Visa Core Rules and
Visa Product and Service Rules:
VISIT https://usa.visa.com/content/dam/VCOM/download/about-visa/visa-rules-public.pdf FOR MORE INFOMATION:
For information labeled or otherwise designated as Visa Restricted, in accordance with Visa
handling instructions, which may be delivered with its transmission or in its content
– For information labeled or otherwise designated as Visa Restricted – Personal Data, with the
strongest level of protection (including encryption or sufficient compensating controls, and
limited distribution for any transmissions) applied by the Member for its highly sensitive
information
l Disclose Visa Confidential or Visa Restricted information only to those employees with specific
need to know
l Immediately upon Visa request, return to Visa, or destroy, originals and all copies of any Visa
Confidential or Visa Restricted information in any medium and, if required by Visa, certify that it
has done so
l Notify Visa immediately in the event that the Member becomes legally compelled to disclose any
Visa Confidential or Visa Restricted information and, if legally required to disclose any Visa
Confidential or Visa Restricted information, only disclose that portion that it is legally required to
disclose
l Process and transfer personal data (whether or not it is classified as Visa Confidential or Visa
Restricted information) in accordance with the Visa Rules and applicable laws or regulations
ID# 0000467 Edition: Apr 2024 | Last Updated: Oct 2021
1.1.5.2 Confidentiality of VisaNet Information
Information regarding VisaNet is proprietary and Visa Confidential. A Member and its Merchants and
agents must take appropriate action, by agreement or otherwise, to ensure that its employees or
agents with access to VisaNet are all of the following:
l Advised of the confidential and proprietary nature of these systems
l Prohibited from providing access to or disclosing these systems to any third party
l Prohibited from using these systems for any purpose not authorized in the Visa Rules
ID# 0003669 Edition: Apr 2024 | Last Updated: Apr 2020
1.1.5.3 Use or Disclosure of Confidential Information
A Member must not use any Visa confidential or proprietary information for any purpose other than
to operate its Visa Program as reasonably contemplated under the Visa Rules, unless expressly
permitted in writing and in advance, or required by Visa. A Member must not publish, disclose,
convey, or distribute to any person or organization, or use for filing patents, any Visa confidential or
13 April 2024 Visa Public 75
© 2014—2024 Visa. All Rights Reserved.
Visa Core Rules
1 Visa Core Rules
Visa Core Rules and Visa Product and Service Rules
proprietary information (including, but not limited to, documents, ideas, products, and data) without
the prior written approval of Visa.
This does not apply to:
l A third party (organization, or person, including contractors), if both of the following apply:
– The third party is providing services to the Member and the disclosure is required to perform
services directly related to the Member’s Visa Program
– The third party does not compete with Visa or its Members with respect to their Visa Programs
l The Member’s parents or subsidiaries that do not participate in a competing payment program
l Information that has been publicly released by Visa
A Member that discloses information to a third party must have a written agreement with the third
party that it:
l Will not disclose the confidential information to any other third party
l Will use the confidential information only to provide services to the Member for use only with the
Member’s Visa products and services
Any confidential information disclosed to the third party must comply with all of the following:
l Remain solely the property of Visa
l Be returned to Visa immediately upon Visa request
l Be returned to the Member immediately upon termination of the relationship that required use of
the confidential information
The Member is responsible for the third party’s compliance with these conditions and must not allow
a non-Member VisaNet Processor to use the V.I.P. System or BASE II unless the non-Member VisaNet
Processor has delivered to Visa a completed VisaNet Letter of Agreement.
Unauthorized use or disclosure of Visa Confidential information by a Member, or by a third party to
whom a Member has disclosed Visa Confidential Information, in connection with any patents or
patent applications grants to Visa a fully paid-up, royalty-free, worldwide, irrevocable license to
exercise all rights under that patent, including the right to grant and authorize sublicenses.
ID# 0006467 Edition: Apr 2024 | Last Updated: Oct 2020
1.1.5.4 Confidentiality of Visa Systems Information
A Member, VisaNet Processor acting on behalf of a Member, Merchant or its agent, or Visa Direct
Connect Merchant1 must take appropriate action to ensure that its employees or agents with access
to VisaNet or related documentation comply with all of the following:
13 April 2024 Visa Public 76
© 2014—2024 Visa. All Rights Reserved.
Visa Core Rules
1 Visa Core Rules
Visa Core Rules and Visa Product and Service Rules
l Are advised of the confidential and proprietary nature of these systems and documentation
l Use their best efforts to protect the VisaNet Access Points
l Are prohibited from both:
– Providing access to or disclosing these systems and documentation to any third party
– Using these systems and documentation for any purpose not authorized in the Visa Rules
A Member, Merchant or its agent, or Visa Direct Connect Merchant1 must not disclose any
confidential information of Visa or its subsidiaries to a non-Member.
1 In the Europe Region: This rule does not apply. Where a Member uses Visa for processing, as specified in Section 1.1.1.2,
Applicability of Processing Rules – Europe Region, it must refer to Visa Europe Operating Regulations – Processing.
