that you intend to use a consumer report, and obtain their consent to do it. This process is a key element of the federal Fair Credit Reporting Act (FCRA). Most background checks contain a "con- sumer report." If you decide to reject an Security and Privacy — Made Simpler- VISA ECctfrrAX1,„6,D„ ued hI' PRIVACY BBB Security & Privacy Made Simpler' applicant or release a current employee based on something in their consumer report, you must tell them that you have done so for this reason. • Many states have their own laws that apply to background checks and consumer credit reports. Discuss with your attorney the requirements in your business' home state or in other states in which your business makes hiring decisions. Control Employee Access to Sensitive Data • Each of your employees should have access only to the sensitive information necessary to do their specific jobs. When you control employees' access to information, you sig- nificantly reduce the risk of data exposure. • You can limit employee access to customer information by using a variety of physical and technological security measures, rang- ing from padlocks to passwords. For specif- ic suggestions, see Chapter 9, Securing Data in Your Office and Online. Train Your Employees Writing privacy and security policies for your business is not enough. Your employees need training for how to protect the privacy, confidentiality and security of personal information. Your training program should address all the issues discussed in your security and privacy policy. Tips for Creating and Executing a Security & Privacy Training Program • Make it relevant, personal and timely. • Tell employees why the topic is important to everyone involved. • Role play with real-world scenarios that present examples of privacy and security choices your employees could face --and then explain how they should handle them. • Have your employees sign a nondisclosure agreement, in which they will agree to keep your customer information confidential. • Include your managers. • Update employees on new developments in this area as they occur. • Train employees to use computer security tools. • Advise them on the dangers of purchasing or downloading pirated or counterfeit software. • Train them to regularly update all security soft- ware and browsers. • Train employees to spot phishing attempts, and not to respond to them. Keep them updated on new phishing ploys. For more information on phishing visit http://pages.ebay.com/ education/spooftutorlal/Index.html or http://ottice.mlcrosoft.com/en-us/ assistance/HA011400021033.aspx. • Use specialized training for employees whose job functions require it.. • Teach your employees how to look for suspicious activity from other employees, customers, visitors, strangers or acquaintances on your business premises. • Train all new employees about your information security policies. • Reinforce your employee training at least semi- annually to ensure that employees regularly put their training into practice. Security and Privacy — Made Simpler, VISA Fro rout ve•i,pe n•.wvmfMew eJY arca] 1/ Powered by PRl1:4CY ItI SIDE BBB T Security & Privacy Made Simpler' 8. Collecting, Protecting & Disposing of Customer Data Collecting The type of information you collect from your customers depends on your individual business, and can range from simply a customer's name, address, telephone number, and e-mail address to significantly more personal information, such as credit/debit card numbers, account numbers, transaction summaries, consumer preferences, consumer credit reports, etc. If you collect and store credit card information, you need to follow security rules set by the major credit card companies. See Chapter 11, Payment Card Security Requirements for details www.vlsa.com/cIsp. 1f you don't absolutely need a piece of customer information, don't collect it. Collecting customer data you do not need increases your security and privacy risks. Be particularly careful about collecting and storing financial and personally identifiable information, including Social Security numbers, credit and debit card numbers, or driver's license numbers. Check your payment transac- tion software systems to determine if it is collecting sensitive data you aren't even aware of, such as the magnetic stripe of a payment card or the PIN information from a debit card transaction. If you have customer data you no longer need, discard it—securely. See Disposing for tips. Protecting You need to guard against both high-tech and low-tech opportunists. If your business is not kept physically secure, anyone can walk in and steal unprotected customer data from your cabi- nets, drawers, and desks. This has happened. The same is true about your own employees if they have access to sensitive information they don't need or shouldn't have to do their job. One of the larger data breaches in 2006 stemmed from employee access to sensitive customer data that was inconsistent with their job description. For tips on protecting against both high and low-tech predators, see Chapter 9, Securing Data in Your Office & Online. Disposing Disposing of personal data also is an access point for data/identity thieves. Sloppy security practices in data disposal can lead to theft. The federal government issued a Disposal Rule amendment to the Fair Credit Reporting Act (FCRA), called the Fair and Accurate Credit Transactions Act (FACT Act). Both are enforced by the Federal Trade Commission. It mandates that all businesses that manage credit data—no matter their size—must take steps to ensure that discarded customer personal information is not accessible to unauthorized access. For more information on the Disposal Rule, and how it may affect your business visit: www.ftc.gov/bp/coniine/pubs/alerts/ dlsposalalrt.htm. Currently, the law applies only to information your business gets from credit reports (or other "consumer reports"). However, it is good business to follow sound data disposal practices when discarding sensitive customer informa- tion, whether or not the law specifically requires it. Disposing of an Old Computer Before discarding an old computer, permanently erase all customer personal information on the hard drive. Deleting files by putting them in the "recycle bin" or "trash" on your computer's desktop is not good enough. These "deleted" files remain on the computer and can be accessed using commercial recovery software. Security and Privacy — Made Simpler, VISA ,Kturrnx wed'H. 7H..1,[ c:. 3 t'J !;? t;f1/ Po N' e r e 11 by 111 Bl �l\ES 6BBB —r— Security & Privacy Made Simpler" To ensure you properly "clean" an old computer, purchase commercial erasure software, avail- able from most computer and office supply stores. This will overwrite all the data on the drive. You also can remove the hard drive and physically destroy it, so that it cannot be used again. Disposing of Electronic Files (not on a computer) If you are disposing of a computer disk, CD, DVD, or other electronic storage tool that con- tains sensitive information, the same rules apply. Don't just delete. Permanently erase the data, using commercial erasure software. Or, physically destroy the tool so that no one else can use it. Disposing of Paper Files Before throwing away any papers containing customer information, destroy the papers by shredding or cross -shredding, burning or pul- verizing them. If you don't want to do it yourself, hire a waste disposal company to shred or pulverize records for you. Articulate your requirements for dis- posal when using an outside company, and ask them to provide you with a quarterly report stat- ing what they've disposed of, and how and when disposal was completed. If the company is local, you may want to visit their operations site for yourself and check their record with the Better Business Bureau. 9. Securing Data in Your Office & Online The following guidelines generally apply to businesses that use a blend of hard copy and electronic methods to conduct their business activity, as most businesses do today. Remember that ID thieves operate using both high-tech and low-tech methods. Physical Security • Keep customer account records and other personal information in locked cabinets. • Don't leave papers or files unattended on desktops. • Never leave a business premise open and completely unattended, even for a short time. • Use a locked mailbox or a post office box for incoming and outgoing mail. • Use security envelopes for bills or other mail containing personal information. • Shred anything with customer or employee personal information before discarding it. Computer and Network Security • Use SSL technology for your online transac- tions. SSL stands for "Secure Sockets Layer," a technology that applies encryption —a scrambling of the message—to sensitive information traveling on the Internet, such as credit/debit card numbers. To use SSL, you will need to purchase an SSL Certificate from a Certificate Authority (CA). There are a number of Certificate Authorities you can buy SSL from, such as VeriSign www.verlslgn.com, Network Solutions www.networksolutlons.com, Thawte www.thawte.com and GeoTrust www.geotrust.com. For more information on what encryption is and how to use it, visit HowStuffWorks http://computer. howstuffworks.com/encryptlon.htm. • Consider encrypting financial, medical and otherwise sensitive information on your on-site business computers. Your computer may already have the ability to encrypt data using settings installed on its operating system or networking hardware. Ask your ;ecurlty and Privacy — Afade Simpler. VISA Fill wax mrmMel iu II Powered by Security & Privacy Made Simpler' network administrator or computer vendor for assistance. If this is not an option, you can buy encryption software and hardware at most computer stores. • Use passwords and change them frequently. Don't use a password that someone who knows even a little about you could guess, such as a spouse's or child's name, home telephone number, or college you went to. Never write your password down. The Federal Trade Commission provides helpful password tips at www.onguardonlIne.gov/stopthInkclIck.htm. 14 To the extent possible, don't keep personal information on the hard drive of computers that connect to the Internet. Use CDs, removable memory (flash drive), or floppy disks. Try to keep any disks or removable memory in a secure and locked location. • Use a firewall to protect your computer network. Firewalls are a system of software, hardware, or both designed to prevent unauthorized access to a network. A variety of ready -to -use firewall programs are available from popular brands such as McAfee www.mcafee.com, Symantec www.symantec.com, and Zone Labs www.zonelabs.com. If your business handles especially sensitive personal information on the network and needs a higher level of protection, seek an IT consultant or visit a trustworthy computer store for suggestions. • Continuously update your browsers, operat- ing system, and other software to make sure you are using the most secure versions available. Updates can be found on the websites of the companies that manufacture the browsers, operating system and other software you use. • Continuously update your anti-virus and anti-spyware software. Updates are generally available at the website of the manufacturer of the anti-virus and anti- spyware software you use. If you don't have anti-virus and anti-spyware software installed, contact an IT consultant or visit a computer or business supply store that you trust to find out what products will best fit your needs. • Use file sharing only when you need it. Turn it off at all other times. You may want to consult a networking professional for expert security advice if especially sensitive infor- mation will be shared over a network. • If you use wireless networking, turn on the security features that come with the wireless network products you purchase and test that they operate properly. Again, you may want to consult a networking professional before you share any sensitive information over a network. See http://www.ftc.gov/bcp/online/pubs/ online/wlreless.htm. • Keep your network servers in a locked room. • Turn off your computers when not in use. • Back up all your data regularly and keep backup disks or other back-up materials in a locked area. • Refer to Chapter 11, Payment Card Security Requirements. For more guidance, see www.vlsa.com/cIsp. Security and Privacy — Made Simpler- VISA Fc urrax Mecum a3;+.aw tJ l.•F,1j'' JI 1'01, rCil PRl tCY B('SI\E' x ll BBB Security & Privacy Made Simpler' Laptop Computer, PDA & Cell Phone Security • Always keep your laptop, PDA, or cell phone within sight --especially when you are away from your office. • Always keep your portable device within reach when traveling; stealing laptops at airports and from trains and restaurants has become a popular data theft technique. • Limit the amount of any sensitive informa- tion stored on laptops, PDA's, and cell phones. If possible, do not store sensitive data on portable devices. • Password -protect access to the laptop, PDA, and cell phone. Also password -protect features such as Internet access, e-mail, voicemail, and address books. • Turn these devices off when not in use. • Do not share portable communication/ organization tools (or their passwords) with others. • If an employee (a salesperson or telecom - muter, for example) needs to take personal data off premises on a laptop, CD, flash drive or other portable device, you should encrypt the data. • Back up all data regularly and keep backup disks or other back-up materials in a locked area. Special Protections for Cell Phone Users Today's digital cell phones feature e-mail and Internet capabilities, address book and calendar functions, and can store recorded memos, voice- mail, pictures, and other data files. Although these features help businesses be more efficient, they also create a new layer of data security and privacy to protect. Criminals can hack into cell phones and steal stored files, con- tacts and voicemail. Viruses can significantly disrupt a cell phone, just as they do a computer. This is why it is important to lock your device and keep it in a secure location when not in use. Do not download or accept file downloads from unknown sources. Limit the amount of data you transmit or store on a cell phone or PDA. Never store sensitive information, such as bank account numbers, ATM codes, and credit/debit card information on cell phones. Cellular technology changes rapidly, and cell phone capabilities and security features vary significantly between models. Refer to your owner's manual for help to configure the security setting on your phone, or contact your cellular provider for assistance. 10. Internet Security Fundamentals If you have an "e-business" or your business regularly executes transactions over the Internet, your security toolkit should include web site security, e-mail security, and advanced cyber -security tools. Web Site Security Customers have come to expect security on your business web site. Given this, you must ensure that you securely transmit all data over the Internet during an online purchase from your website. Secure Sockets Layer (SSL) is the industry standard for secure, encrypted data transfer over the Internet. SSL technology is built into all major Web browsers (e.g., Explorer and Netscape). Ask your web site designer to >ecurlty and Privacy — Mode Simpler• VISA ECM? FAX ussw pTFHJM ebY Powered by PNI1:1CY I3CSI\ES BBB Security & Privacy Made Simpler' 16 configure your site to accept SSL transactions, and ask for advice on how to get your SSL certificate. SSL is a good starting point, but website securi- ty does not end there. Hackers also can steal stored information directly from computers, even if the information is not being transmitted over the Internet. As a result, go the extra step and consider encrypting any sensitive informa- tion stored on all your computers. Refer to Chapter 9, Securing Data in Your Office & Online for information and links on SSL and data encryption. E-mail Security E-mail is not secure. Criminals can easily intercept e-mail transmitted over the Internet, and your employees, co-workers, or family members at home may have the ability to access your e-mail without you ever noticing. It's important to engage safeguards when you use e-mail. E-mail Security Tips • Use e-mail filtering software to screen e-mail and identify suspect messages. • Don't open e-mail attachments or links from anyone you don't know or trust. • Turn off the "preview" function of your e-mail program. While this allows you to see the first few lines of the email content, it can be a security risk. continued continued • As a general rule, do not include sensitive information in unencrypted e-mail (Social Security Numbers, credit/debit numbers, account numbers, personal address, phone or e-mail information, etc.). • When e -mailing messages to a group of people, put recipient addresses only in the "BCC" header (blind carbon copy)— not in the "To" or "CC" headers. This is important even if there is no sensitive content in the body of the e-mail; other- wise you expose the e-mail ID of every- one on your distribution list. • Beware of "phishing." These are e-mails that mimic the designs of well-known sites and ask you to respond by giving personal information. Do not respond in any way to these e-mails. If you think the e-mail is genuine, directly contact the real organization and verify the authenticity of the e-mail. Legitimate companies do not ask for personal information in an e-mail. Cyber -Security Tools - The Basics Using the right cyber -security tools can help you diminish the risk of data exposure from data handling. Here are the most widely used computer security tools and a brief explanation of what they do. • Firewalls: software and hardware that limit external access to your business computers or network. Security and Privacy — Made Simpler, VISA ECgU:/Ax verlryn ne •u 111417 Him u tt Y ge,Ita Powered hi' l I{11M 111 ,;1\1-:. 