This Acceptable Use Policy (this “Policy”) applies to the use of IBA’s tapXphone mobile application, software development kit files (SDKs), tools, programs and utilities, as well as any plug-in or other application programming interfaces (“APIs”), sample code (including runtimes and libraries) and related documentation (collectively the “Developer Tools”). This Policy is in addition to any other terms and conditions under which IBA provides the service or software to you.

IBA may make reasonable modifications to this Policy from time to time by posting a new version of this document on the IBA website. Revisions are effective immediately upon posting. Accordingly, we recommend that you visit the IBA website regularly to ensure that your activities conform to the most recent version.

The examples listed in this Policy are not exhaustive.

(a) Prohibited uses and activities include, without limitation, any use of the Developer Tools in a manner that, in IBA’s reasonable judgment, involves, facilitates, or attempts any of the following:

Conduct and Information Restrictions

• violating any law of, or committing conduct that is tortuous or unlawful in, any applicable jurisdiction;

• displaying, performing, sending, receiving or storing any content that is obscene, pornographic, lewd, lascivious, or excessively violent, regardless of whether the material or its dissemination is unlawful;

• advocating or encouraging violence against any government, organization, group, individual or property, or providing instruction, information, or assistance in causing or carrying out such violence, regardless of whether such activity is unlawful;

• uploading, posting, publishing, transmitting, reproducing, creating derivative works of, or distributing in any way information, software or other material obtained through the Service or otherwise that is protected by copyright, trade secret or other intellectual property right, without obtaining any required permission of the owner;

• deleting or altering author attributions, copyright notices, or trademark notices, unless expressly permitted in writing by the owner;

• transmitting highly sensitive personal information of an individual in a manner that can be associated with the individual, such as Social Security number, government-issued identification number, health or medical information, credit card or debit card number, financial account information, access codes and PINS, or date of birth;

• obtaining unauthorized access to any system, network, service, or account;

• interfering with service to any user, site, account, system, or network by use of any program,

  script, command, or otherwise;

• evading spam filters, or sending or posting a message or e-mail with deceptive, absent, or

  forged header or sender identification information;

• transmitting unsolicited bulk or commercial messages commonly known as “spam;”

• sending very large numbers of copies of the same or substantially similar messages, empty messages, or messages which contain no substantive content, or send very large messages or files that disrupts a server, account, blog, newsgroup, chat, or similar service;

• participating in the collection of very large numbers of e-mail addresses, screen names, or other identifiers of others (without their prior consent), a practice sometimes known as spidering or harvesting, or participate in the use of software (including “spyware”) designed to facilitate this activity;

• falsifying, altering, or removing message headers;

• impersonating any person or entity, engage in sender address falsification, forge anyone else's digital or manual signature, or perform any other similar fraudulent activity (for example, “phishing”);

• using any mobile apps that does not including in Solution Partner application or Solution Partner questionnaire;

• using the credentials of an acquiring service provider if it has not granted permission to access the IBA tapXphone Software using such data, as well as the data of its Merchants;

Technical Restrictions

• accessing any other person's computer or computer system, network, software, or data without his or her knowledge and consent; breaching the security of another user or system; or attempting to circumvent the user authentication or security of any host, network, or account. This includes, but is not limited to, accessing data not intended for you, logging into or making use of a server or account you are not expressly authorized to access, or probing the security of other hosts, networks, or accounts without express permission to do so;

• using or distributing tools or devices designed or used for compromising security or whose use is otherwise unauthorized, such as password guessing programs, decoders, password gatherers, keystroke loggers, analyzers, cracking tools, packet sniffers, encryption circumvention devices, or Trojan Horse programs;

• copying, distributing, or sublicensing any proprietary software provided in connection with the Developer Tools by IBA;

• distributing programs that make unauthorized changes to software;

• altering, modifying, or tampering with the Developer Tools or permitting any other person to do the same who is not authorized by IBA;

Network and Usage Restrictions

• restricting, inhibiting, or otherwise interfering with the ability of any other entity, to use or enjoy the Service, including posting or transmitting any information or software which contains a worm, virus, or other harmful feature, or generating levels of traffic sufficient to impede others’ ability to use, send, or retrieve information;

• restricting, inhibiting, interfering with, or otherwise disrupting or cause a performance degradation to the Developer Tools or any IBA host, server, backbone network, node or service, or otherwise cause a performance degradation to any IBA facilities used to deliver the Developer Tools; or

• interfering with computer networking or telecommunications service to any user, host or network, including, without limitation, denial of service attacks, flooding of a network, overloading a service, improper seizing and abusing operator privileges, and attempts to “crash” a host.

(b) At the same time, in order to use the Developer Tools, the Partner must comply with the following requirements:

• Solution Partner mobile applications have to enforce the use of an end-to-end secure channel (such as SSL/TLS) when sending sensitive information to Solution Partner Backend;

• unique identification of the users of Solution Partner mobile application have to be used;

• unique identification of the devices (on which the Solution Partner mobile application is installed) have to be used;

• access to the Solution Partner mobile application and Backend must be provided only to Authorized users;

• in order to prevent unauthorized access, devices should be password protected using the features of the device and Solution Partner mobile application must be protected using a strong password;

• all data received or sent to IBA’s tapXphone Software have to be stored safely on the Solution Partner Backend (if applicable). It is forbidden to store data in the Solution Partner mobile application received from IBA’s tapXphone Software;

• ensure passwords, cryptographic keys, sensitive data are not visible in cache or logs;

• the parameter that will be used by Solution Partner Backend as the merchant's authentication data must be agreed and approved by the acquiring service provider that has registered the relevant Merchant in the IBA tapXphone software;

• available payment configuration for merchants (types of transactions, limits, currency, etc.) the Solution Partner agrees and approves with the acquiring service provider;

• Solution Partner must audit the mobile application and Backend at least once a year. At a minimum, the Solution Partner must eliminate the discovered vulnerabilities, as well as monitor the relevance of OS systems, device manufacturers and models supported by tapXphone mobile application;

• if a user of the Solution Partner mobile application suspects that an unauthorized access to a mobile device or mobile application has occurred, he must report the incident to the Solution Partner, and in turn, the Solution Partner must block the user and notify the acquirer service provider about the incident. This clause must be specified in the Terms and Conditions for the Solution Partner mobile application (or Mobile Application End-User License Agreement) and the consent of the user with this agreement must be recorded.

• if the mobile device is lost or stolen, it is required that the user of the Solution Partner mobile application immediately report the incident to the Solution Partner, in turn, the Solution Partner must block the device (that used the application) and notify the acquirer service provider. This clause must be specified in the Terms and Conditions for the Solution Partner mobile application (or Mobile Application End-User License Agreement) and the consent of the user with this agreement must be recorded.

This Policy is in addition to any other terms and conditions under which IBA provides the Developer Tools to you.

IBA RESERVES THE RIGHT TO NOTIFY ITS SOLUTION PARTNERS OF ANY INFORMATION THAT AFFECTS THE SECURITY OF THE DEVELOPER TOOLS.

This Policy was last updated on February 11, 2022.