Dankort Merchant Agreement General Terms and Conditions
This is an ‘office translation’ of Betalingskortaftale for Dankort Generelle Vilkår provided for information reasons only. The Danish version of the document is the only legally valid version. In case of differences between the English and Danish versions the Danish version shall take precedence.
1. Definitions ...... 4
2. Introduction ...... 6
3. Scope of the agreement ...... 6
4. The Company ...... 7 General requirements ...... 7 Accepting Dankort ...... 7 Credit and risk assessment ...... 7 Requirements for equipment, software, etc...... 7 Security requirements ...... 8 External suppliers ...... 8 Retention period applicable to card and Transaction data ...... 8 Use of and rights to trademarks ...... 9 Changes in the Company’s circumstances ...... 10
5. Payment guarantee ...... 11
6. Disputed payment ...... 12 Cardholder disputes ...... 12 Documentation of Cardholder disputes ...... 13
7. Documentation of payment ...... 13
8. Use and submission of Dankort data/transaction data...... 13
9. Monitoring, fraud, etc...... 14
10. Receipt ...... 14
11. Cancellation of a payment ...... 14
Dankort May 2018 Page 1 of 34
12. Returns ...... 15
13. Prices ...... 15
14. Settlement, payment and notification ...... 15 Settlement and payment ...... 15 Notification ...... 15
15. Responsibility ...... 15
16. Change in prices or regulations ...... 16
17. Assignment, alienation, etc...... 17
18. Termination of the agreement ...... 17
19. Duty of confidentiality and disclosure of information ...... 19
20. Applicable law and jurisdiction ...... 19
21. Supervision ...... 19
22. Special terms and conditions for CARD PRESENT transactions ...... 20 Dankort checks, fraud prevention, etc...... 20 Requirements for terminals ...... 20 Terminal set-up requirements ...... 20 Completing transactions...... 21 Emergency procedure ...... 21
23. Special terms for cardholder-activated terminals (CAT) ...... 22 Vending machine requirements ...... 22 Receipt ...... 23 Security requirements ...... 23
24. Special Terms and Conditions for CARD NOT PRESENT TRANSACTIONS; online shopping, mail and phone order ...... 24 General requirements ...... 24 Internet ...... 24 Mail and phone order ...... 27
25. Special terms and conditions for contactless payments ...... 30
Dankort May 2018 Page 2 of 34
Requirements for terminals ...... 30 Limits on amounts ...... 30
26. Special terms for CARD ON FILE ...... 30 General requirements ...... 30 Registration ...... 30 Password requirements ...... 31 Security requirements ...... 31 The Cardholder’s confirmation of Card on file ...... 31 Changes to cardholder information ...... 31 Storage of customer data ...... 31 Threshold ...... 31 Initiation of payment ...... 32 Receipt ...... 32 Review of the Card on file agreement ...... 32
27. Special Terms and Conditions for recurrent payments ...... 32 General requirements ...... 32 Requirements governing agreement with Cardholder ...... 32 The Cardholder’s confirmation of the Recurrent payments agreement ...... 33 Data storage ...... 33
28. Special Terms and Conditions for Digital Wallet payments ...... 33 General requirements ...... 33 Payment solution requirements for payments with Digital Wallet ...... 33
Dankort May 2018 Page 3 of 34
disputed by a cardholder or card issuer.
1. DEFINITIONS Dankort Dankort, Dankort on Your Mobile and the Notification Dankort element of Visa/Dankort. Information on settlement of turnover or withdrawals based on the amounts the Dankort Secured by Nets company must pay to Nets, e.g. annual Security solution for Internet payments using subscription. Dankort.
Agreement Digital wallet The merchant agreement (agreement form), A digital wallet is a software solution where the present terms, the price list (available at the cardholder registers his/her card details dankort.dk) and the overview of interbank with the purpose of making payments to one and scheme fees (available at or more companies. dankort.dk/interbankogscheme).
EMV Recurrent payments A global standard for payments using credit Recurrent payments allow the company to cards and debit cards based on chip card complete payments automatically with stored technology. For more information please see Dankort data at regular intervals. Recurrent www.emvco.com payments are initiated by the company.
Loyalty programmes Payment Loyalty programmes are a collective term Payment with a Dankort card. used for solutions in which companies allow cardholders associated with a loyalty Payment gateway programme to either earn bonus points, etc., The communication channel used for sending or contribute to a charitable cause using payments to Nets. Dankort.
Payment card agreement Card Present transactions The merchant agreement (the agreement Card present transactions mean completion form) concluded between the company and of a payment that requires the physical Nets. presence and participation of the cardholder and a sales assistant from the company. Payment solution The payment module or the payment Card on file terminal used for accepting Dankort in Card Payment method in which cardholders have Present and Card Not Present transactions. registered their card with the company so
that subsequent payments can be initiated Chargeback and approved by the cardholder using a Chargeback from the company of an amount special password.
Dankort May 2018 Page 4 of 34
General Terms and Conditions CAT/UAT The terms and conditions set out in sections Cardholder-activated terminals, e.g. for 1–22 of these terms and conditions. payment of bridge tolls, tickets or parking, i.e. where the terminal is operated only by Contactless payment the cardholder, and irrespective of whether a Transactions to be completed with a PIN is used or not. contactless payment device, such as Dankort or a smartphone, by means of wireless Sum clearing communication technology or a QR code. Sum clearing is the Danish system of clearing and settlement of retail payments (including CVV Code payments). Settlement takes place via the The CVV code are the last three digits banks’ accounts with Denmark’s central bank. indicated in the signature field. Special Terms and Conditions Dankort data The terms and conditions set out in sections The data used to identify the card, e.g. the 23–29 of these terms and conditions. card number, expiry date and security code. Transaction data Cardholder The data used to complete a Payment, The holder of a Dankort. comprising of Dankort data and other information received in connection with the Receipt payment, e.g. the transaction amount and Documentation of execution of the payment, the transaction date. given to the cardholder.
Truncating Nets Overwriting parts of the card number, e.g. Nets Denmark A/S, Lautrupbjerg 10, using XXXX. P.O. Box 500, DK-2750 Ballerup, CVR no. 20016175 Company The natural person or legal entity entering PCI DSS into an agreement with Nets to receive Payment Card Industry, Data Security payments via Dankort. Standard – the card issuers’ security requirements. Card not Present transactions Card not Present transactions means PIN execution of payments other than Card The personal code linked to a Dankort. Present transactions, e.g. mail and phone orders, Internet payments, subscription Point of sale payments and payments in cardholder- The company’s physical address or URL activated terminals (CAT). (website) from which the goods/services are sold.
Dankort May 2018 Page 5 of 34
2. INTRODUCTION companies, or attempt to have such Payments paid by Nets under the Agreement. The Company wants the Company’s customers to be able to use Dankort as a The Agreement may not be used to complete payment instrument at the Company’s Payments originating from activities that Point(s) of sale. have not been notified to and approved by Nets in connection with the approval of the Nets is the acquirer of Dankort. application leading into the Agreement.
