Common use of GENERAL REQUIREMENTS APPLICABLE TO THE MERCHANT Clause in Contracts

GENERAL REQUIREMENTS APPLICABLE TO THE MERCHANT. 2.1. Compliance with security requirements General All payment terminals and payment solutions used by the Mer- chant must comply with the applicable standards established by the Card Organisations and by national legislation at any given time, and must be approved by Nets. The payment terminals must be able to read the Payment Card’s chip/magnetic stripe and must be provided with a PIN keypad. If the Merchant wishes to use a Cardholder-Activated Terminal not equipped with a PIN keypad, this requires a written approval from Nets. The Merchant is responsible for ensuring that payment termi- nals and payment solutions used to complete transactions at all times comply with the technical requirements imposed under this Agreement, including but not limited to those related to obtain- ing Authorisation for and delivery of transactions. The Merchant is required to comply with the verification proce- dures and security requirements specified by the Merchant In- structions on xxx.xxxx.xx/xxxxxxxx, or with such rules as Nets may otherwise have informed the Merchant of at any given time. Even if the Merchant uses 3-D Secure, all the necessary verifica- tion measures must be implemented in order to avoid fraudulent transactions, cf. Merchant Instructions at xxx.xxxx.xx/xxxx- nets. The Merchant must ensure that unauthorised persons do not have access to payment terminals or payment solutions. The compromising of systems The Merchant must inform Nets immediately of any unauthorised access or suspicion of unauthorised access to the Merchant’s sys- tems containing Card Data in case of skimming, attempted skim- ming, compromising or suspected compromising of Card Data. In the event that systems containing Card Data handled by the Merchant or by the Merchant’s external suppliers are compro- mised, or reasonable suspected to be compromised, Nets reserves the right to impose charges on the Merchant to the same extent as those imposed on Nets by the Card Organisations. The Merchant is liable for any loss or damage incurred as a result of Payment Card fraud, costs associated with the issuing of new Payment Cards, as well as costs associated with the investigation required into the security breach or a suspected breach. Such in- vestigations as well as the drafting of the associated reports must only be performed by a certified data security firm approved by ACQUIRING - TERMS AND CONDITIONS 5 / 21 the Card Organisations. The Merchant is obliged to cooperate with and assist Nets, the chosen data security firm and any relevant public authorities in the event of a compromise or a suspected compromise. While the investigation is ongoing, Nets is entitled to suspend the Agreement until such time as the investigation is complete and it can be confirmed that the Merchant complies with the security requirements laid down in PCI DSS.

GENERAL REQUIREMENTS APPLICABLE TO THE MERCHANT. 2.1. Compliance with security requirements General All payment terminals and payment solutions used by the Mer- chant must comply with the applicable standards established by the Card Organisations and by national legislation at any given time, and must be approved by Nets. The payment terminals must be able to read the Payment Card’s chip/magnetic stripe and must be provided with a PIN keypad. If the Merchant wishes to use a Cardholder-Activated Terminal not equipped with a PIN keypad, this requires a written approval from Nets. The Merchant is responsible for ensuring that payment termi- nals and payment solutions used to complete transactions at all times comply with the technical requirements imposed under this Agreement, including but not limited to those related to obtain- ing Authorisation for and delivery of transactions. The Merchant is required to comply with the verification proce- dures and security requirements specified by the Merchant In- structions on xxx.xxxx.xx/xxxxxxxx, or with such rules as Nets may otherwise have informed the Merchant of at any given time. Even if the Merchant uses 3-D Secure, all the necessary verifica- tion measures must be implemented in order to avoid fraudulent transactions, cf. Merchant Instructions at xxx.xxxx.xx/xxxx- nets. xxx.xxxx.xx/xxxxxxxx The Merchant must ensure that unauthorised persons do not have access to payment terminals or payment solutions. The compromising of systems The Merchant must inform Nets immediately of any unauthorised access or suspicion of unauthorised access to the Merchant’s sys- tems containing Card Data in case of skimming, attempted skim- ming, compromising or suspected compromising of Card Data. In the event that systems containing Card Data handled by the Merchant or by the Merchant’s external suppliers are compro- mised, or reasonable suspected to be compromised, Nets reserves the right to impose charges on the Merchant to the same extent as those imposed on Nets by the Card Organisations. The Merchant is liable for any loss or damage incurred as a result of Payment Card fraud, costs associated with the issuing of new Payment Cards, as well as costs associated with the investigation required into the security breach or a suspected breach. Such in- vestigations as well as the drafting of the associated reports must only be performed by a certified data security firm approved by ACQUIRING - TERMS AND CONDITIONS 5 / 21 the Card Organisations. The Merchant is obliged to cooperate with Villkor 5 / 23 and assist Nets, the chosen data security firm and any relevant public authorities in the event of a compromise or a suspected compromise. While the investigation is ongoing, Nets is entitled to suspend the Agreement until such time as the investigation is complete and it can be confirmed that the Merchant complies with the security requirements laid down in PCI DSS.