17 BBB —r- Security & Privacy Made Simpler' • Encryption: software or other technology that scrambles data to prevent unauthorized viewing. • Vulnerability Analyzers: software that per- forms checks to determine if a computer network's devices and software are properly configured, patched, and updated. • Host/Network-Based Intrusion Detection Systems: software that scans for network - related suspicious activity. • Intrusion Prevention Systems: sensors that detect network security vulnerabilities. • File Integrity Systems: systems that provide intrusion detection and verify that files have not been tampered with. • Network Scanners: tools that identify network security holes that could give intruders access to your network. These tools are available commercially at most computer or business supply stores. Ask your computer vendor, a sales specialist at a trusted computer store, your network administrator, or an IT consultant for the specific brand and prod- uct recommendations that will best match your system and your business needs. 11. Payment Card Security Requirements Security Rules Your Business Must Follow The major credit card associations (Visa, MasterCard, American Express, and Discover) have established security requirements for both credit card processors and merchants accepting payment cards. The following rules are especially applicable for your business. • Do not store the contents of any credit card's magnetic stripe. • Do not store the CVV or CVV2 (card verifi- cation value), two security features of debit and credit cards that should never be stored by businesses. The CVV is a secret code embedded in the magnetic stripe of payment cards that is used to prevent counterfeiting. The CVV2 is the three or four number code on the signature panel of most cards or the front of an American Express card. • Store only the account information you need to complete and service your transaction. Under no circumstances should the CVV, CVV2 or PIN be stored. • If you store the basic 16 -digit credit or debit card account number, have a plan to destroy it when it's no longer needed. You may want to establish a policy that specifies the length of time your business holds on to credit card information. • Ensure your business partners and vendors follow the payment card security require- ments. A complete list of PCI compliant service providers is available at www.vlsa.com/case. • Additionally, be aware of the unintended consequences of any software you are using. Merchants are encouraged to use point-of- sale payment software that has been validat- ed compliant with the Payment Application Best Practices (PABP). A list of software providers/software applications that have been validated by PABP is available at www.vlsa.com/rasp. Security and Privacy — Made Simpler. VISA 7e.v1,0{1,'1 E; rPiltal Powered hl L.1BBB Security & Privacy Made Simpler' 18 • Your business may have to comply with security audits according to the PCI require- ments. You may be asked for a system's scan or self-assessment. Contact the bank or the company that manages your payment card processing for details or log on to www.vlsa.com/clsp for more details on the Payment Card Industry Data Security Requirements. Security Rules for Processors—Which Also Apply to Small Businesses In addition to the guidelines listed above, payment card processors and merchants are required to follow these rules: • Use firewalls. • Change passwords and security codes from those supplied originally by the software manufacturer, to secure the processor's data and computer network. • Encrypt all payment card information stored on the processor's computers. • Encrypt any card data transmitted over the Internet or other public network. • Use anti-virus software and keep it updated. • Keep other software, such as operating systems, secure and updated. • Provide employee access to data on a need - to -know basis only. • Give each company employee who uses a computer a unique ID. • Restrict physical access to hard -copy payment card data. • Your business may have to comply with • Track card data access on the company's computer network. • Test the company's security systems on a regular basis. • Have an information security policy that spells out rules for employees who handle data and reinforce it regularly. • For a full listing of these rules, go to www.vlsa.com/clsp. Click "PCI Data Security Standard." By following the payment card security requirements, you will protect your customers' sensitive data, and put your business at a com- petitive advantage with other businesses that are not in compliance. The alternative can be disastrous. If your business has a security breach and is found not in compliance with the payment card security rules, there are severe penalties, including barring your business from accepting payment cards. Choosing a Payment Card Processing Company As a business, you have a choice in processors, and credit/debit card processors can vary in their performance. If your customers' informa- tion is lost or stolen from your card processor, you and your business could become the target of negative publicity, Toss of customer trust, fines, and costly lawsuits. Security and Privacy — Made Simpler' VISA EQU/rRX 4.dign ,d °VI"' w ''<. gzo,?77 Powered by P111 vti a Itl 71\I:. BBB 19 Security & Privacy Made Simpler' As you select a processor, verify that they follow all the security rules required by the major payment card associations. If a credit/debit card processor fails to follow those rules, a major data security breach is possible. In 2005, hackers accessed information on approximately 40 million cardholder accounts from a credit card processor that was found not to be compliant with the credit card security requirements. 12. If You Have Data Lost or Stolen Consider Notifying Your Customers Currently, twenty-three states (listed here) have laws that require customer notification in the event personal data is lost, stolen, or inadver- tently disclosed, and these laws may expand to a national level soon. Many states require you to notify your customers of any data breach. Other states require notification when harm to poten- tial victims is likely. Even if the law doesn't require it, consider the advantages of giving notice to your customers whose information was compromised. If you tell your customers about the breach: • Describe the nature of the incident. • Tell them what you have done to address the problem. • Tell them what you will do in the future to further reduce the chance of it happening again. Notify Law Enforcement and Other Authorities If a breach occurs, it is important to alert appro- priate law enforcement officials immediately so States with Breach Notification Laws *Arkansas *Louisiana North Dakota California Maine *Ohio *Connecticut Minnesota Pennsylvania *Delaware *Montana *Florida Nevada Georgia *New Jersey Illinois New York Indiana *North Carolina * Requires notification only when there is risk of harm to consumer victims *Rhode Island Tennessee Texas * Washington they can investigate the incident. Talk to a lawyer to get advice on which law enforcement authorities you should contact. This could include local police, state authorities, or even the FBI. The major payment companies also advise that you immediately contact your payment processor and your acquiring bank if you have a credit/debit card security breach. It is also recommended that if you have any kind of customer data breach, you alert the three national consumer reporting agencies: Equifax www.equlfax.com, TransUnion www.transunlon.com, and Experian www.experlan.com. Visit the FTC Web site (www.ftc.gov) for more information on responding to a data breach. Also alert the bank or company that you hire to process your payment cards. It's important that the compromised accounts are watched or Security and Privacy— Wade Simpler. VISA EOwr4x ,,irp, OM mpIt 'eb gtrVa1 Powered by PRIVACY BBB Security & Privacy Made Simpler" 20 closed to prevent fraud from occurring on them. You could have liability for the resulting fraud, so quick notification to the payment card companies can help. Ask your lawyer about this now, so that in the event something does happen, you are immedi- ately prepared and know which law enforcement agencies to contact. Some local law enforce- ment departments have even set up special units to investigate such incidents. Support Your Customers If a breach occurs: • Encourage your customers to monitor their credit reports for signs of identity theft. If you can afford the expense, consider paying for a credit monitoring service for your affected customers for a designated period of time (generally 6-12 months). • Encourage any customer experiencing or suspecting identity theft to notify you, file a police report, and notify the three national consumer reporting agencies, outlined in the section on the previous page. Responding quickly to a data breach may help you retain your customers. 13. Managing Official Requests For Your Data You Have Both Duties and Rights When you receive a request for customer records from a law enforcement officer or a government agency, balance your general incli- nation to respond immediately with your responsibility as a trustee of your customers' information. Responding to Government Agency or Law Enforcement Requests for Data • State your company's policies on respond- ing to these requests in your security and privacy policy. If your business shares customer personal information with the government when it is required to do so by law or valid access request—say so. • Consult with your attorney about your obligations to respond to government information requests and to ensure that you are complying with your privacy policy. • Train your employees. Tell them what to do when they receive a request for customer information from law enforce- ment or other government agency. 14. If You Do Business Globally You Could Be Subject to Foreign Data Protection Laws Over 50 nations have personal data protection laws that regulate the handling of consumer information by businesses. Most data protection laws apply to all businesses that handle customer information, regardless of size. Even a company with no physical presence in another country—but which engages in international business -to -consumer e-commerce—is often required to comply with these laws. These data protection laws are found throughout Europe, Canada, South America, Asia, Africa, and the Middle East. Security ana Privacy — ,dude Sipper- VISA F.Ct!)rax vertgn nr•uiIcon rcwieb q Pay f Powered by BBB Security & Privacy Made Simpler' e'' What You Need To Know About Global Commerce • Learn about the data protection laws in countries in which you do business. A good place to start is with the web sites of national data protection authorities for each country. Some publish guides to their laws that are customized for small businesses, such as the UK and Australia. For a list of data protection authorities in countries around the globe visit http;//www.dataprotectlon.le/docs/ European Functions -Useful Unks/99.htm • Consumers in these countries expect businesses to understand and comply with local data protection laws, no matter what the business size. What These Laws Require from Businesses In general, data protection laws: • Provide information to consumers about the collection and processing of their data. • Process consumer data in a fair and lawful manner, and only for the purposes communi- cated to the consumer. • Restrict the collection and processing of certain "sensitive" types of consumer data. • Collect only relevant (and not excessive amounts of) personal data from consumers. • Take reasonable steps to protect consumer data from accidental loss, destruction or unauthorized disclosure. This includes supervising employees and contractors who touch consumer data on a business' behalf. • Ensure that safeguards are in place at desti- nation points before transferring consumer information outside of the country. • Check on whether a country requires businesses to file a notification with the national data protection authority before collecting and handling any consumer data. Customers Have Rights Under International Data Protection Laws Customer rights under data protection laws generally include: • The right to withdraw consent to certain uses of personal data (generally for direct marketing uses). • The right to obtain information about how personal data is processed. • The right to view their personal information and request that any errors in that informa- tion be corrected. • The right to sue a business in court for compensation or damages resulting from harm caused by a breach of the data protec- tion laws. Law Enforcement Most countries with data protection laws have designated a separate data protection authority to supervise and enforce the law. These agencies generally have the power to receive and investi- gate complaints about businesses from con- sumers, or to initiate their own investigations. Some have the power to impose fines and other penalties for violations of the law, while others may only make non-binding determinations (which may be enforceable by a court). 21 MOM ecurlty and Privacy — Made Simpler. VISA retcr,FAX rsrir'On "r►ui1m17.Iaw €hctry;:tarPowered b1' 6 BBB Security & Privacy Made Simpler" 15. Additional Resources Managing security and privacy in your business activities doesn't need to be an unduly expensive or time-consuming activity. Taking practical steps to protect the sensitive data your customers entrust to you will produce many dividends in return. Establishing solid data security and privacy policies and practices will: • Put your business in compliance with federal and state law. • Help protect your business and customers from data theft and criminal activity, including ID theft. • Create a bond of respect and trust between your business and your customers. Customers expect their information to be kept securely. Consider this your initial Guide to security and privacy best practices. However, note that security has new manifestations all the time, so it's a changing landscape. Here are additional resources to help keep you current. • The Better Business Bureau: Find updates for small business owners about changes in security and privacy laws as well as new risks they need to manage. www.bbb.org/securltyandprlvacy. • The Federal Trade Commission: The site of the nation's consumer protection agency has a collection of resources for businesses and consumers www.ftc.gov. The FTC also provides a one-stop national resource on ID Theft at www.consumer.gov/Idtheft. • Privacy Manager's Resource Center: a comprehensive resource from BBBOnLine to help businesses promote trust in con- sumer relationships www.bbbonllne.org/ UnderstandingPrlvacy/PMRC. • IBM's Small Business Center: a collection of resources for small business owners including white papers, technology solutions and expert Q&A www.Ibm.com/ buslnesscenter/smallbuslness. • Visa: Full briefing of payment card industry (PCI) standards for merchants www.vlsa.com/cIsp. • Business for Social Responsibility: Issue Brief—Consumer and Employee Privacy www.bsr.org. • OnGuard Online: provides practical tips from the federal government and the technology industry to help you be on guard against Internet fraud, secure your computer, and protect your personal information. Managed by the FTC www.onguard onllne.gov/Index.html. • Small Business Computing.com: an online magazine -style guide by Jupiter Media Corporation for small business owners featuring technology articles, reviews, and a message board www.smallbuslnesscomputing.com. • Security Protection - Your Security Toolbox: a site by Hewlett-Packard with links to a variety of information and tools for small business data protection www.hp.com/sbso/securIty/toolbox.html. • Microsoft's Small Business Center: tips, tutorials, small business forum and product information for small businesses www.mlcrosoftcom/smallbuslness/hub.mspx. Security and Privacy — Made Simpler. VISA Fc��rrrux P Powered by PR11ACY L'l Sl\E. . UTOMATED MERCHANT SYSTEMS Experts in Electronic Payments Resolution No. R2013-128 Exhibit "A" Merrick Ban 135 Crossways Park Drive North, Suite A, Woodbury, NY 11797 (800)21 MERCHANT PROCESSING AGREEMENT APPLICATION AND FEE SCHEDULE A Registered Service Provider of Merrick Bank Corporation ("Merrick") ASSOCIATE: ACCOUNT REP: Daniel L. Sloan 0000 PRINT CL DATE: Corporate/ Legal Name: City of Pearland Corporate/ Legal Name: City of Pearland Address (Physical Location): 3519 Liberty Drive Mailing Address: P.O. Box 2719 City: Pearland State: Zip: TX 77581 City: Pearland State: Zip: TX 77588 Email Address: rovergaard@ci.pearland.tx.us Website Address: www.ci.pearland.tx.us Contact Name: Rick Overgaard Title: Asst. Director of Finance Contact Name: (Corporate Office, If Applicable) Rick Overgaard Title: Asst. Director of Financ Business Phone #: (281)652-1600 Fax #: (281)652-1707 Business Phone #: (281)652-1600 Fax #: (281)652-1707 CHAIN MERCHANT ❑ YES ® NO 017185 TYPE OF BUSINESS: City Government Federal Tax ID Number: 74-6028909 BUSINESS LICENSE #: NUMBER OF YEARS IN BUSINESS 20+ Years CURRENT PROCESSOR: POS DEBIT: ® NO 0 YES NETWORK: (RADE REFERRENCES: (7) Star MAC (W) Star Fast (0) .Star West (I I Pulse (Y) NYCF (G) Intedtnk (8) Maestro Company: 'hone: Company: 'hone: Fax: Contact: Account Type: Fax: Contact: Account Type: Authorized Signer (First): MI: Last: Title: Bill Eisen City Manager Alternate Claire Bogard Alternate Phone Number: (281)652-1663 Email Address: beisen@ci.pearland.tx.us (First): MI: Last: Title: Finance Director Phone Number: (281)652-1671 Email Address: cbogard@ci.pearland.tx.us (First): MI: Last: Title: Phone Number: Email Address: help the government fight the funding of terrorism and money laundering activities, Federal law requires all financial institutions to obtain, ven cord information that identifies each person who opens an account. What this means for you: when you open an account, we may ask you for info at will allow us to identify you, including a copy of your driver's license or other identifying documents. HE MERCHANT PROCESSING AGREEMENT IS NOT EFFECTIVE UNTIL SIGNED BELOW: terrick Bank Corporation A • ated ,• -rc. • 35 Crossways Drive North, Suite A Date : " orth e BI Thite loodbury, NY 11797 Altam. e Springs, FL 3 .•. 