Confidentiality clauses in ISO agreements By Adam Atlas
any ISOs and merchant level salespeople gloss over confidentiality provisions in ISO or agent agreements, partly because they make especially long and dry reading. But dry as they are, confidentiality provisions can have important implications for your processor relationships. Keep the following in mind when reading the confidentiality clause in your agreements:
Information covered
Most confidentiality clauses define "confidential information" through a long list of specific inclusions and exclusions. Of these, pricing and merchant information are the most sensitive to the processor. Read the confidentiality clause in your ISO agreement to determine whether these two categories are included.
One way to indirectly include pricing within the definition of confidential information is to state that the agreement itself is confidential. Don't get caught thinking that the pricing schedule is not confidential if the whole agreement is deemed confidential. As an ISO, make sure that agent information is identified as confidential information so that your processor does not use your agent list as a recruitment tool.
Information not covered
Most confidentiality clauses have a standard list of exclusions i.e., information that the parties agree will not be confidential. These standard exclusions usually are information that is in the public domain, information that a court has ordered to be disclosed, or information that was already in the party's possession before they entered into the agreement containing the confidentiality clause. It is normal for these and other specific exclusions to limit what will be considered confidential information.
Use of information
Once you understand exactly what information the agreement designates as confidential, think about how you may use it. For example, an ISO agreement will typically prohibit you from sharing confidential information with a third party. In other words, you cannot tell processor "A" what the pricing is on your deal
with processor "B."
Be careful, however, to not restrict information use so extensively that it prevents you from doing your work. All ISO and agent agreements should expressly permit the use of confidential information so you can perform in accordance with the agreement, but many agreements are poorly drafted and do not have this specific right written in.
Term
Some confidentiality clauses expire when an agreement terminates; others last for some period thereafter. Depending on other issues in your deal, such as non-compete and non-solicitation clauses, you may or may not wish to have a confidentiality clause continue after termination.
Remember, as an ISO or agent, you depend on leads and merchant information. Excessive restriction of using this information, may limit your ability to grow your business.
Non-solicitation of merchants
Many ISO and agent confidentiality clauses are veiled non-solicitation clauses. For example, even if an ISO agreement contains no prohibition against soliciting merchants after termination, a confidentiality clause may prohibit you from using your old merchant list to move merchants from one processor to another.
Make sure that the term of the confidentiality clause coincides with the term of the non-solicit clause. If these two terms differ, chances are the processor is misleading you.
Merchant information
Take time to learn exactly how merchant information is covered by your ISO agreement's confidentiality clause. For example, merchant pricing and the merchant list are two different kinds of information that may be treated differently in the ISO agreement.
Cardholder information
Regardless of whether the confidentiality clause in your ISO agreement covers cardholder information, never use such information for any purpose unless you are 110% sure you are authorized to do so.
If you possess cardholder information, you will have to comply with state privacy laws as well as industry standards such as the Payment Card Industry Data Security Standard.
When it comes to cardholder information, always err on the side of caution. Pretend your mother's credit card number is on your list, and act accordingly. Most ISOs and virtually all agents should neither have nor need access to this information.
As I have written previously, cardholder information is a hot potato you don't want to hold unless you're meant to have it.
The real world
Any industry veteran will tell you that confidentiality and non-solicit clauses are violated every day across the nation. Some ISOs' hiring agents even encourage new agents to bring merchant lists from their previous ISOs to get their deal count up.
Having been involved in hundreds of agent/ISO/processor/bank disputes over breaches of non-solicit and confidentiality clauses, I feel comfortable advising you to not violate the clauses to which you are bound.
While violations may lead to a short-term spike in your production, the long-term effects of such disloyalty will come back to haunt you. I have seen it happen many times. A number of sizable ISOs in the marketplace today are losing considerable business because they have not honored the promises they made to agents.
The payments business is comprised of a relatively small collection of individuals. It doesn't take long for bad press to get around. So, in short, stay clean.
At the end of the day, information is the currency of the merchant acquiring business. Confidentiality clauses in ISO agreements protect that currency and help both the ISO and the processor turn it into revenue. That is no secret.
In publishing The Green Sheet, neither the author nor the publisher is engaged in rendering legal, accounting or other professional services. If you require legal advice or other expert assistance, seek the services of a competent professional. For further information on this article, please e-mail Adam Atlas, Attorney at Law at atlas@adamatlas.com or call him at 514-842-0886.
|