A Thing
The Green SheetGreen Sheet
Subscribe
Sign in

The Green Sheet Online Edition

February 11, 2013 • Issue 13:02:01

Confidentiality: A refresher on ISO, MLS obligations

By Adam Atlas
Attorney at Law

A processor and two of its ISOs walk into a bar. Only one ISO walks out. What happened to the other ISO? In violation of its confidentiality obligations to the processor, the foolish ISO divulged to the wiser ISO the buy rates set forth under its processing agreement. So the processor terminated the careless ISO right there in the bar, leaving only one ISO standing.

As an ISO or merchant level salesperson (MLS), are you likely to be the one terminated or the one left standing? Adhering to terms of your ISO agreement makes all the difference.

Respecting confidentiality

An older, seasoned lawyer once told me that there is no such thing as a secret. Information tends to zip around pretty quickly these days, but that does not take away from obligations of confidentiality that prohibit the circulation of some of that information. The purpose of this article is to remind readers of several key confidentiality obligations that typically apply to ISO and MLS businesses.

Following are several confidentiality and other concerns to consider. In these examples, the term ISO refers to both ISOs and MLSs:

  • A bilateral confidentiality clause is not always helpful. Many ISO agreements contain a bilateral confidentiality clause. The intent of these clauses is obviously to protect each party's confidential information.

    The problem, of course, is how to discern which information belongs to one party or another. For example, the ISO's pricing in the ISO agreement is relevant to both parties and, one could argue, it is something in which both parties have title.

    However, most processors do not want their pricing agreements circulating in the marketplace, because that could make it more difficult for them to recruit and preserve ISO relationships.

    The solution to this and other ambiguities regarding the parties' respective rights pertaining to information is to add some specific wording on certain key pieces of information. For example, some processors will specify that while the confidentiality clause is bilateral, information on pricing in the ISO agreement belongs to the processor.

  • ISO information is worth protecting. While pricing a processor agrees upon with an ISO may reasonably be deemed as processor-confidential information and protected as such, other sets of information can reasonably be defined as confidential for the ISO. Examples of this include ISO training materials, sales techniques, agent lists and terms with third-party suppliers.

    A processor is likely to acquire all of this information from ISOs in the course of working with them. But ISOs may still reasonably ask that this information be kept confidential during and following the term of an ISO agreement.

    ISOs do not want the processor using their lists of agents as solicitation tools for recruiting new ISOs. Similarly, ISOs do not want their sales techniques to serve as research material for the processor.

  • Terms of a confidentiality provision must be observed. On careful reading of your ISO agreement, you will see that the agreement itself, and sometimes specific provisions of the agreement, will have uniquely defined terms.

    Usually, confidentiality clauses survive termination of the agreement, sometimes for a defined period of time and sometimes indefinitely.

    The extent to which a court will enforce a long or indefinite term on a given clause is a question of state law, which will vary from state to state. That said, the purpose of a confidentiality clause is not just to require a party to keep some set of information confidential. It also serves to define title of one or another party to that information.

    In this sense, the long-term effectiveness of these clauses is likely to be upheld. For example, if a processor says in its confidentiality clause that merchant agreement information belongs to the processor and that the clause survives termination of the agreement, we may reasonably read into it that the title in the merchant agreement information belongs to the processor and that termination of the agreement does not effect any change in that title.

    In this sense, the confidentiality clause plays two roles:

    1. It reinforces one or another party's title to information.

    2. It prevents one or another party from using or disclosing such information without permission from the rightful owner.

  • Confidentiality is not nonsolicitation. Although they often protect similar interests, confidentiality provisions and nonsolicitation provisions exhibit important differences.

    A confidentiality clause serves to limit the use or disclosure of certain information by the other party to the agreement.

    In contrast, a nonsolicitation clause obligates a party to refrain from carrying out certain kinds of solicitation on a defined group of potential targets, within a defined territory, and for a limited amount of time.

    Courts generally prevent the indefinite application of nonsolicitation clauses because they have the effect of lessening the ability of a person or entity to earn a living and compete within a given marketplace.

    As discussed above, confidentiality clauses speak, in part, to title in information and are not necessarily bound by the same term limitations as nonsolicitation provisions.

    An important similarity to which ISOs should pay attention exists between confidentiality clauses and nonsolicitation clauses: as long as both clauses apply to an ISO and the ISO uses processor information to solicit a merchant in breach of the nonsolicitation provision, the ISO will be in breach of both clauses through the single act of solicitation.

  • It is a crime to steal digital records. Once upon a time, theft was limited to gold coins and dollar bills. These days, the most valuable assets are digital in nature.

    In our industry in particular, pricing, agent lists, merchant lists, lead lists, referral source lists and other crucial digitally stored records are some of the most important assets of an ISO's business.

    From the point of view of criminal law enforcement, stealing a list of merchants could easily be regarded as a violation as serious as an employee stealing the contents of the cash register from the store where he or she works.

    If you are an MLS working for an ISO and stumble across an easily accessible list of the ISO's portfolio of merchants, you should not download that list onto a thumb drive and walk out the door. That is a crime.

    Some participants in our industry don't realize how serious that kind of wrongdoing really is, partly because of how easy it is in many office settings to steal valuable information.

    Without diminishing the seriousness of the crime of theft, ISOs should have policies and procedures in place from a practical perspective to make stealing core data difficult or nearly impossible, in order to remain in compliance with payment network rules and obligations to processors.

Like many clauses in ISO agreements, the confidentiality clause is grounded in common sense. Most parties acting in good faith are likely to comply with it, even if they have not read it.

That said, it is worthwhile to read and understand each clause in your ISO agreement, and that's no secret. end of article

In publishing The Green Sheet, neither the author nor the publisher is engaged in rendering legal, accounting or other professional services. If you require legal advice or other expert assistance, seek the services of a competent professional. For further information on this article, email Adam Atlas, Attorney at Law, at atlas@adamatlas.com or call him at 514-842-0886.

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

Prev Next
Facebook
Twitter
LinkedIn

Current Issue

View Archives
View Flipbook

Table of Contents

Lead Story
Fraud, data breach concerns drive EMV support
News
Industry Update
Visa, MC allow merchant surcharging
CAPP provides FI security snapshot
ETA promotes Debit AID to assist EMV
NFC Forum SIGs map tech future
Square wins with Verizon, Angie's List
Federal court ruling may impact CFPB
Features
International charity with roots at home
Acquiring Kilimanjaro, an ISO adventure
Mobile marketing and remote mobile payments transform holiday shopping in 2012
Stephen Kiene , First Annapolis Consulting
Research Rundown
Meet The Expert: Biff Matthews
Selling Prepaid
Prepaid in Brief
Plastic Jungle pilots retail gift card exchange
Researcher makes argument against prepaid regulation
Views
Surveying the financial landscape in 2013
Brandes Elitch , CrossCheck Inc.
Education
Street SmartsSM:
Lessons from that first call
Jeff Fortney , Clearent LLC
Confidentiality: A refresher on ISO, MLS obligations
Adam Atlas , Attorney at Law
Sustaining the mPOS (r)evolution
Venkat Kalyanaraman and Sunil Rongala , MRL Posnet Private Ltd.
Small businesses need big data, too
Rick Berry , ABC Mobile Pay Inc.
Company Profile
Super G Funding LLC
New Products
Interactive multilane checkout
iSC Touch 480 , Company: Ingenico Inc.
Advanced breach protection
Voltage Secure Stateless Tokenization , Voltage Security Inc.
Inspiration
Take one invigorating step
Departments
GS 10 Years Ago
Readers Speak
2013 events calendar
Resource Guide
Datebook
A Thing