407-331-5465 By: z ate 'er Transaction Fees Auth / Decline S 0 05 Capture $ 0.05 Auth / Decline $ 0 0 Capture E 0 00 Auth / Decline s 0 0 Capture 5 0 00 rer Transaction Fees Auth / Decline $ 0 0 Capture 5 0.05 Auth / Dechne $ 0 0 Capture S 0.00 Auth / Dechne $ 0 0 Capture 5 0 00 v Per Transaction Fees Auth / Decline 5 0 0 Capture $ 0 05 Auth / Decline 5 0 0 Capture S 0.00 int Setup Fee I waived Amer: Auth-Caps. I Decl, 5015 Credit Debit Credit Debit Credit Debit Credit Debit Credit Debit MasterCard - Miscellaneous Fees Interchange Markup Non -PCI Markup 0 08 % 0 00 % Network Access Brand Usage Fee $ 0.0195 0 08 % 0 00 % 5 0 0195 Assessments Assessments (above 31,000.00) 0 1300 % 0.1300 % 0 1100 % 0.1100 % Partial/Full Reversal Authorization Fee S 0.045 Status Inquiry Intraregional Fee 50045 50025 Status Inquiry Interregional Fee Processing integrity Fee Intl Cross Border USD Intl Cross Border Non -USD Int' Prt 50030 50045 0,40 % 0.80 % $ 0 025 $ 0 030 S 0.045 0.40 % 0.80 % Visa - Miscellaneous Fees Interchange Markup Non - PCI Markup Acquirer Processing Fee Assessments Assessments (above 51,000.00) Visa Base II Fee 008% 000% 50.0195 0.1100% 0.1100% 50.0030 0.08 % 0 00 % 5 0.0155 0 1100 % 0.1100 % 5 0.0030 Zero Dollar Verification Fee Misuse Or Authorization Fee Zero Floor Limit Fee Processing Integrity Fee Intl Cross Border USD Intl Acquirer Processing Fee 5 0 025 5 0.045 S 0.100 8 0.100 0.40 % 0.45 % 50.025 50045 50100 50.100 0.40% 045% Discover - Miscellaneous Fees Interchange Markup Non - PCI Markup Acquirer Processing Fee Assessments Assessments (above $1,000.00) Intl Cross Border USD 0 08 % 0 00 % 5 0 0185 0.1050 % 0 1050 % 040% 0.08 % 0 D0% 500185 0 1050 % 0 1050 % 0 40 % Intl Ai Process 05 05 Merchant Account Related Fees Monthly Statement Monthly Minimum Voice Auth Charge Backs ACH Rejects 7.50 10.00 $ 0.75 S 15.00 $ 3000 Early Termination Fee See Section 11 Additional Services Related Fees Internet Gateway Monthly Fee Internet Gateway Per Transaction Fee No Per Transaction Fee for the first 5 0.00 s 0 00 Transactions per month Breach Assurance Pi 5100,000.00 Cover $ 9.95 Per MID Reporting Fee (Per User ID) (Optional) 5800 'ment Brand Charges significant amount of the Fees that we charge you for processing your Card Transactions consist of charges that we must pay to the Payment Brands (or that are othe rged by the Payment Brands or on their behalf in connection with your Card Transactions). These charges, which include interchange, assessments, fife transmission tr charges are referred to in this Schedule as "Payment Brand Charges." Thus, in addition to the fees set forth above in this Schedule, you will also be charged Payme Irges, notwithstanding the foregoing, we may temporarily elect not to charge you for certain Payment Brand Charges. Therefore, it is possible that you may not be char ain Payment Brand Charges for a period of time. If that is the case, our election not to charge you for those Payment Brand Charges should not be construed as a wai t to charge you for those Payment Brand Charges, and we reserve the right to charge you for them upon notice to you at any time. Our right to impose such charges e merit Brand Charges currently in effect, increases in the amount of those Payment Brand Charges, and new Payment Brand Charges imposed by Payment Brands an i parties. 'ayment Brand Charges, including interchange fees and assessments, are set by the Payment Brands and other third parties and are based in part upon a series of fa r establish and modify from time to time. Thus, the Payment Brand Charges for a given Card Transaction depends on a number of factors such as the type of Card pre cific information contained in the Card Transaction, how and when the Card Transaction is processed, your industry, and other factors. Note that the Payment Brands new Payment Brand Charges change the rates for existing Payment Brand Charges, or change the qualification criteria for existing Payment Brand Charges. Change: • you accept and process Card Transactions, the volume of your Card Transactions, the products and services you provide, and numerous other factors may affect you ment Brand Charges. For a detailed description of Payment Brand Charges, go to http //www automatedmerchant.com/ratesschedule (the "Site"). Notwithstanding any contrary, nothing set forth in this schedule or on the Site shall be deemed to be a representation, warranty or promise of any actual Payment Brand Charge that may b sssed hereunder. The Payment Brand Charges set forth herein and therein are for informational purposes only and remain subject revision at at times 'he parties hereto agree to abide by the terms and conditions contained In the Merchant Processing Agreement to which this signature page is attached an chant agrees by signing this document that Merchant has received a copy of the Merchant Processing Agreement and Operating Procedures Guide. AERCHANT: The undersigned hereby authorizes Merrick and/or Automated Merchant Systems, Inc. to investigate the credit of each person listed on the MI Ilication and Fee Schedule and represents that he/she has the authority to provide such authorization and to execute this Merchant Processing Agreement Witn!sf Merchant Signature Print Name 0/711I Dat 0✓FA24.6AV> / hSs-T Dt t7L tcw Title Merchant: City of Pe and Sign urs of ff"fcer/Owner Date vs-vn/A 6E Print Name Title MERCHANT SIGNATURE AUTHORIZATION Name of Government Entity: City of Pearland The undersigned certifies and agrees to as follows: 1.The undersigned and any of the persons identified below are duly authorized to sign this Merchant Processing Agreement and bind the governmental entity indicated above to it. If any official indicated below resigns or is replaced, that official's successor(s) in office shall be deemed to have signed this certification and the Merchant Processing Agreement. 2.The persons listed below are duly authorized to act for and on behalf of the governmental entity indicated above in any manner relating to this Merchant Processing Agreement. 3. Both AMS and Merrick may rely on the authority granted in this certification and the undersigned official represent and warrants that this certification shall remain in full force and effect until revoked upon written notice to AMS. 4.The following are the names, titles and genuine signatures of the persons authorized by this certification: TITLE PRINT NAME City Manager Bill Eisen Finance Director Claire Bogard SI T Ors 1an LYJ6 have subscribed my nes the official indicated above as of SF P i>~v-As,EI L3 , 7_0 (date) signature: title: G \ 2 `1 VV1gr✓4 6 Eik Print Name: C3,11-1.-- I i Lin./ ERCHANT INQUIRY: s Merchant or Owners/Principals ever been terminated from accepting payment cards from any payment network for this business or any other businesses 0 NO 0 YES (if yes, please explain) w Many Chargebacks Last Year? Total Amount: $ lase Mark all Card Types Accepted and Initial Here: v3 (Initials) 'For Details on haw these transactions qualify at each level, please refer to you Operating Procedures G Debit Cards: V/MC (consumer signature cards/ all foreign issued cards/ PIN debit cards) ' ® Other Cards: V/MC ( business credit/debit, consumer credit, & all foreign Issued cards ME CHANT G T S AND This is a Marchant Processing Agreement ("Merchant Processing Agreement' or Agree "Agreement") entered intoNas of the date accepted bye Processor (definCONDITIONS below) and is by and among Merrick Bank, a Utah state chartered bank ("Member Bank"), Automated Merchant Systems, Inc ("AMS", and collectively with Member Bank, "we", `our'. "ours" and the like) and the governmental entity (the "Merchant", ''you". "your". `yours" and the like) that signed the attached Merchant Application BACKGROUND INFORMATION Member Bank is a member/aquirer of both Visa U.S A. Incorporated ("Visa") MasterCard International ("MasterCard"), and DFS Services, LLC ("Discovert")and is authonzed to process Card Transactions for various other payment brands. networks and payment card issuers (each a "Payment Brand") Member Bank and AMS have entered into an agreement whereby AMS acts as Member Bank's sales agent and provides certain services to Merchant through various third party service providers (AMS and such third party service providers shall hereinafter collectively be referred to as "Processor'). Merchant desires to accept Debit Cards and/or Other Cards as defined below. and as indicated on the Merchant Application validly issued by a Payment Brand. Member Bank and Processor agree to provide such services in accordance with the terms and conditions set forth below Accordingly, the parties to this Agreement, intending to be legally bound. agree as follows OPERATIVE PROVISIONS 1. Services; Operating Procedures Guide. Member Bank and Processor agree to provide to Merchant, at Merchant's U S. locations identified in the Application (as defined below), processing and settlement services (the "Services") in accordance with the terms and conditions of this Agreement and the Operating Procedures Guide. the terms of which are incorporated by reference and made a part of this Agreement Merchant agrees to use Member Bank to sponsor and process its Payment Brand branded Card transactions 2. Definitions. Unless otherwise provided. the capitalized terms used in this Agreement have the meanings designated in the Operating Procedures Guide. "Debit Card" means all Payment Brand cards issued by a non-U.S. bank, a Payment Brand card issued by a U S. bank that accesses a consumer's asset account within 14 days after purchase, including but not limited to stored value, prepaid, payroll. EBT, gift. and Visa consumer check cards, and debit cards validly issued by the debit card networks indicated on the Merchant Application such as on-line (PIN -based) cards. "Other Cards" means all cards issued by a non-U.S, bank and all Payment Brand cards other than Debit Cards, including but not limited to business and consumer credit cards and business debit cards. The category of card acceptance that you have indicated on the Merchant Application will collectively be referred to as "Cards'. 3. Payment Brand Regulations. All Card Transactions and this Agreement are subject to. and the parties agree to be bound by, applicable Payment Brand operating rules and regulations ("Payment Brand Regulations"). The Payment Brand Regulations include the Payment Card Industry Data Security Standard, the Consortium Merchant Negative File published by Discover. Discover Information Security Compliance. Visa Cardholder Information Security Program and MasterCard's Site Data Protection Program. as may be amended supplemented or replaced from time to time. Merchant is responsible for demonstrating its own. its agents, and its servicers' compliance with Payment Brand Regulations as they may be amended from time to time Processor is not responsible for providing copies of the Payment Brand Regulations, and makes no representations or warranties regarding the accuracy of any summaries of Payment Brand Regulations it may provide. Processor is not liable for any non-compliance or any costs of such non-compliance by Merchant of any Payment Brand Regulation. If there is a conflict between this Agreement and the Payment Brand Regulations, the Payment Brand Regulations will apply. Merchant will pay Processor and Member Bank immediately for all Payment Brand fines. fees, penalties and all other assessments or indebtedness levied by any Payment Brand to Processor and/or Member Bank which are attributable, at Member Bank's discretion, to Merchant's Transaction processing or business. and any other loss. liability, assessment or fine incurred arising out of Merchant's breach of this Section. AMS may not subcontract, sublicense, assign. license, franchise or in any manner extend or transfer to any third party any right or obligation of AMS. 4. Fees. The Fees and other charges to be charged by Member Bank and Processor to Merchant for the services provided under this Agreement are set forth in the Merchant Application and Fee Schedule (the "Application"), which is made a part of this Agreement. The Discount Rate shall be charged on all new sales (i.e. sale transactions not including "returns" or credits to cardholders). Processor may change such Fees from time to time upon 30 days prior written notice to Merchant. The Fees set forth in the Application do not include, and Merchant hereby agrees to pay, all fees. charges, penalties, fines, assessments and additional or increased costs of any nature that may be charged by the Payment Brands or other third party, whether charged to or directly or indirectly incurred by Processor in connection with matters contemplated by the Agreement, including without limitation adjustment fees and interchange fees Interchange fees charged hereunder will not be credited back to Merchant if a transaction is subsequently reversed or otherwise processed as a credit. 5. Card Transactions. In addition to the requirements for Card Transactions set forth in the Operating Procedures Guide and Payment Brand Regulations, Merchant agrees that it will not (a) deposit into its Bank Account any Sales Draft or Credit Draft for any Card Transaction between a Cardholder and an entity other than Merchant; (b) accept cash payments from a Cardholder for previous Card Transactions, or (c) make a cash disbursement to a Cardholder arising out of a Card Transaction or any other use of a Card 6. Merchant's Account a. Merchant shall establish. and at all times during the term of the Agreement, maintain one or more Accounts with an Institution in order to facilitate payment of amounts due from time to time under this Agreement, which Institution and Account shall be identified in the Application. To secure the extension of credit and Merchant's obligations under this Agreement including, without limitation, Merchant's obligation to pay chargebacks. Merchant grants to Member Bank and AMS a security interest in its deposited Sales Drafts and all funds maintained in the Account(s). b. All credits, charges and debits in connection with Card Transactions and other amounts owing under this Agreement shall be made to Merchant's Account, including without limitation, all Fees, Adjustments and Chargebacks. Merchant authorizes Member Bank., without notice to Merchant, to credit or debit the Account(s). Any Fees or other charges not collected by Member Bank or Processor through a debit to the Account. for whatever reason. shall be invoiced to Merchant by Member Bank or Processor and are due upon Merchant's receipt of such invoice. c. If Merchant has more than one deposit account with its Institution, any or all of such accounts may be treated as the Account and may be credited, charged or debited in connection Card Transactions and other amounts owing under this Agreement as Member Bank or Processor may determine provided, that Merchant may designate a particular Account with respect to certain amounts to be credited, charged or debited from time to time by Member Bank in connection with particular Card Transactions. Member Bank agrees to comply with such designation so long as the designated Account(s) contain sufficient funds to satisfy such charges or debits d. If a debit or Chargeback to the Account results in an overdraft. Merchant shall immediately deposit with Institution an amount sufficient to cover such overdraft and any related service charges or fees. e. All Items credited and debited to the Account(s) are subject to review. verification and acceptance by Member Bank and Processor. Member Bank may withhold crediting of questionable items pending verification, investigation and confirmation. 1. If Merchant desires to change the Account. Merchant shall notify Member Bank and Processor in writing at least ten (10) days prior to the effective date of the change and shall follow Member Bank's and Processor's procedures for completing the change 7. Display of Service Marks, Advertising and Promotional Materials a. Merchant shall prominently display at each Authorized Location any service marks, identification logos and any other promotional materials (collectively, the "Service Marks") the Payment Brands furnish to Merchant to alert Cardholders that Cards will be honored at Merchant's Authorized Locations. This requirement shall not apply to private clubs or other merchants that do not serve the general public or other class of merchants exempted by a Payment Brand. The Service Marks for each Payment Brand must be al least the dimension of and as prominent as any other card program mark or logo displayed. b. Merchant may use the Service Marks only to indicate that Cards are accepted by Merchant for payment. Merchant shall not state, imply or use the Service Marks to indicate that Processor or any Payment Brand endorses, sponsors. produces. offers. sells or is affiliated with any of Merchant's goods or services c. Merchant shall not refer to Processor or any Card or Payment Brand in stating eligibility for Merchant's merchandise, services or membership. d. Merchant's use of the Service Marks of any Payment Brand shall be govemed by the Payment Brand's Regulations and Merchant shall not use any Service Marks in a direct mail solicitation without prior written approval of the applicable Payment Brand. e. Merchant's right to use or display the Service Marks shall continue so long as this Agreement remains in effect. unless Processor directs that such use or display shall cease. Merchant acknowledges that the Service Marks are the property of the applicable Payment Brand and Merchant shall not infringe upon the Service Marks 1. If Merchant has requested signage for the purpose of indicating acceptance of Debit Cards, Merchant must display such signage for a minimum of 3 months from delivery of such signage to Merchant All point of sale displays or websites must include either appropriate Service Marks to indicate acceptance of Debit and Other Cards or Payment Brand approved signage to indicate acceptance of the limited acceptance category Merchant has selected. g. If Merchant has requested Payment Brand bank identification numbers, Merchant must only use the bank identification numbers for product identification purposes at the point of sale. and not disclose this proprietary and confidential information to any third party without prior written permission from the applicable Payment Brand. 