Phoenix Technologies operates as a Payment Facilitator (PayFac) within a regulated card network ecosystem governed by Visa, Mastercard, Sponsor Bank requirements, and applicable law. This Acceptable Use Policy (AUP) establishes mandatory standards governing merchant conduct, risk management expectations, fraud mitigation, chargeback monitoring, sanctions compliance, consumer transparency, and enforcement authority.

This AUP is incorporated into all Merchant and Sub-Merchant Agreements. Compliance with this Policy is a condition of continued access to Phoenix Technologies' Services.
‍

1. Formal Risk Governance Framework
‍

Phoenix Technologies maintains a comprehensive Risk Governance Framework designed to protect the integrity of the payments ecosystem and ensure compliance with Visa Core Rules, Mastercard Rules, Sponsor Bank obligations, and regulatory requirements.
‍

The Risk Governance Framework includes: underwriting standards; KYB/KYC verification; beneficial ownership identification; sanctions screening; fraud monitoring; chargeback monitoring; reserve and financial risk controls; dispute management oversight; and executive-level risk review.
‍

Portfolio risk metrics are reviewed regularly by senior management. Merchants are subject to ongoing monitoring throughout the lifecycle of their relationship with Phoenix Technologies.
‍

2. Merchant Responsibilities

‍

Merchants must operate lawfully, transparently, and in full compliance with all applicable laws, Card Network Rules, and Phoenix Technologies requirements.

Merchant obligations include:
‍

• Providing accurate and complete business information at onboarding and ongoing
• Maintaining clear customer-facing policies including refund, privacy, and delivery terms
• Complying with PCI DSS and safeguarding sensitive authentication data
• Responding promptly to compliance, dispute, and fraud inquiries
• Maintaining chargeback ratios below network monitoring thresholds

‍
‍

3. Prohibited Activities
‍

The following activities are strictly prohibited:

‍

• Illegal conduct or facilitation of unlawful activity
• Transaction laundering or undisclosed third-party processing
• Fraudulent transactions or deceptive practices
• Factoring or pass-through processing without written approval
• Sale of counterfeit goods or intellectual property infringement
• Child sexual exploitation material (zero tolerance)
• Money laundering or structuring to evade monitoring controls
• Terrorist financing or sanctioned party transactions

‍

4. Prohibited & Restricted Business Categories

‍

Certain business models present elevated regulatory, reputational, or network risk. Phoenix Technologies reserves the right to decline or restrict such businesses.
‍

5. Sanctions & OFAC Certification

‍

• Gambling (unless licensed and expressly approved)
• Cryptocurrency exchanges or quasi-cash services (restricted)
• Adult-oriented services (prior written approval required)
• CBD or regulated wellness products (subject to legal review)
• Outbound telemarketing or high-risk direct marketing
  ‍

Merchant represents and warrants that neither it nor its beneficial owners appear on any OFAC sanctions list or other applicable sanctions registry.

‍

Merchants certify they will not process transactions involving sanctioned persons, entities, or jurisdictions. Violations may result in immediate termination and reporting.
‍

6. Chargeback Monitoring Program

Phoenix Technologies monitors merchant chargeback performance in alignment with the Visa Fraud Monitoring Program (VFMP), Visa Chargeback Monitoring Program (VCMP), and Mastercard Excessive Chargeback Program (ECP).

Merchants exceeding early warning or excessive thresholds may be subject to corrective action plans, reserve requirements, delayed settlements, or termination.
‍

7. Reserve & Funds Hold Authority
‍

Phoenix Technologies may establish rolling reserves, fixed reserves, delayed settlement schedules, or funds holds where risk exposure warrants such action.

‍

Held funds may be applied to chargebacks, refunds, fines, penalties, or network assessments.
‍

8. Refund & Dispute Minimum Standards
‍

• Refund policies must be clearly disclosed prior to purchase
• Refund requests acknowledged within two (2) business days
• Approved refunds processed within five (5) business days
• Transaction and fulfillment records retained for minimum twenty-four (24) months
• Customer inquiries responded to within 48 hours
• Chargeback responses submitted within network-mandated timelines

‍

9. Subscription Billing Standards
‍

• Clear disclosure of recurring billing terms prior to checkout
• Affirmative express consent (no pre-checked boxes)
• Advance notice prior to trial conversion or renewal
• Online cancellation mechanism for online enrollments
• Immediate cessation of billing upon cancellation
  ‍

10. Monitoring, Investigation & Enforcement
‍

Phoenix Technologies reserves the right to monitor transactions, request documentation, conduct enhanced due diligence, and take enforcement action where risk exposure is identified.

Enforcement actions may include suspension, payout blocking, reserve establishment, termination, or reporting to Sponsor Bank and Card Networks.