ID# 0027073 Edition: Apr 2024 | Last Updated: Apr 2020
1.1.5.5 Visa Disclosure of Confidential Member Information
Visa and its subsidiaries will not disclose to any third party any confidential, proprietary matters of
any Member including, but not limited to, documents, ideas, products, and data, other than for any of
the following:
l Disclosure in the ordinary course of business to provide services to a Member or a Member’s
designated Agent, including, but not limited to, all of the following:
– Completing a Transaction
– Risk control
– Dispute resolution
– Marketing services
l Disclosure with the consent of the Member
l Disclosure of data that is aggregated so as not to disclose the data of any single Member
l Other disclosure that is in accordance with applicable laws or regulations
ID# 0029983 Edition: Apr 2024 | Last Updated: Apr 2017
1.1.5.6 Visa Use and Disclosure of Confidential Consumer Cardholder Information –
US Region
In the US Region: Visa and its subsidiaries will not use or disclose Confidential Consumer Cardholder
Information to third parties, other than for any of the following:
13 April 2024 Visa Public 77
© 2014—2024 Visa. All Rights Reserved.
Visa Core Rules
1 Visa Core Rules
Visa Core Rules and Visa Product and Service Rules
l Use or disclosure in the ordinary course of business to provide services to a Member or a
Member’s designated Agent, including, but not limited to, all of the following:
– Completing a Transaction
– Risk control
– Dispute resolution
– Marketing services
l Use or disclosure with the consent of the Cardholder
l Other use or disclosure that is in accordance with applicable laws or regulations
ID# 0000508 Edition: Apr 2024 | Last Updated: Oct 2014
1.1.6 Visa Rights
1.1.6.1 Visa Ownership of Intellectual Property
A participant in the Visa system must recognize Visa’s right, title, and interest in and to and
ownership of Visa technology, products, and services (including the intellectual property embodied
within, including the Visa name, Visa Marks, and Visa technology), and agree to protect these
ownership rights and the integrity of the Marks by complying with the applicable Visa Rules in all
activities, including issuing, acquiring, and processing. No intellectual property rights are or shall be
considered assigned by Visa to a Member under the Visa Rules.
A Member or any other party does not have any property or other right, claim, or interest, including
any patent right, trade secret right, or copyright interest, in VisaNet, or in any systems, processes,
equipment, software, data, or materials that Visa or its subsidiaries use with VisaNet, or in connection
with a Visa Program, or in connection with a Visa Innovation Center engagement, except for
Merchant- or Member-supplied data or equipment.
ID# 0007727 Edition: Apr 2024 | Last Updated: Oct 2020
1.1.6.2 Visa Right to Monitor, Audit, Inspect, and Investigate
At its sole discretion, at any time, Visa may, either itself or through an agent, do any of the following:
l Investigate, review, audit, or inspect a Member, or the Member’s agents, Merchants, Marketplaces,
Sponsored Merchants, Payment Facilitators, or Digital Wallet Operators, including by inspecting
the premises and auditing the books, records, and procedures of the Member, agent, Merchant,
Marketplace, Sponsored Merchant, Payment Facilitator, or Digital Wallet Operator to ensure that it
is complying with the Visa Charter Documents, Visa Rules, and applicable brand and security
13 April 2024 Visa Public 78
© 2014—2024 Visa. All Rights Reserved.
Visa Core Rules
1 Visa Core Rules
Visa Core Rules and Visa Product and Service Rules
standards and procedures, and operating in a safe and sound manner
l Monitor, investigate, review, audit, or inspect the premises, books, records, or procedures of a Visa-
approved vendor or Third-Party Personalizer, including security and quality control procedures of
each Visa-approved manufacturer and Third-Party Personalizer
l Obtain from any Visa-approved manufacturer or Third-Party Personalizer a production-run sample
of a Card that includes all security features
l In addition, in the Europe Region:
– Require a Visa Commercial Card Issuer to impose an obligation on its agents and any other
entities that participate in the Issuer’s multinational programs to permit Visa to audit those
agents and other entities
– Require a Merchant Agreement with a Merchant that sells Prepaid Cards to allow Visa to audit
the records and procedures of the Merchant
A Member must cooperate fully, and ensure that its agent, Merchant, Marketplace, Sponsored
Merchant, Payment Facilitator, or Digital Wallet Operator cooperates fully, with Visa in any such
investigation, inspection, audit, or review. This cooperation includes providing access to the premises
and to all pertinent records, including financial reports, and releasing any information to Visa upon
request within the stipulated timeframe.
Any investigation, inspection, review, or audit will be conducted at the Member’s expense, unless
otherwise specified in the applicable Fee Schedule.
ID# 0007121 Edition: Apr 2024 | Last Updated: Apr 2020
1.1.6.3 Right to Impose Conditions on Visa Product or Visa Service Participation
Participation in or use of a Visa service or Visa product is at the discretion of Visa, which may limit or
impose conditions on its use, and may discontinue the service or product at any time.
ID# 0028039 Edition: Apr 2024 | Last Updated: Oct 2014
1.1.6.4 Right to Use Patents Relating to Visa Tokenization Services
In partial consideration for participation in or use of Visa tokenization services, a Member and its
affiliates grant Visa a fully paid-up, royalty-free, worldwide, non-exclusive, irrevocable, non-
terminable license and covenant not to sue (and not to assist or provide consent to sue) under
patents to make, have made, use, offer for sale, sell, import, and otherwise provide Visa tokenization
services (or any portion thereof) and to practice any method, process, or procedure in connection
therewith. The Member and its affiliates grant and extend the foregoing license and covenant not to
sue to Visa tokenization service participants, users, business partners, contractors, agents, processors,
and service providers and hereby irrevocably covenant not to rely upon or refer to the Visa
13 April 2024 Visa Public 79
© 2014—2024 Visa. All Rights Reserved.