8. Term. This Agreement will be effective as of the date it is accepted by Member Bank and Processor and will continue in effect for a term of one (1) year following such date (the "Initial Term"), unless earlier terminated as provided for below. Following the Initial Term, this Agreement will automatically renew for additional one year renewal terms. unless a party provides written notice to the other parties of its intent not to renew this Agreement at least ninety (90) days prior to the expiration of the then current Term (a "Termination Notice"). If a party provides a Termination Notice to the other parties, this Agreement shall terminate on the expiration of the then current Term 9. Events of Default. An "Event of Default" shall mean the occurrence or existence of one or more of the following events or conditions, whatever the reason for such Event of Default and whether voluntary, involuntary or effected by operation of law (a) Merchant fails to pay any obligation under this Agreement to Member Bank or Processor when due, (b) any representation or warranty made by Merchant under this Agreement. the Application or any financial statement. certificate, report. exhibit or document required to be furnished by Merchant to Member Bank or Processor pursuant to this Agreement shall prove false or misleading in any material respect as of the time when made. including any omission of material information necessary to make such representation, warranty or statement not misleading or the failure to provide required information: (c) Merchant shall default in the performance or observance of any covenant, agreement or duty under this Agreement or any Payment Brand Regulation; (d) Merchant is no longer allowed by a Payment Brand to accept such Payment Brand's Cards as payment or Merchant's name appears on a Payment Brand's terminated merchant file: (e) Member Bank or Processor reasonably conclude that any criminal, fraudulent, unauthorized or suspicious activity has occurred or is imminent with respect to Merchant's acceptance of Cards or Merchant's performance under this Agreement: (f) there is an unexplained material change in Merchant's processed volume. average ticket size or mode of sale: (g) Member Bank or Processor reasonably conclude that there exists a risk of an abnormal level of Chargebacks or that Merchant may not fund Chargebacks, fees or other charges as they occur; (h) Merchant has defaulted on any obligation for borrowed money and the effect thereof may permit the holder of such indebtedness to accelerate the time when repayment is due; (i) there is an adverse material change in Merchant's business. operations, financial condition, properties, assets or prospects, (j) one or more judgments against Merchant, for the payment of money remain undischarged. unsatisfied or unstayed for a period of 45 consecutive days: (k) Merchant's lender takes possession of Merchant's inventory; (I) a writ or warrant of attachment, garnishment, execution, or similar process shall have been issued against Merchant or any of its assets; (m) a proceeding shall have been instituted with respect to Merchant (1) seeking an order for relief or a declaration entailing a finding that Merchant is insolvent or seeking a similar declaration or finding, or seeking dissolution, winding up, charter revocation or forfeiture, liquidation, reorganization, arrangement, adjustment, composition or other similar relief with respect to Merchant, its assets or its debts under any law relating to bankruptcy, insolvency, relief of debtors or protection of creditors, termination of legal entities or any other similar law now or hereafter in effect, or (2) seeking appointment of a receiver. trustee, custodian. liquidator, assignee, sequestrator or other similar official for Merchant or for all or any substantial part of its assets, or (n) Merchant shall become insolvent, shall become generally unable to pay its debts as they become due, shall voluntarily suspend transaction of its business, shall make a general assignment for the benefit of creditors, shall institute a proceeding described in subsection (m)(1) above, or shall consent to any such order for relief, declaration, finding or relief described therein, shall institute a proceeding described in subsection (m)(2) above. or shall consent to any such appointment or to the taking of possession by any such official of all or any substantial part of its assets, shall dissolve, windup, revoke or forfeit its charter (or other constituent documents) or liquidate itself or any substantial part of its assets, or shall take any action in furtherance of any of the foregoing; or (o) accept a Card for an unlawful Internet gambling Transaction. Merchant shall notify Member Bank and Processor in writing immediately upon becoming aware of an Event of Default. or an event which, with the passing of time or the giving of notice, or both, would constitute an Event of Default. 10. Remedies Upon Event of Default. Upon the occurrence of any Event of Default, Member Bank and Processor may employ any or all of the following remedies it deems appropriate: (a) terminate this Agreement immediately upon notice to Merchant; (b) without prior notice to Merchant, refuse to accept or revoke acceptance of any Sales Draft or Credit Draft, or the electronic transmission thereof if applicable, received by Member Bank or Processor on or at any time after the occurrence of any Event of Default: (c) without prior notice to Merchant, Member Bank may debit Merchant's Account in an amount equal to any amount then owed to Member Bank or Processor; (d) establish a reasonable reserve using Merchant funds in Member Bank's possession to cover foreseeable Chargebacks, Payment Brand fines or assessments, cardholder credits or Fees, (e) increase the Fees payable by Merchant hereunder commensurate with the increased risk, (f) require Merchant to deposit, as cash collateral. such amounts as Member Bank or Processor may require to secure Merchant's obligations hereunder (g) report to one or more credit reporting agencies any outstanding Merchant or guarantor indebtedness to Member Bank or Processor; or (h) take such other action as may be permitted by law. Page 4 11. Early Termination Fee. For purposes of this Section 11. a 'Early Termination" shall mean: (i) a termination of this Agreement by Member Bank or Processor following an Event of Default specrfred in Section 9 above (ii). a termination of this Agreement by Merchant for any reason whatsoever, other than following written Termination notice given by Merchant pursuant to Section B or 13, or (iii) Merchant's deposit or submission o1 it's Payment Brand branded transactions with any entity other than Member Bank. Merchants payment of the monthly minimum discount shall not fulfill Merchant's obligation to Processor The ponies agree that the actual damages which will result to Processor from an Early Termination are not readily ascertainable as of the effective date of this Agreement. In addition, Merchant acknowledges and agrees that in reliance on this Agreement and other long-term agreements, Processor will incur additional long-term costs, including without limitation, computer hardware. software, and labor. Accordingly, upon the occurrence of an Early Termination. Merchant shall pay to Processor, in addition to all amounts owed each for the services provided to Merchant pursuant to this Agreement, an amount equal to the greater of (1) $500 00, or(ii) thirty percent (30%) of the average total monthly fees incurred during the preceding 6 months (or shorter period if this Agreement has not been in effect for 6 months). times the number of months, or portion thereof, remaining in the then current Term of this Agreement. The parties intend that the Early Termination Fee be in lieu of Processors lost profits for the remainder of the term of this Agreement, but not in lieu of any other damages to which Processor might otherwise be entitled arising out of wrongful acts or omissions of Merchant. 12. Change in Merchant's Business. Merchant shall provide Member Bank and Processor at least thirty (30) days prior written notice of its intent to change in any way the basic nature of its business. including without limitation. a change in the types of merchandise or services sold. or the method of selling such products or services. Upon its receipt of notice of such change, Member Bank and Processor shall have the right to terminate this Agreement without further obligation upon providing to Merchant thirty (30) days prior written notice 13. Termination by Merchant. Merchant may terminate this Agreement upon thirty (30) days prior written notice to Member Bank and Processor in the event of (a) receipt by Merchant of notice of any increase in Fees payable to Member Bank and Processor pursuant to Section 4 hereof (excluding pass-through fees payable to a Payment Brand or other third party, or Fee increases pursuant to Section 10): or (b) any amendment or modification to this Agreement made by Member Bank or Processor pursuant to Section 20 hereof which adversely affects Merchant (excluding material amendments or modifications required due to changes 10 an Payment Brand Regulation or applicable federal. state or local law or regulation). Merchant's right to terminate pursuant to this Section 13 shall expire thirty (30) days following Merchant's receipt of notice of any such Fee increase or amendment or modification. it this Agreement is terminated, regardless of cause, Member Bank may withhold and discontinue the disbursement for all Card Transactions in the process of being collected and deposited. If termination is due to the occurrence of an Event of Default or if Merchant otherwise breaches this Agreement, Merchant acknowledges that Member Bank or Processor may be required to report Merchant's business name and the names and other identification of its principals to the MATCH file maintained by the Payment Brands. Merchant expressly agrees and consents to such reporting if Merchant is terminated for any reason requiring listing on the MATCH file. Merchant waives and will hold harmless Member Bank and AMS from any claims that Merchant may raise as a result of Member Bank or Processor MATCH file reporting. Merchant will also immediately cease requesting Authorizations. If Merchant obtains any Authorization after termination. the fact that any Authorization was requested or obtained will not reinstate this Agreement. Further, Merchant will return all Member Bank or AMS property, forms. or equipment All obligations for Transactions prior to termination (including payment for Chargebacks and Member Bank's expenses relating to Chargebacks) survive termination. Neither Member Bank nor AMS is liable to Merchant for damages (including prospective sales or profits) due to termination. Following termination, Merchant will upon request provide Member Bank and AMS with all original and electronic copies of Sales Drafts and Credit Drafts that have been retained by Merchant as of the date of termination. Upon termination, any amounts due to Member Bank or AMS will accelerate and be immediately due and payable, without any notice, declaration or other act whatsoever. 14. Credit Inquiries; Reporting; Financial Statements. Merchant authorizes Member Bank and Processor to make any credit inquiries they consider necessary to accept or to renew their acceptance of this Agreement. Merchant also authorizes any person or credit reporting agency to compile information to answer such credit inquiries and to furnish such information to Member Bank and Processor. Merchant agrees to provide to Processor such financial statements or other information conceming Merchant's business or operations as may be requested by Processor from time to time. in appropriate detail, promptly upon request by Processor. Upon request by Processor, Merchant shall furnish 10 Processor, within 120 days after the end of Merchant's fiscal year. an audited financial statement of profit and loss for such fiscal year and an audited balance sheet as of the end of such fiscal year. Processor may, at its discretion, accept unaudited financial statements prepared by a public accounting firm. 15. Representation and Warranties. Merchant makes the following representations and warranties which shall be true and correct on the date of this Agreement and at all times thereafter (a) all information contained in Merchant's Application or any other document delivered to Member Bank and Processor in connection therewith or with this Agreement is true and complete in all material respects: (b) Merchant has the power to execute, deliver and perform this Agreement; (c) this Agreement is duly authorized and will not violate any provisions of law, or conflict with any other agreement to which Merchant is subject or by which Merchant's assets are bound; (d) Merchant has all required licenses, if any. to conduct its business and is qualified to do business in every jurisdiction where it is required to do so: (e) there is no action. suit or proceeding at law or in equity pending, or to the knowledge of Merchant, threatened, by or against or affecting Merchant which if adversely decided to Merchant would impair the right of Merchant to carry on its business substantially as now conducted or adversely affect its financial condition or operations in any material respect; and (f) Merchant is not now. nor shall it in the future, become engaged in any method of selling which is now or in the future set forth in the Operating Procedures Guide as an "Unacceptable Selling Method " 16. Hold Harmless. To the extent permissible under applicable law. Merchant agrees to hold harmless Member Bank and Processor, their respective affiliates, directors, officers employees and agents from all claims, liabilities. loss, damage. and expenses of any nature (including fees and expenses of legal counsel and costs of litigation) arising from or in connection with: (a) any dispute or claim made by a Cardholder with respect to a Card Transaction, including but not limited to. any such dispute concerning the quality, fitness or delivery of merchandise or the performance or quality of services; and (b) the failure of Merchant to comply with the provisions of this Agreement, Payment Brand Regulations or applicable federal. state or local laws and regulations. 17. CHOICE OF LAW; JURISDICTION; WAIVER. THIS AGREEMENT SHALL BE GOVERNED BY THE LAWS OF THE STATE OF IN WHICH MERCHANT IS LOCATED. MERCHANT, MEMBER BANK AND PROCESSOR HEREBY IRREVOCABLY AND UNCONDITIONALLY: (A) AGREE THAT ANY ACTION, SUIT OR PROCEEDING BY ANY PERSON ARISING FROM OR RELATING TO THIS AGREEMENT OR ANY STATEMENT. COURSE OF CONDUCT. ACT, OMISSION OR EVENT OCCURRING IN CONNECTION WITH THIS AGREEMENT (COLLECTIVELY, "RELATED LITIGATION") MUST BE BROUGHT IN A STATE OR FEDERAL COURT OF COMPETENT JURISDICTION IN THE COUNTY AND STATE IN WHICH MERCHANT IS LOCATED; (B) SUBMIT TO THE JURISDICTION OF SUCH COURTS; (C) WAIVE ANY OBJECTION WHICH IT MAY HAVE AT ANY TIME TO THE LAYING OF VENUE OF ANY RELATED LITIGATION BROUGHT IN ANY SUCH COURT; (D) WAIVE ANY CLAIM THAT ANY SUCH RELATED LITIGATION HAS BEEN BROUGHT IN AN INCONVENIENT FORUM. AND WAIVE ANY RIGHT TO OBJECT. WITH RESPECT TO ANY RELATED LITIGATION BROUGHT IN ANY SUCH COURT, THAT SUCH COURT DOES NOT HAVE JURISDICTION OVER MERCHANT OR PROCESSOR; (E) CONSENT AND AGREE TO SERVICE OF ANY SUMMONS. COMPLAINT OR OTHER LEGAL PROCESS IN ANY RELATED LITIGATION BY REGISTERED OR CERTIFIED U.S. MAIL, POSTAGE PREPAID: TO MERCHANT AT THE ADDRESS IN THE APPLICATION AND CONSENTS AND AGREES THAT SUCH SERVICE SHALL CONSTITUTE IN EVERY RESPECT VALID AND EFFECTIVE SERVICE (BUT NOTHING HEREIN SHALL AFFECT THE VALIDITY OR EFFECTIVENESS OF PROCESS SERVED IN ANY OTHER MANNER PERMITTED BY LAW): AND (E) WAIVE THE RIGHT TO TRIAL BY JURY IN ANY RELATED LITIGATION THE PREVAILING PARTY IN ANY RELATED LITIGATION SHALL BE ENTITLED TO RECOVER ITS REASONABLE ATTORNEY'S FEES. COST AND EXPENSES. 18. LIMITATION OF LIABILITY. TO THE FULLEST EXTENT PERMITTED BY LAW. NO CLAIM MAY BE MADE BY MERCHANT AGAINST MEMBER BANK OR PROCESSOR OR ANY OF THEIR RESPECTIVE AFFILIATES. DIRECTORS, OFFICERS. EMPLOYEES OR AGENTS OF ANY OF THEM FOR ANY SPECIAL, INCIDENTAL. INDIRECT, CONSEQUENTIAL OR PUNITIVE DAMAGES IN RESPECT OF ANY CLAIM ARISING FROM OR RELATING TO THIS AGREEMENT OR ANY STATEMENT, COURSE OF CONDUCT. ACT. OMISSION OR EVENT OCCURRING IN CONNECTION THIS AGREEMENT UNLESS SUCH CLAIM ARISES FROM THE WILFUL MISCONDUCT OF THE MEMBER BANK OR PROCESSOR AND MERCHANT HEREBY WAIVES, RELEASES AND AGREES NOT TO SUE UPON ANY SUCH CLAIM FOR ANY SUCH DAMAGES, WHETHER SUCH CLAIM PRESENTLY EXISTS OR ARISES HEREAFTER AND WHETHER OR NOT SUCH CLAIM IS KNOWN OR SUSPECTED TO EXIST IN ITS FAVOR. 