In Short
- Third-party payment processors handle transactions between your business and customers, but their contracts often include broad powers over fund holds and termination.
- You remain legally responsible for complying with the Privacy Act 1988 and Australian Consumer Law, even when using external processors.
- Always review fund management, data ownership, liability, and termination clauses before signing.
Tips for Businesses
Conduct due diligence before choosing a payment processor. Check where customer data is stored, how refunds and disputes are handled, and whether the processor meets privacy and consumer law standards. Clearly document fund release terms and ensure your contract protects your access to data and revenue.
Table of Contents
Third-party payment processors handle customer payments on behalf of your business without requiring you to build complex payment systems. You can accept credit cards, digital wallets, and foreign currency while these platforms manage the technical aspects of transaction processing. You need to understand how these services work and their legal implications to make informed decisions for your business operations. This article explains how third-party payment processors work, what legal obligations they create, and what you should review in their contracts so you can make informed decisions for your business.
What are Third-Party Payment Processors?
Third-party payment processors are companies that handle electronic payments between your business and customers. These platforms process transactions, manage fraud prevention, and facilitate money transfers without requiring you to establish direct relationships with banks or card networks. Popular examples include platforms that offer online checkout systems, digital wallet services, and comprehensive e-commerce solutions with built-in payment capabilities.
Why You Need to Review Payment Processing Contracts
Payment processing terms can differ from standard software contracts. These platforms hold your revenue, manage sensitive financial data, and can terminate services with minimal notice. Unlike regular software providers, payment processors maintain broad discretionary powers over fund releases and account management.
Continue reading this article below the formKey Elements to Review in Payment Processing Contracts
You should review the key elements of payment processing contracts, including any performance guarantees in the processor’s standard terms, such as:
- Service Level Agreements: Look for clear performance benchmarks, including transaction processing times, system uptime requirements, and dispute resolution timeframes.
- Fund Management Protection: Review clauses that specify when processors must release funds to your business accounts and what limitations apply to fund holds. Check which circumstances may justify the processor holding funds.
- Data Ownership Rights: Confirm that you retain ownership of all customer payment data, transaction histories, and business insights generated through payment processing. Verify whether the terms include the right to export this data in standard formats upon termination of the relationship.
- Termination Provisions: Review reasonable notice periods before account termination and the procedures for accessing held funds after termination. Ensure the terms maintain your rights to customer payment data even after the business relationship ends.
- Liability Allocation: Review the liability provisions for data breaches, regulatory violations, and transaction disputes. There should not be limitations or exclusions on what you can claim as a customer for these issues. Understand what insurance coverage the processor maintains.
This fact sheet outlines businesses’ obligations under the Australian Consumer Law (ACL), highlighting key strategies to ensure compliance and prevent misleading conduct.
Australian Privacy Law Requirements for Payment Processors
When implementing payment processing solutions, you must comply with the Privacy Act 1988 and the Australian Privacy Principles, which impose specific obligations for handling personal information in payment systems. You remain solely responsible for privacy compliance when collecting customer payment information through third-party processors.
The processor’s privacy practices do not discharge you of obligations under the Privacy Act 1988. You must conduct due diligence to ensure processor data handling practices align with APP requirements and your privacy policy commitments.
The processor’s terms should specifically address how payment processors will handle personal information, ensuring compliance with APP 6 requirements that restrict use of personal information for purposes beyond those for which it was initially collected. You must also verify where customer payment information will be processed and stored, ensuring adequate data protection exists in destination countries under APP 8.
Australian Consumer Law Compliance
You remain responsible for complying with Australian Consumer Law, regardless of your payment processor’s policies. Establish clear procedures for processing consumer refunds that meet ACL timeframe requirements. Ensure your chosen processor can execute refunds promptly and maintain detailed records of all refund transactions for compliance purposes.
Key Takeaways
Successfully implementing payment processing in your retail operations requires a comprehensive legal strategy that addresses contractual protections, privacy compliance, and consumer law obligations.
Begin by conducting thorough due diligence on potential payment processors, ensuring their services meet your specific business needs and comply with your privacy requirements. Carefully review the processor’s standard terms to understand your access to funds and data rights before accepting them.
By taking a proactive approach to payment processing governance, you can maximise commercial benefits while minimising legal risks.
If you need assistance with using third-party payment processors for your business, our experienced business lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 1300 544 755 or visit our membership page.
Frequently Asked Questions
You remain fully responsible for complying with the Australian Privacy Principles, regardless of your processor’s practices. The processor’s privacy policy does not cover your business obligations under the Privacy Act 1988. You must conduct due diligence on processor data handling practices and ensure your arrangements comply with APP requirements, particularly regarding overseas data transfers and customer notification obligations.
Yes, you can utilise multiple processors to mitigate dependency risks and provide customers with more payment options. However, you must ensure each processor relationship complies with privacy laws and consumer protection requirements. Update your privacy policy to reflect all data sharing arrangements and maintain consistent refund procedures across all processors.
Contact the processor immediately to understand the hold reason and required resolution steps. Review the processor’s contract terms regarding fund holds and escalation procedures. Maintain detailed transaction records and customer communications to support your case. Consider activating backup payment processing arrangements to maintain business operations during periods when funds are held.
We appreciate your feedback – your submission has been successfully received.
