I'm Interested

Sign in
Register

Terms & Conditions, Privacy & Cookie Policy



TERMS & CONDITIONS

These Terms and Conditions (“T&C”) constitute a legally binding agreement between:

 

CARDBIZ PAYMENT SERVICES SDN. BHD.
(Company No. 201001003874 (888463-T))
a company incorporated in Malaysia and operating as a Third Party Acquirer (“TPA”) under authorization from licensed Acquirer Banks, (hereinafter referred to as “CARDBIZ”), AND The merchant entity approved and onboarded for card payment acceptance,

(hereinafter referred to as the “Merchant”).

 

CARDBIZ and the Merchant shall be collectively referred to as the “Parties.”

 

 

1. DEFINITIONS

For the purposes of these T&C:

l  Acquirer” means the licensed financial institution or payment system operator authorizing CARDBIZ to perform merchant acquiring, processing,
monitoring and settlement functions as a TPA.

l  Agreement” means these T&C, the Merchant Application Form, schedules, annexures, operating guidelines, and anyamendments issued by CARDBIZ.

l  Card” means any valid Visa, Mastercard, MyDebit or other payment scheme card designated for acceptance.

l  Card Scheme Rules” means all rules, regulations, technical standards, compliance frameworks and advisories issued by Visa, Mastercard, MyDebit (PayNet), UnionPay or any global/local card network.

l  Cardholder” means an individual authorized to use a Card.

l  Chargeback” means a reversal of a Transaction initiated by the Acquirer, card issuer or card scheme.

l  Merchant Outlet” means any physical or online location from which the Merchant conducts business.

l  PCI-DSS” means the Payment Card Industry Data Security Standard.

l  Services” means card acceptance, processing, settlement, fraud monitoring, risk management, reporting issuance and any related services rendered by  CARDBIZ.

 

 

2. APPOINTMENT AND SCOPE

2.1 The Merchant is hereby appointed by CARDBIZ, acting under authority of licensed Acquirer Banks, to accept and process Card transactions for the sale of goods and/or services.


2.2 CARDBIZ shall provide the Merchant with card acceptance capability, including terminals, integrations, systems access, onboarding, due diligence processing, transaction routing and settlement processing.


2.3 The Merchant acknowledges that CARDBIZ acts as a TPA, and that final settlement and acquiring liability resides with the respective Acquirer Bank.


2.4 The Merchant agrees to comply with all instructions, manuals, circulars, advisories and operational requirements issued by CARDBIZ or the Acquirer.

 
 

3. PROVISION AND USE OF EQUIPMENT

      3.1 CARDBIZ may provide POS terminals, card readers, payment gateways, software or related equipment (“Equipment”).

      3.2 Risk of loss or damage to the Equipment transfers to the Merchant upon delivery.

      3.3 The Merchant shall:
(a) maintain the Equipment in good working condition;
(b) not modify, reverse engineer or tamper with the Equipment;
(c) use the Equipment exclusively for lawful card transactions approved under this Agreement;
(d) promptly report any fault, tampering or compromise.

 

      3.4 CARDBIZ reserves the right to replace or retrieve the Equipment at any time.

 

 

MERCHANT OBLIGATIONS

The Merchant shall at all times:

 

4.1 Accept Cards
Accept all valid and unexpired Cards for legitimate transactions and not
discriminate between Cards.

 

4.2 Authorization
Obtain transaction authorization through approved systems prior to completing
any sale.

 

4.3 Prohibited Transactions
Not accept Cards for:
(a) cash-equivalent items;
(b) illegal or restricted businesses;
(c) transactions not corresponding to actual delivery of goods/services;
(d) transactions performed on behalf of another business (“factoring”).

 

4.4 Transaction Processing Standards
The Merchant shall:
(a) ensure accuracy of transaction data;
(b) not split transactions;
(c) not manually key-in transactions unless permitted;
(d) maintain proper sales drafts and records.