19. Debit Card Acceptance. Merchant may accept Debit Cards supported by Processor. If the Debit Card requires a personal identification number ("PIN") Merchant will comply with the following: a. Merchant will attempt to settle in good faith any dispute between Merchant and a Cardholder involving a Debit Card transaction. Merchant will establish a fair, consistent policy for the exchange and retum of merchandise and for the adjustment of amounts due on Debit Card sales. Merchant will promptly initiate a refund to the customer (which may be made in cash, by an adjustment draft or with a check or cashier's check, as permitted by the Payment Brand Regulations) whenever Merchant determines that a Debit Card transaction should be canceled or reversed. b. Except as the debit networks may permit, Merchant will not make any cash refunds or payments for returns or adjustments on Debit Card transactions but will instead complete an adjustment form provided or approved by Processor. The Debit Card Sales Draft for which no refund or return will be accepted by Merchant must be clearly and conspicuously marked (including on the Cardholder's copy) as "final sale" or "no return" and must comply with the Payment Brand Regulations. c. Merchant will refer Debit Card Cardholders with questions or problems to the institution that issued the Debit Card Merchant will cooperate with Processor and with each applicable debit network and its other members to resolve any alleged errors relating to transactions. Merchant will permit and will pay all expenses of periodic examination and audit of functions related to each debit network. at such frequency as the applicable Debit Network deems appropriate. Audits will meet debit network standards, and the results will be made available to the debit network. d. Merchant may not process a Credit Card transaction in order to provide a refund on a PIN Debit Card transaction. All debit transactions must be authorized and processed electronically. K Authonzation is not available at the time of sale. Merchant must request another form of payment from its customer Merchant may process the transaction as a Store and Forward or Resubmission, in which case Merchant assumes the risk that the transaction fails to authorize or otherwise declines. e. A PIN Debit Card transaction may not be completed without the PIN being entered into the PIN pad only by the Cardholder Merchant may not accept the PIN from the Cardholder verbally or in written form. 1. Cardholders must be issued a receipt upon successful completion of a Debit Card Transaction Any applicable tax must be included in the total Debit Card Transaction amount for which authorization is requested. Tax may not be separately collected in cash. g. Merchant is responsible for all applicable adjustment fees that may be charged by a Debit Card network. An adjustment is a transaction that is initiated to correct a PIN Debit Card transaction that has been processed in error h. Merchant may not engage in Electronic Benefit Transfers. An Electronic Benefit Transaction is one in which cash is given to a customer without the purchase of goods or services. Merchant further agrees that it shall not offer cash back to customers when such customers make a PIN Debit Card purchase. i. Merchant is responsible for securing terminals and for instituting appropriate controls to prevent employees or others from submitting refunds and voids that do not reflect bona fide returns or reimbursements of prior transactions. 20. MISCELLANEOUS PROVISIONS. a. Merchant shall not subcontract. assign or transfer any interest, obligation or right under this Agreement without the prior written consent of Member Bank and Processor. Any dissolution, merger.. consolidation, reorganization or transfer of substantially all assets or a controlling percentage of the corporate stock of Merchant shall constitute an assignment of this Agreement. Subject to the foregoing, this Agreement shall be binding upon and inure to the benefit of the parties and their successors or assigns. Processor and Member Bank may transfer their respective rights and responsibilities hereunder to another institution authorized by the Payment Brand Regulations to hold such rights without Merchant's consent b. This Agreement may be modified by Member Bank to comply with any amendments or additions to the Payment Brand Regulations upon 30 days prior written notice to the Merchant. c. No party shall, by the mere lapse of time, without giving notice or taking other action. be deemed to have waived any of their rights under this Agreement. No waiver of a breach of this Agreement shall constitute a waiver of any prior or subsequent breach of this Agreement d. In order to maintain quality service, Member Bank or Processor may monitor or record telephone communications with Merchant e. No party shall be liable for any loss or damage due to causes beyond its control. including earthquake, war, fire, flood, power failure, acts of God or other catastrophes. f. Each party and each person signing on behalf of a party represents and warrants that it has the full legal capacity and authority to enter into and perform the obligations of this Agreement without any further approval. Nothing in this Agreement shall be deemed to create a partnership, joint venture or any agency relationship between the parties. g. This Agreement and the documents referenced herein constitute the entire understanding of the parties with respect to the subject matter of this Agreement. and alt prior agreements, understandings and representations are terminated and canceled in their entirety. h. If there is any conflict between a part of this Agreement and any present or future Payment Brand Regulation or applicable federal, state or local law or regulation. only the part of this Agreement that is affected shall be modified and that modification shall be limited to the minimum necessary to bring this Agreement within the requirements of the Payment Brand Regulation, law or regulation. i. All notices, including invoices, given in connection with this Agreement shall be in writing and shall be effective upon actual receipt. Notices shall be delivered to the appropriate party at its address set forth on the attached Disclosure Page J. Merchant shall be liable for all taxes. except Member Bank and Processor's income taxes. required to be paid or collected as a result of this Agreement. k. All obligations. warranties and liabilities of Merchant incurred or existing as of the date of termination of this Agreement, including without limitation, Merchant's obligations with respect to subsequent Adjustments or Chargebacks based upon Card Transactions incurred prior to termination. shall survive termination and shall continue in full force and effect as if the termination had not occurred. The right to revoke credit as well as hold, retain or set off against amounts due to Merchant, or to debit any Account(s) of Merchant, shall survive the termination of this Agreement and shall continue in full force and effect as if termination had not occurred Page 5 1. No other person or entity may be deemed a third party beneficiary of this Agreement. Disclosure Page (Processor Copy) Member Bank Information Name: Merrick Bank, a Utah state chartered bank Address: 135 Crossways Park Drive North, Suite A, Woodbury, NY 11797 Phone: (800)267-2256 Important Member Bank Responsibilities 1. Member Bank is the only party to the Merchant Processing Agreement approved to accept Visa products directly from a Merchant. 2. Member Bank must be a principal (signer) to the Merchant Processing Agreement. 3. Member Bank is responsible for educating the Merchant on pertinent Visa U.S.A. Inc. Operating Regulations with which the merchant must comply. 4. Member Bank is responsible for and must provide settlement funds to the Merchant. 5. Member Bank is responsible for all funds held in reserve that are derived from settlement. Merchant Information Merchant Name: City of Pearland Merchant Address: 3519 Liberty Drive Pearland, TX 77581 Merchant Phone: (281)652-1600 Important Merchant Responsibilities 1. Ensure compliance with cardholder data security and storage requirements. 2. Maintain fraud and chargebacks below thresholds. 3. Review and understand the terms of the Merchant Processing Agreement. 4. Comply with Visa Operating Regulations. The responsibilities listed above do not supersede terms of the Merchant Processing Agreement and are provided to ensure Merchant understands some important obligations of each party. alp) Merchant's Signature Date CLr-1 SS0(71N-2-6 Dt2�c�os✓ oir t..4-�� Merchant's Printed Name & Title Disclosure Page (Merchant Copy) Member Bank Information Name: Merrick Bank, a Utah state chartered bank Address: 135 Crossways Park Drive North, Suite A, Woodbury, NY 11797 Phone: (800)267-2256 Important Member Bank Responsibilities 6. Member Bank is the only party to the Merchant Processing Agreement approved to accept Visa products directly from a Merchant. 7. Member Bank must be a principal (signer) to the Merchant Processing Agreement. 8. Member Bank is responsible for educating the Merchant on pertinent Visa U.S.A. Inc. Operating Regulations with which the merchant must comply. 9. Member Bank is responsible for and must provide settlement funds to the Merchant. 10. Member Bank is responsible for all funds held in reserve that are derived from settlement. Merchant Information Merchant Name: Merchant Address: Merchant Phone: City of Pearland 3519 Liberty Drive Pearland, TX 77581 (281)652-1600 Important Merchant Responsibilities 5. Ensure compliance with cardholder data security and storage requirements. 6. Maintain fraud and chargebacks below thresholds. 7. Review and understand the terms of the Merchant Processing Agreement. 8. Comply with Visa Operating Regulations. The responsibilities listed above do not supersede terms of the Merchant Processing Agreement and are provided to ensure Merchant understands some important obligations of each party. Lktio r1,06Lutd 1 c2.6 /3 Merchant's Signature Date GL�r 12% b44D , D r c- o c e=1 A/h'`iGS. Merchant's Printed Name & Title PRIMARY MERCHANT INFORMATION: AMS - MERRICK LOCATION ADDENDUM Location No: 1 Date: Legal Name: City of Pearland Bank Chain: 100121 Main Contact: Rick Overgaard Title: Asst. Director of Finance Merchant Number: 317730276544 , Ass,pned Upon Approver LOCATION INFORMATION: DBA: Animal Control Statement DBA (23 Chr. Max): ANIMAL CONTROL RETAIL Main Contact: Shari Coleman Email: scoleman@ci.pearland.tx.us Title: Animal Control Officer Phone #: (281)652-1973 Fax #: (281)652-1718 Location Address: 2002 Old Alvin Road City: Pearland ST: TX Zip: 77581 Mailing Address: P.O. Box 2719 City: Pearland ST: TX Zip: 77588 Customer Service Phone Number: (281)652-1694 SIC: 9399 Sales Rep: Daniel L. Sloan 0000 Avg Ticket: $70.00 Max: Swipe % 95 Keyed % 5 MOTO % 0 Internet % 0 Monthly Vol: $2,300.00 Merchant Products or Services Offered (be specific): Animal Control Terminal / Payment Application: Omni3300 Does Merchant Use Independent Servicer (store, maintain, or transmits cardholder Servicer / Payment App. Manufacturer: Version: data)? (if yes, provide the following) Phone: American Express (10 Digits): 0 Apply for American Express SITE INFORMATION: Merchant Type: Retail Building Type: Area Zoned: Square Footage: Merchant: Landlord: Contact: Phone: Fulfillment Co. Contact: Phone: This Location is Open for Business: ® Yes 0 No Inspected By: Date: IMIIMPFITIMMITTIMITIMComplete if Processin.Less Than 70 % Card Present Sell To: Business: % Public: % Does the Merchant Own ProducUlnventory? Marketing: Are Products Stored at the Business Location? If No, Where? Orders Processed by: If Processing Internet Transactions (Please Complete The Following) Cards Processed by: Internet transactions encrypted by SSL or Better? When is the cardholder Charged? If Yes, Provide The Following Digital Certificate Utilized? (if yes, provide the following) How many days to fulfill orders? Shipped by: Certificate Number: Exp Date: Products Shipped by: Certificate Issuer: Delivery Receipt Requested? URL: DDA BANK ACCOUNT INFORMATION: This area should be completed for Added/Subsequent locations with DDA other than main location. Please Include a Voided Check. If this is a "Deposit Only" account then a letter from the Financial Institution verifying Transit and Routing Number and DDA# is required. Account Type: CK Account Type: CK Deposit Routing/Transit # 111900659 Chargeback Routing/Transit # 111900659 Deposit Account Number 8071613395 Chargeback Account Number 8071613395 Bank Name: Wells Fargo Bank Contact: Tim Kreitzer Phone: Merchant hereby authorizes Merrick and Automated Merchant Systems, Inc. to initiate credit and/or debit entries for amounts originating under the Merchant Processing Agreement (via ACH or otherwise) including any reversals or adjustments on original entries to the Merchant's Bank Account (as defined in the Merchant Processing Agreement). NOTE: Attach Voir: The Merchant agrees to abide by the terms 8, conditions contained in the Merchant Processing Agreement signed on 11/16/2007, provided, however, that the term of the Merchant Processing Agreement relating to the above -referenced Additional Location shall be for the same length of time as the initial Term (defined in the Merchant Processing Agreement), and such Initial Ter`' for the Additi nal Location shall commence on the date signed by Officer/Owner, indicated below. LLQ-�E i3 OC - E'4llttn i lY%u_t_Ci{ I>t7 Gl-02-t /i/Z-S1/'3 Printed Officer/Owner Name Signature Title Date Rev 03/2011 This area should be completed for Added/Subsequent locations with DDA other than main location. Please Include a Voided Check. If this is a "Deposit Only" account then a letter from the Financial Institution verifying Transit and Routing Number and DDA# is required. Account Type: CK Account Type: CK Deposit Routing/Transit # 111900659 Chargeback Routing/Transit # 111900659 Deposit Account Number 8071613395 Chargeback Account Number 8071613395 Bank Name: Wells Fargo Bank Contact: Tim Kreitzer Phone: Merchant hereby authorizes Merrick and Automated Merchant Systems, Inc. to initiate credit and/or debit entries for amounts originating under the Merchant Processing Agreement (via ACH or otherwise) including any reversals or adjustments on original entries to the Merchant's Bank Account (as defined in the Merchant Processing Agreement). NOTE: Attach Voided Check AMS - MERRICK LOCATION ADDENDUM PRIMARY MERCHANT INFORMATION: Legal Name: City of Pearland Location No: 2 Date: Main Contact: Rick Overgaard Bank Chain: 100121 Title: Asst. Director of Finance Merchant Number: 317730276557 LOCATION INFORMATION: IAssigned upon Approval) DBA: Court Fines Retail Main Contact: Jennifer Huhn Title: Court Administrator Location Address: 2555 Cullen Parkway Statement DBA (23 Chr. Max): COURT FINES RETAIL Email: jhuhn@ci.pearland.tx.us Phone #: (281) 997-5900 Fax #: (281)652-1717 Mailing Address: 3519 Liberty Drive Customer Service Phone Number: (281) 997-5900 Avg Ticket: $120.00 Max: Monthly Vol: $70,000.00 Merchant Products or Services Offered (be specific): Muncipal Court Fines City: Pearland City: Pearland ST: TX Zip: 77581 ST: TX Zip: 77581 SIC: 9222 Sales Rep: Daniel L. Sloan 0000 Swipe % 90 Keyed % 10 MOTO % 0 Internet % 0 Terminal / Payment Application: Omni Vx570 IP Does Merchant Use Independent Servicer (store, maintain, or transmits cardholder data)? Servicer / Payment App. Manufacturer: American Express (10 Digits): Version: (if yes, provide the following) Phone: ❑ Apply for American Express SITE INFORMATION: Merchant Type: Retail Building Type: Area Zoned: Square Footage: Merchant: Landlord: Fulfillment Co. This Location is Open for Business: ® Yes 0 No Contact: Contact: Inspected By: Phone: Phone: Date: MOTO — ECOMMERCE QUESTIONNAIRE Sell To: Business: % Public: Marketing: Com lete ifProcessin. Less Than 70 % Card Present Orders Processed by: Cards Processed by: Does the Merchant Own ProducUlnventory? Are Products Stored at the Business Location? If No, Where? If Processing Internet Transactions (Please Complete The Following) When is the cardholder Charged? How many days to fulfill orders? Shipped by: Products Shipped by: Delivery Receipt Requested? Internet transactions encrypted by SSL or Better? If Yes, Provide The Following Digital Certificate Utilized? Certificate Number: Certificate Issuer: URL: (if yes, provide the following) Exp Date: DDA BANK ACCOUNT INFORMATION: The Merchant agrees to abide by the terms 8, conditions contained in the Merchant Processing Agreement signed on 11/16/2007provided, however, that the term of the Merchant Processing Agreement relating to the above -referenced Additional Location shall be for the same length of time as the initial Term (defined in the Merchant Processing Agreement), and such Initial Term or the Additional Location shall commence on the date signed by Officer/Owner, indicated below. CI— t'rv2r B06 tUn.,n RI-iln41 D1« —JZ- 0 eN..rc Printed Officer/Owner Name Signature Title ate Rev 03/2011 AMS - MERRICK LOCATION ADDENDUM PRIMARY MERCHANT INFORMATION: Location No: 3 Date: Legal Name: City of Pearland Bank Chain: 100121 Main Contact: Rick Overgaard Title: Asst. Director of Finance Merchant Number: 317730276560 ,Assigned Upon Approval) LOCATION INFORMATION: DBA: Court Fines Web Statement DBA (23 Chr. Max): COURT FINES WEB Main Contact: Jennifer Huhn Email: jhuhn©ci.pearland.tx.us Title: Court Administrator Phone #: (281)652-1612 Fax #: (281)652-1717 Location Address: 2555 Cullen Parkway City: Pearland ST: TX Zip: 77581 Mailing Address: 3519 Liberty Drive City: Pearland ST: TX Zip: 77581 Customer Service Phone Number: (281)652-1604 SIC: 9222 Sales Rep: Daniel L. Sloan 0000 Avg Ticket: $120.00 Max: 100 Monthly Vol: $70,000.00 Swipe % 0 Keyed % 0 MOTO % 0 Internet % Merchant Products or Services Offered (be specific): Muncipal Court Fines Terminal / Payment Application: Sungard Click2Gov Version: Does Merchant Use Independent Servicer (store, maintain, or transmits cardholder data)? (if yes, provide the following) Servicer / Payment App. Manufacturer: Phone: American Express (10 Digits): 0 Apply for American Express SITE INFORMATION: Merchant Type: Internet Website Building Type: Area Zoned: Square Footage: Merchant: Landlord: Contact: Phone: Fulfillment Co. Contact: Phone: This Location is Open for Business: IE Yes 0 No Inspected By: Date: MOTO — ECOMMERCE QUESTIONNAIRE Sell To: Business: Marketing: 40 % Public: 60 % Complete if Processing Less Than 70 % Card Present Does the Merchant Own Product/Inventory? YES Are Products Stored at the Business Location? YES If No, Where? Orders Processed by: Merchant If Processing Internet Transactions (Please Complete The Following) Cards Processed by: Merchant When is the cardholder Charged? Time of Order How many days to fulfill orders? 