The present terms and conditions, together The Company may not use the agreement for with the merchant agreement and price list, the following purposes: govern the Company’s acceptance of Dankort and Nets’ services in this connection. The • activities that may harm Nets’ or documents can be found at dankort.dk. Dankort’s brand or image. However, the merchant agreement can only be obtained by contacting Nets. • morally or ethically questionable purposes. 3. SCOPE OF THE AGREEMENT • purposes in contravention of The Agreement lays down the rules that applicable law. apply to the Company’s acceptance of Dankort as a means of payment. • debt collection, unless the Company is approved by the police to perform The Agreement may only be used for debt collection services and Nets has payments with Dankort, completed at the approved use of the Agreement for Point of sale as specified in the merchant this purpose. agreement, and for the products and services sold from the Point of sale and approved by Credit transactions using Dankort may only Nets. be completed in connection with a payment previously completed, for example in The Agreement may solely be used to connection with fault remediation or if the complete transactions expressly accepted by customer returns a purchased item. Nets may the Cardholder for the individual Payment. grant special permission for additional use of This means that the Agreement may not be the possibility of credit transactions. used to implement no-show or express check-out transactions at hotels or Dankort and Dankort data may only be used subsequent charges in connection with car for the processing of payment transactions. rental. The Company may enter into an agreement
The Company is not allowed to accept to participate in Loyalty programmes with Dankort Payments arising from the approved providers of Loyalty programmes. A Cardholder’s purchases from other list of approved providers of Loyalty
Dankort May 2018 Page 6 of 34
programmes can be found at dankort.dk. the Company.
4. THE COMPANY As part of the ongoing risk assessment, Nets or a representative nominated by Nets can General requirements undertake an unannounced physical inspection of the Company’s premises, etc., The right to use the Point of sale must belong which will include a security assessment to the Company, and the Point of sale must and/or a general assessment covering the be registered in the name that appears on following areas: the merchant agreement.
• premises The Company must be registered in Denmark and must have an account with a bank that • access to the Company’s servers and participates in the Sum clearing access to data
Accepting Dankort • stock, if any
The Company may not refuse to accept • that any required licenses are in Dankort with reference to the issuer’s or the place Cardholder’s identity. • business procedures, etc. All payments must be completed in Danish kroner. • compliance with all security requirements, etc. The transaction amount must not be rounded off. Costs incurred in connection with inspection shall be borne by the Company. Credit and risk assessment Based on the risk assessment, Nets may Nets reserves the right at all times to credit- terminate the Agreement or demand a bank assess and risk-assess the Company, the guarantee or other collateral on terms set by owners of the Company, the authorised Nets. signatories and the management, including obtaining solvency information from the Requirements for equipment, Company’s bank, reviewing its financial software, etc. statements, etc., as well as searching various payment registers. The Company may only use equipment – payment terminals and payment solutions – The Company is obliged to inform its owners, approved by Nets for receiving Dankort board members, management team payments. The equipment must be installed members and authorised signatories that in accordance with this Agreement and the they may be included in a risk assessment of rules laid down by the supplier.
Dankort May 2018 Page 7 of 34
The Company must always use an approved the Company’s systems with the consequent software version on its technical equipment. risk of compromising Dankort data.
Information about suppliers whose payment External suppliers terminals, payment solutions and software versions, etc., have been tested and The Company must inform Nets of any approved, can be found at dankort.dk external supplier(s), e.g., web hotel, Payment Service Provider (PSP) or similar, Security requirements processing Dankort data or for any other reason having access to the Company’s The Company must meet the safety Dankort data. The Company must also requirements applicable to the Payment communicate any changes in the use of solution. To the extent that the Company external suppliers, cf. section 4.4. and/or its external suppliers process – including transmitting or storing – Dankort The Company is liable for any and all actions data, the Company must ensure compliance or omissions on the part of any external with the security requirements in force from suppliers and may only use external suppliers time to time, including PCI DSS. who comply with the security requirements specified by Nets in section 4.5. The following data may never be stored: Nets is not liable for the services of the • CVV: Card Verification Value in the Company’s external suppliers, and the magnetic stripe Company’s relationship with its external suppliers is not the concern of Nets. • CVV2: Card Verification Value printed
on the back of the card in or close to Retention period applicable to the signature panel card and Transaction data
• iCVV: Card Verification Value In consideration of Cardholder disputes, etc., incorporated into the chip the Company must retain transaction documentation, including signed vouchers, • PVV: PIN Verification Value, for 20 months from the date of Payment. incorporated into the magnetic stripe
Storage requirements also apply if the The Company must pay its own costs Company has ceased trading. incidental to meeting the security requirements, including PCI DSS, any review Once the retention period has expired, the of the Company’s systems and procedures, transaction documentation/memoranda must scanning, etc. be suitably destroyed, cf. PCI DSS, in such a manner that unauthorised parties are unable The Company must notify Nets immediately if to gain access to the data contained in the there has been any unauthorised access to documentation. Any media, such as hard
Dankort May 2018 Page 8 of 34
disks, floppy disks and magnetic tapes, Upon entering into this Agreement, the containing Transaction data must be erased, Company undertakes always to use Dankort overwritten (a minimum of eight times) or trademarks in accordance with Nets’ destroyed before the equipment can be instructions. transferred or discarded. The Company may not: Use of and rights to trademarks • use the trademarks as part of the All rights toDankort trademarks, including name of the Company or the copyrights, the right to the trademark and description of the Company any other rights, belong to Nets. Any and all rights derived from the Company’s use of • use trademarks that may be confused Dankort trademarks will be deemed to belong with Dankort trademarks to Nets and any derived rights shall be • modify the trademarks or combine promptly transferred to Nets when required. the trademarks with other words or
In entering into the present Agreement, the symbols. Company shall be entitled to use Dankort At the request of Nets, the Company shall trademarks in accordance with the provisions make all relevant material from Company of the Agreement. This right is inherent in the websites where the trademarks are used, Agreement and may not be transferred to available to Nets together with copies of other parties in whole or in part. printed matter or other marketing material
At the Point of sale, the Company shall containing the trademarks. Nets’ display clear signs using Dankort trademarks representatives must be granted access to (logos). the Company’s locations within normal working hours to determine whether the The trademarks must always be displayed in material in question conforms to this the correct, original design. Cards depicted in Agreement. marketing material may not contain a valid card number or card issuer name. If Nets finds material that is not in compliance with this Agreement, Nets shall The trademarks can be found at and be entitled to reject any further use of the downloaded from dankort.dk material in question.
The Company may use the trademarks in Use of the trademarks may not infringe Nets’ connection with marketing of goods and rights to the trademark and may not create services that can be paid for by Dankort the impression that goods and services are under this Agreement. sponsored, produced, offered, sold or in any other way supported by Nets. The trademarks may not be used for any other purpose. Additional rules and requirements for the use
Dankort May 2018 Page 9 of 34
of Dankort trademarks covered by this Nets with the application for a merchant Agreement may apply to individual Payment agreement or as stated in the merchant solutions. agreement itself; in this connection, the Company must provide Nets with written Beyond the right of use described above, the notice of changes in: Company is not granted any other rights to Dankort trademarks. • The ownership of the Company or control of the Company Unauthorised use of the trademarks • The ownership of 25 % or more of The Company must notify Nets of any and all the Company or of the Company’s unauthorised use of the trademarks. In such share capital situations, the Company is obliged to provide relevant assistance to Nets, including • The Company’s management as well documentation, etc., free of charge. as authorised signatories
The Company may not on its own initiative • The Company’s corporate form (e.g. take steps to counter any third party’s a change from a sole proprietorship unauthorised use of the trademarks. to a private limited company)
Registration • Tthe Company’s industry
The Company may not apply for registration • Address, e-mail address, telephone of the trademarks or any similar trademarks. number, bank account number, website address (URL) The Company may not register this Agreement in any official register without • Use of external suppliers for Nets’ prior written acceptance. Payments.
