In this article, Ravi Prakash Shukla who is currently pursuing Diploma in Entrepreneurship Administration and Business Laws, from NUJS, Kolkata, discusses the Liability of Payment gateway when there is a failure of payment online.

Payment gateways provide merchants with a software and connectivity that is essential in order to allow real time secure data transmission for the processing of the credit or debit card information and payments on the website or on an application designed for mobile platform.

In order to comprehend the liability and rights of a payment gateway, we need to know how they function. When using a payment gateway, the customers are prompted with a secure payment page when they are checking out, When the customer submits the payment request from a website or ERP or a third party application, he is led to a payment gateway page. The information is passed securely by k-ecommerce to a payment gateway. Then the payment gateway tokenizes the sensitive information and it is thereafter sent to the merchant’s acquiring bank. The processor then sends an approved or denied failed message to the payment gateway; the response received by the payment gateway is then pushed to k-ecommerce tables. The payment information is acquired and then applied to Microsoft Dynamics

In exchange of the service provided by a payment gateway, the merchant has to pay a particular small fee to the gateway. Hence, There exists an agreement between the merchant and the payment gateway. Subject to this agreement, the payment gateway is liable to send to the bank account of the merchant/customer, all the amounts due from the transaction, minus and fees, reversals, invalidated payments or any failed transaction amounts. It is often mentioned in the agreement of various payment gateways that in case of liabilities, the gateway will only be liable for the amount of damage done; In other words, its liability will not exceed the damage caused.

The payment gateway however will not be liable; except provided in the agreement of a particular payment gateway, for any loss occurring, including negligence arising from customer’s failure to adequately integrate or activate the merchant account, fraudulent transactions processed through customer’s payment gateway account. Or even the disruptions experienced in the transactions including DDOS attacks, software virus, Trojans, worms, bombs or any other unscrupulous means or the limitation of any hardware used to process the payment request.

The Third party products and services

The payment gateway is also not liable for any third party products and services; unless expressly mentioned in the agreement. Also it has no liability in case of fraud involved in utilizing the third party products and services.

Indemnification

The payment gateways shall indemnify, hold the customer, or any of the customer’s officer harmless from any third party claims, actions, proceedings and suits. (Including the attorney’s fees and litigation charges. However these services do not apply in the following cases: –

1. if the transaction agreement have been modified by parties other than the payment gateway.
2. If the transaction services are used in conjecture with data, wherein the use of such data signifies infringement claim.
3. Customer’s failure to adequately install the patches or update the software’s relevant to the payment gateway as provided by the particular payment gateway.
4. If the customer uses the payment gateway in a way that is inconsistent or against he service documentation.

Customer’s use of the payment services on a platform, hardware not authorized by the payment gateway.

Customer’s warranty

In addition to all the mutual warranties enclosed in the agreement, the gateway also provides warranty to the customer. Each party warrants the other party that it has the essential rights and power to execute the agreement and perform the obligations therein., Also that no authorization from a third party is required.

Particular Gateway Warranty

As the name suggests, every payment gateway has its own service documentation in which various clauses are written as regards to the service provided. It is often confirmed by the payment gateway that the transaction services provided to the customer herein conform to the specification set forth in the service documentation of the particular payment gateway. The document can however be amended by the payment gateway at their discretion. This warranty will not be available if –

1. Any transaction services or products provided herein under are used in material variation with this agreement or service documentation.
2. any transaction services or products have been modified without the consent of the particular payment gateway.
3. Any defect in the transaction services is caused by the malfunctioning customer’s hardware or software or work environment.

Furthermore, customers are made to acknowledge that such transactions are network-based services, which are often subject to outrages, interruptions, attacks by delay parties and delays.
In addition to all the mutual warranties enclosed in the agreement, the gateway also provides warranty to the customer. Each party warrants the other party that it has the essential rights and power to execute the agreement and perform the obligations therein., Also that no authorization from a third party is required.

In the event Customer discovers that any Transaction Services or products are not in accordance with the representations and warranties made in the service document and the terms mentioned therein by the payment gateway, and report such non-conformity to the concerned payment gateway or if the Transaction Services are subject to outages, interruptions, attacks by third parties and delay occurrences, The payment gateway shall use commercially reasonable efforts to make good the material interruptions and will provide adjustments, repairs and replacements, within its capacity, that are necessary to enable the Transaction Services to perform their intended functions in a reasonable manner. Customers are often made to acknowledge that the payment gateway does not warrant that such efforts will be successful. If the efforts put in my the payment gateway are not successful, Customer may immediately terminate this Agreement. The foregoing shall constitute Customer’s sole remedy, and The Payment gateway’s sole liability, in the event of interruption, outage or other delay occurrences in the Transaction Services. Authorize.Net does not warrant the services of any third party, including without limitation, the Merchant Service Provider, bank or any third party processor.

The payment gateway however will not be liable; except provided in the agreement of a particular payment gateway, for any loss occurring, including negligence arising from customer’s failure to adequately integrate or activate the merchant account, fraudulent transactions processed through customer’s payment gateway account. Or even the disruptions experienced in the transactions including DDOS attacks, software virus, Trojans, worms, bombs or any other unscrupulous means or the limitation of any hardware used to process the payment request.

Almost all payment gateways have an agreement that is acknowledged by the customer  /merchant and agreed upon by him. This agreement by be caleed by various names like The service agreement or Liability agreement or the confidentiality agreement.
Then also there is the Disclaimer that always follows, it is mentioned in the service document or the website or the app.
Its language is as follows:-

“This Service is being provided in order to facilitate access to our customers to pay their bills online, or make payments through an electronic and automated collection and remittance service (the “Payment Gateway”) hosted through “XYZ” (the ‘Payment Service Providers’). “XYZ” makes no representation of any kind, express or implied, as to the operation of the Payment Gateway other than what is specified for this purpose. The User expressly agrees that his/ her use of the aforesaid online payment Service is entirely at his/her/their own risk and responsibility of the User.”[1]

Liability in case of Identity Theft

The question of liability is also decided on the fact whether the customer is using a Card Present or a (Card not Present) (CNP) transaction.

If the transaction is a card present transaction, (It is verified if it satisfies the following conditions) –

• both the merchant and the customer are following EMV protocols (which means that the customer is using an EMV compliant credit card and the merchant accepts the payment from the customer via an EMV compliant terminal) and the customer has used a PIN as a method of verification
• or, in a non-EMV compliant transaction, the customer has showed the merchant  his ID or the signature provided have matched the signature on the ID

In that case, the merchant will be protected from the chargeback. In this kind identity theft, the issuer is the party on which the liability will fall upon.

Whereas, In a card not present (CNP) transaction, if the merchant supports 3D Secure in his or her e-commerce, the merchant will not be held liable in any cases of identity theft.

In spite of all these concerns, Payment gateways still prove extremely important for e-commerce. Though it is quite possible to connect direct to a processor but working with a payment gateway often gives more added values. That gives you advanced levels of security; innovation, flexibility and you do not have to be PCI complaint. When you choose the right payment gateway, you shall have the entire control over the payment method and the mode of payment and the process therein. Hence, In case of Failure of payment, the payment gateway may not always assume liability as discussed above, it depends on case to case, it definitely is a more secure option that directly processing of payments.

 [1] http://www.bisleri.com/payment-gateway-terms-and-conditions/