GENERAL REQUIREMENTS APPLICABLE TO THE MERCHANT. 2.1. Compliance with security requirements General All payment terminals and payment solutions used by the Mer- chant must comply with the applicable standards established by the Card Organisations and by national legislation at any given time, and must be approved by Nets. The payment terminals must be able to read the Payment Card’s chip/magnetic stripe and must be provided with a PIN keypad. If the Merchant wishes to use a Cardholder-Activated Terminal not equipped with a PIN keypad, this requires a written approval from Nets. The Merchant is responsible for ensuring that payment termi- nals and payment solutions used to complete transactions at all times comply with the technical requirements imposed under this Agreement, including but not limited to those related to obtain- ing Authorisation for and delivery of transactions. The Merchant is required to comply with the verification proce- dures and security requirements specified by the Merchant In- structions on xxx.xxxx.xx/xxxxxxxx, or with such rules as Nets may otherwise have informed the Merchant of at any given time. Even if the Merchant uses 3-D Secure, all the necessary verifica- tion measures must be implemented in order to avoid fraudulent transactions, cf. Merchant Instructions at xxx.xxxx.xx/xxxx- nets. xxx.xxxx.xx/xxxxxxxx The Merchant must ensure that unauthorised persons do not have access to payment terminals or payment solutions. The compromising of systems The Merchant must inform Nets immediately of any unauthorised access or suspicion of unauthorised access to the Merchant’s sys- tems containing Card Data in case of skimming, attempted skim- ming, compromising or suspected compromising of Card Data. In the event that systems containing Card Data handled by the Merchant or by the Merchant’s external suppliers are compro- mised, or reasonable suspected to be compromised, Nets reserves the right to impose charges on the Merchant to the same extent as those imposed on Nets by the Card Organisations. The Merchant is liable for any loss or damage incurred as a result of Payment Card fraud, costs associated with the issuing of new Payment Cards, as well as costs associated with the investigation required into the security breach or a suspected breach. Such in- vestigations as well as the drafting of the associated reports must only be performed by a certified data security firm approved by ACQUIRING - TERMS AND CONDITIONS 5 / 21 the Card Organisations. The Merchant is obliged to cooperate with Terms and Conditions for Acquiring Services 5 / 23 and assist Nets, the chosen data security firm and any relevant public authorities in the event of a compromise or a suspected compromise. While the investigation is ongoing, Nets is entitled to suspend the Agreement until such time as the investigation is complete and it can be confirmed that the Merchant complies with the security requirements laid down in PCI DSS.

GENERAL REQUIREMENTS APPLICABLE TO THE MERCHANT. 2.1. Compliance with security requirements General All payment terminals and payment solutions used by the Mer- chant must comply with the applicable standards established by the Card Organisations and by national legislation at any given time, and must be approved by NetsTeller. The payment terminals must be able to read the Payment Card’s chip/magnetic stripe and must be provided with a PIN keypad. If the Merchant wishes to use a Cardholder-Activated Terminal not equipped with a PIN keypad, this requires a written approval from NetsTeller. The Merchant is responsible for ensuring that payment termi- nals and payment solutions used to complete transactions at all times comply with the technical requirements imposed under this Agreement, including but not limited to those related to obtain- ing ob- taining Authorisation for and delivery of transactions. The Merchant is required to comply with the verification proce- dures and security requirements specified by the Merchant In- structions on xxx.xxxx.xx/xxxxxxxxxxx.xxxxxx.xxx, or with such rules as Nets Teller may otherwise have informed the Merchant of at any given time. Even if the Merchant uses 3-D Secure, all the necessary verifica- tion measures must be implemented in order to avoid fraudulent transactions, cf. Merchant Instructions at xxx.xxxx.xx/xxxx- netsxxx.xxxxxx.xxx. The Merchant must ensure that unauthorised persons do not have access to payment terminals or payment solutions. The compromising of systems The Merchant must inform Nets Xxxxxx immediately of any unauthorised unauthor- ised access or suspicion of unauthorised access to the MerchantMer- chant’s sys- tems systems containing Card Data in case of skimming, attempted skim- mingat- tempted skimming, compromising or suspected compromising of Card Data. In the event that systems containing Card Data handled by the Merchant or by the Merchant’s external suppliers are compro- mised, or reasonable suspected to be compromised, Nets reserves Teller re- serves the right to impose charges on the Merchant to the same extent as those imposed on Nets Teller by the Card Organisations. The Merchant is liable for any loss or damage incurred as a result of Payment Card fraud, costs associated with the issuing of new Payment Cards, as well as costs associated with the investigation required into the security breach or a suspected breach. Such in- vestigations investigations as well as the drafting of the associated reports must only be performed by a certified data security firm approved by ACQUIRING - TERMS AND CONDITIONS 5 / 21 the Card Organisations. The Merchant is Mercxxxx xs obliged to cooperate cooper- ate with and assist NetsXxxxxx, the chosen data security firm and any relevant public authorities in the event of a compromise or a suspected compromise. While the investigation is ongoing, Nets Xxxxxx is entitled to suspend the Agreement until such time as the investigation is complete and it can be confirmed that the Merchant complies with the security requirements laid down in PCI DSS.