Visa Core Rules
1 Visa Core Rules
Visa Core Rules and Visa Product and Service Rules
tokenization service or any portion, functionality, or other characteristics thereof in any assertion or
allegation of patent infringement (direct or indirect) or to assist or provide consent to do so.
ID# 0029513 Edition: Apr 2024 | Last Updated: Oct 2021
1.1.6.5 Right to Use Member Feedback
Visa does not wish to receive any feedback (including comments, ideas, suggestions, submissions,
data, information, changes, adaptations, alterations, corrections, updates, upgrades, improvements,
enhancements, extensions, or implementations relating to Visa products or services or other Visa
technology, or in connection with a Visa Innovation Center engagement or a Member’s use of Visa
Innovation Center services) unless Visa is free to commercialize such feedback generally for the
benefit of all Members, customers, and partners. A Member is not obligated to provide or develop
any feedback. However, if a Member or any of its affiliates provides or develops any feedback, then
Visa and Visa affiliates shall have and are granted the right to use, disclose, distribute, make,
reproduce, or commercialize generally for itself and others, and otherwise exploit any feedback and
related intellectual property rights.
ID# 0029514 Edition: Apr 2024 | Last Updated: Oct 2020
1.1.6.6 Investigation Response Requirement
A Member must respond to and provide information requested by Visa for a Visa Rules violation that
is under investigation.
The Member must submit its response and information, within the time period specified, by mail,
courier, facsimile, hand, email, or other electronic delivery method. The Notification response is
effective when posted, sent, or transmitted by the Member or its agent to Visa.
ID# 0025974 Edition: Apr 2024 | Last Updated: Oct 2014
1.1.6.7 Right to Request Cards
Visa may request a functional Card or Proprietary Card or access to any New Channel associated with
a BIN licensed or used by an Issuer.
Upon written request, an Issuer must both:
l Provide Visa with a Card or a Proprietary Card or access to any New Channel and its associated PIN
within 30 calendar days
l Personalize the Card or Proprietary Card or New Channel, as specified by Visa
ID# 0026009 Edition: Apr 2024 | Last Updated: Apr 2020
13 April 2024 Visa Public 80
© 2014—2024 Visa. All Rights Reserved.
Visa Core Rules
1 Visa Core Rules
Visa Core Rules and Visa Product and Service Rules
1.1.6.8 Visa and Members’ Rights to Use General Skills or Knowledge
Neither a Member nor Visa (including their affiliates) will be restricted with respect to general skills or
knowledge acquired by its employees or any ideas, information, or understandings retained in their
unaided human memory, or in each connection with the use of, offering of, or participation in any
processing, product, program, service, specification, standard, software, hardware, or firmware
referenced in the Visa Rules or created, supplied, required, licensed, or approved by Visa, provided
that this shall not be construed as providing any right or license to use or disclose any Cardholder
data or Visa interfaces, service guides, specifications, or other technical documentation provided by
Visa. The right to use or exploit this information does not include any license to patents or patent
applications.
ID# 0030679 Edition: Apr 2024 | Last Updated: Oct 2020
1.1.7 Use of VisaNet
1.1.7.1 Non-Assignable Right to Use VisaNet
A Member’s, VisaNet Processor’s, or Visa Direct Connect Merchant’s1 right to use VisaNet is not
assignable and its duties are non-delegable without prior written consent from Visa. However, a
Member or Visa Direct Connect Merchant1 may use a non-Member VisaNet Processor that has
executed and delivered to Visa a VisaNet Letter of Agreement.
A VisaNet Processor or Visa Direct Connect Merchant1 acknowledges and agrees that the VisaNet
endpoint connectivity is a Visa asset and not transferable without the express written consent of Visa.
A VisaNet Processor or Visa Direct Connect Merchant must not transfer its VisaNet endpoint to
another Member or Agent. It must notify Visa in writing at least 90 days before the effective date of a
change, for example, but not limited to, a sale of all or substantially all of the assets of the operation,
acquisition, merger, ownership change, or financial restructuring, and promptly provide Visa with any
related information that is requested.
1 In the Europe Region: This rule does not apply. Where a Member uses Visa for processing, as specified in Section 1.1.1.2,
Applicability of Processing Rules – Europe Region, it must refer to Visa Europe Operating Regulations – Processing.
ID# 0003081 Edition: Apr 2024 | Last Updated: Oct 2019
1.1.8 Liabilities and Indemnifications
1.1.8.1 Taking Responsibility
Each Member is solely responsible for its issuance of Visa products and acquiring of Merchants to
accept Visa products, including responsibility for settlement of Transactions, compliance with the Visa
Charter Documents and the Visa Core Rules and Visa Product and Service Rules, and ensuring that its
13 April 2024 Visa Public 81
© 2014—2024 Visa. All Rights Reserved.