Termination of the Agreement The Company must also notify Nets if the Company wishes to stop accepting Dankort On cessation of the Agreement, the Company payments, if it is making significant changes shall refrain from any and all use of the to its product range or its payment and trademarks, including signage, advertising delivery terms in connection with purchases online or in other media, or in any other type via the Internet, mail and phone orders or of marketing. subscriptions.
Changes in the Company’s Changes in the Company’s affairs may result circumstances in Nets undertaking a new risk assessment of the company. The Company must issue written notice of any change in the circumstances reported to
Dankort May 2018 Page 10 of 34
5. PAYMENT GUARANTEE procedure replaces.
Nets warrants to the Company that If the Cardholder raises a dispute about a transactions completed by connection to Nets transaction, or if there are insufficient funds (online payment transactions) covered by this for the transaction on the Cardholder’s Agreement will be honoured up to the account, the amount exceeding the payment following amounts: guarantee may be debited directly from the Company’s bank account. • chip and PIN code used: DKK 4,000 If the Payment is divided into two or more • chip and signature used: DKK 1,500. Payments (serial transactions), the guarantee limits remain unchanged in respect of the • chip is used in cardholder-activated combined Payment. terminals (CAT) without a PIN code in
connection with insufficient funds in The above-mentioned payment guarantees an account: DKK 1,000 do not apply if:
• chip is used in cardholder-activated • The Company knew or should have terminals (CAT) without a PIN code known that the Cardholder was not for amounts up to DKK 350: DKK 350 entitled to use the card.
• Internet Payments where there are • The Company did not complete the insufficient funds in the account: transaction in accordance with the DKK 2,000 Agreement, including attempting to have Payments honoured by Nets • Payments via mail and phone order under this Agreement where such where there are insufficient funds in transactions originate from the the account: DKK 1,000 Cardholder’s purchases from other companies. • Contactless Payments without PIN code for amounts up to DKK 350: • The card issuer/Cardholder disputes DKK 350 the Payment, cf. section 6.
• Contactless Payments with a PIN: • The Payment transaction exceeds the DKK 4,000 amount accepted by the Cardholder
If Nets sends notification of technical The Company has not submitted the problems as a result of errors in Nets’ central transaction for settlement with Nets systems, and the Company uses an approved before expiry of the deadline, cf. emergency procedure, Nets provides a section 8 payment guarantee in accordance with the rules for the solution that the emergency
Dankort May 2018 Page 11 of 34
• The Company has received a the Cardholder claims that, in connection Payment that was not registered as with purchases of goods and services through active with Nets at the time of distance selling: payment. 1. The card transaction exceeds the amount • The Company provides debt collection accepted by the Cardholder, or services. 2. the goods/services ordered were not If the payment guarantee does not apply due delivered, for example, or to the circumstances cited above, the full amount may be debited directly from the 3. the Cardholder or the recipient of the Company’s bank account. product/service in connection with online shopping, mail order or telephone order 6. DISPUTED PAYMENT is making use of a statutory or contractual right of cancellation, Cardholder disputes and the Company has not repaid the disputed If Nets receives a Cardholder dispute amount, Nets may withdraw the amount from regarding a Payment and Nets cannot reject the Company’s bank account. The payment the dispute as unjustified, then Nets may guarantees do not apply to such Cardholder withdraw the amount due, with the addition disputes. of fees, from the Company’s bank account in accordance with the rules below. If there are If Nets receives notification that the insufficient funds in the Company’s bank Cardholder claims that the Cardholder did not account, Nets may invoice the Company. know the exact amount on approval of the Payment, and the Payment exceeds the The Company is under an obligation to amount that the Cardholder could reasonably respond to all disputes from a Cardholder. expect to be deducted, Nets may withdraw the full amount of the transaction from the If Nets receives a Cardholder dispute where Company’s bank account. The payment the Cardholder claims that the Cardholder did guarantees do not apply to such Cardholder not make the Payment, Nets may withdraw disputes. the disputed amount from the Company’s bank account. Nets will only withdraw the The Company’s bank account will be charged portion of the amount that exceeds the immediately upon receipt of the Cardholder relevant payment guarantee. Payment dispute. guarantees applicable only in connection with insufficient funds on the Cardholder’s account The Company must pay a fee to Nets for do not apply to disputes in the matter of the Nets’ processing of justified Cardholder Cardholder not having made the Payment. disputes. The size of the fee is set out in the price list. If Nets receives a Cardholder dispute where
Dankort May 2018 Page 12 of 34
Cardholder disputes may be sent to the If the Company does not submit the Company up to 14 months after the necessary documentation, the payment may transaction was completed. be immediately withdrawn from the Company’s bank account. Documentation of Cardholder disputes If, on the basis of a request for documentation of a payment, the Company If the company disagrees with the charge, completes a credit transaction, the Company the Company must contact Nets within 30 must inform Nets to this effect within the days with documentation showing the basis time limit specified above. for refuting the Cardholder dispute. 8. USE AND SUBMISSION OF DANKORT If Nets requests documentation of the DATA/TRANSACTION DATA payment, the Company must deliver this to Nets by the expiry of the time limit stated in The Company may only use Dankort data to the request (7–14 calendar days). If, on the complete Payments. Therefore, Dankort basis of this documentation, Nets is able to and/or Dankort data must not be used for reject the Cardholder dispute, the amount identification of customers in connection with will be recredited to the Company’s bank access control, etc. account. The Company may only submit Transaction If the Company fails to provide the data to Nets originating from Payments documentation as stated in the request, Nets completed by the Company and may not can uphold the Chargeback. assign Dankort data, including vouchers, to a third party. Nets is under no obligation to provide the Company with documentation of the The Company warrants that the Transaction Cardholder dispute. data submitted to Nets is genuine and correct. 7. DOCUMENTATION OF PAYMENT The Company must submit Transaction data At Nets’ request, the Company shall provide to Nets as quickly as possible. Transaction documentary evidence of payment, such as a data must be in Nets’ possession no later copy of a receipt, a rental contract for car than the seventh calendar day after the rental, a subscription agreement, etc., transaction date. However, the Company may forming the basis of the payment. not submit Transaction data to Nets for settlement until the goods/services have The Company must deliver the been dispatched or delivered to the documentation to Nets by the expiry of the Cardholder or the Cardholder’s designated time limit set out in Nets’ request for recipient. documentation (7–14 calendar days).
Nets may refuse to process, or honour
Dankort May 2018 Page 13 of 34
Payments submitted after expiry of the time In this connection, Nets may choose to limit. suspend or terminate the Agreement.
It is the Company’s responsibility to ensure If excessive numbers of Chargebacks that transactions are submitted to Nets, and attributable to the Company lead to extra that transactions are submitted in accordance costs for Nets, Nets reserves the right to re- with the time limits. invoice the costs to the Company.
