MASTERCARD SECURECODE SYSTEM TEST AGREEMENT THIS AGREEMENT is between MasterCard International Incorporated (“MasterCard”) and the undersigned person or entity (“Testing Party”) and governs the terms of MasterCard’s engagement of Testing Party. RECITALS A. MasterCard has developed certain payment authentication technology enabling MasterCard issuer banks to authenticate a cardholder prior to such cardholder consummating a transaction over the Internet at participating merchants. Such payment authentication technologies are known as and referred to herein as “MasterCard SecureCode”. B. Pursuant to a separate agreement (the “License Agreement”), MasterCard may have licensed certain MasterCard SecureCode specifications to Testing Party for the development of software product(s) to support MasterCard SecureCode authentication services and/or Testing Party has licensed the 3-D Secure protocol version 1.0.2 by Visa. Testing Party has subsequently implemented a product based on such specifications or protocol (“Testing Party Product”) and now wishes to conduct functional testing of its product using sample test scripts provided by MasterCard designed to test MasterCard SecureCode end-to-end authentication components connectivity and interoperability. In the case of a 3-D Secure Access Control Server Testing Party Product, Testing Party wishes to demonstrate compliance with MasterCard SecureCode specifications and business requirements as defined in the specification entitled “SPA Algorithm for the MasterCard Implementation of 3-D Secure” dated October 8, 2002 (the “MasterCard 3-D Secure Specification”). C. MasterCard is willing to assist Testing Party in providing such end-to-end functional testing and compliance testing and has established a MasterCard SecureCode Functional and Compliance Test Facility and related policies and procedures solely for this purpose. NOW THEREFORE, the parties hereto hereby agree as follows: 1. DEFINITIONS In addition to the definitions established elsewhere in this Agreement, the following shall have the following meaning ascribed to them: a) “SecureCode Functional and Compliance Test Facility” or “Test Facility” is a remote-access test facility, established by MasterCard, which provides an environment for Testing Parties to test their product for MasterCard SecureCode compliance, component connectivity and interoperability with the MasterCard directory service.
b) “SecureCode Functional and Compliance Testing” or “Testing” means testing the Testing Party product with other SecureCode reference components by employing remote access to such platforms through Internet connectivity to allow Testing Party to complete end-to-end transactions and demonstrate connectivity and interoperability with the MasterCard directory service. For transactions originating from a 3-D Secure Access Control Server Testing Party Product, end results of transactions will be evaluated to determine specifically whether the transaction messages meet the requirements defined in the specification entitled “SPA Algorithm for the MasterCard Implementation of 3-D Secure” dated October 8, 2002 and that the product successfully interoperated with the MasterCard directory service. c) “Policies and Procedures” means the SecureCode Functional Test Facility Policies and Procedures that have been established by MasterCard to facilitate the SecureCode Functional and Compliance Test process, the current version of which are attached hereto as Exhibit A and incorporated herein and which policies and procedures may be modified by MasterCard from time to time. d) “Test Scripts” shall mean the software test scripts owned by MasterCard for use in SecureCode Functional and Compliance testing, which may be modified by MasterCard from time to time. 2. TESTING PARTY REGISTRATION Testing Party agrees to adhere to the Policies and Procedures, the current version of which is attached hereto as Exhibit A. The Policies and Procedures provide important instructions and explain the process by which Testing Party may enroll in the SecureCode Functional and Compliance Test Facility, receive test scripts and technical documentation necessary for testing. Testing Party failure to observe the instructions or to adhere to the procedures described in the Policies and Procedures shall be deemed to be a material breach of this Agreement. 3. GRANT OF LICENSE Subject to the terms of this Agreement, MasterCard grants Testing Party a personal, non-transferable, non-exclusive license to use the Test Scripts pursuant to the Policies and Procedures, for the sole purpose of testing the Testing Party Product for SecureCode Functional and Compliance Testing. No other rights whatsoever are granted. 4. INTELLECTUAL PROPERTY As between MasterCard and the Testing Party, all right, title and interest in the Test Scripts, Test Facility, and Policies and Procedures, (including without limitation, copyrights, patent rights, design rights and trade secrets), including future versions or revisions, extensions, and improvements thereof, is and shall at all times remain solely and exclusively the property of MasterCard. 5. COMPENSATION In consideration for the testing services provided by MasterCard pursuant to this Agreement and for the license granted herein, Testing Party agrees to pay MasterCard the