 

4.5 Compliance with Laws and Standards
The Merchant shall comply with:

l  PCI-DSS;

l  Bank Negara Malaysia regulations;

l  AMLA and AML/CFT requirements;

l  Card Scheme Rules;

l  Consumer protection and e-commerce laws.

 

4.6 Prohibited Storage of Data
The Merchant shall not store any prohibited cardholder data including CVV2,
PIN, or magnetic stripe data.

 

4.7 E-commerce Merchant Obligations (if
applicable)
The Merchant shall display:
(a) clear product descriptions and pricing;
(b) refund/return policies;
(c) privacy policy;
(d) legal identity and contact information.

 

4.8 Change of Business
The Merchant shall notify CARDBIZ in writing prior to any change in ownership,
corporate structure, business model, risk category, MCC, domain name or other
material change.

 

 

5. FEES AND SETTLEMENT

5.1 The Merchant shall pay:
(a) Merchant Discount Rate (MDR);
(b) transaction fees;
(c) terminal rental fees;
(d) onboarding, compliance or maintenance charges;
(e) any penalties or assessments imposed by card schemes.

 

5.2 Notwithstanding
Clause 5.2, CARDBIZ reserves the right to revise the Merchant Discount Rate (MDR), fees or pricing with immediate effect and without prior notice where
such revision is required due to:

(a) inaccurate, incomplete or misleading information provided by the Merchant;
(b) changes in the Merchant’s risk profile, business model, MCC or transaction behavior;
(c) excessive chargebacks, disputes, refunds or fraud indicators;
(d) directives, assessments or requirements imposed by the Acquirer, card schemes or regulatory authorities; or
(e) breach or suspected breach of this Agreement or applicable laws.

 

Any revised MDR shall apply prospectively and shall not affect transactions already settled.

5.3 Settlement of funds shall be made net of fees, chargebacks, penalties and reserves.

5.4 CARDBIZ may implement a rolling reserve, upfront deposit, collateral or withholding arrangement where required due to Merchant risk profile.

 

5.5 CARDBIZ may withhold, delay, suspend or place a hold on settlement funds, in whole or in part, without prior notice, where:

(a) the Merchant has provided false, inaccurate, incomplete or misleading information during onboarding or at any time thereafter;
(b) there is a discrepancy between declared and actual business activities;
(c) there is suspected fraud, AML/CFT concern, scheme rule violation or regulatory risk; or
(d) supporting documents requested by CARDBIZ are not provided within the stipulated timeframe.

 

 

Settlement shall remain on hold until the issue is resolved to CARDBIZ’s satisfaction.

 

 

6. CHARGEBACKS AND DISPUTES

6.1 CARDBIZ and/or the Acquirer may charge back
any transaction that: 

is disputed by the Cardholder;

lacks proper authorization;

violates scheme rules;

is fraudulent or suspicious;

involves non-delivery of goods/services;

involves counterfeit, duplicated or invalid card
data.

 

6.2 The Merchant shall reimburse CARDBIZ for all
chargebacks, penalties, handling fees and assessments.

6.3 CARDBIZ may deduct such amounts from
settlement, Merchant’s account or any reserve held.

6.4 Merchant must supply supporting documents
within the stipulated timeframe; failure to do so shall result in automatic
chargeback acceptance.

 

 

7. FRAUD CONTROL, AML/CFT AND REGULATORY OBLIGATIONS

7.1 The Merchant shall implement anti-fraud controls and report suspicious transactions immediately.

7.2 CARDBIZ may suspend settlements or freeze funds pending investigative procedures.

7.3 Merchant must comply with AMLA, FATF requirements, and BNM guidelines on AML/CFT.

7.4 CARDBIZ may terminate the Merchant immediately where AML/CFT breaches are identified.

 

7.5 CARDBIZ may suspend settlement, freeze funds or restrict transaction processing immediately where information provided by the Merchant is found to be false, misleading or materially inaccurate, pending investigation and remedial action.