1 - 7 Days Shipped by: Merchant Products Shipped by: Other Delivery Receipt Requested? NO DOA BANK ACCOUNT INFORMATION: Internet transactions encrypted try SSL or Better? YES If Yes, Provide The Following Digital Certificate Utilized? YES (if yes, provide the following) Certificate Number: Ob 4a 11 da e4 b9 42 5e 25 70 da 5e Exp Date: 12/5/2017 Certificate Issuer: VeriSign Class 3 Internationl Shared URL: https://egov.ci.pearland.tx.us/Click2GovCS/index.jsp This area should be completed for Added/Subsequent locations with DDA other than main location. Please Include a Voided Check. If this is a "Deposit Only" account then a letter from the Financial Institution verifying Transit and Routing Number and DDA# is required. Account Type: C K Account Type: CK Deposit Routing/Transit # 111900659 Chargeback Routing/Transit # 111900659 Deposit Account Number 8071613395 Chargeback Account Number 8071613395 Bank Name: Wells Fargo Bank Contact: Tim Kreitzer Phone: Merchant hereby authorizes Merrick and Automated Merchant Systems, Inc. to initiate credit and/or debit entries for amounts originating under the Merchant Processing Agreement (via ACH or otherwise) including any reversals or adjustments on original entries to the Merchant's Bank Account (as defined in the Merchant Processing Agreement). NOTE: Attach Voided Check The Merchant agrees to abide by the terms & conditions contained in the Merchant Processing Agreement signed on 11/1612007, provided, however, that the term of the Merchant Processing Agreement relating to the above -referenced Additional Location shall be for the same length of time as the initial Term (defined in the Merchant Processing Agreement), and such Initial Term for the Additional Location shall commence on the date signed by Officer/Owner, indicated below. A IRS C:1sX_t=- 9)7-3//3 1:5ck74L) Printed Officer/Owner Name Signature Title Date Rev 03/2011 AMS - MERRICK LOCATION ADDENDUM PRIMARY MERCHANT INFORMATION; Location No: 4 Date: Legal Name: City of Pearland Bank Chain: 100121 Main Contact: Rick Overgaard Title: Asst. Director of Finance Merchant Number: 317730276573 lnxsigned Upon Rppoveh LOCATION INFORMATION: DBA: Parks & Rec Retail Statement DBA (23 Chr. Max): PARKS & REC RETAIL Main Contact: Michelle Smith Email: msmith@ci.pearland.tx.us Title: Assistant Director of Parks and Rec Phone #: (281)652-1694 Fax #: (281)412-2659 Location Address: 2947 E. Broadway City: Pearland ST: TX Zip: 77581 Mailing Address: P.O. Box 2719 City: Pearland ST: TX Zip: 77588 Customer Service Phone Number: (281)652-1694 SIC: 9399 Sales Rep: Daniel L. Sloan 0000 Avg Ticket: 88,600.00 Max: 0 Monthly Vol: $25,000.00 Swipe % 90 Keyed % 10 MOTO % 0 Internet % Merchant Products or Services Offered (be specific): Facility rentals, classes, etc. Terminal / Payment Application: Class Software Version: Does Merchant Use Independent Servicer (store, maintain, or transmits cardholder data)? (if yes, provide the following) Servicer / Payment App. Manufacturer: Phone: American Express (10 Digits): 0 Apply for American Express SITE INFORMATION: Merchant Type: Retail Building Type: Area Zoned:______ Square Footage: Merchant: Landlord: Contact: Phone: Fulfillment Co. Contact: Phone: This Location is Open for Business: 0 Yes 0 No Inspected By: Date: MOTO — ECOMMERCE QUESTIONNAIRE Sell To: Business: Marketing: % Public: Complete if Processing Less Than 70 % Card Present Does the Merchant Own Product/Inventory? Are Products Stored at the Business Location? If No, Where? Orders Processed by: Cards Processed by: When is the cardholder Charged? How many days to fulfill orders? Shipped by: If Processing Internet Transactions (Please Complete The Following) Products Shipped by: Delivery Receipt Requested? DDA BANK ACCOUNT INFORMATION: Internet transactions encrypted by SSL or Better? If Yes, Provide The Following Digital Certificate Utilized? Certificate Number: Certificate Issuer: URL: (if yes, provide the following) Exp Date: This area should be completed for Added/Subsequent locations with DDA other than main location. Please Include a Voided Check. If this is a "Deposit Only" account then a letter from the Financial Institution verifying Transit and Routing Number and DDA# is required. Account Type: C K Account Type: CK Deposit Routing/Transit # 111900659 Chargeback Routing/Transit # 111900659 Deposit Account Number 8071613395 Chargeback Account Number 8071613395 Bank Name: Wells Fargo Bank Contact: Tim Kreitzer Phone: Merchant hereby authorizes Merrick and Automated Merchant Systems, Inc. to initiate credit and/or debit entries for amounts originating under the Merchant Processing Agreement (via ACH or otherwise) including any reversals or adjustments on original entries to the Merchant's Bank Account (as defined in the Merchant Processing Agreement). NOTE: Attach Voided Check The Merchant agrees to abide by the terms & conditions contained in the Merchant Processing Agreement signed on 11116/2007 provided, however, that the term of the Merchant Processing Agreement relating to the above -referenced Additional Location shall be for the same length of time as the initial Term (defined in the Merchant Processing Agreement), and such Initial Term for the Additional Location shall commence on the date signed by Officer/Owner, indicated below. CALLL_L D u fl —�z o - ,FI -N, 9/2-L//3 G t1 — 11 0 1,4m Printed Officer/Owner Name Signature Title Date Rev 03/2011 AMS - MERRICK LOCATION ADDENDUM PRIMARY MERCHANT INFORMATION: Location No: 5 Date: Legal Name: City of Pearland Bank Chain: 100121 Main Contact: Rick Overgaard Title: Asst. Director of Finance Merchant Number: 317730276586 (Assigned Upon Approve!, LOCATION INFORMATION: DBA: Parks & Rec Web Statement DBA (23 Chr. Max): PARKS & REC WEB Main Contact: Michelle Smith Email: msmith@ci.pearland.tx.us Title: Assistant Director of Parks and Rec Phone #: (281)652-1694 Fax #: (281)412-2659 Location Address: 2947 E. Broadway City: Pearland ST: TX Zip: 77581 Mailing Address: P.O. Box 2719 City: Pearland ST: TX Zip: 77588 Customer Service Phone Number: (281)652-1694 SIC: 9399 Sales Rep: Daniel L. Sloan 0000 Avg Ticket: $8,600.00 Max: 100 Monthly Vol: $25,000.00 Swipe % 0 Keyed % 0 MOTO % 0 Internet % Merchant Products or Services Offered (be specific): Facility rentals, classes. etc. Terminal / Payment Application: Class Software Version: Does Merchant Use Independent Servicer (store, maintain, or transmits cardholder data)? (if yes, provide the following) Servicer / Payment App. Manufacturer: Phone: American Express (10 Digits): ❑ Apply for American Express SITE INFORMATION: Merchant Type: Internet Website Building Type: Area Zoned: Square Footage: Merchant: Landlord: Contact: Phone: Fulfillment Co. Contact: Phone: This Location is Open for Business: ® Yes ❑ No Inspected By: Date: MOTO — ECOMMERCE QUESTIONNAIRE Sell To: Business: Marketing: 50 % Public: 50 % Orders Processed by: Merchant Cards Processed by: Com l ete if Processin Less Than 70 % Card Present Does the Merchant Own Product/Inventory? YES Are Products Stored at the Business Location? YES If No, Where? If Processing Internet Transactions (Please Complete The Following) Merchant When is the cardholder Charged? Time of Order How many days to fulfill orders? 1 - 7 Days Shipped by: Merchant Products Shipped by: Other Delivery Receipt Requested? Internet transactions encrypted by SSL or Better? YES If Yes, Provide The Following Digital Certificate Utilized? YES (if yes, provide the following) 7c 8a 48 of 05 aa aa 06 35 40 22 38 Certificate Number: Exp Date: 8/6/2014 Certificate Issuer: Network Solutions Certificate Authority URL: https://www.pearlandparks.com/econnect/Start/Start.asp?SCheck=606320612& DDA BANK ACCOUNT INFORMATION: This area should be completed for Added/Subsequent locations with DDA other than main location. Please Include a Voided Check. If this is a "Deposit Only" account then a letter from the Financial Institution verifying Transit and Routing Number and DDA# is required. Account Type: CK Account Type: C K Deposit Routing/Transit # 111900659 Chargeback Routing/Transit # 111900659 Deposit Account Number 8071613395 Chargeback Account Number 8071613395 Bank Name: Wells Fargo Bank Contact: Tim Kreitzer Phone: Merchant hereby authorizes Merrick and Automated Merchant Systems, Inc. to initiate credit and/or debit entries for amounts originating under the Merchant Processing Agreement (via ACH or otherwise) including any reversals or adjustments on original entries to the Merchant's Bank Account (as defined in the Merchant Processing Agreement). NOTE: Attach Voided Check The Merchant agrees to abide by the terms & conditions contained in the Merchant Processing Agreement signed on 11/16/2007 provided, however, that the term of the Merchant Processing Agreement relating to the above -referenced Additional Location shall be for the same length of time as the initial Term (defined in the Merchant Processing Agreement), and such Initial Term f�( the Additional Location shall commence on the date signed by Officer/Owner, indicated below. Ljo4t?Xc 30 bht�b ( Qnr n F cYNct.f.,( DrQsc,,JZ 0•=- r1 -t-4- ?.)2-3)JY Printed Officer/Owner Name Signature Title Date Rev 03/2011 Contact: Tim Kreitzer AMS - MERRICK LOCATION ADDENDUM PRIMARY MERCHANT INFORMATION: Legal Name: Main Contact: City of Pearland Rick Overgaard Location No: 6 Date: Title: Asst. Director of Finance Merchant Number: Bank Chain: 100121 317730281665 LOCATION INFORMATION: tARv42neO Upor Approvals DBA: Pearland Utilities IVR Statement DBA (23 Chr. Max): PEARLAND UTILITIES IVR Main Contact: Pamela Thompson Title: Utility Billing Supervisor Location Address: 3519 Liberty Drive Email: pthompson@ci.pearland.tx.us Phone #: (281)652-1604 Fax #: (281)652-1700 Mailing Address: P.O. Box 2719 Customer Service Phone Number: (281)652-1604 Avg Ticket: $75.00 Max: Monthly Vol: $1,500,000. Merchant Products or Services Offered (be specific): Water & Sewer City: Pearland City: Pearland ST: TX Zip: 77581 ST: TX Zip: 77588 SIC: 4900 Sales Rep: Daniel L. Sloan 0000 Swipe % 0 Keyed % 0 MOTO % 100 Internet % 0 Terminal / Payment Application: USAePay Does Merchant Use Independent Servicer (store, maintain, or transmits cardholder data)? Servicer / Payment App. Manufacturer: American Express (10 Digits): 0 Apply for American Express Version: (if yes, provide the following) Phone: SITE INFORMATION: Merchant Type: Mail/Phone Order Building Type: Area Zoned: Square Footage: Merchant: Owns Landlord: Fulfi!Iment Co. This Location is Open for Business: ® Yes 0 No Contact: Contact: Inspected By: Phone: Phone: Date: MOTO — ECOMMERCE QUESTIONNAIRE Sell To: Business: Marketing: 20 % Public: 80 % Comfete if Processin Less Than 70 % Card Present Orders Processed by: Merchant Does the Merchant Own Productllnventory? Are Products Stored at the Business Location? If No, Where? If Processing Internet Transactions (Please Complete The Following) Cards Processed by: Merchant When is the cardholder Charged? How many days to fulfill orders? Shipped by: Time of Order Products Shipped by: Delivery Receipt Requested? DDA BANK ACCOUNT INFORMATION: Internet transactions encrypted by SSL or Better? If Yes, Provide The Following Digital Certificate Utilized? Certificate Number: Certificate Issuer: URL: (if yes, provide the following) Exp Date: This area should be completed for Added/Subsequent locations with DDA other than main location. Please Include a Voided Check. If this is a "Deposit Only" account then a letter from the Financial Institution verifying Transit and Routing Number and DDA# is required. Account Type: C K Account Type: C K Deposit Routing/Transit # 111900659 Chargeback Routing/Transit # 111900659 Deposit Account Number 8071613395 Chargeback Account Number 8071613395 Bank Name: Wells Fargo Bank Phone: Merchant hereby authorizes Merrick and Automated Merchant Systems, Inc. to initiate credit and/or debit entries for amounts originating under the Merchant Processing Agreement (via ACH or otherwise) including any reversals or adjustments on original entries to the Merchant's Bank Account (as defined in the Merchant Processing Agreement). NOTE: Attach Voided Check The Merchant agrees to abide by the terms & conditions contained in the Merchant Processing Agreement signed on 11/16/2007, provided, however, that the term of the Merchant Processing Agreement relating to the above -referenced Additional Location shall be for the same length of time as the initial Term (defined in the Merchant Processing Agreement), and such Initial Termr the Additional Location shall commence on the date signed by Officer/Owner, indicated below. S L>4IS 30(1 0> ( Y weAre, Printed Officer/Owner Name Signature Title /Date Rev 03/2011 AMS - MERRICK LOCATION ADDENDUM PRIMARY MERCHANT INFORMATION: Legal Name: Main Contact: City of Pearland Location No: 7 Date: Rick Overgaard LOCATION INFORMATION: Bank Chain: 100121 Title: Asst. Director of Finance Merchant Number: 317730276515 (Ass.gnea Upon Approval) DBA: Pearland Utilities Retail Main Contact: Pamela Thompson Title: Utility Billing Supervisor Location Address: 3519 Liberty Drive Statement DBA (23 Chr. Max): PEARLAND UTILITIES Email: pthompson@ci.pearland.tx us Phone#: (281)652-1604 Fax#: (281)652-1700 Mailing Address: P.O. Box 2719 Customer Service Phone Number: (281)652-1604 Avg Ticket: $120.00 Max: Monthly Vol: $170,000.00 Merchant Products or Services Offered (be specific): Water & Sewer City: Pearland City: Pearland ST: TX Zip: 77581 ST: TX Zip: 77588 SIC: 4900 Sales Rep: Daniel L Sloan 0000 Swipe % 80 Keyed % 20 MOTO % 0 Internet % 0 Terminal / Payment Application: Sungard OnePoint Does Merchant Use Independent Servicer (store, maintain, or transmits cardholder data)? Servicer / Payment App. Manufacturer: American Express (10 Digits): Version: (if yes, provide the following) Phone: 0 Apply for American Express SITE INFORMATION: Merchant Type: Retail Building Type: Area Zoned: Square Footage: Merchant: Landlord: Fulfillment Co. This Location is Open for Business: ® Yes ❑ No Contact: Contact: Inspected By: Phone: Phone: Date: MOTO — ECOMMERCE QUESTIONNAIRE Sell To: Business: Marketing: Orders Processed try: Cards Processed by: When is the cardholder Charged? How many days to fulfill orders? Shipped by: Public: Com ' lete if Processin Less Than 70 % Card Present Does the Merchant Own Product/Inventory? Are Products Stored at the Business Location? If No, Where? If Processing Internet Transactions (Please Complete The Following) Products Shipped by: Delivery Receipt Requested? Internet transactions encrypted by SSL or Better? If Yes, Provide The Following Digital Certificate Utilized? Certificate Number: Certificate Issuer: URL: (if yes, provide the following) Exp Date: DDA BANK ACCOUNT INFORMATION: This area should be completed for Added/Subsequent locations with DDA other than main location. Please Include a Voided Check. If this is a "Deposit Only" account then a letter from the Financial Institution verifying Transit and Routing Number and DDA# is required. Account Type: C K Account Type: CK Deposit Routing/Transit # 111900659 Chargeback Routing/Transit # 111900659 Deposit Account Number 2010419505 Chargeback Account Number 2010419505 Bank Name: Wells Fargo Bank Contact: Tim Kreitzer Phone: Merchant hereby authorizes Merrick and Automated Merchant Systems, Inc. to initiate credit and/or debit entries for amounts originating under the Merchant Processing Agreement (via ACH or otherwise) including any reversals or adjustments on original entries to the Merchant's Bank Account (as defined in the Merchant Processing Agreement). NOTE: Attach Voided Check The Merchant agrees to abide by the terms & conditions contained in the Merchant Processing Agreement signed on 11/16/2007, provided, however, that the term of the Merchant Processing Agreement relating to the above -referenced Additional Location shall be for the same length of time as the initial Term (defined in the Merchant Processing Agreement), and such Initial Term for the Additional Location shall commence on the date signed by Officer/Owner, indicated below. 6L4q,c.- . dbc ( A, ;n L06Liiii D1 /..,..,-;--0 e_ eF F1.- s. 1/3)//3 Printed Officer/Owner Name Signature Title Date Rev 03/2011 Internet transactions encrypted try SSL or Better? YES If Yes, Provide The Following Digital Certificate Utilized? YES Of yes, provide the following) Ob 4a 11 da e4 b9 42 5e 25 70 da 5e Certificate Number: Exp Date: 12/5/2017 Certificate Issuer: VeriSign Class 3 International Server CA URL: https://egov.ci.pearland.tx.us/Click2GovCXP/Index.jsp AMS - MERRICK LOCATION ADDENDUM PRIMARY MERCHANT INFORMATION: Legal Name: Main Contact: City of Pearland Location No: 8 Date: Rick Overgaard Title: Asst. Director of Finance Bank Chain: 100121 Merchant Number: 317730276528 Assanee upon App'ovaI) LOCATION INFORMATION: DBA: Pearland Utilities Web Main Contact: Pamela Thompson Title: Utility Billing Supervisor Location Address: 3519 Liberty Drive Statement DBA (23 Chr. Max): PEARLAND UTILITIES WEB Email: pthompson@ci.pearland.tx us Phone #: (281)652-1604 Fax #: (281)652-1700 Mailing Address: P O. Box 2719 Customer Service Phone Number: (281)652-1604 City: Pearland City: Pearland ST: TX Zip: 77581 ST: TX Zip: 77588 SIC: 4900 Sales Rep: Daniel L. Sloan 0000 Avg Ticket: $120 00 Max: Monthly Vol: $170,000.00 Swipe % 0 Keyed °A 0 MOTO % 0 Internet % 100 Merchant Products or Services Offered (be specific): Water & Sewer Terminal / Payment Application: Sungard Click2Gov Does Merchant Use Independent Servicer (store, maintain, or transmits cardholder data)? Servicer / Payment App. Manufacturer: American Express (10 Digits): Version: (if yes, provide the following) Phone: ❑ Apply for American Express SITE INFORMATION: Merchant Type: Internet Website Building Type: Area Zoned: Square Footage: Merchant: Landlord: Fulfillment Co. This Location is Open for Business: ® Yes ❑ No Contact: Contact: Inspected By: Phone: Phone: Date: MOTO — ECOMMERCE QUESTIONNAIRE Complete if Processin. Less Than 70 % Card Present Sell To: Business: 50 % Public: 50 % Marketing: Orders Processed by: Merchant Cards Processed by: Merchant When is the cardholder Charged? Time of Order How many days to fulfill orders? 1 - 7 Da s Shipped by: Merchant Products Shipped by: Other Delivery Receipt Requested? NO Does the Merchant Own Product/Inventory? YES Are Products Stored at the Business Location? YES If No, Where? If Processing Internet Transactions (Please Complete The Following) DDA BANK ACCOUNT INFORMATION: This area should be completed for Added/Subsequent locations with DDA other than main location. Please Include a Voided Check. If this is a "Deposit Only" account then a letter from the Financial Institution verifying Transit and Routing Number and DDA# is required. Account Type: Deposit Routing/Transit # Deposit Account Number Bank Name: Wells Fargo Bank C K 1 1 1 900659 8071 61 3395 Account Type: Chargeback Routing/Transit # Chargeback Account Number Contact: Phone: Tim Kreitzer CK 111900659 8071613395 Merchant hereby authorizes Merrick and Automated Merchant Systems, Inc. to initiate credit and/or debit entries Processing Agreement (via ACH or otherwise) including any reversals or adjustments on original entries to the Merchant's Processing Agreement). NOTE: Attach Voided Check for amounts originating under the Merchant Bank Account (as defined in the Merchant The Merchant agrees to abide by the terms & conditions contained in the Merchant Processing Agreement signed the Merchant Processing Agreement relating to the above -referenced Additional Location shall be for the same length Merchant Processing Agreement), and such Initial Termr the Additional Location shall commence on the date signed 1 ‘ Z (11.,e- %(11 I /) P f LL, :- D 1z 7002- on 11/1612007, provided, however, that the term of of time as the initial Term (defined in the by Officer/Owner, indicated below. 