The Company may not pass on Transaction 10. RECEIPT data to other parties unless this is necessary for the purpose of correcting Payments, for The Cardholder is entitled to a Receipt for law enforcement purposes or in response to any Payment. The Company must other legislation. provide/send a Receipt to the Cardholder when the Payment is completed. If, in the Costs relating to control request and event of a fault, the terminal cannot print a submission of Transaction data between Nets Receipt, the Company must send a receipt if and the Company shall be paid by the the Cardholder asks for one. Company. The Receipt must include the Company 9. MONITORING, FRAUD, ETC. name, the place of the transaction and contact information. Nets monitors the control requests and Payments received by Nets from the Subject to a separate agreement with Nets, a Company, including the number of Receipt may be omitted for transactions Chargebacks and instances of crediting. In where the amount is limited in cardholder- addition, Nets monitors any Payments activated terminals (CAT) without a PIN code. reported as fraud, whether or not the amount has been returned from the Company’s 11. CANCELLATION OF A PAYMENT account. If a Payment was a mistake, the Company
Nets will contact the Company if there are must cancel the Payment, if possible. If any significant deviations in the number of cancellation is not possible, the Company control requests, Chargebacks, instances of must complete a credit transaction. If this crediting, etc., compared to the norm for the cannot be done, the Company must contact Company or for the sector to which it Nets. belongs, or if Nets for any other reason The Company must hand over/submit a suspects card fraud. If Nets deems it receipt for the credit transaction to the necessary, Nets will require the Company to Cardholder. take appropriate steps to help reduce the number of Chargebacks, instances of crediting, etc.
Dankort May 2018 Page 14 of 34
12. RETURNS charges for online shopping and justifiable Cardholder disputes, will be withdrawn If the Cardholder or recipient of the directly from the Company’s bank account. goods/service exercises a statutory right of cancellation for sales online, mail order or The Company is under an obligation to telephone orders, or if the Cardholder continuously reconcile transactions to ensure exercises any other agreed right of they are in accordance with the amounts cancellation, the Company must complete a settled from Nets. credit transaction or otherwise recompense the Cardholder for the amount pursuant to Nets may withhold a settlement until required written agreement with Nets. collateral has been established.
13. PRICES Notification
Prices are stated on the price list, available at All Notification of payment transactions will dankort.dk. appear on the account statement from the Company’s bank. 14. SETTLEMENT, PAYMENT AND NOTIFICATION Both single items and bundles are shown on the account statement with a distinct Settlement and payment reference number, either in the form of an order number (Internet) or the bundle Payment transactions will be settled directly number generated by the terminal. into the Company’s bank account. Information on the deduction of annual Settlement is in batches (bundles) or as subscriptions for physical companies is also single items (per transaction). The settlement shown on the account statement. method used depends on the setup of the Payment solution. As a general rule, online Notification of charges that the Company shopping purchases must always be single must pay in connection with online shopping, items, while other transactions will be settled etc., or withdrawals resulting from any as one or more batches (bundles). justified Cardholder disputes will be submitted separately to the Company. Settlement is in Danish kroner. 15. RESPONSIBILITY Transactions submitted to Nets in a timely manner will normally show on the Company’s Nets will under no circumstances be liable for bank account on the first business day after any specific, indirect or incidental loss, Nets received the transaction. operating losses, consequential damages, claims by third parties and/or lost data, The amount the Company must pay to Nets, profits, revenue, customers, goodwill or including, for example, annual subscription, interest.
Dankort May 2018 Page 15 of 34
Even in those areas in which stricter liability • legislation holds Nets liable for the applies, Nets is not liable for losses due to circumstance that caused the loss. the following: Unless otherwise established in section 5, • Breakdown of, or lack of access to, IT Nets is not responsible for losses resulting systems or damage to data in these from the Cardholder’s or anyone else’s systems due to any of the factors unauthorised use of the cards covered by the listed below, regardless of whether Agreement. the bank itself or a third-party supplier is responsible for the Notwithstanding the foregoing and without operation of these systems thereby limiting liability, the Company will indemnify Nets for any losses or claims, • Failure of Nets’ power supply or a including claims for damages, and for any breakdown of Nets’ complaints, legal proceedings or expenses telecommunications, legislative or (including, within reasonable limits, lawyers’ administrative intervention, natural fees) as a result of the Company’s breach of disasters, war, revolution, civil and/or failure to comply with the Agreement unrest, sabotage, terrorism or and/or all relevant regulations and legislation vandalism (including computer virus applicable to the Company. The foregoing attacks or hacking) applies irrespective of the Agreement coming to an end. • Strikes, lockouts, boycotts or picketing, regardless of whether the 16. CHANGE IN PRICES OR conflict is directed against, or was REGULATIONS started by, Nets itself or its organisation, and regardless of the Nets may vary the Agreement at one month’s cause. This also applies if the conflict notice. Any changes that are not affects only part of Nets unfavourable to the Company may take place without notice. • other circumstances beyond Nets’ control. The Agreement may be varied at shorter notice or without notice if the change is due Nets’ exemption from liability does not apply to changes in legislation, requirements from if: public authorities or for safety reasons.
• Nets ought to have foreseen the Notice may be issued by e-mail. The circumstances that have caused the Company is obliged to provide Nets with an loss when the Agreement was e-mail address to which such notice can be entered into, or where Nets ought to sent. The Company is obliged to inform Nets have avoided or overcome the cause of any changes to the Company’s e-mail of the loss address, and the Company assumes responsibility for the Company’s non-receipt
Dankort May 2018 Page 16 of 34
of a notice of contractual change in the event 18. TERMINATION OF THE AGREEMENT that the Company has failed to inform Nets of a change in its e-mail address. The Company and Nets can terminate the Agreement by giving one month’s notice in In the event that changes unfavourable to writing. Any prepaid annual fee will not be the Company are made to the Agreement, refunded. these are considered to have been approved unless the Company, acting prior to the date The rules for settlement upon expiry of of the change’s entry into force, informs Nets Agreements to accept the Dankort in Card that the Company does not wish to be Present transactions are set out in the price subject to the new terms of contract. list.
If the Company indicates that it does not Nets may terminate the Agreement with wish to be subject to the new terms of immediate effect if: contract, the Agreement is considered to • At the time of entering into the have ended on the date on which the new Agreement, the Company gave conditions enter into force. inaccurate or incomplete information,
The current version of these terms at any e.g. concerning the Company or the time can be found at dankort.dk. sector with which it is associated, or
17. ASSIGNMENT, ALIENATION, ETC. • After entering into the Agreement, the Company has failed to give Nets may assign the Agreement to a details of changes. Company within the Nets Group or to a third party if Nets divests the activities covered by • The Company is in material breach of the Agreement to that third party, whether in the Agreement, e.g. failure to comply part or in whole. In such a case, the with security requirements, or Agreement will continue unchanged with the • The Agreement has not been used for new owner as the contracting party. six months, or
The Company cannot assign rights or • The Company has been transferred to obligations in relation to the Agreement to a new owner, or there is a change of others. control of the Company, or
The Company may not assign the right to • The Company is repeatedly in breach accept Payment under this Agreement to any of the Agreement and such breach other party or grant any kind of transport or has not been remedied by the collateral in payments. Company by the deadline stated by Nets in a written demand, or
Dankort May 2018 Page 17 of 34
• The number of disputes in which the and without payment guarantees for any Company is involved is Payments made by the Company after expiry disproportionately large, cf. section 9, of the Agreement, as well as for any and all or charges and other costs attributable to the Company’s completion of Dankort payments • The number of credit transactions after expiry of the Agreement. that Nets receives from the Company is disproportionately large, cf. In the event of termination, rescission or section 9, or cessation by any other means, pursuant to the Agreement, Nets can require a • The Company fails to respond to performance bond to be furnished, or can Nets’ request for information or fails withhold an appropriate proportion of the to take the necessary precautions, cf. transaction amounts to cover any Chargeback section 9, where fraud is suspected, demands from the card issuers/Cardholders. or The amount of collateral will be determined by Nets. Nets may refrain from settling • The Company risk assessment is transactions submitted until the performance unsatisfactory, or bond is in place.