 

 

8. DATA SECURITY AND PCI-DSS COMPLIANCE

8.1 The Merchant shall strictly adhere to PCI-DSS
requirements.

8.2 In the event of a data breach, the Merchant
shall:
(a) grant CARDBIZ and forensic auditors full access to systems;
(b) bear all costs of investigation, remediation and scheme fines;
(c) notify affected parties as required by law;
(d) immediately implement corrective actions.

 

8.3 Non-compliance with PCD-DSS constitutes serious breach warranting suspension or termination

 

 

9. AUDIT, INSPECTION AND REPORTING

9.1 CARDBIZ, the Acquirer, card schemes or
regulatory authorities may inspect Merchant premises, systems, books and
records at any time.

9.2 The Merchant shall provide full cooperation
and access during such inspections.

9.3 CARDBIZ may require periodic compliance
declarations, PCI certifications, risk questionnaires or self-assessment forms.

 

 

10. SUSPENSION AND TERMINATION

10.1 CARDBIZ may suspend or terminate the Merchant’s access immediately where:
(a) there is suspected fraud, illegal activity or data compromise;
(b) excessive chargebacks or dispute ratios occur;
(c) the Merchant breaches any material term of this Agreement;
(d) the Merchant becomes insolvent or ceases business;
(e) regulatory or scheme directives mandate suspension.

 

10.2 The Merchant may terminate this Agreement with thirty (30) days’ written notice.

10.3 CARDBIZ may withhold settlement funds for up to one hundred eighty (180) days post-termination to cover chargeback exposure.

10.4 Termination does not affect accrued liabilities.

 

 

11. LIABILITY AND INDEMNITY

11.1 The Merchant shall indemnify and hold harmless CARDBIZ, the Acquirer and card schemes against any loss, liability, penalty, cost or damage arising from:

l  breach of these T&C;

l  fraud or misconduct;

l  unauthorized or illegal transactions;

l  data compromise or PCI non-compliance;

l  breach of regulatory obligations;

l  misrepresentation to cardholders.

 

11.2 CARDBIZ shall not be liable for:

l  indirect or consequential losses;

l  business interruption;

l  loss of profits;

l  system downtimes not caused by CARDBIZ’s negligence.

 

 

12. CONFIDENTIALITY AND DATA PROTECTION

12.1 Both Parties shall maintain confidentiality of all information exchanged under this Agreement.

12.2 CARDBIZ may disclose Merchant information to:

l  Acquirers;

l  regulators;

l  card schemes;

l  law enforcement agencies;

l  service providers under confidentiality obligations.

 

12.3 The Merchant warrants compliance with the Personal Data Protection Act 2010 (PDPA).

 

 

13. GOVERNING LAW AND DISPUTE RESOLUTION

13.1 These T&C shall be governed by and construed in accordance with the laws of Malaysia.

13.2 Any dispute shall be subject to the exclusive jurisdiction of the Malaysian courts.

13.3 CARDBIZ may pursue injunctive or other equitable relief where appropriate.

 

 

14. MISCELLANEOUS

14.1 CARDBIZ may amend these T&C by written notice or publication on its website, and continued use of the Services constitutes acceptance.

14.2 The Merchant may not assign or transfer its rights under this Agreement without CARDBIZ’s prior written consent.

14.3 No failure to enforce shall constitute a waiver.

14.4 If any provision is held invalid, the remainder shall remain in full force.

14.5 These T&C bind the Parties and their successors.

PRIVACY POLICY IN RESPECT OF PERSONAL DATA

The Personal Data Protection Act 2010 (as may be amended from time to time, hereinafter referred to as the “Act”), which regulates the processing of personal data in commercial transactions, applies to CardBiz Group of Companies and our related companies: CardBiz Solutions, CardBiz Payment Services, CardBiz Technologies, and CardBiz eServices (hereinafter collectively referred to as “CardBiz Group”, “our”, “us” or “we”). For the purpose of this personal data policy, the terms “personal data” and “processing” shall have the meaning prescribed in the Act.

 

This Privacy Policy applies to any person whose personal data is processed by us and describes our gathering, storing, dissemination and processing practices in respect of such personal data.

 

This Privacy Policy applies to all operations and business units of CardBiz Group.