applicable fees set forth on the schedule of fees attached as Exhibit B, which schedule may be updated from time to time by MasterCard. In addition to other requirements as specified in the MasterCard SecureCode Compliance and Functional Test Facility Policies and Procedures, Testing Party must remit all applicable fees prior to being granted access to the MasterCard SecureCode directory server. All members will be billed via the MasterCard Consolidated Billing System (MCBS). Individual merchants who utilize the test facility will be billed by their acquirers. All other non-MasterCard members will be billed by MasterCard directly. All payments shall be made in US dollars via check or wire transfer. 6. SUPPORT AND MAINTENANCE MasterCard or its designated agent will support and maintain the official Test Scripts, including making the necessary changes to test scenarios where appropriate. 7. EVALUATION Testing Party shall be responsible for executing the Test Scripts and test scenarios in accordance with the instructions and guidelines provided in documentation accompanying the Test Scripts. The SecureCode Functional and Compliance Test Facility will not be responsible to analyze the test results for functional testing of a Testing Party Product but will analyze results in the case of compliance testing of a 3-D Secure Access Control Server Testing Party Product. 8. COMPLETION OF NEXT STEPS/PUBLIC STATEMENTS Upon completion of the SecureCode Functional and Compliance Testing, the Testing Party Product will be designated by MasterCard as “SecureCode functionally inter-operable” and will be communicated as such in a manner solely determined by MasterCard. MASTERCARD’S TRADEMARKS Testing Party shall not use any of MasterCard’s trademarks, service marks or tradenames on materials written, produced, or developed by Testing Party without MasterCard’s prior written consent. Any such use of MasterCard trademarks, service marks and/or trade names shall be limited to the specific written consent granted by MasterCard hereunder, and shall not be deemed or considered the grant of a license to use such marks in any other manner or for any purpose whatsoever. Upon termination of this Agreement, Testing Party shall discontinue immediately any and all use of MasterCard’s trademarks, service marks and/or trade names, and shall not thereafter make any further use of them. 9. TESTING PARTY TRADEMARKS MasterCard shall not use any of Testing Party’s trademarks, service marks or trade names on materials written, produced or developed by MasterCard without Testing Party’s prior written consent. Any such use of Testing Party’s trademarks, service marks, and/or trade names shall be limited to the specific written consent granted by Testing Party hereunder, and shall not be deemed or considered the grant of such a license to use such marks in any other manner or for any purpose whatsoever. MasterCard shall immediately discontinue any and all use of Testing Party trademarks, service marks 10.
and/or trade names upon termination of this Agreement, and shall not thereafter make any further use of them. 11. TERM AND TERMINATION This Agreement shall commence as of the date of execution by both parties and shall continue for a period of one year. Thereafter, it shall be automatically renew for additional recurring one-year terms, provided that either party may terminate the Agreement at any time, with or without cause, upon not less than thirty (30) days’ prior written notice to the other. Either party may terminate this Agreement upon fifteen (15) days notice in the event of a material breach of any of the terms of this Agreement, which is not cured within fifteen (15) days of notice of such breach from the non-breaching party. 12. REPRESENTATIONS AND WARRANTIESa.Testing Party represents and warrants that by entering into this Agreement and performing any testing under this Agreement, Testing Party will not breach any obligation to any third party.b.Testing Party represents and warrants that it will comply with all applicable laws, ordinances, rules, and regulations in any way pertaining to this Agreement or to the testing performed under this Agreement.13INDEPENDENT CONTRACTOR STATUS AND PERSONNEL Testing Party employees, contractors agents and other related parties (singly and collectively, “Personnel”) and Testing Party are independent contractors in relation to MasterCard and its members; and nothing contained in this agreement shall be deemed to create an employment, association, partnership, joint venture, agency or any other type of relationship between or among any of the Testing Party, MasterCard, MasterCard’s members or Personnel. Neither Testing Party nor Personnel shall be deemed to be an employee of MasterCard for purposes of unemployment insurance, vacations, disability, overtime, holidays, insurance, pensions or savings plans, any other employee rights or benefits (collectively, “Benefits”) or otherwise. Accordingly, the Testing Party shall not attempt to collect any Benefits. Testing Party shall pay all federal, state and employeerelated taxes (e.g., federal, state and local withholding tax and FICA) and perform all other obligations pertaining to Personnel. Testing Party shall indemnify, defend and hold MasterCard harmless for claims arising in connection with the breach of its obligations under this paragraph or for the assertion by Personnel of any right to Benefits. CONFIDENTIAL INFORMATION a. “Confidential Information” means all, or any part of, and originals or copies of, any information in whatever form embodied (e.g., oral, written, electronic) clearly14.