• The Company is declared insolvent, If the Company is declared insolvent or has a debt restructuring order enters into suspension of payments, Nets can imposed, comes under compulsory refrain from settling submitted transactions composition or a similar debt until the estate has entered into the settlement scheme, unless in Agreement, or the supervising official has accordance with the rules of the consented to the continuation of the Insolvency Act the estate in Agreement, and, if relevant, until a liquidation is entitled to enter into the performance bond has been furnished to Agreement and opts to do so. At Nets. Nets’ request, the estate shall be
required to make a decision within 24 19. DATA PROTECTION hours concerning whether to enter into the Agreement, cf. Section 55(2) Personal data of individuals related to The of the Insolvency Act. Company (contact persons, etc.) will be processed by Nets as data controller i) in Even if the Agreement has expired or been order to provide the services and fulfil the terminated, it remains valid in respect of obligations under the agreement, ii) for outstanding claims at the time of cessation of making customer analyses and business the Agreement. follow-up, iii) for making business and methods development as well as carrying out After expiry or termination of the Agreement, risk assessment and management and iv) for the Company may not complete Dankort marketing purposes of Nets group companies transactions. The Company is liable in full
Dankort May 2018 Page 18 of 34
towards The Company. information by law, regulation or a decision taken by public authority, or where the information in question is already publicly available and this fact cannot be attributed to The personal data include details of contact the other party’s breach of contract. persons processed for the purposes of onboarding, support, etc., personal data Nets is entitled to disclose information about processed as part of AML measures or due to the Company to technical subcontractors and other legal requirements. The Company other companies, provided that such accepts an obligation to inform its employees disclosure is required in order for Nets to fulfil and other representatives about the its obligations under the Agreement. disclosure, etc. of personal data to Nets as part of the agreement for the above The Company gives its consent for Nets to purposes. disclose information about the Company (such as contact details, information relating Personal data of individuals who are to the Agreement and information about the customers of The Company will also be Company’s business relationship with Nets) processed by Nets as data controller. The to other companies in the same corporate personal data include transaction data, group as Nets for use in e.g. intra-group including card and other payment data. reporting, marketing, and in group companies’ sale of products and services. A Personal data may also be processed by list of the companies that are in the same other companies in the Nets group and other corporate group as Nets is published at companies with which the group co-operates nets.eu/dk. in its operations for the purpose of this
Agreement, both within and outside the 21. APPLICABLE LAW AND EU/EEA. JURISDICTION
Further information about the processing of The Agreement is subject to Danish law. Any personal data by Nets and a list of the disagreements arising between the parties companies that are in the same group as that cannot be resolved through negotiation Nets can also be found on Nets’ website. may be brought before the Danish courts.
20. DUTY OF CONFIDENTIALITY AND 22. SUPERVISION DISCLOSURE OF INFORMATION Nets is under the supervision of the Danish The parties are obliged to treat all FSA, and is registered in its register under FT information relating to the contractual no. 22002. Complaints concerning Nets as a relationship between the Company and Nets payment institution may be submitted to the as confidential. The duty of confidentiality Danish FSA using the contact form on the applies unless otherwise agreed and in cases Authority’s website. For any other where a party is required to disclose such extrajudicial complaint and indemnity
Dankort May 2018 Page 19 of 34
procedures, please refer to dankort.dk. approved terminals.
23. SPECIAL TERMS AND CONDITIONS Payments in Card Present transactions FOR CARD PRESENT TRANSACTIONS require the Company to have a terminal approved for the purpose by Nets. It is not The terms of this section apply only to permissible to use terminals for payments not acceptance of Dankort in Card Present approved by Nets. transactions. The General Terms and Conditions also apply. In case of conflict In Card Present transactions, it is not allowed between the General Terms and Conditions to enter a card number or any other and the terms laid down in this section, the information into a Payment solution unless terms of this section will take precedence. this is done in connection with a procedure specifically approved in writing by Nets, e.g. Dankort checks, fraud as an emergency procedure; cf. section 6. prevention, etc. If the terminal has a chip reader, the chip on If, in connection with a Payment, the Dankort must always be read. If the chip Company is in doubt about the authenticity of does not work, the Company can try to the card, or whether the Cardholder complete a magnetic-strip transaction if the personally is the user of the card, the card allows this. Follow of the instructions on Company must check the card and look for the terminal. the following when checking the card: Follow the terminal user guide from the • Whether attempts have been made to terminal supplier for detailed rules regarding change the embossing (card number, the terminal and its use. expiry date and name) Terminal set-up requirements • Whether the signature is clear To enable the Cardholder to ensure that the • Whether the printed background on PIN code cannot be stolen during entry, as the signature strip is undamaged well as to give the Cardholder the best accessibility, the Company must proceed as • Whether the hologram appears follows when setting up PIN code enabled genuine terminals:
• Whether the card has a chip. Location of the customer component:
Requirements for terminals • The customer component (PIN entry unit) must be placed where the The Company may only use terminals that customer can get up close to the have been approved by Nets to accept customer component Payments. See dankort.dk for information on
Dankort May 2018 Page 20 of 34
• The customer must be easily able to • If the card is declined, the Payment shield the terminal with his/her hand may not be completed. Follow the or body while entering the PIN code instructions on the terminal display
• Terminals must be positioned 80–125 • Ask the Cardholder to present cm from the floor documentation of ID if there is any doubt as to whether the Cardholder is • The customer component may not be the owner of the Dankort being used placed where others can steal the PIN code, e.g. using mirrors, video • For signature transactions, ensure cameras or other aspects of the that the Cardholder’s signature on surrounding environment receipts matches the signature on the card • The terminal must not be modified, and the keypad shield must not be • For signature transactions, the removed, for example Company must check that the date and amount on the receipt are • If there are signs that the terminal correct, that the digits of the card has been tampered with, the number shown on the receipt are Company must immediately contact identical to any card number Nets. embossed or printed on the card
Completing transactions • if the terminal shows a code that means that the card must be All transactions must be completed online retained, the Company must refuse unless the Company has agreed otherwise in to accept the card as a means of writing with Nets, or in the case of payment. If possible, confiscate the emergency procedures. card. Confiscated cards must be handed over to a bank. The following must be observed for completing transactions using the terminal: Emergency procedure
An emergency procedure is to be used in • The total transaction amount must be cases where the terminal cannot complete entered on the terminal online transactions with Nets because Nets has issued notification of technical problems, • If there is any doubt as to the or the terminal’s phone connection is not authenticity of the card, the card can working. be examined, and/or Nets can be contacted The Company can use the terminal’s offline or enter function to complete the transaction with a physical Dankort. It is not possible to
Dankort May 2018 Page 21 of 34
apply the emergency procedures for • Destroy the Receipt, cancel the transactions made by Dankort on Your purchase on the terminal and ask the Mobile. For further information, please refer customer to use a different means of to the terminal instructions. payment if there is still uncertainty as to whether it is the right Cardholder When, as part of the emergency procedure, who is using the card the Company completes a signature transaction, the Company must proceed as • If the card has been blocked or if a follows: control code is unobtainable for any other reason, the transaction may not • Check that the card is valid, i.e. that be completed the expiry date has not passed. If the card is not valid, the transaction must • Refuse to accept the card as a means not be completed. of payment if the company is asked to confiscate the card. If possible, • Call Nets on tel. +45 44 89 21 80 to confiscate the card. Confiscated cards find out whether the card is active. must be handed over to a bank. The Company will receive a verification code if the card is active Note that the Company’s terminal may be restricted to a maximum offline transaction • Enter the amount on the terminal in amount. the usual way 24. SPECIAL TERMS FOR CARDHOLDER- • Enter the verification code on the ACTIVATED TERMINALS (CAT) terminal The terms of this section apply only to • Ask the Cardholder to sign the cardholder-activated terminals (CAT). The Receipt General Terms and Conditions also apply. In case of conflict between the General Terms • Check that the signature on the and Conditions and the terms laid down in Receipt matches the signature on the this section, the terms of this section will take card precedence.