 

Please read this Privacy Policy to understand how we use and process the personal data we have collected or may collect from you.

 

By providing your personal data and/or using our site and/or service, you are consenting to this Privacy Policy and the collection, use, access, transfer, storage and processing of your personal data described in this Privacy Policy as modified from time to time by CardBiz Group.

 

Any changes to this Privacy Policy will be updated on our site. Any such revised Privacy Policy will continue to apply to all personal data that has previously been collected as well as information that has been stored or processed on an ongoing basis by CardBiz Group. Therefore, you are encouraged to check the version of the Privacy Policy whenever you visit the site for any updates or changes.

 

If you are under 18, you should ensure that you obtain the consent of your parents or legal guardian before using our services and/or products. If you are a firm, corporation or entity supplying personal data of your partners, directors, shareholders, employees, officers and/or other persons to us, please do ensure that you have obtained their consent and bring this Privacy Policy to their attention.

What this Privacy Policy Explains

This Privacy Policy sets out:

  • what kind of personal data is being processed
  • the purposes for which the personal data is being or is to be collected and further processed
  • the source of that personal data;
  • the persons to whom we disclose or may disclose your personal data;
  • where it is obligatory for you to supply the personal data, what happens in absence of this data;
  • the choices and means that you may limit the processing of your personal data, including personal data relating to other persons who may be identified from that personal data and
  • your right to request access to and to request correction of your personal data and how to contact us with any inquiries or complaints in respect of the personal data.

Type of Personal Data

Personal data refers to all information that relates directly or indirectly to you, including any sensitive personal data and expression of opinion about you. Sensitive personal data refers to any personal data as to your physical or mental health or condition, your political opinions, your religious beliefs or other beliefs of a similar nature, the commission or alleged commission by you of any offense or any other personal data as may be determined by law from time to time.

 

The personal data collected by us may include (but is not limited to) the following:

 

  • contact information – e.g. your name, date of birth, identification number (such as NRIC or passport number), gender, nationality, race, address, contact number, fax number, email address
  • billing information – your credit card information and bank account details
  • the status of the services you have acquired from us or subscribed to – e.g. account number, account balance, account activities, payment history
  • transaction information – e.g. information requested by you from our services, such as status of traffic summons, driving licences, bankruptcy
  • your personal interests and preferences to help us tailor offerings of our services and products which would suit you best


If need arises, we will obtain explicit consent from you to process sensitive personal data. We may however process personal data without your consent in limited circumstances as permitted by law.

Purpose of Processing Personal Data

We may collect and process personal data from you or from third parties, for one or more of the following purposes:

 

  • to verify your identity
  • to assess and process your application(s)/request(s) for our services
  • to provide you with the information and/or services you have requested from CardBiz Group and/or its designated representatives and/or business partners and ancillary matters thereto
  • to administer and manage our services
  • to investigate, process and resolve any service issues, complaints, communications or other enquiries that you may submit to us regarding our services
  • to assess and/or verify credit worthiness
  • to keep in contact with you and provide you with any information you have requested, services and/or products offered by us and/or changes thereto, or by our service providers and/or business partners
  • to maintain and develop our services, products, business systems and infrastructure
  • to manage staff training and quality assurance
  • to produce data, reports and statistics which shall be anonymized or aggregated in a manner that does not identify you as an individual
  • to investigate, respond to, or defend claims made against, or involving CardBiz Group
  • to conduct marketing activities
  • to maintain records required for security, claims or other legal purposes
  • to detect and prevent fraudulent activity
  • to comply with legal and regulatory requirements
  • for any other purposes that is required or permitted by any law, regulations, guidelines and/or relevant regulatory authorities

Source of Personal Data

We may collect personal data from customer application form, registration at or visit to websites owned and/or operated by CardBiz Group, registration for a specific service provided by us, use of our services, documents provided by you to us, participation in our survey, entry in competitions, contests, promotions, programmes organised by us, request for information regarding our product, commencement of any business or commercial relationship with us and/or any communication made with us.

