Mastercard Switch Rules 1 March 2018 MCSR Applicability of Rules in this Manual Applicability of Rules in this Manual This manual contains the specifications and other Standards applicable when a Network Participant uses the Network for authorization, clearing and/or settlement of intra-EEA Transactions and Intracountry Transactions in the EEA. A Network Participant indicates its agreement to respect these rules in writing and/or by the act of using the Network for authorization, clearing and/or settlement. The Rules contained in Chapters 1 through 4 apply to all Network Activity; the Rules contained in Chapters 5 through 7 are additional requirements that apply to scheme-specific or Private Label Network Activity. ©2016–2018 Mastercard. Proprietary. All rights reserved. Mastercard Switch Rules • 1 March 2018 2 Summary of Changes, 1 March 2018 Summary of Changes, 1 March 2018 The below table reflects changes included in this update of the Mastercard Switch Rules manual. Short reference description. Source or Explanation of Chapter Number Rule Number Revisions Chapter 2—Network Participant 2.4 Confidential Information of Updated Terms and Definitions Obligations Network Participants Clarified verbiage in Rule 2.4.1 2.4.1 Data Uses for Mastercard Updated Rule 2.4.2 to include Switching Services information regarding EU Data 2.4.2 Processing of Transaction- Protection Law Related Personal Data Added Rule 2.4.3 Mastercard 2.4.3 Mastercard BCRs BCRs; renumbered following rules 2.4.4 Data Subject Notice and Legal Grounds for the Processing Added Rule 2.4.4 Data Subject of Personal Data Notice and Legal Grounds for the Processing of Personal Data 2.4.5 Data Subject Rights Renamed and updated Rule 2.4.6 Personal Data Accuracy 2.4.5 Data Subject Rights to and Data Minimization include information regarding EU 2.4.7 Accountability Data Protection Law 2.4.8 Sub-Processing Added the following Rules to 2.4.9 Disclosures of Personal include information regarding EU Data Data Protection Law: 2.4.10 Security and • 2.4.7 Accountability Confidentiality of Personal Data • 2.4.8 Sub-Processing • 2.4.9 Disclosures of Personal 2.4.11 Personal Data Breaches Data 2.4.12 Termination and • 2.4.10 Security and Mandatory Retention Confidentiality of Personal Data 2.4.13 Liability for EU Data Protection Law Violations • 2.4.11 Personal Data Breaches • 2.4.12 Termination and Mandatory Retention • 2.4.13 Liability for EU Data Protection Law Violations ©2016–2018 Mastercard. Proprietary. All rights reserved. Mastercard Switch Rules • 1 March 2018 3 Contents Contents Applicability of Rules in this Manual.................................................................2 Summary of Changes, 1 March 2018................................................................. 3 Chapter 1: Standards and Conduct of Network Activity......................... 8 1.1 Standards.....................................................................................................................9 1.1.1 Variances..............................................................................................................9 1.1.2 Failure to Comply with a Standard........................................................................ 9 1.1.3 Noncompliance Categories................................................................................. 10 1.1.4 Noncompliance Assessments.............................................................................. 10 1.1.5 Certification....................................................................................................... 13 1.1.6 Review Process................................................................................................... 13 1.1.7 Resolution of Review Request............................................................................. 13 1.2 Suspension and Termination of Access to Network.....................................................13 1.2.1 Voluntary Termination.........................................................................................14 1.2.2 Suspension or Termination by Mastercard Switching Services.............................. 14 1.2.3 Rights, Liabilities, and Obligations of a Network Participant Following Termination................................................................................................................. 15 1.3 Conduct of Network Activity...................................................................................... 15 1.3.1 Network Participant Responsibilities....................................................................15 1.3.2 Financial Soundness............................................................................................16 1.3.3 Compliance with Network Activity Responsibilities..............................................16 1.4 Indemnity and Limitation of Liability........................................................................... 17 1.5 Choice of Laws.......................................................................................................... 18 1.6 Examination and Audit...............................................................................................19 Chapter 2: Network Participant Obligations................................................20 2.1 Integrity of the Network.............................................................................................21 2.2 Fees, Assessments, and Other Payment Obligations....................................................21 2.2.1 Taxes and Other Charges....................................................................................22 2.3 Obligation of Network Participant to Provide Information...........................................22 2.4 Confidential Information of Network Participants....................................................... 22 2.4.1 Data Uses for Mastercard Switching Services.......................................................23 2.4.2 Processing of Transaction-Related Personal Data................................................. 24 2.4.3 Mastercard BCRs................................................................................................ 25 2.4.4 Data Subject Notice and Legal Grounds for the Processing of Personal Data........25 2.4.5 Data Subject Rights............................................................................................ 25 2.4.6 Personal Data Accuracy and Data Minimization.................................................. 25 ©2016–2018 Mastercard. Proprietary. All rights reserved. Mastercard Switch Rules • 1 March 2018 4 Contents 2.4.7 Accountability.................................................................................................... 26 2.4.8 Sub-Processing................................................................................................... 26 2.4.9 Disclosures of Personal Data............................................................................... 26 2.4.10 Security and Confidentiality of Personal Data....................................................27 2.4.11 Personal Data Breaches.....................................................................................27 2.4.12 Termination and Mandatory Retention..............................................................28 2.4.13 Liability for EU Data Protection Law Violations.................................................. 28 2.5 Cooperation...............................................................................................................28 Chapter 3: Settlement and Related Obligations........................................ 29 3.1 Net Settlement...........................................................................................................30 3.1.1 Currency Conversion.......................................................................................... 30 3.1.2 Settlement Finality.............................................................................................. 30 3.1.2.1 Cooperation with Government Authorities..................................................30 3.1.1.2 Provision of Information..............................................................................31 3.1.2.3 Notification of Winding Up Resolution or Trust Deed...................................31 3.1.2.4 Reconciliation............................................................................................. 31 Chapter 4: Connecting to the Network and Authorization Routing........................................................................................................................... 32 4.1 Connecting to the Network........................................................................................33 4.2 Routing Instructions and System Maintenance............................................................33 Chapter 5: Mastercard Scheme-Specific Requirements.......................... 34 5.1 Transaction Message Data..........................................................................................36 5.1.1 Card Acceptor Address Information.................................................................... 36 5.1.2 Sub-Merchant Name Information........................................................................36 5.1.3 Payment Facilitator ID and Submerchant ID.........................................................36 5.1.4 ATM Terminal Information.................................................................................. 36 5.1.5 Independent Sales Organization......................................................................... 37 5.2