Visa Core Rules
1 Visa Core Rules
Visa Core Rules and Visa Product and Service Rules
Visa programs comply with all applicable legal and regulatory requirements. Each Member shall
Indemnify Visa for and against Claims and Liabilities arising out of or in connection with its issuance
of Visa products and acquiring of Merchants, and broadly disclaims liability against Visa for such
activities.
ID# 0007758 Edition: Apr 2024 | Last Updated: Apr 2023
1.1.8.2 Member Participation in Visa Network
A Member understands that Visa provides a network and desires to provide programs, products, and
services to enable partners, end users, and other participants to benefit widely from the network. In
exchange for participation in and benefits resulting from such programs, products, and services, a
Member agrees not to (and not to authorize, assist, or encourage others to) assert against Visa, its
affiliates, their contractors, agents, and service providers working on their behalf to provide such Visa
programs, products, and services, or other participants, any patent infringement claim involving any
activity regarding the program, products, services, and associated materials provided by Visa.
ID# 0030682 Edition: Apr 2024 | Last Updated: Apr 2020
1.1.8.24 Responsibility for Losses Caused by VisaNet Processors
A Member is responsible for any and all losses caused by its VisaNet Processor. All Members using a
Clearing or authorizing VisaNet Processor, whether a Member or non-Member, are jointly and
severally responsible for the proper performance by that VisaNet Processor of all the requirements of
the Visa Rules.
ID# 0025873 Edition: Apr 2024 | Last Updated: Oct 2014
1.1.8.25 Limitation of Liability for VisaNet Processors
A Member may limit its liability for the failure of a VisaNet Processor if it provides Visa with an
updated regional client information questionnaire showing that it had terminated the VisaNet
Processor relationship before the failure.
This limitation of liability is effective upon receipt by Visa of Member notification.
ID# 0025887 Edition: Apr 2024 | Last Updated: Oct 2014
1.1.8.30 Member Responsibility for Agents – Europe Region
In the Europe Region: A Member must include in its agreements with its respective agents a term that
provides that the Member is responsible for the acts or omissions of the agents.
13 April 2024 Visa Public 82
© 2014—2024 Visa. All Rights Reserved.
Visa Core Rules
1 Visa Core Rules
Visa Core Rules and Visa Product and Service Rules
ID# 0029767 Edition: Apr 2024 | Last Updated: Oct 2016
1.1.8.55 Visa Central Travel Account – Issuer Liability
An Issuer assumes full liability for any misuse on physical Cards issued on a Visa Central Travel
Account.
ID# 0026397 Edition: Apr 2024 | Last Updated: Oct 2019
1.1.8.56 Liability for Misencoded Cards
Visa assigns liability for payment of Transaction Receipts resulting from the use of a misencoded Card
as follows:
l To the Acquirer that received the Transaction Receipt, if the misencoded Card bears a BIN that was
not assigned to an Issuer. The Acquirer is liable until both:
– The misencoded Card is recovered
– Visa identifies the Issuer that ordered its manufacture
l To the Issuer to which the BIN is assigned, if an Acquirer receives a misencoded Card bearing a
valid BIN but an invalid Account Number. The Issuer is liable both:
– If the Acquirer presents the Transaction Receipt within 180 calendar days of the Transaction
Date
– Until the Issuer that ordered the manufacture of the Card is identified
In the Europe Region: There is no time limit on a Member’s right to reassign liability to the Issuer.
ID# 0001813 Edition: Apr 2024 | Last Updated: Apr 2020
1.1.8.57 Liability for Misembossed or Misencoded Cards – US Region
In the US Region: Visa assigns liability for payment of Transaction Receipts resulting from the use of
misembossed or misencoded Cards based on the following priorities in the order shown:
l Issuer that appears on the misembossed or misencoded Card, if the Card has been recovered
l Issuer whose BIN appears on the Transaction Receipt, if the misembossed or misencoded Card has
not been recovered or if the name of the Issuer does not appear on the Card
l Issuer that first received the Transaction Receipt. If the misembossed or misencoded Card is
recovered within 12 months of the Transaction Date, the Issuer may transfer liability for the
Transaction Receipt to the Issuer that appears on the misembossed or misencoded Card.
13 April 2024 Visa Public 83
© 2014—2024 Visa. All Rights Reserved.
Visa Core Rules
1 Visa Core Rules
Visa Core Rules and Visa Product and Service Rules
Mastercard
VIST https://www.mastercard.us/content/dam/public/mastercardcom/na/global-site/documents/mastercard-rules.pdf FOR MORE INFORMATION
Mastercard Rules
Written notice to theCorporation provided by or with
respect to Regarding termination of it
Must be received in advance of
the termination effective date,
by at least…
Principal Mastercard License 30 days
Association Mastercard License 30 days
Principal Maestro License One year
Principal Cirrus License One year
Affiliate Mastercard License 30 days
Affiliate Maestro License Six months
Affiliate Cirrus License Six months
Digital Activity Customer Digital Activity Agreement 60 days
PTA Customer PTA Agreement and/or Payment
Transfer Activity License
As set forth in the Standards
When all Licenses, Digital Activity Agreements, and PTA Agreements are terminated, the
Participation of a Customer also terminates.
