A Substantial Guide on How to Choose a Payment Processor for Your Business

A business which plans to accept payments from individual clients whether online or offline – needs to process its payments, which are done via multiple channels. Typically, these channels are bank cards, online wallets, e-money, over-the-phone payments & POS payment terminals. For each of these purposes, selecting the right payment processor is crucial for the business model. 

What is a payment processor?

A payment processor is a company which provides technological solutions that enable buyers to pay for the merchandise they buy from the company, whether this is in the form of goods or services. Such solutions can be customised for various channels of payments, both online and offline. Depending on the business model andchannels which are accepted for customers to use to pay for anything a company sells, it shall choose the best payment processor for small business (or whatever it is the size of the company’s business).  

The task of a processor of payments is to charge the customer’s account with the money and deliver it to the seller’s account, which is opened in a bank or is run as a merchant account (whatever is legally allowed in the seller’s country). 

There are several factors to bear in mind when one is going to go through that process. 

Factors to consider when you choose a payment processor 

  1. Types of transactions that you plan to make. The most widespread options of payment today are via credit cards & debit cards. But there are also other ways, more or less popular in your destination, country’s legal model & business type: e-wallets, cryptocurrency, direct debit from bank accounts, phone payments, prepaid cards, cheques, or gift cards. Make sure that the best online payment processor you’re going to select supports those channels that you need in its technological solutions. 
  1. Channels of accepting payments: on your website, on a third-party website, via mobile payments or apps, POS terminal in an offline point of sales, recurring payments, etc. 
  1. Pricing. There are many ways of charging for handling your transactions. They include per-transaction commission, monthly and yearly fees, foreign currency exchange fees and rates, commission for chargebacks, requirements to minimal turnover (if you don’t have that, you might be charged an extra fee), setup fee, disputed transaction fees, etc. When you consider these altogether, you can compare different processors and find out, which is the best online payment processor for you (or an offline one, should that be the case for your business). 
  1. Pricing changes. Find out, whether there are annual or otherwise periodic reconsiderations of pricing that a processor makes for its clients and how the pricing changes. Thus, you will know, what the cost of handling your transactions over the years is, so you can compare various companies by that factor. 
  1. What are the technological and technical solutions offered? Some processors offer POS terminals to install in offline points of sales so clients can pay with cards. Others don’t do it and so you have to ask them from your bank (which might also offer online & offline processing solutions — that you have to explore too, actually). They might also offer the integration of data flows with your accounting and taxation systems. If that’s what you need — great! However, remember that although basic POS models that can read magnet stripes might have no extra cost, models with contactless payment and chip-reading options might cost extra. 
  1. Time until deposit arrives in merchant account. Depositing the money that your customers pay you onto your account goes with some periodicity: same day, next day, in a few days… Sometimes, it is even transaction-based. Choose the processor depending on how quickly you want the money to get into your account. 
  1. Customer support. The best online payment processors out there will offer you the full cycle of support, including the installation, set-up, tuning according to the requirements of your business model and its changes, assistance with technical and client issues & solving all emergency issues you might have. It is a very important part of the selection process and you really don’t want this part to go wrong. 

A list of the largest payment processors on the market

Now, let’s look at some examples of payment processors which are the most well-known on the global market: 

  • Braintree 
  • PayU 
  • Amazon Payments 
  • Authorize.Net 
  • PayPal 
  • Skrill 
  • 2CheckOut 
  • Stripe 
  • OrangePay 
  • BlueSnap 
  • Shopify 
  • WooCommerce. 

In addition, many local banks in various countries also offer their white label or composite solutions of payment processing, such as the PrivatBank or Oschadbank commercial banks in Ukraine, which provide the full card processing cycle, domestic and international. So, you should check that out with the banks in your country first — this might be cost-optimal, fully legally compliant, with all required support for setting up and running and the money goes into your bank account directly, with automated cross-currency conversion. 

Conclusion on the payment processor selection 

Although the modern world has many companies that provide processing of payments, they aren’t all equally good for your particular business model. Choose them based on our advice. 

Marcopolis Interview with David Morema | CEO, Virtual Pay

What are Payment Processing Companies, and How Do They Take Part in Your Business?

When a company runs a business that accepts payments for its goods and services from clients with money in the form other than cash (paper), it needs to process the transactions, which are made online and offline via a number of payment methods. Payment processing companies are an essential part of that process, without which it would be impossible to make such transactions. 