 

We may also obtain your personal data from:

 

  • third parties we deal with or are connected with you (e.g. credit reference agencies or financial institutions)
  • government or other regulatory authorities who have the power and/or authority to disclose such information (e.g. PDRM, Insolvency Department, JPJ)
  • public domain and such other sources where you have given your consent for the disclosure of information relating to you
  • where otherwise lawfully permitted.

Request for Access and Correction of Personal Data

Under the Act, you have the right to access and the right for correction to your Personal Data which might have been out-of date, inaccurate or incomplete. You may also withdraw your consent or restrict the purpose for the processing of your Personal Data as set out in this Notice.

 

You shall provide and maintain accurate, complete and current data required to register with CardBiz Group. You represent and warrant that all information furnished to CardBiz Group from time to time through its website or otherwise is correct, validly issued and legally binding on you.

You will be liable for any loss that results from any failure to notify CardBiz Group of such a change as a result of undue delay, your gross negligence or fraud. Where you fail to inform of any change in its address, CardBiz Group shall be discharged from all liabilities upon sending of any notice or document to the last known address.

 

In the event you may need to provide us with personal data relating to third parties (e.g. spouse or children or where you are the designated person in charge (from an organisation or company) for dealing with us, if you are acquiring and are responsible for a service and/or product that they will use), you confirm that you have (i) obtained their consent or otherwise entitled to provide their personal data to us and for us to use accordingly, and (ii) informed them to read this Privacy Policy.

CardBiz Group reserves the right at any time to satisfy itself as to your identity and personal details provided including for the purposes of preventing fraud and/or money laundering and pending verification, we may subject to the Act withhold your access to your personal data. In addition, at the time of your application or at any time in the future, you authorise CardBiz Group to perform identity verification checks directly or using relevant third parties.

Retention and Disposal Principle

CardBiz Group shall take all reasonable steps to ensure that:

 

  • Personal Data, whether stored electronically or in paper form , is secured against risks of loss, destruction, duplication, use, modification or disclosure by having in place regular Personal Data housekeeping in terms of retention periods for and classification of Personal Data for legal and business requirements.
  • Disposal of documents containing Personal Data, or remove the means by which the Personal Data can be associated with particular individuals as soon as it is reasonable to assume that the purpose for which the Personal Data was collected is no longer being served by such retention, and to maintain such record of the disposal. In this connection, CardBiz Group will periodically review the length of time and the purpose for which the Personal Data is held.

Disclosure of Personal Data

We will process personal data for the following reasons and may disclose to the following third parties:

 

  • to provide, maintain, protect and improve all or any of our services and to develop new ones
  • for internal and marketing purposes of CardBiz Group
  • companies and/or organisations that assist us in processing and/or otherwise fulfilling transactions and providing you with services that you have requested or subscribed for
  • to companies, corporations and/or entities that act as CardBiz Group’s service providers, gateway providers, agents, contractors and/or professional advisers
  • law enforcement agencies, government agencies and/or to detect, prevent, or otherwise address fraud, security or technical issues
  • our business partners and other parties for purposes that are related to the purpose of collecting and using your personal data set out in this Privacy Policy
  • CardBiz Group will share personal data with other parties, companies, organizations or individuals outside of CardBiz Group when we have your consent to do so subject at all times to any laws (including regulations, guidelines and/or obligations) applicable to the CardBiz Group.

 

CardBiz Group shall be entitled to retain all data and information supplied by you for the use of CardBiz Group, notwithstanding the termination or suspension of our services to you.

 

We are committed to safeguarding your privacy. However, no data transmission over the internet can be guaranteed to be 100% secure. Accordingly, despite CardBiz’s efforts to protect your personal data, We cannot ensure or warrant the security of any information you transmit to us, or to or from our online products or services. All such transmission of information is carried out at your own risk. However, once we receive your transmission, we will make reasonable efforts to ensure its security in our systems.