• Give the card and a copy of the Vending machine requirements Receipt to the Cardholder
The Company may only install cardholder- • Ask the Cardholder to present activated terminals (CAT) approved by Nets documentation of ID if there is any with an approved chip reader and PIN doubt as to whether it is the right keypad, unless otherwise agreed in writing Cardholder who is using the card with Nets.
The Company’s procedures for accepting
Dankort May 2018 Page 22 of 34
Payments must be approved by Nets before Receipt the solution is adopted. Operating instructions for the vending machine must be The vending machine must incorporate a approved by Nets. It must be made clear to function to allow the Cardholder to choose the Cardholder how to use the vending whether a Receipt is wanted. If the machine. Cardholder wants a Receipt, a Receipt must be printed. The Receipt must include the All transactions must be completed online company name, the place of the transaction with Nets, unless otherwise agreed in writing and contact information. with Nets. If the machine is faulty and cannot print a The cardholder-activated terminals (CAT) Receipt, this must be made clear to the may not be used to pay out cash, negotiable Cardholder. In such a situation, the Company coupons, or similar that can be converted must provide an alternative or send a Receipt into cash later if the Cardholder requests this.
23.1.1. Special requirements for cardholder- By agreement with Nets, a Ceceipt may be activated terminals (CAT) without PIN code omitted for minor payments using cardholder-activated terminals (CAT) without On application, Nets may allow Payment to PIN. be effected without the use of a PIN code, e.g. for bridges and parking. For cardholder- The price must be made clear to the activated terminals (CAT) without a PIN Cardholder, either in the display or from price keypad, a maximum per transaction is set for information on the product itself. each terminal type, specified in the merchant agreement. Security requirements
23.1.2. Special requirements for cardholder- In addition to the security requirements activated terminals (CAT) with PIN code described in PCI DSS, the following requirements also apply to cardholder- The terminal must be inspected daily on all activated terminals (CAT) operated by the weekdays. The terminal must be checked for Cardholder: any unauthorised modifications on the front. If the PIN guard is missing, the terminal may • Only suitably trained personnel may not be used until the guard is back in place. have access to card readers and PIN units. The inspection may not take place at the same time every day. A log must be kept of • Access to the following must be when the individual terminal has been administered particularly restrictively: inspected. Nets must be contacted • Access to the card reader and PIN immediately if the terminal has been modified unit of the terminal in any way.
Dankort May 2018 Page 23 of 34
• Authorisation to run reconstructed and re-transmitted for programs/systems up to five banking days after delivery of transactions to Nets • Codes/keys to the terminal must be stored securely and may only be 25. SPECIAL TERMS AND CONDITIONS given out to authorised personnel FOR CARD NOT PRESENT TRANSACTIONS; ONLINE SHOPPING, • The terminal cabinet must be kept MAIL AND PHONE ORDER locked at all times, even when the terminal is not in use. The terminal The terms of this section apply only to Card may not be operable while the not Present transactions, accepting Dankort cabinet is open on websites and mail and phone orders. The General Terms and Conditions also apply. In • The Company may not modify the case of conflict between the General Terms physical functions of the terminal, and Conditions and the terms laid down in e.g. by removing the PIN protection this section, the terms of this section will take shield. The customer component precedence. must not be placed where others have the opportunity to steal the PIN General requirements code, e.g. using mirrors, video cameras, stairways or other aspects The Company must use a solution approved of the surrounding environment by Nets to complete Dankort Payments, and must generally use a hosted solution, i.e. • The Company must constantly where only the payment service provider monitor alerts from the terminals and (PSP) has access to process Dankort data. must secure the terminals against inadvertent access or attempts to Internet “break in”, etc. The Company must 24.2.1. Requirements regarding the Company prepare procedures to secure the website handling of any irregularities
As a minimum, the following information • In the event of signs of a break-in at must be displayed on the Company website: the terminal, the Company must contact Nets immediately. • The Company’s name, CVR number and address • The Company must prepare reconciliation procedures to ensure • E-mail address and telephone number that the correct number of for customer service or similar transactions are delivered to Nets for settlement. The Company must also establish back-up procedures to ensure that data can be
Dankort May 2018 Page 24 of 34
• Description of the goods/services the accepting the terms and conditions of sale Company sells (including prices, including shipment. The box may not be pre- taxes and duties) ticked.