1.13.2 Termination by the Corporation
Notwithstanding anything to the contrary set forth in a License or Digital Activity Agreement,
the Corporation, at its sole discretion, may terminate a Customer’s Participation effective
immediately and without prior notice, if:
1. The Customer suspends payments within the meaning of Article IV of the Uniform
Commercial Code in effect at the time in the State of Delaware, regardless of whether, in
fact, the Customer is subject to the provisions thereof; or
2. The Customer takes the required action by vote of its directors, stockholders, members, or
other persons with the legal power to do so, or otherwise acts, to cease operations and to
wind up the business of the Customer, such termination to be effective upon the date of the
vote or other action; or
3. The Customer fails or refuses to make payments in the ordinary course of business or
becomes insolvent, makes an assignment for the benefit of creditors, or seeks the
protection, by the filing of a petition or otherwise, of any bankruptcy or similar statute
governing creditors’ rights generally; or
4. The government or the governmental regulatory authority having jurisdiction over the
Customer serves a notice of intention to suspend or revoke, or suspends or revokes, the
operations or the charter of the Customer; or
5. A liquidating agent, conservator, or receiver is appointed for the Customer, or the Customer
is placed in liquidation by any appropriate governmental, regulatory, or judicial authority; or
6. The Customer’s right to engage in Activity or Digital Activity, as the case may be, is
suspended by the Corporation due to the Customer’s failure to comply with the
The License and Participation
1.13.2 Termination by the Corporation
© 1969–2024 Mastercard. Proprietary. All rights reserved.
Mastercard Rules • 4 June 2024 48Corporation’s Anti-Money Laundering and Sanctions Requirements in connection with its
Program or to comply with applicable law or regulation, and such suspension continues for
26 consecutive weeks; or
7. The Customer fails to engage in Activity for 26 consecutive weeks; or
8. The Customer is no longer Licensed to use any of the Marks; or
9. The Customer (i) directly or indirectly engages in or facilitates any action or activity that is
illegal, or that, in the good faith opinion of the Corporation, and whether or not addressed
elsewhere in the Standards, has damaged or threatens to damage the goodwill or
reputation of the Corporation or of any of its Marks; or (ii) makes or continues an
association with a person or entity which association, in the good faith opinion of the
Corporation, has damaged or threatens to damage the goodwill or reputation of the
Corporation or of any of its Marks; or
10. The Customer (i) provides to the Corporation inaccurate material information or fails to
disclose responsive material information in or in connection with its application for a License;
or (ii) at any other time, in connection with its Participation or Activity fails to timely provide
to the Corporation information requested by the Corporation and that the Customer is
required to provide pursuant to the terms of the License or the Standards; or
11. The Customer fails at any time to satisfy any of the Customer eligibility criteria set forth in
the Standards, or with respect to a Digital Activity Customer, all certifications granted by
the Corporation in connection with the Digital Activity Customer’s conduct of Digital
Activity have been suspended or revoked; or
12. The Customer materially fails to operate at a scale or volume of operations consistent with
the business plan approved by the Corporation in connection with the Customer’s
application to be a Customer or application for a License, or both, as the case may be, as
required by Rule 2.2.1; or
13. The Corporation has reason to believe that the Customer is, or is a front for, or is assisting in
the concealment of, a person or entity that engages in, attempts or threatens to engage in,
or facilitates terrorist activity, narcotics trafficking, trafficking in persons, activities related
to the proliferation of weapons of mass destruction, activity that violates or threatens to
violate human rights or principles of national sovereignty, or money laundering to conceal
any such activity. In this regard, and although not dispositive, the Corporation may consider
the appearance of the Customer, its owner or a related person or entity on a United Nations
or domestic or foreign governmental sanction list that identifies persons or entities believed
to engage in such illicit activity; or
14. The Corporation has reason to believe that not terminating such Participation would be
harmful to the Corporation’s goodwill or reputation.
The Corporation may terminate any PTA Program and the associated PTA Agreement (a) upon
ninety (90) days’ notice, if the Corporation discontinues such PTA Program in one or more of the
countries in a PTA Customer’s Area of Use; (b) upon notice, if the Corporation is required to
obtain a new license in order to provide such PTA Program in a PTA Customer’s Area of Use; (c)
upon thirty (30) or fewer days’ notice, if required by applicable law or the relevant governing
authority, if the Corporation is required by such law or governing authority to cease providing
such PTA Program in one or more countries in the PTA Customer’s Area of Use; (d) upon notice,
if the Corporation determines in its sole discretion that a PTA Program cannot be provided in
The License and Participation
1.13.2 Termination by the Corporation
© 1969–2024 Mastercard. Proprietary. All rights reserved.
Mastercard Rules • 4 June 2024 49compliance with applicable law or governing authority, or if applicable, Non-Mastercard Systems
and Network Standards; or (e) upon notice, if the Corporation has received a claim or notice
alleging that such PTA Program infringes or violates a third party’s intellectual property right.
NOTE: A modification to this Rule appears in the “Europe Region“ chapter.
1.13.3 Termination for Provision of Inaccurate Information
The Corporation, at any time and by written notice, may require a Customer to confirm the
accuracy of information provided by the Customer to the Corporation pursuant to the
Standards or the terms of the Licenses.