0 r rv---n-1.6C 9/Z1 /iT Printed Officer/Owner Name Signature Title Date Rev 03/2011 AMS - MERRICK LOCATION ADDENDUM PRIMARY MERCHANT INFORMATION: Location No: 9 Date: Legal Name: City of Pearland Bank Chain: 100121 Main Contact: Rick Overgaard Title: Asst. Director of Finance Merchant Number: 317730276599 IAssgned Upon Appovel) LOCATION INFORMATION: DBA: Permits Retail Statement DBA (23 Chr. Max): PERMITS RETAIL Main Contact: Juan Chavez Email: jchavez@ci.pearland.tx.us Title: Permit Officer Phone #: (281)652-1639 Fax #: (281)652-1702 Location Address: 3523 Liberty Drive City: Pearland ST: TX Zip: 77581 Mailing Address: P.O. Box 2719 City: Pearland ST: TX Zip: 77588 Customer Service Phone Number: (281)652-1639 SIC: 9399 Sales Rep: Daniel L. Sloan 0000 Avg Ticket: $170.00 Max: Monthly 0 Vol: $19,000.00 Swipe % 90 Keyed % 10 MOTO % 0 Internet % Merchant Products or Services Offered (be specific): Building Permits Terminal / Payment Application: Sungard OnePoint Version: Does Merchant Use Independent Servicer (store, maintain, or transmits cardholder data)? (if yes, provide the following) Servicer / Payment App. Manufacturer: Phone: American Express (10 Digits): ❑ Apply for American Express SITE INFORMATION: Merchant Type: Retail Building Type: Area Zoned: Square Footage: Merchant: Landlord: Contact: Phone: Fulfillment Co. Contact: Phone: This Location is Open for Business: ® Yes 0 No Inspected By: Date: MOTO — ECOMMERCE QUESTIONNAIRE Sell To: Business' — % Public: — Marketing: Orders Processed by: Complete if Processing Less Than 70 % Card Present Does the Merchant Own ProducUlnventory? Are Products Stored at the Business Location? If No, Where? If Processing Internet Transactions (Please Complete The Following) Cards Processed by: When is the cardholder Charged? How many days to fulfill orders? Shipped by: Products Shipped by: Delivery Receipt Requested? Internet transactions encrypted by SSL or Better? If Yes, Provide The Following Digital Certificate Utilized? Certificate Number: Certificate Issuer: URL: (if yes, provide the following) Exp Date: DDA BANK ACCOUNT INFORMATION: This area should be completed for Added/Subsequent locations with DDA other than main location. Please Include a Voided Check. If this is a "Deposit Only" account then a letter from the Financial Institution verifying Transit and Routing Number and DDA# is required. Account Type: C K Account Type: C K Deposit Routing/Transit # 111900659 Chargeback Routing/Transit # 111900659 Deposit Account Number 8071613395 Chargeback Account Number 8071613395 Bank Name: Wells Fargo Bank Contact: Tim Kreitzer Phone: Merchant hereby authorizes Merrick and Automated Merchant Systems, Inc. to initiate credit and/or debit entries for amounts originating under the Merchant Processing Agreement (via ACH or otherwise) including any reversals or adjustments on original entries to the Merchant's Bank Account (as defined in the Merchant Processing Agreement). NOTE: A: ,d Check The Merchant agrees to abide by the terms & conditions contained in the Merchant Processing Agreement signed on 11/16/2007, provided, however, that the term of the Merchant Processing Agreement relating to the above -referenced Additional Location shall be for the same length of time as the initial Term (defined in the Merchant Processing Agreement), and such Initial Term fo,r the Additional Location shall commence on the date signed by Officer/Owner, indicated below. L-,1 I a t B a t9 4—f -A t ` :/(X r L f) EcY,BJ.n >? i 1R ,L---.02-- m , Fi ,4,-.-4‹. ' 23 13 Printed Officer/Owner Name Signature Title Pate Rev 03/2011 AMS - MERRICK LOCATION ADDENDUM :PRIMARY MERCHANT INFORMATION: Location No: 1 0 Date: Legal Name: City of Pearland Bank Chain: 100121 Main Contact: Rick Overgaard Title: Asst. Director of Finance Merchant Number: 317730277679 rAs,irieo Upon Approval) LOCATION INFORMATION: DBA: Permits Web Statement DBA (23 Chr. Max): PERMITS WEB Main Contact: Juan Chavez Email: jchavez@ci.pearland.tx.us Title: Permit Officer Phone #: (281)652-1639 Fax #: (281)652-1702 Location Address: 3523 Liberty Drive City: Pearland ST: TX Zip: 77581 Mailing Address: P.O. Box 2719 City: Pearland ST: TX Zip: 77588 Customer Service Phone Number: (281)652-1639 SIC: 9399 Sales Rep: Daniel L. Sloan 0000 Avg Ticket: $170.00 Max: Monthly Vol: $19,000.00 Swipe % 0 Keyed % MOTO % 0 Internet % 100 Merchant Products or Services Offered (be specific): Building Permits Terminal / Payment Application: Sungard Click2Gov Version: Does Merchant Use Independent Servicer (store, maintain, or transmits cardholder data)? (if yes, provide the following) Servicer / Payment App. Manufacturer: Phone: American Express (10 Digits): ❑ Apply for American Express SITE INFORMATION: Merchant Type: Retail Building Type: Area Zoned:_ Square Footage: Merchant: Landlord: Contact: Phone: _ Fulfillment Co. Contact: Phone: This Location is Open for Business: ® Yes 0 No Inspected By: Date: MOTO — ECOMMERCE QUESTIONNAIRE Sell To: Business: 65 '/ Public: 35 % Marketing: Orders Processed by: Merchant Complete if Processing Less Than 70 % Card Present Does the Merchant Own Product/Inventory? YES Are Products Stored at the Business Location? YES If No. Where? If Processing Internet Transactions (Please Complete The Following) Cards Processed by: Merchant When is the cardholder Charged? Time of Order How many days to fulfill orders? 1 - 7 Days Shipped by: Merchant Products Shipped by: Delivery Receipt Requested? YES Internet transactions encrypted by SSL or Better? YES If Yes, Provide The Following Digital Certificate Utilized? YES (if yes, provide the following) Certificate Number: Ob 4a 11 da e4 b9 42 5e 25 70 da 5e Certificate Issuer: VeriSign Class 3 International Server CA URL: www.egov.ci.pearland.tx.us Exp Date: 2/5/2017 DDA BANK ACCOUNT INFORMATION: This area should be completed for Added/Subsequent locations with DDA other than main location. Please Include a Voided Check. If this is a "Deposit Only" account then a letter from the Financial Institution verifying Transit and Routing Number and DDA# is required. Account Type: CK Account Type: CK Deposit Routing/Transit # 111900659 Chargeback Routing/Transit # 111900659 Deposit Account Number 8071613395 Chargeback Account Number 8071613395 Bank Name: Wells Fargo Bank Contact: Tim Kreitzer Phone: Merchant hereby authorizes Merrick and Automated Merchant Systems, Inc. to initiate credit and/or debit entries for amounts originating under the Merchant Processing Agreement (via ACH or otherwise) including any reversals or adjustments on original entries to the Merchant's Bank Account (as defined in the Merchant Processing Agreement). NOTE. Attach Voided Check The Merchant agrees to abide by the terms & conditions contained in the Merchant Processing Agreement signed on 11/16/2007 provided, however, that the term of the Merchant Processing Agreement relating to the above -referenced Additional Location shall be for the same length of time as the initial Term (defined in the Merchant Processing Agreement), and such Initial Term fo) the Additio al Location shall commence on the date signed by Officer/Owner, indicated below. (,t 1a.E 3V6 € r� ,n 1 LILA Dl rota7- oP- F -4 -- Printed Officer/Owner Name Signature Title Date Rev 03/2011 AMS - MERRICK LOCATION ADDENDUM PRIMARY MERCHANT INFORMATION: Location No: 1 1 Date: Account Type: Deposit Routing/Transit # Deposit Account Number Legal Name: City of Pearland Bank Chain: 100121 CK 111900659 8071613395 Main Contact: Rick Overgaard Title: Asst. Director of Finance Merchant Number: 317730276609 Contact: Phone: Tim Kreitzer (Assigned upon Approval, Merchant hereby authorizes Merrick and Automated Merchant Systems, Inc. to initiate credit and/or debit entries Processing Agreement (via ACH or otherwise) including any reversals or adjustments on original entries to the Merchant's Processing Agreement). NOTE: Attach Voided Check LOCATION INFORMATION: DBA: Planning Retail Statement DBA (23 Chr. Max): PLANNING RETAIL The Merchant agrees to abide by the terms & conditions contained in the Merchant Processing Agreement signed the Merchant Processing Agreement relating to the above -referenced Additional Location shall be for the same length Merchant Processing Agreement), and such Initial Term for the Additiona Location shall commence on the date signed (L- 4 t QF 1�0 bkkets 0 Orli LP I ,.d D t Q Main Contact: Judy Krajca Email: jkrajca@ci.pearland.tx.us of time as the initial Term (defined in the by Officer/Owner, indicated below. L)2 c t rt--ik•uc1- 1 %ilb) Title: Administrative Secretary Phone #: (281)652-1768 Fax #: (281)652-1702 Location Address: 3523 Liberty Drive City: Pearland ST: TX Zip: 77581 Mailing Address: P.O. Box 2719 City: Pearland ST: TX Zip: 77588 Customer Service Phone Number: (281)652-1639 SIC: 9399 Sales Rep: Daniel L. Sloan 0000 Avg Ticket: $890.00 Max: Monthly Vol: $1,200.00 Swipe % 80 Keyed % 20 MOTO % 0 Internet % 0 Merchant Products or Services Offered (be specific): Planning fees from developers Terminal / Payment Application: Sungard OnePoint Version: Does Merchant Use Independent Servicer (store, maintain, or transmits cardholder data)? (if yes, provide the following) Servicer / Payment App. Manufacturer: Phone: American Express (10 Digits): 0 Apply for American Express SITE INFORMATION: Merchant Type: Retail Building Type: Area Zoned: Square Footage: Merchant: Landlord: Contact: Phone: Fulfillment Co. Contact: Phone: This Location is Open for Business: ® Yes 0 No Inspected By: Date: MOTO — ECOMMERCE QUESTIONNAIRE Com.Iete if Processin. Less Than 70 % Card Present Sell To: Business: - % Public: - /0 Marketing: Orders Processed by: Cards Processed by: When is the cardholder Charged? How many days to fulfill orders? Shipped by: Products Shipped by: Delivery Receipt Requested? Does the Merchant Own Product/Inventory? Are Products Stored at the Business Location? If No, Where? If Processing Internet Transactions (Please Complete The Following) Internet transactions encrypted by SSL or Better? If Yes, Provide The Following Digital Certificate Utilized? (if yes, provide the following) Certificate Number: Exp Date: Certificate Issuer: URL: DDA BANK ACCOUNT INFORMATION: This area should be completed for Added/Subsequent locations with DDA other than main location. Please Include a Voided Check. If this is a "Deposit Only" account then a letter from the Financial Institution verifying Transit and Routing Number and DDA# is required. Account Type: Deposit Routing/Transit # Deposit Account Number Bank Name: Wells Fargo Bank CK 111900659 8071613395 Account Type: Chargeback Routing/Transit # Chargeback Account Number Contact: Phone: Tim Kreitzer CK 111900659 8071613395 Merchant hereby authorizes Merrick and Automated Merchant Systems, Inc. to initiate credit and/or debit entries Processing Agreement (via ACH or otherwise) including any reversals or adjustments on original entries to the Merchant's Processing Agreement). NOTE: Attach Voided Check for amounts originating under the Merchant Bank Account (as defined in the Merchant The Merchant agrees to abide by the terms & conditions contained in the Merchant Processing Agreement signed the Merchant Processing Agreement relating to the above -referenced Additional Location shall be for the same length Merchant Processing Agreement), and such Initial Term for the Additiona Location shall commence on the date signed (L- 4 t QF 1�0 bkkets 0 Orli LP I ,.d D t Q on 11/16/2007, provided, however, that the term of of time as the initial Term (defined in the by Officer/Owner, indicated below. L)2 c t rt--ik•uc1- 1 %ilb) Printed Officer/Owner Name Signature Title Date Rev 03/2011 September 27, 2013 Jennifer Huhn : Court Administrator Court Fines Web 2555 Cullen Parkway Pearland, TX 77581 Dear Jennifer, Automated Merchant Systems, Inc. wishes to thank you for selecting us as your Bankcard service provider. We welcome you to our expanding family of satisfied customers and take seriously the task of supporting your growth through the services we provide. For Hardware and/or Software related questions, you may have to contact the customer service number provided for you by your hardware/software vendor. During normal business hours (9:00 a.m.-5:00 a.m.) EST, please contact our office and/or fax us at the number below any questions relating to Deposit Inquiries, VISA/MasterCard rules & regulations, Merchant Statements, etc. Online Support:: If you would like to e-mail your questions regarding bank deposits, chargebacks, or questions regarding your Merchant statements and/or fees, please post to admin@automatedmerchant.com. If your need technical support for your POS terminal or software, please email us at support@automatedmerchant.com. For information regarding new technologies and/or services, please visit our web site at www.automatedmerchant.com We appreciate your business and input on how we can better service your account. Sinc- —7 angel L. Y itchell P.O.S. Manager Sungard Click2Gov 24 hour Help Desk: V -Number: V3075851 Account Support (407) 331-5465 Terminal SIN: PEAR V/MC Merchant #: 730276560 Voice Auth #: (800)291-4840 Amex Merchant #: Voice Auth #: (800)528-2121 Discover Merchant #: 601121032001527 Voice Auth #: (800) 291-4840 24 hour Help Desk: V -Number: V3075851 Account Support (407) 331-5465 Terminal SIN: PEAR V/MC Merchant #: 730276560 Voice Auth #: (800)291-4840 Amex Merchant #: Voice Auth #: (800)528-2121 Discover Merchant #: 601121032001527 Voice Auth #: (800) 291-4840 September 27, 2013 Michelle Smith : Assistant Director of Parks and Rec Parks & Rec Retail 2947 E. Broadway Pearland, TX 77581 Dear Michelle, Automated Merchant Systems, Inc. wishes to thank you for selecting us as your Bankcard service provider. We welcome you to our expanding family of satisfied customers and take seriously the task of supporting your growth through the services we provide. For Hardware and/or Software related questions, you may have to contact the customer service number provided for you by your hardware/software vendor. During normal business hours (9:00 a.m.-5:00 a.m.) EST, please contact our office and/or fax us at the number below any questions relating to Deposit Inquiries, VISA/MasterCard rules & regulations, Merchant Statements, etc. Online Support:: If you would like to e-mail your questions regarding bank deposits, chargebacks, or questions regarding your Merchant statements and/or fees, please post to admin()automatedmerchant.com. If your need technical support for your POS terminal or software, please email us at support@automatedmerchant.com. For information regarding new technologies and/or services, please visit our web site at www.automatedmerchant.com We appreciate your business and input on how we can better service your account. Sin�L --z —7-1 DanleTL. Y itchell P.O.S. Manager 24 hour Help Desk: V -Number: V3075860 Class Software Account Support (407) 331-5465 Terminal S/N: V/MC Merchant #: 730276573 Voice Auth #: (800)291-4840 Amex Merchant #: Voice Auth #: (800)528-2121 Discover Merchant #: 601121032003028 Voice Auth #: (800) 291-4840 24 hour Help Desk: V -Number: V3075860 Account Support (407) 331-5465 Terminal S/N: V/MC Merchant #: 730276573 Voice Auth #: (800)291-4840 Amex Merchant #: Voice Auth #: (800)528-2121 Discover Merchant #: 601121032003028 Voice Auth #: (800) 291-4840 September 27, 2013 Michelle Smith : Assistant Director of Parks and Rec Parks & Rec Web 2947 E. Broadway Pearland, TX 77581 Dear Michelle, Automated Merchant Systems, Inc. wishes to thank you for selecting us as your Bankcard service provider. We welcome you to our expanding family of satisfied customers and take seriously the task of supporting your growth through the services we provide. For Hardware and/or Software related questions, you may have to contact the customer service number provided for you by your hardware/software vendor. During normal business hours (9:00 a.m.-5:00 a.m.) EST, please contact our office and/or fax us at the number below any questions relating to Deposit Inquiries, VISA/MasterCard rules & regulations, Merchant Statements, etc. Online Support:: If you would like to e-mail your questions regarding bank deposits, chargebacks, or questions regarding your Merchant statements and/or fees, please post to admin(E)automatedmerchant.com. If your need technical support for your POS terminal or software, please email us at support@automatedmerchant.com. For information regarding new technologies and/or services, please visit our web site at www.automatedmerchant.com We appreciate your business and input on how we can better service your account. Sinc- aniel L. Y itchell P.O.S. Manager 24 hour Help Desk: V -Number: V3075866 Class Software Account Support (407) 331-5465 Terminal S/N: V/MC Merchant #: 730276586 Voice Auth #: (800)291-4840 Amex Merchant #: Voice Auth #: (800)528-2121 Discover Merchant #: 601121032003036 Voice Auth #: (800) 291-4840 24 hour Help Desk: V -Number: V3075866 Account Support (407) 331-5465 Terminal S/N: V/MC Merchant #: 730276586 Voice Auth #: (800)291-4840 Amex Merchant #: Voice Auth #: (800)528-2121 Discover Merchant #: 601121032003036 Voice Auth #: (800) 291-4840 September 27, 2013 Pamela Thompson : Utility Billing Supervisor Pearland Utilities Retail 3519 Liberty Drive Pearland, TX 77581 Dear Pamela, Automated Merchant Systems, Inc. wishes to thank you for selecting us as your Bankcard service provider. We welcome you to our expanding family of satisfied customers and take seriously the task of supporting your growth through the services we provide. For Hardware and/or Software related questions, you may have to contact the customer service number provided for you by your hardware/software vendor. During normal business hours (9:00 a.m.