• Terms and conditions of delivery The Company’s website may not give the (including rules concerning the Cardholder the opportunity to enter the card Cardholder’s right of cancellation) PIN code or any other Dankort data without and shipment costs encryption. The Cardholder may not be able to submit orders containing Dankort data via • The fact that Cardholders can pay by e-mail, unless in encrypted form. If this is Dankort used, the encryption method must be approved by Nets. • The trademarks of Dankort. The
trademarks must also be displayed 24.2.2. Order acceptance where the Cardholder can choose payment methods. Before the Cardholder accepts the order, the following information must be displayed on • Transaction currency (must always be the screen, as a minimum requirement: Danish kroner) • A clear description and the price of • Any export restrictions. the individual goods/services the Cardholder has ordered The Company website must also contain a function to enable the Cardholder to enter • The total amount the Cardholder his/her CVV code (typically three digits on the must pay (including specification of reverse of the card, either on the signature any taxes/duties, shipment costs and strip or directly beside it). other charges)
The Company shall at all times comply with • Transaction currency (must be Danish applicable legislation, including, for example, kroner) the Consumer Contracts Act, the e- Commerce Act and the Marketing Practices • The fact that payment is to be by Act, as well as the Consumer Ombudsman’s Dankort guidelines. • Estimated delivery date The Cardholder must actively express the Cardholder’s acceptance of the Company’s • Terms and conditions of delivery, terms and conditions of sale and supply including rules on the Cardholder’s before Payment is made. This could be done, right to cancel for example, by the Cardholder ticking a box • Name of the recipient of the on the Company’s website, where it is clearly goods/service stated that the Cardholder is thereby
Dankort May 2018 Page 25 of 34
• Delivery address Codes received with a Cardholder’s order once the payment has been controlled. In the 24.2.3. Procedure for paying with Dankort case of late deliveries, part deliveries and subscriptions, CVV Codes will only be sent The following procedure must be followed in with the first request. connection with a payment transaction on the
Internet: If the Company is unable to deliver the goods ordered by the Cardholder within just a few • The Cardholder places an order and days after the order was placed, or if the enters the required information for delivery is to be divided into several part use in completing the payment deliveries, follow the procedure below: transaction
• Send the control request to Nets at • Card number DKK 0 to check the card and the CVV Code • Expiry date
• When the Company is ready to send • CVV Code the product or a part delivery, the Company must send a request to Aquery will be sent to Nets with a Nets for the full amount of the order view to approval of the transaction (not just the amount corresponding and the Company will receive the to the part delivery) reply: approved or rejected
• The transaction will then be • Depending on the amount involved, forwarded (as the amount the Cardholder will be asked to verify corresponding to the goods delivered) the purchase using Dankort Secured for settlement with Nets by Nets
• If there is a part delivery, at the time • If the card has been blocked or the of the next delivery, the Company transaction cannot be approved – the must submit a request to Nets for answer is “rejected” – the Payment DKK 0 and subsequently send a may not under any circumstances be transaction for settlement completed. (corresponding to the amount the of
Data must be entered in an encrypted goods supplied) session. • Repeat this procedure until the order
If the CVV Code is not correct, Nets may has been fulfilled. reject the transaction. The Company must ensure that the
CVV Codes may never be stored, and the Company’s payment service provider (PSP) Company must therefore delete any CVV complies with Nets’ requirements for
Dankort May 2018 Page 26 of 34
completion of Payments via the Internet 24.2.5 Submission using Dankort. Transactions must be submitted electronically Dankort Secured by Nets must be used for to Nets as quickly as possible; however, no Internet payments completed after January earlier than when the product/service will be 2017. The Company is responsible for sent. ensuring that the Company’s PSP uses Dankort Secured by Nets. The Transaction data must arrive at Nets no later than seven calendar days after the date 24.2.4. Order confirmation/receipt of delivery.
The electronic Receipt to the Cardholder must Mail and phone order include at least the following information: If the Company sells via mail and phone • Company name order, the Company must use a Payment solution approved by Nets for submitting • Company e-mail address payment transactions.
• Description of the goods/services If the Company offers Recurrent payments, ordered the Company must also comply with the rules in section 27.1.1. • Order number/transaction number
24.3.1 Order voucher requirement for use • Transaction date with mail order
• Transaction amount An order voucher for use with mail order must contain the following fields (apart from • Transaction currency (must be Danish Company name, address, etc.), which the kroner) Cardholder must fill in when placing the order: • Transaction type (debit/credit)
• Cardholder’s name • Delivery date
• Cardholder’s address • Any parts of a card number (truncated) • Cardholder’s telephone number
• The fact that payment transaction • Card type has been completed (if this is a receipt). • Card number
The amount may not exceed the amount the • Card expiry date/valid from date Cardholder agreed to.
Dankort May 2018 Page 27 of 34
• CVV code addition, the order voucher must not be sent as an open postcard where Dankort data can • Quantity and type of each be read but must be sent in a sealed item/service ordered envelope.
• Amount to pay for each item/service 24.3.2 Requirements for telephone orders, ordered including order confirmation
• Transaction currency (must be Danish When the Cardholder places an order by kroner) telephone, the Company must give the Cardholder all the information about the • Shipment costs, if any goods the Cardholder is buying, including postage costs and other charges. • Total amount
For the purpose of completing the • Recipient of the goods/service (if transaction, the Company must ask the someone other than the Cardholder) Cardholder for the following information as a minimum: • Delivery address (if different from the Cardholder’s) • Card type
• Date • Card number
• Signature. • Card expiry date/valid from date
The CVV code may not be stored, and • CVV code accordingly the Company must delete/destroy any CVV code that the The CVV code may not be stored, and Company has received with the Cardholder’s accordingly the Company must order once the card payment has been delete/destroy any CVV codes that the approved. Company has received with the Cardholder’s order once the card payment has been Rules concerning the Cardholder’s right to authorised. cancel must furthermore be stated on the order voucher. If the goods cannot be delivered/the service cannot be rendered immediately, the The order voucher must be approved by Nets Company must send the cardholder an order before it is adopted. confirmation. The order confirmation is to be sent to the Cardholder’s address and must There may not be any way for the Cardholder include information about: to send any order vouchers containing Dankort data by e-mail or via another network, unless in an encrypted form. In
Dankort May 2018 Page 28 of 34
• The fact that payment is to be by agreement with Nets; cf. the Dankort merchant agreement
• Card type • If the card has been blocked or the transaction cannot be approved, Nets • Parts of the card number (truncated) will notify the Company to this effect, and the transaction is not allowed to • Amount be completed
• Transaction currency (must be Danish • If the CVV code is not provided or is kroner) incorrect, the transaction must be rejected. • Shipment costs, if any
24.3.4 Receipts for mail orders and • That if goods are to be sent telephone orders to/services are to be delivered at an address other than the Cardholder’s The Company must submit an invoice/Receipt home address, the Company must to the Cardholder no later than at the time of likewise send the order confirmation delivering the transaction to Nets. The to the Cardholder’s home address invoice/Receipt must, as a minimum, include the following information: • If the amount cannot be determined in advance and therefore cannot be • Date of dispatch of the ordered shown on the order confirmation, the goods/services Company carries the burden of proof
for demonstrating that the • Transaction amount Cardholder has given sufficient authority for the transaction to • Transaction currency (must be Danish proceed. kroner)
24.3.3 Procedure • Card type
When a Cardholder has placed an order by • Parts of card number (truncated). mail or phone order, and the product is ready to be shipped, the Company must follow the 24.3.5 Submission procedure below: Transactions must be submitted electronically
• The Company must verify the card to Nets as quickly as possible; however, no electronically via the Company’s earlier than when the product/service is terminal or payment solution, on delivered. phone +45 44 89 21 80 or in The Transaction data must arrive at Nets no accordance with a separate later than seven calendar days after the date
Dankort May 2018 Page 29 of 34
of sending. The thresholds in effect from time to time may be found at dankort.dk. 26. SPECIAL TERMS AND CONDITIONS FOR CONTACTLESS PAYMENTS 27. SPECIAL TERMS FOR CARD ON FILE
The terms of this section apply only to The terms of this section apply to companies accepting Contactless payments via Dankort. that offer Card on file in their webshops or The General Terms and Conditions also apply. app payments. The General Terms and In case of conflict between the General Terms Conditions also apply. In case of conflict and Conditions and the terms laid down in between the General Terms and Conditions this section, the terms of this section will take and the terms laid down in this section, the precedence. terms of this section will take precedence.