Within 30 days of receipt of such a notice, the Customer must demonstrate to the satisfaction
of the Corporation that either: (i) the information provided was accurate; or (ii) with respect to
any inaccurate information, such inaccurate information was provided to the Corporation
through inadvertence or with a reasonable belief as to its truth and provide information
sufficient to correct such inaccuracy. Without limiting any Corporation right of immediate
termination set forth in Rule 1.13.2, the Corporation may terminate a Customer’s Participation
and/or Licenses without further notice should the Corporation determine that the Customer
has failed to make a sufficient showing under (i) or (ii) above, that any Customer representation
or demonstration under (i) or (ii) above was false, or should the Customer otherwise fail to
comply with the obligations set forth in this Rule.
1.13.4 Rights, Liabilities, and Obligations of a Terminated Customer
All of the following apply with respect to a terminated Customer.
1. Except as otherwise set forth in the Standards, a terminated Customer has no right to use
any Mark or to otherwise engage or participate in any Activity or Digital Activity. A
terminated Customer must immediately cease its use of all Marks and must ensure that
such Marks are no longer used by any of the following:
a. The Customer’s Merchants;
b. Any Affiliate Sponsored by a terminated Principal or Association;
c. Any Service Providers that performs any service described in Rule 7.1, which service
directly or indirectly supports a Program of a terminated Principal or Association and/or
of any Affiliate Sponsored by a terminated Principal or Association;
d. Merchants of an Affiliate Sponsored by a terminated Principal or Association; or
e. Any other entity or person acting to provide, directly or indirectly, service related to
Activity or Digital Activity undertaken pursuant to the authority or purported authority
of the terminated Customer.
2. A terminated Customer is not entitled to any refund of dues, fees, assessments, or other
payments and remains liable for, and must promptly pay to the Corporation (a) any and all
applicable dues, fees, assessments, or other charges as provided in the Standards and (b) all
other charges, debts, liabilities, and other amounts arising or owed in connection with the
Customer’s Activities or Digital Activities, whether arising, due, accrued, or owing before or
after termination.
3. The terminated Customer must promptly cancel all Cards then outstanding that were
issued by the terminated Customer and, if the terminated Customer is a Principal or
The License and Participation
1.13.3 Termination for Provision of Inaccurate Information
© 1969–2024 Mastercard. Proprietary. All rights reserved.
Mastercard Rules • 4 June 2024 50Association, by all of that Customer’s Sponsored Affiliates. All Payment Applications
resident on Chip Cards issued by a terminated Customer must be eradicated or disabled no
more than six months after the effective date of termination. With respect to any such
Card not used during the six-month period, the Issuer must block all Payment Applications
the first time the Card goes online.
4. The terminated Customer must promptly cause all of its Cardholders and, if the terminated
Customer is a Principal or Association, the Cardholders of its Sponsored Affiliates to be
notified of the cancellation of Cards in writing. When the PTA Program includes PTA
Transactions that are branded Mastercard or Maestro, the terminated PTA Customer must
promptly cause all of its Account Holders and, if the terminated PTA Customer is a Principal
or Association, must promptly cause the Account Holders of its Sponsored Affiliates to be
notified of the termination of participation of PTA Accounts in the PTA Program in writing.
Such notice must be in a form and substance satisfactory to the Corporation.
5. A terminated Customer must give prompt notice of its termination to any Merchants the
Customer has authorized to honor Cards and/or PTA Transactions. If any such Merchant
wishes to continue to accept Cards and/or PTA Transactions, the terminated Customer
must cooperate with the Corporation and other Customers in facilitating the transfer of
such Merchant to another Customer.
6. If a terminated Customer does not take an action that this Rule or any other Standard or
that the Corporation otherwise requires, the Corporation may take any such required action
without prior notice to the terminated Customer on behalf of and at the expense of the
Customer.
7. If a Principal or Association that Sponsors one or more Affiliates terminates its
Participation, such Principal or Association must cause each of its Sponsored Affiliates to
take the actions required of a terminated Customer under this Rule, unless and to the
extent that any such Affiliate becomes an Affiliate Sponsored by a different Principal or
Association within a period of time acceptable to the Corporation.
8. If an Affiliate terminates its Licenses or its Sponsorship by a Principal or Association, the
Sponsoring Principal or Association must cause the Affiliate to take the actions required of a
terminated Customer under this Rule. If that Affiliate fails to so comply, the Corporation
may take any action that this Rule requires without notice to the Affiliate or the Sponsoring
Principal or Association on behalf of and at the expense of the Sponsoring Principal or
Association.
9. If an Affiliate Sponsored by a Principal or Association ceases to be so Sponsored by that
Principal or Association, such Principal or Association nonetheless is obligated, pursuant to
and in accordance with the Standards, to accept from other Customers (a) the records of
Transactions arising from the use of Cards issued by that formerly Sponsored Affiliate and
whether such Transactions arise before or after the cessation of the Sponsorship and/or (b)
the records of PTA Transactions arising from the use of PTA Accounts established by that
formerly Sponsored Affiliate and whether such PTA Transactions arise before or after the
cessation of the Sponsorship.
10. A terminated Customer has no right to present records of Transactions or PTA Transactions
effected after the date of termination to any other Customer, except as permitted by the
Standards.