-5:00 a.m.) EST, please contact our office and/or fax us at the number below any questions relating to Deposit Inquiries, VISA/MasterCard rules & regulations, Merchant Statements, etc. Online Support:: If you would like to e-mail your questions regarding bank deposits, chargebacks, or questions regarding your Merchant statements and/or fees, please post to admin@automatedmerchant.com. If your need technical support for your POS terminal or software, please email us at support@automatedmerchant.com. For information regarding new technologies and/or services, please visit our web site at www.automatedmerchant.com We appreciate your business and input on how we can better service your account. Sinc anieft. Y itchell P.O.S. Manager Talento/Dessault 24 hour Help Desk: (800) 782-1266 V -Number: V3127972 Account Support (407) 331-5465 Terminal S/N: 0533449 V/MC Merchant #: 730276515 Voice Auth #: (800)291-4840 Amex Merchant #: Voice Auth #: (800)528-2121 Discover Merchant #: 601121032000859 Voice Auth #: (800) 291-4840 24 hour Help Desk: (800) 782-1266 V -Number: V3127972 Account Support (407) 331-5465 Terminal SIN: 0533449 V/MC Merchant #: 730276515 Voice Auth #: (800)291-4840 Amex Merchant #: Voice Auth #: (800)528-2121 Discover Merchant #: 601121032000859 Voice Auth #: (800) 291-4840 September 27, 2013 Shari Coleman : Animal Control Officer Animal Control 2002 Old Alvin Road Pearland, TX 77581 Dear Shari, Automated Merchant Systems, Inc. wishes to thank you for selecting us as your Bankcard service provider. We welcome you to our expanding family of satisfied customers and take seriously the task of supporting your growth through the services we provide. For Hardware and/or Software related questions, you may have to contact the customer service number provided for you by your hardware/software vendor. During normal business hours (9:00 a.m.-5:00 a.m.) EST, please contact our office and/or fax us at the number below any questions relating to Deposit Inquiries, VISA/MasterCard rules & regulations, Merchant Statements, etc. Online Support:: If you would like to e-mail your questions regarding bank deposits, chargebacks, or questions regarding your Merchant statements and/or fees, please post to admin@automatedmerchant.com. If your need technical support for your POS terminal or software, please email us at support@automatedmerchant.com. For information regarding new technologies and/or services, please visit our web site at www.automatedmerchant.com We appreciate your business and input on how we can better service your account. Dan -101. itChell P.O.S. Manager Sungard One Point 24 hour Help Desk: V -Number: V1506325 Account Support (407) 331-5465 Terminal SIN: PEAR V/MC Merchant #: 730276544 Voice Auth #: (800)291-4840 Amex Merchant #: Voice Auth #: (800)528-2121 Discover Merchant #: 601121032001196 Voice Auth #: (800) 291-4840 24 hour Help Desk: V -Number: VI506325 Account Support (407) 331-5465 Terminal SIN: PEAR V/MC Merchant #: 730276544 Voice Auth #: (800)291-4840 Amex Merchant #: Voice Auth #: (800)528-2121 Discover Merchant #: 601121032001196 Voice Auth #: (800) 291-4840 September 27, 2013 Shari Coleman : Animal Control Officer Animal Control 2002 Old Alvin Road Pearland, TX 77581 Dear Shari, Automated Merchant Systems, Inc. wishes to thank you for selecting us as your Bankcard service provider. We welcome you to our expanding family of satisfied customers and take seriously the task of supporting your growth through the services we provide. For Hardware and/or Software related questions, you may have to contact the customer service number provided for you by your hardware/software vendor. During normal business hours (9:00 a.m.-5:00 a.m.) EST, please contact our office and/or fax us at the number below any questions relating to Deposit Inquiries, VISA/MasterCard rules & regulations, Merchant Statements, etc. Online Support:: If you would like to e-mail your questions regarding bank deposits, chargebacks, or questions regarding your Merchant statements and/or fees, please post to admin@automatedmerchant.com. If your need technical support for your POS terminal or software, please email us at support@automatedmerchant.com. For information regarding new technologies and/or services, please visit our web site at www.automatedmerchant.com We appreciate your business and input on how we can better service your account. Sincgr�L�, Dan 11. Mitchell P.O.S. Manager Omni Vx570 IP 24 hour Help Desk: (800) 552-8227 Account Support (407) 331-5465 V -Number: V1628214 Terminal SIN: 209-931-588 V/MC Merchant #: 730276544 Voice Auth #: (800)291-4840 Amex Merchant #: Voice Auth #: (800)528-2121 Discover Merchant #: 601121032001196 Voice Auth #: (800) 291-4840 24 hour Help Desk: (800) 552-8227 Account Support (407) 331-5465 V -Number: V1628214 Terminal S/N: 209-931-588 V/MC Merchant #: 730276544 Voice Auth #: (800)291-4840 Amex Merchant #: Voice Auth #: (800)528-2121 Discover Merchant #: 601121032001196 Voice Auth #: (800) 291-4840 September 27, 2013 Pamela Thompson : Utility Billing Supervisor Pearland Utilities Retail 3519 Liberty Drive Pearland, TX 77581 Dear Pamela, Automated Merchant Systems, Inc. wishes to thank you for selecting us as your Bankcard service provider. We welcome you to our expanding family of satisfied customers and take seriously the task of supporting your growth through the services we provide. For Hardware and/or Software related questions, you may have to contact the customer service number provided for you by your hardware/software vendor. During normal business hours (9:00 a.m.-5:00 a.m.) EST, please contact our office and/or fax us at the number below any questions relating to Deposit Inquiries, VISA/MasterCard rules & regulations, Merchant Statements, etc. Online Support:: If you would like to e-mail your questions regarding bank deposits, chargebacks, or questions regarding your Merchant statements and/or fees, please post to admin@automatedmerchant.com. If your need technical support for your POS terminal or software, please email us at support@automatedmerchant.com. For information regarding new technologies and/or services, please visit our web site at www.automatedmerchant.com We appreciate your business and input on how we can better service your account. Daniel L. itchell P.O.S. Manager Sungard One Point 24 hour Help Desk: V -Number: V3075841 Account Support (407) 331-5465 Terminal S/N: PEAR V/MC Merchant #: 730276515 Voice Auth #: (800)291-4840 Amex Merchant #: Voice Auth #: (800)528-2121 Discover Merchant #: 601121032000859 Voice Auth #: (800) 291-4840 24 hour Help Desk: V -Number: V3075841 Account Support (407) 331-5465 Terminal SIN: PEAR V/MC Merchant #: 730276515 Voice Auth #: (800)291-4840 Amex Merchant #: Voice Auth #: (800)528-2121 Discover Merchant #: 601121032000859 Voice Auth #: (800) 291-4840 September 27, 2013 Pamela Thompson : Utility Billing Supervisor Pearland Utilities Web 3519 Liberty Drive Pearland, TX 77581 Dear Pamela, Automated Merchant Systems, Inc. wishes to thank you for selecting us as your Bankcard service provider. We welcome you to our expanding family of satisfied customers and take seriously the task of supporting your growth through the services we provide. For Hardware and/or Software related questions, you may have to contact the customer service number provided for you by your hardware/software vendor. During normal business hours (9:00 a.m.-5:00 a.m.) EST, please contact our office and/or fax us at the number below any questions relating to Deposit Inquiries, VISA/MasterCard rules & regulations, Merchant Statements, etc. Online Support:: If you would like to e-mail your questions regarding bank deposits, chargebacks, or questions regarding your Merchant statements and/or fees, please post to admin@automatedmerchant.com. If your need technical support for your POS terminal or software, please email us at support@automatedmerchant.corn. For information regarding new technologies and/or services, please visit our web site at www.automatedmerchant.com We appreciate your business and input on how we can better service your account. DanleTL. itchell P.O.S. Manager Sungard Ciick2Gov 24 hour Help Desk: V -Number: V3075855 Account Support (407) 331-5465 Terminal SIN: PEAR V/MC Merchant #: 730276528 Voice Auth #: (800)291-4840 Amex Merchant #: Voice Auth #: (800)528-2121 Discover Merchant #: 601121032003044 Voice Auth #: (800) 291-4840 24 hour Help Desk: V -Number: V3075855 Account Support (407) 331-5465 Terminal SIN: PEAR V/MC Merchant #: 730276528 Voice Auth #: (800)291-4840 Amex Merchant #: Voice Auth #: (800)528-2121 Discover Merchant #: 601121032003044 Voice Auth #: (800) 291-4840 September 27, 2013 Jennifer Huhn : Court Administrator Court Fines Retail 2555 Cullen Parkway Pearland, TX 77581 Dear Jennifer, Automated Merchant Systems, Inc. wishes to thank you for selecting us as your Bankcard service provider. We welcome you to our expanding family of satisfied customers and take seriously the task of supporting your growth through the services we provide. For Hardware and/or Software related questions, you may have to contact the customer service number provided for you by your hardware/software vendor. During normal business hours (9:00 a.m.-5:00 a.m.) EST, please contact our office and/or fax us at the number below any questions relating to Deposit Inquiries, VISA/MasterCard rules & regulations, Merchant Statements, etc. Online Support:: If you would like to e-mail your questions regarding bank deposits, chargebacks, or questions regarding your Merchant statements and/or fees, please post to admin@automatedmerchant.com. If your need technical support for your POS terminal or software, please email us at support@automatedmerchant.com. For information regarding new technologies and/or services, please visit our web site at www.automatedmerchant.com We appreciate your business and input on how we can better service your account. ante 71TIchell P.O.S. Manager Omni Vx570 IP 24 hour Help Desk: (800) 552-8227 Account Support (407) 331-5465 Terminal S/N: 211-943-055 V -Number: V4523666 V/MC Merchant #: 730276557 Voice Auth #: (800)291-4840 Amex Merchant #: Voice Auth #: (800)528-2121 Discover Merchant #: 601121032000370 Voice Auth #: (800) 291-4840 24 hour Help Desk: (800) 552-8227 Account Support (407) 331-5465 Terminal S/N: 211-943-055 V -Number: V4523666 V/MC Merchant #: 730276557 Voice Auth #: (800)291-4840 Amex Merchant #: Voice Auth #: (800)528-2121 Discover Merchant #: 601121032000370 Voice Auth #: (800) 291.4840 September 27, 2013 Juan Chavez : Permit Officer Permits Retail 3523 Liberty Drive Pearland, TX 77581 Dear Juan, Automated Merchant Systems, Inc. wishes to thank you for selecting us as your Bankcard service provider. We welcome you to our expanding family of satisfied customers and take seriously the task of supporting your growth through the services we provide. For Hardware and/or Software related questions, you may have to contact the customer service number provided for you by your hardware/software vendor. During normal business hours (9:00 a.m.-5:00 a.m.) EST, please contact our office and/or fax us at the number below any questions relating to Deposit Inquiries, VISA/MasterCard rules & regulations, Merchant Statements, etc. Online Support:: If you would like to e-mail your questions regarding bank deposits, chargebacks, or questions regarding your Merchant statements and/or fees, please post to admin@automatedmerchant.com. If your need technical support for your POS terminal or software, please email us at support@automatedmerchant.com. For information regarding new technologies and/or services, please visit our web site at www.automatedmerchant.com We appreciate your business and input on how we can better service your account. Sing_ _ _ - ,.„---_________„ , , �D-.--.. �anieTL.-IDfitche11 P.O.S. Manager Sungard One Point 24 hour Help Desk: V -Number: V3075820 Account Support (407) 331-5465 Terminal SIN: PEAR V/MC Merchant #: 730276599 Voice Auth #: (800)291-4840 Amex Merchant #: Voice Auth #: (800)528-2121 Discover Merchant #: 601121032003069 Voice Auth #: (800) 291-4840 24 hour Help Desk: V -Number: V3075820 Account Support (407) 331-5465 Terminal SIN: PEAR V/MC Merchant #: 730276599 Voice Auth #: (800)291-4840 Amex Merchant #: Voice Auth #: (800)528-2121 Discover Merchant #: 601121032003069 Voice Auth #: (800) 291-4840 September 27, 2013 Judy Krajca : Administrative Secretary Planning Retail 3523 Liberty Drive Pearland, TX 77581 Dear Judy, Automated Merchant Systems, Inc. wishes to thank you for selecting us as your Bankcard service provider. We welcome you to our expanding family of satisfied customers and take seriously the task of supporting your growth through the services we provide. For Hardware and/or Software related questions, you may have to contact the customer service number provided for you by your hardware/software vendor. During normal business hours (9:00 a.m.-5:00 a.m.) EST, please contact our office and/or fax us at the number below any questions relating to Deposit Inquiries, VISA/MasterCard rules & regulations, Merchant Statements, etc. Online Support:: If you would like to e-mail your questions regarding bank deposits, chargebacks, or questions regarding your Merchant statements and/or fees, please post to admin@automatedmerchant.com. If your need technical support for your POS terminal or software, please email us at support@automatedmerchant.com. For information regarding new technologies and/or services, please visit our web site at www.automatedmerchant.com We appreciate your business and input on how we can better service your account. Danieft. itchell P.O.S. Manager Sungard One Point 24 hour Help Desk: V -Number: V3075836 Account Support (407) 331-5465 Terminal SIN: PEAR V/MC Merchant #: 730276609 Voice Auth #: (800)291-4840 Amex Merchant #: Voice Auth #: (800)528-2121 Discover Merchant #: 601121032003093 Voice Auth #: (800) 291-4840 24 hour Help Desk: V -Number: V3075836 Account Support (407) 331-5465 Terminal SIN: PEAR V/MC Merchant #: 730276609 Voice Auth #: (800)291-4840 Amex Merchant #: Voice Auth #: (800)528-2121 Discover Merchant #: 601121032003093 Voice Auth #: (800) 291-4840 September 27, 2013 Juan Chavez : Permit Officer Permits Web 3523 Liberty Drive Pearland, TX 77581 Dear Juan, Automated Merchant Systems, Inc. wishes to thank you for selecting us as your Bankcard service provider. We welcome you to our expanding family of satisfied customers and take seriously the task of supporting your growth through the services we provide. For Hardware and/or Software related questions, you may have to contact the customer service number provided for you by your hardware/software vendor. During normal business hours (9:00 a.m.-5:00 a.m.) EST, please contact our office and/or fax us at the number below any questions relating to Deposit Inquiries, VISA/MasterCard rules & regulations, Merchant Statements, etc. Online Support:: If you would like to e-mail your questions regarding bank deposits, chargebacks, or questions regarding your Merchant statements and/or fees, please post to admin@automatedmerchant.com. If your need technical support for your POS terminal or software, please email us at support@automatedmerchant.com. For information regarding new technologies and/or services, please visit our web site at www.automatedmerchant.com We appreciate your business and input on how we can better service your account. Sinc •anleTL. Y Itchell P.O.S. Manager Sungard Click2Gov 24 hour Help Desk: V -Number: V3524710 Account Support (407) 331-5465 Terminal SIN: PEAR V/MC Merchant #: 730277679 Voice Auth #: (800)291-4840 Amex Merchant #: Voice Auth #: (800)528-2121 Discover Merchant #: 601121032003077 Voice Auth #: (800) 291-4840 24 hour Help Desk: V -Number: V3524710 Account Support (407) 331-5465 Terminal S/N: PEAR V/MC Merchant #: 730277679 Voice Auth #: (800)291-4840 Amex Merchant #: Voice Auth #: (800)528-2121 Discover Merchant #: 601121032003077 Voice Auth #: (800) 291-4840 September 27, 2013 Pamela Thompson : Utility Billing Supervisor Pearland Utilities IVR 3519 Liberty Drive Pearland, TX 77581 Dear Pamela, Automated Merchant Systems, Inc. wishes to thank you for selecting us as your Bankcard service provider. We welcome you to our expanding family of satisfied customers and take seriously the task of supporting your growth through the services we provide. For Hardware and/or Software related questions, you may have to contact the customer service number provided for you by your hardware/software vendor. During normal business hours (9:00 a.m.-5:00 a.m.) EST, please contact our office and/or fax us at the number below any questions relating to Deposit Inquiries, VISA/MasterCard rules & regulations, Merchant Statements, etc. Online Support:: If you would like to e-mail your questions regarding bank deposits, chargebacks, or questions regarding your Merchant statements and/or fees, please post to admin@automatedmerchant.com. If your need technical support for your POS terminal or software, please email us at support@automatedmerchant.com. For information regarding new technologies and/or services, please visit our web site at www.automatedmerchant.com We appreciate your business and input on how we can better service your account. Sine Daniel L. Y itchell P.O.S. Manager USAePay Gold (CDB) 24 hour Help Desk: (866) 872-3729 V -Number: V0388673 Account Support (407) 331-5465 Terminal S/N: 143158 V/MC Merchant #: 730281665 Voice Auth #: (800)291-4840 Amex Merchant #: Voice Auth #: (800)528-2121 Discover Merchant #: 601121032009876 Voice Auth #: (800) 291-4840 24 hour Help Desk: (866) 872-3729 V -Number: V0388673 Account Support (407) 331-5465 Terminal S/N: 143158 V/MC Merchant #: 730281665 Voice Auth #: (800)291-4840 Amex Merchant #: Voice Auth #: (800)528-2121 Discover Merchant #: 601121032009876 Voice Auth #: (800) 291-4840 APPENDIX A MERCHANT SUPPORT CONTACT INFORMATION Terminal/Software Support (business hours): (407) 331-5465 support@automatedmerchant.com 24 - Hour Help Desk: Deposits/Retrieval Request/Chargbacks: (407) 331-5465 admin@automatedmerchant.com Supplies; (Sales Drafts, Roll Paper, Ribbons, etc): (407) 331-5465 admin@automatedmerchant.com Fax: (407) 331-7524 You Can Also Visit us on the web at www.automatedmerchant.com