Limiting Processing

Whenever we send you any information online, we will include instructions on how to unsubscribe and a link to do so. If you do not wish to receive further information of a similar nature, you may e-mail us. If you do not wish to receive any information of any kind from us at all, you may e-mail us.

Whether Obligatory to Provide Personal Data and Consequences of Not Providing

Where indicated (e.g. on our website, registration/application forms), it is obligatory to provide your personal data to us to enable us to process your application for our services. Should you decline to provide or limit processing such obligatory personal data, we may not be able to process your application or provide you with our services.

COOKIES

Changes to This Privacy Policy

CardBiz uses “cookies”, where a small data file is sent to your browser to store and track information about you when you enter our websites. The cookie is used to track information such as the number of users and their frequency of use, profiles of users and their preferred sites. While this cookie can tell us when you enter our sites and which pages you visit, it cannot read data off your hard disk.

 

CardBiz Group may process and/or otherwise use information collected from cookies and other technologies, to improve the user experience and the overall quality of our services. You may set your browser to block all cookies, including cookies associated with CardBiz Group’s services, or to indicate when a cookie is being set by us. However, it’s important to remember that many of CardBiz Group’s services may not function properly if your cookies are disabled.

 

Like many website operators, CardBiz Group also uses independent companies to measure and analyze internet usage across CardBiz Group websites. This aggregate, non-personal data is collated by such independent companies and provided to CardBiz Group to assist in analyzing the usage of our websites.

CardBiz Group also collects Internet Protocol (IP) addresses. IP addresses are assigned to computers on the internet to uniquely identify them within the global network. CardBiz Group collects and manages IP addresses as part of managing its services and for security purposes.

Links to Other Sites

A link from this site to another site(s) does not imply endorsement of that site. CardBiz Group does not control the sites to which CardBiz Group links and assumes no responsibility for their content or privacy policies and/or statements. Therefore, you should carefully review the Privacy Policy and/or statements and the terms and conditions that apply to any site you access from our websites. This includes any company providing on-line payment via credit card or e-banking.

Transfer of Your Personal Data Outside Malaysia

It may be necessary for us to transfer your personal data outside Malaysia subject always to the Act if any of our service providers or strategic partners (“overseas entities”) who are involved in providing part of our services are located in countries outside Malaysia or if you use the services from a country other than Malaysia.

You consent to us transferring your personal data outside Malaysia in these instances. We shall take reasonable steps to ensure that any such overseas entities are contractually bound not to use your personal data for any reason other than to provide the services they are contracted by us to provide and to adequately safeguard your personal data.

Changes

CardBiz Group reserves the right at any time and at its sole discretion to revise, change, alter or vary the contents of our website and/or terms and conditions of use and/or the Privacy Policy as herein contained. The continued use of our website and/or our service following any such revision, change, alteration or variation shall constitute the acceptance of, and agreement to be bound by such revision, changes, alteration and/or variation.

Contact Details

If you wish to access and request for correction or limit the processing of your personal data or have any queries or complaints regarding your personal data, please contact us during our office hours as set out below and the following contact points:

  • Office Hour:

9:00AM to 5:30PM

  • Telephone Number:

+603-7890-3000

  • Facsimile Number:

+603-7890-3000

  • Email Address:

sales@cardbiz.com.my

  • Level 30, Level 30, MYEG Tower, No.8 Jalan Damansara, PJU 8, Empire City, 47820 Petaling Jaya, Selangor

In accordance with the Act, we may:

  • charge a fee for processing your request for access; and
  • refuse to comply with your request for access or correction in accordance with the Act.

Quick and Secure Online Payment Gateway

About Us 

About Us

Contact Us

T&C Privacy Policy

Disclaimer

Features

Payment Link

eMOTO

Digital Payments

Tokenization

Partner With Us

Team Up With Us

Sales Partner

Resources

Blog

FAQ

Assest Library

Channel

Payment Method

Guide

Merchant

Developer

Business

Reach Us

Certified

Level 1

Facebook Instagram

Copyright © 2025 CardBizPay. All rights reserved.

Privacy Policy

Disclaimer

Powered By CARDBIZPAY