The License and Participation
1.13.4 Rights, Liabilities, and Obligations of a Terminated Customer
© 1969–2024 Mastercard. Proprietary. All rights reserved.
Mastercard Rules • 4 June 2024 5111. A terminated Customer continues to have the rights and obligations set forth in the
Standards and Licenses with respect to its use of the Marks and conduct of Activity until
such time as the Corporation determines such rights or obligations or both cease.
12. A terminated Customer has a continuing obligation to provide promptly to the Corporation,
on request, Customer Reports and any other information about Activity or Digital Activity.
13. A terminated Customer must, at the option of the Corporation, immediately either destroy,
or take such steps as the Corporation may require regarding, all confidential and proprietary
information of the Corporation in any form previously received as a Customer.
14. The Corporation may continue the Participation and Licenses or Digital Activity Agreements
or PTA Agreements, as the case may be, of a terminated Customer for purposes of the
orderly winding down or transfer of the terminated Customer’s business. Such continuation
of Participation and Licenses or Digital Activity Agreements or PTA Agreements is subject to
such terms as may be required by the Corporation.
The License and Participation
1.13.4 Rights, Liabilities, and Obligations of a Terminated Customer
© 1969–2024 Mastercard. Proprietary. All rights reserved.
Mastercard Rules • 4 June 2024 52Chapter 2 Standards and Conduct of Activity and
Digital Activity
This chapter contains Rules relating to the Standards and the conduct of Activity and Digital Activity.
2.1 Standards……………………………………………………………………………………………………………………………………..54
2.1.1 Variances……………………………………………………………………………………………………………………………….54
2.1.2 Failure to Comply with a Standard……………………………………………………………………………………….54
2.1.3 Noncompliance Categories……………………………………………………………………………………………………55
2.1.4 Noncompliance Assessments………………………………………………………………………………………………..56
2.1.5 Certification…………………………………………………………………………………………………………………………. 58
2.1.6 Review Process………………………………………………………………………………………………………………………58
2.1.7 Resolution of Review Request………………………………………………………………………………………………. 59
2.1.8 Rules Applicable to Intracountry Transactions………………………………………………………………………59
2.2 Conduct of Activity and Digital Activity………………………………………………………………………………………..59
2.2.1 Customer Responsibilities……………………………………………………………………………………………………..59
2.2.2 Obligations of a Sponsor……………………………………………………………………………………………………….61
2.2.3 Affiliates………………………………………………………………………………………………………………………………..61
2.2.4 Financial Soundness………………………………………………………………………………………………………………61
2.2.5 Mastercard Acquirers…………………………………………………………………………………………………………….61
2.2.6 Compliance……………………………………………………………………………………………………………………………62
2.2.7 Information Security Program………………………………………………………………………………………………62
2.3 Indemnity and Limitation of Liability…………………………………………………………………………………………….62
2.4 Choice of Laws………………………………………………………………………………………………………………………………64
2.5 Examination and Audit………………………………………………………………………………………………………………….64
Standards and Conduct of Activity and Digital Activity
© 1969–2024 Mastercard. Proprietary. All rights reserved.
Mastercard Rules • 4 June 2024 532.1 Standards
From time to time, the Corporation promulgates Standards governing the conduct of
Customers and Activity or Digital Activity.
The Corporation has the sole right to interpret and enforce the Standards.
The Corporation has the right, but not the obligation, to resolve any disagreement or dispute, as
applicable, between or among Customers including, but not limited to, any disagreement or
dispute, as applicable, involving the Corporation, the Standards, or the Customers’ respective
Activities or Digital Activities, and any such resolution by the Corporation is final and not subject
to appeal, review, or other challenge. In resolving disagreements or disputes, as applicable,
between or among Customers, or in applying its Standards to Customers, the Corporation may
deviate from any process in the Standards or that the Corporation otherwise applies, and may
implement an alternative process, if an event, including, without limitation, an account data
compromise event, is, in the sole judgment of the Corporation, of sufficient scope, complexity
and/or magnitude to warrant such deviation. The Corporation will exercise its discretion to
deviate from its Standards only in circumstances the Corporation determines to be
extraordinary. Any decision to alter or suspend the application of any process(es) will not be
subject to appeal, review, or other challenge.
2.1.1 Variances
A variance is the consent by the Corporation for a Customer and/or a Network Enablement
Partner to act other than in accordance with a Standard. Only a Customer or a Network
Enablement Partner may request a variance.
Any such request must specify the Rules or other Standards for which a variance is sought. The
request must be submitted to the Corporation in writing, together with a statement of the
reason for the request.
2.1.2 Failure to Comply with a Standard
Failure to comply with any Standard adversely affects the Corporation and its Customers and
undermines the integrity of the Mastercard system.
Accordingly, a Customer that fails to comply with any Standard is subject to assessments
(“noncompliance assessments”) as set forth in the Standards.
In lieu of, or in addition to, the imposition of a noncompliance assessment, the Corporation, in its
sole discretion, may require a Customer to take such action and the Corporation itself may take
such action as the Corporation deems necessary or appropriate to ensure compliance with the
Standards and safeguard the integrity of the Mastercard system. In the exercise of such
discretion, the Corporation may consider the nature, willfulness, number and frequency of
occurrences and possible consequences resulting from a failure to comply with any Standard.