identified by MasterCard as confidential or proprietary. Confidential Information includes the Specifications (as defined in the License Agreement) and the terms and existence of this Agreement. Confidential Information excludes: (a) information that at the time of disclosure was, or becomes, part of the public domain (through a source other than Testing Party); (b) information lawfully obtained from a third party that was not under, and did not impose, an obligation of confidentiality with respect to such information; (c) information that is independently developed by Testing Party without use of, or reference to, Confidential Information; and (d) information that was known by Testing Party prior to disclosure by MasterCard (as evidenced by written records). b. Testing Party shall (a) use Confidential Information only in connection with the Testing; (b) not copy any Confidential Information except as necessary in connection with the Testing; (c) not disclose Confidential Information to any third party except as expressly permitted in writing by MasterCard and then only if such third party has executed a non-disclosure agreement in form and substance satisfactory to MasterCard; (d) limit dissemination of Confidential Information to employees of Testing Party with a “need to know” in connection with the Testing; and (e) advise MasterCard promptly in writing of any unauthorized disclosure or use of Confidential Information and take all steps requested by MasterCard to address such unauthorized disclosure or use. c. Testing Party shall return all Confidential Information to MasterCard upon the earliest to occur of the end of the Term, completion of the Testing, or upon MasterCard’s demand.d. Testing Party acknowledges and agrees that any breach of the confidentiality provisions of this agreement will cause MasterCard immediate irreparable harm entitling MasterCard to immediate injunctive relief in addition to any other right or remedy that MasterCard may have at law or in equity. e. Testing Party shall not be deemed to have violated this paragraph if it discloses Confidential Information in response to a bona fide subpoena or other lawful process issued by a court or agency of competent jurisdiction, provided Testing Party shall give MasterCard immediate written notice, where reasonably possible, of its intention to make such disclosure to enable MasterCard to seek a protective order with regard to the intended disclosure.f. All Confidential Information is delivered on an “as is” basis and all representations and warranties, express or implied, are hereby disclaimed. Without limitation to the foregoing, MasterCard disclaims all representations and warranties with respect to the following matters: (1) that the Confidential Information is accurate or reliable for any purpose whatsoever; (2) that the use of the Confidential Information does not infringe any intellectual property rights held by third parties; and (3) the implied warranties of merchantability and fitness for a particular purpose.