General requirements
Requirements for terminals In order to be able to offer Card on file the Company must first have entered into an e- Contactless payments are offered as an commerce agreement as well as be specially additional feature for companies that have approved to offer a Card on file solution. approved payment terminals with Contactless payment functionality. Registration
The Company is responsible for ensuring that The Cardholder must create a username and the technical setup of terminals/contactless password on the Company website. The card readers used for Contactless payments Cardholder must actively give consent for are at all times approved by Nets for use with Dankort data to be retained by the Contactless payments by Dankort. Company’s payment service provider, as well as to the criteria regarding charging the card. Limits on amounts The Company’s supplier of Payment solutions A Cardholder PIN code or signature is not must be PCI DSS-certified, and Dankort data required on completion of Contactless must be processed, stored and transmitted in payments, unless the transaction amount accordance with PCI DSS. The Company must exceeds the applicable threshold, or the ensure that the supplier of Payment solutions number of Contactless transactions without a deletes the stored Dankort data at the PIN code has been reached. Cardholder’s request.
Dankort Payments in excess of the applicable The website where the Cardholder enters limits on amounts must be completed by username and password must use encrypted entering a PIN code. data storage and an encrypted connection (SSL), in order to prevent unauthorised Nets may vary these limits without notice. parties from gaining access to this
Dankort May 2018 Page 30 of 34
information. The Cardholder’s confirmation of Card on file Nets may impose specific requirements regarding the Company’s validation of the When the Cardholder registers and provides Cardholder’s information at the time of personal data (e.g., name, address, e-mail) registration. and card details (card number, expiry date, CVV code), the Cardholder must confirm Password requirements registration via Dankort Secured by Nets, unless otherwise agreed in writing with Nets. The password must consist of a combination of capital and small letters and The individual solution as well as a method of numbers/characters and must be at least verification must be approved by Nets. seven characters long, unless otherwise agreed in writing with Nets. After six failed Changes to cardholder attempts, access must be blocked. information
The password and username may not be If the Cardholder wants to change the identical. information in relation to his/her account or Dankort, the Cardholder must be verified The password may not be the same as any of using the same method as for enrolment, the four most recent passwords used by the unless otherwise agreed in writing with Nets. Cardholder. There may be no facility to “store password” on the site. Storage of customer data
Security requirements The Company must store all customer data, such as usernames and passwords, in a Once the Cardholder has entered the proper manner that prevents Cardholder password, the Cardholder only needs to be accounts or information from being logged on while the browser window is open compromised. or until the Cardholder shuts down the application, after which the Cardholder must The password must be hashed or encrypted. be logged off automatically. Threshold The Cardholder must then log in again. A limit must be configured to limit how long the Nets may introduce payment thresholds for browser window can remain open (timeout), Card on file. up to a maximum of 15 minutes. The Company must ensure that its Payment
Using applications to store passwords is not solutions provider is able to handle such allowed. limits, including implementation of the same.
Nets may vary these limits without notice.
Dankort May 2018 Page 31 of 34
The card terms and conditions in effect from If the Company wants to be able to offer time to time may be found at dankort.dk. Recurrent payments using Dankort, the Company must contact Nets to getapproval Initiation of payment for this. The Company must submit a copy of the terms of Recurrent payments to Nets for The Cardholder must initiate all transactions Nets to assess the possibility to allow the to be implemented via a Card on file solution. Company to offer Recurrent payments.
Receipt The Company must use a Payment solution provider approved by Nets to submit An electronic Receipt must be sent to the Recurrent payments. Cardholder once the purchase has been completed. The Company must notify Nets if the Company ceases to offer Recurrent Review of the Card on file payments. agreement
Requirements governing Nets may carry out a review of the agreement with Cardholder agreement, including the scope of customer enquiries and Chargebacks. If the agreement The Company must enter into an agreement deviates negatively from the assumptions with the Cardholder in which the Cardholder underlying the conclusion of the agreement, expressly accepts that the Company takes the Company must take steps to ensure that Recurrent payments using the Cardholder’s the deviation ceases. Alternatively, the Dankort data. The agreement must include: agreement may be terminated.
• Card number 28. SPECIAL TERMS AND CONDITIONS
FOR RECURRENT PAYMENTS • Card expiry date
The terms of this section apply only to • CVV code Recurrent payments. The General Terms and Conditions also apply. In case of conflict • Information about the criteria for between the General Terms and Conditions completing transactions using the and the terms laid down in this section, the Cardholder’s card number terms of this section will take precedence. • Information about how a Receipt will General requirements be delivered/made available
In order to offer Recurrent payments, the • Information about Cardholder Company must enter into an online shopping responsibility and liability agreement. An option must be provided for non-registered customers to pay using cards.
Dankort May 2018 Page 32 of 34
• Information about the procedure for in place for setting up, renewing and deleting renewing or deleting the card number card details. The procedure for deleting card details must ensure that the details are • Information about the procedure for deleted from the customer register stopping/terminating the subscription immediately after the Cardholder asks for this to be done. • The Cardholder’s acceptance of
customer terms and conditions, 29. SPECIAL TERMS AND CONDITIONS including: FOR DIGITAL WALLET PAYMENTS
o Acceptance of criteria for The terms of this section apply only to Digital completing transactions using the Wallet payments. The General Terms and Cardholder’s card number Conditions also apply. In case of conflict between the General Terms and Conditions o Acceptance of prices. and the terms laid down in this section, the terms of this section will take precedence. The Recurrent payments agreement must either be signed by the Cardholder or General requirements accepted directly on the Company website with subsequent written confirmation to the In order to offer payments via a Digital Cardholder. Terms and conditions and prices Wallet, the Company must have entered into must be accessible to the Cardholder when an online shopping agreement with Nets. signing up and provided at the request of the Cardholder. The Company is responsible for all Cardholder disputes in the same way as with ordinary The Cardholder’s confirmation of Internet transactions. the Recurrent payments agreement In connection with Digital Wallet payments, the Company may not request Dankort data When the Cardholder accepts the Recurrent from the Cardholder. payments agreement, the Cardholder must confirm the conclusion of the agreement via The transaction is settled with the Company Dankort Secured by Nets, unless otherwise by Nets, just like other Internet payments. agreed in writing with Nets. Payment solution requirements Data storage for payments with Digital Wallet
The card’s CVV code may not be logged or The Company must display the payment stored in any other way once the first card trademark and button for the Digital Wallet. payment has been completed. The payment transaction must be initiated by The Company must have a secure procedure the Cardholder using the payment button. No
Dankort May 2018 Page 33 of 34
authorisation requests may be sent without the Cardholder’s acknowledgement of the transaction.
The Company is responsible for ensuring that the Payment solution is correctly implemented and that it complies with Nets’ requirements, including but not limited to control requests and tagging of transactions.
The Company may only use Digital Wallet providers approved by Nets. Approved Digital Wallet providers can be found at dankort.dk
If a Digital Wallet provider ceases to be approved by Nets, the Company must immediately terminate all use of that solution for completing payments.
Dankort May 2018 Page 34 of 34