The Corporation may provide notice and limited time to cure such noncompliance before
imposing a noncompliance assessment.
The Corporation reserves the right to limit, suspend or terminate a Customer’s Participation
and/or Licenses or to amend the rights, obligations, or both of the Customer, whether set forth
Standards and Conduct of Activity and Digital Activity
2.1 Standards
© 1969–2024 Mastercard. Proprietary. All rights reserved.
Mastercard Rules • 4 June 2024 54in a License or otherwise, if that Customer does not comply with any Standards or with any
decision of the Corporation with regard to the interpretation and enforcement of any
Standards.
2.1.3 Noncompliance Categories
From time to time, the Corporation establishes programs that address instances of
noncompliance with particular Standards.
Every instance of noncompliance with a Standard not addressed by such a program falls into at
least one of the following three compliance categories.
Category A—Payment System Integrity
Category A noncompliance affects payment system integrity. The Corporation has the authority
to impose monetary noncompliance assessments for Category A noncompliance. “Payment
system integrity” violations include, but are not limited to, noncompliance involving License or
Payment Transfer Activity (PTA) Agreement requirements, Merchant, Account Holder, and ATM
owner signing and monitoring requirements, and the protection of Card, Account, Transaction,
PTA Account, and PTA Transaction information.
Category B—Visible to Customers
Category B noncompliance addresses conduct that is visible to the customers of Issuers and/or
Acquirers and/or PTA Customers. The Corporation has the authority to impose monetary
noncompliance assessments for Category B noncompliance or, in the alternative, may provide
notice and a limited time to cure such noncompliance before imposing monetary assessments.
“Visible to customers” violations include, but are not limited to, noncompliance involving the use
of the Marks, the selective authorization of Transactions, identification of the Merchant at the
POI, the setting of minimum and maximum Transaction amounts, the payment of Merchants
and Sponsored Merchants for Transactions or the payment of Merchants, Receiving Account
Holders, and Sponsored Merchants for PTA Transactions (and the timing of posting such PTA
Transactions), Transaction and PTA Transaction (if applicable) receipt requirements, and ATM
Access Fee notices.
Category C—Efficiency and Operational Performance
Category C noncompliance addresses efficiency and operational performance. The Corporation
has the authority to impose monetary noncompliance assessments for Category C
noncompliance or, in the alternative, may provide notice and a limited time to cure such
noncompliance before imposing monetary assessments. “Efficiency and operational
performance” violations include, but are not limited to, noncompliance involving presentment of
Transactions or, if applicable, PTA Transactions within the required time frame, supplying
Merchants with materials required for Transaction processing, Card capture at the ATM, Card
fees and reporting procedures, and the obligation to provide the Corporation with requested
information.
Standards and Conduct of Activity and Digital Activity
2.1.3 Noncompliance Categories
© 1969–2024 Mastercard. Proprietary. All rights reserved.
Mastercard Rules • 4 June 2024 552.1.4 Noncompliance Assessments
The following schedule pertains to any Standard that does not have an established compliance
program. The Corporation may deviate from this schedule at any time.
Compliance
Category Assessment Type Assessment Description
A Per violation Up to USD 25,000 for the first violation
Up to USD 50,000 for the second violation within 12
months
Up to USD 75,000 for the third violation within 12
months
Up to USD 100,000 per violation for the fourth and
subsequent violations within 12 months
Variable occurrence (by device or
Transaction or PTA Transaction)
Up to USD 2,500 per occurrence for the first 30 days
Up to USD 5,000 per occurrence for days 31–60
Up to USD 10,000 per occurrence for days 61–90
Up to USD 20,000 per occurrence for subsequent
violations
Variable occurrence (by number of
Cards or PTA Accounts)
Up to USD 0.50 per Card or PTA Account
Minimum USD 1,000 per month per Portfolio or PTA
Account Portfolio
No maximum per month per Portfolio or per all
Portfolios or PTA Account Portfolio(s)
Standards and Conduct of Activity and Digital Activity
2.1.4 Noncompliance Assessments
© 1969–2024 Mastercard. Proprietary. All rights reserved.
Mastercard Rules • 4 June 2024 56Compliance
Category Assessment Type Assessment Description
B Per violation Up to USD 20,000 for the first violation
Up to USD 30,000 for the second violation within 12
months
Up to USD 60,000 for the third violation within 12
months
Up to USD 100,000 per violation for the fourth and
subsequent violations within 12 months
Variable occurrence (by device or
Transaction or PTA Transaction)
Up to USD 1,000 per occurrence for the first 30 days
Up to USD 2,000 per occurrence for days 31–60
Up to USD 4,000 per occurrence for days 61–90
Up to USD 8,000 per occurrence for subsequent
violations
Variable occurrence (by number of
Cards or PTA Accounts)
Up to USD 0.30 per Card or PTA Account
Minimum USD 1,000 per month per Portfolio or PTA
Account Portfolio
Maximum USD 20,000 per month per Portfolio or PTA
Account Portfolio
Maximum USD 40,000 per month per all Portfolios or
PTA Account Portfolio(s)
Standards and Conduct of Activity and Digital Activity
2.1.4 Noncompliance Assessments
© 1969–2024 Mastercard. Proprietary. All rights reserved.
Mastercard Rules • 4 June 2024 57