g. Except as otherwise explicitly set forth in this Agreement, nothing herein shall convey to any party any right, title, interest or license in or to any Confidential Information received from MasterCard or any third party in connection with the Testing. INDEMNIFICATION Testing Party shall defend, indemnify and hold harmless MasterCard, its officers, directors, employees, and agents, from and against any and all third party claims arising in connection with this Agreement, and any and all demands, damages, injuries, expenses (including reasonable attorneys’ fees and court costs) and liability arising from such claims provided, however, that any such claims do not necessarily result from Testing Party compliance with the Policies and Procedures and it is not possible to avoid the claims while still complying with the Policies and Procedures. 15. 16. LIMITATION OF LIABILITY UNDER NO CIRCUMSTANCES SHALL MASTERCARD, OR ITS OFFICERS, DIRECTORS, EMPLOYEES, AND AGENTS, HAVE ANY LIABILITY FOR ANY CLAIM ARISING FROM OR RELATING TO THIS AGREEMENT IN EXCESS OF THE FEES PAID TO MASTERCARD UNDER THIS AGREEMENT. SUBJECT TO ITS OBLIGATIONS FOR INDEMNIFICATION OF THIRD PARTY CLAIMS UNDER THIS AGREEMENT, TESTING PARTY SHALL NOT HAVE ANY LIABILITY FOR ANY CLAIM ARISING FROM OR RELATING TO THIS AGREEMENT IN EXCESS OF THE FEES DUE UNDER THIS AGREEMENT. NEITHER PARTY SHALL HAVE ANY LIABILITY FOR CONSEQUENTIAL, INCIDENTAL, SPECIAL OR INDIRECT DAMAGES (INCLUDING LOSS OF PROFIT AND BUSINESS OPPORTUNITIES) REGARDLESS OF WHETHER EITHER OF THEM HAS BEEN ADVISED OF, OR IS AWARE THAT, SUCH DAMAGES HAVE BEEN, OR MAY BE, INCURRED. 17. NOTICES All notices required by, or relating to this Agreement, shall be sent to the parties at their addresses as set forth below. The address of a party may be changed, from time to time, in which event the party shall so notify the other party in writing. All notices shall be deemed duly given five (5) business days following the date of their mailing, by registered or certified pre-paid mail, or on the day they are received by telegraphic means, electronic means (including, but not limited to, facsimile transmission), or by hand.
Notice to MasterCard: MasterCard International Incorporated 2000 Purchase Street Purchase, NY 10577 Attn: Global e-Business Copy to: Law Department Facsimile No.: 914-249-4261 Notice to Testing Party: Testing Party Name Testing Party Address Testing Party Contact Information (Phone, Fax, Email)Attn: XXXX Facsimile No.:18.MISCELLANEOUS a. If a provision of this Agreement is determined to be invalid or unenforceable by a court of competent jurisdiction, such provision shall be severed, and all other provisions shall remain in full force provided the original intent of this Agreement is preserved in all material respects. b. This Agreement shall be construed in accordance with the laws of the State of New York except for such state’s conflict of laws principles. The state and federal courts situated in New York shall have exclusive jurisdiction over all disputes relating to this Agreement. c. No delay or failure by either party to exercise any right or remedy will operate as a waiver thereof. d. Sections 4, 5, 12, 13, 14, 15, 16, and 18 shall survive the termination of this Agreement. e. This Agreement may be amended only in a written document executed by both the Testing Party and MasterCard. f. This Agreement supersedes all prior agreements and understandings regarding the Testing and any conditions set forth on the Testing Party invoices, purchase orders, or other forms submitted in connection with the Testing regardless of whether such forms are signed by MasterCard. In the event of a conflict between
the terms of this Agreement and any schedule hereto, the terms of this Agreement shall govern.
EXECUTED by authorized representatives of MasterCard and Testing Party:MasterCard: MASTERCARD INTERNATIONAL INCORPORATED 2000 Purchase Street Purchase, NY 10577By: __________________________________________Date:Print name: Print title:TESTING PARTY NAME:By: __________________________________________Date:Print name: Print title: Testing Party TIN:
Exhibit A – MasterCard SecureCode Compliance and Functional Test Facility Policies and Procedures
Exhibit B – Test Pricing Schedule Effective 15 December 2003, new functional testing cycles for merchant end points will result in program pricing as follows: Test Functional Test Test Entity Test FeeMerchant End Point USD 600The merchant end point functional test fee provides for 21 consecutive calendar days of access to the MasterCard test facility and 8 hours of total program support as described in the MasterCard SecureCode Compliance and Functional Test Facility Policies and Procedures. MasterCard will bill support hours exceeding this base level of support at a professional services rate of USD 300 per hour.