The process of handling transactions, a.k.a. payment processing 

There is too much information to go into detail about how the cashless process of payment happens. But for the sake of this article, the details are not necessary, so we will only explain to you how transactions happen to give you an understanding of what the payment processing cycle is. 

Imagine a buyer who gets onto your website, finds goods or services they want to buy, adds them to a cart, and proceeds with the payment. A website might have several options of payment, including bank cards (credit or debit), e-money stored on e-wallets or in cryptocurrency, direct debit from the bank account, gift card, prepaid (instant) card, voucher, or over-the-phone payment. These channels are different but they all have a similar process of handling the transaction, which is described below. It is unified today and thanks to a well-working scheme, the purchase transaction completes within seconds. That’s what happens: 

  1. A buyer chooses the payment channel and clicks on it. 
  1. In an opened interface, a buyer enters the data of their financial tool: card requisites (number, cardholder name, expiration date, CVV/CVC), the e-wallet account (number or alphanumerical, which is usually one string but can be otherwise, depending on the wallet type), bank account number, owner and other requisites (for direct debit), gift card/prepaid card/voucher data, etc. 
  1. Once the interface has these data, it encrypts them using the market-accepted security standards’ requirements and sends them to a payment processing company. Such an interface is called the payment gateway.  
  1. The processing company does the background checks, which are usually about the security and integrity of data, and, once verified, sends them further. In the case of cards (including most of the prepaid types), the data batch goes to a card association, which approves or declines the money transaction request immediately or forwards it to the bank, which issued this card. In the case of e-wallets, the request goes to a company that runs the e-wallet to confirm the transaction. In the case of voucher/gift cards, the request goes to the company, which issued them so they approve or decline the transaction as well. 
  1. Although there are a lot of checks connected to the step of approval or denial of the transaction, banks, credit card processing companies, or other companies described in the system above approve or decline the transaction primarily based on the available balance of the account tied to that card/wallet/voucher or whatever the means of the payment is. After the approval or denial, they send the information about that back to the payment processing company
  1. The company sends the response via the payment gateway to the website, where the transaction originated. If the response is OK, then the approving bank/company on step 5 also updates the balance on the payer’s account to reflect the money movement. If there is a denial, then the website shows the message of denial to the user. 
  1. Once the money is written off the balance of the payer, it is credited to the account of the seller. To do so, in step 5, the bank/company sends the request to credit the sum of the payment to the merchant (seller) account, which might be opened in one of the payment channels mentioned here. 

How payment processing companies work 

In this process, payment processing companies take the position of intermediaries — they take the data sent by a payment gateway, check it, and forward it to other parties, which run the account of the buyer.  

What are the other services provided by the payment processing companies? 

Quite often, payment processing companies are the providers of the payment gateway, which is software that is designed to collect, process, encrypt, and safely transmit the data to-and-from merchant websites, POS terminals, and mobile apps. 

They often provide a connection with the merchant’s accounting, taxation, reporting, and CRM software to make it possible for merchants to receive detailed information about every and all transactions. 

They also have to be PCI DSS compliant in order to make sure the data is properly collected and always protected while passed in all directions. 

Conclusion on payment processing 

Now you know what a payment processing platform is and its functions. As you can see now, they aren’t simply the mediators who take their commission for nothing but passing the data back and forth. 

Future of the Payments Ecosystem

What Is Merchant Payment Processing and Why Is It Important to Know for Growing Businesses?

When a buyer pays for commodities, goods, or services in forms other than cash, the concept of payment processing begins. If you’re interested to know what does processing mean and how it creates ‘pending’ money, read our article to find out.

What is payment processing?

Payment processing is a sequence of actions in a process, which is technologically performed to take money from an account of a payer and transfer it to an account of a merchant.

What does merchant mean? A merchant is a seller of commodities, goods, and/or services, who makes business by buying, mining, manufacturing, or creating otherwise any items, tangible or not, which are then sold to buyers for profit. Such items can be commodities, goods, or services, as well as their combination. A merchant is a natural person or a business entity, which is registered as a merchant in the system of financial transactions and, given the applicable legislative and tax regulations of the country where they work, can be or can be not formally registered as a business entity for the sake of taxation, reporting, governmental control, and for other reasons.

Typically, when a business entity accepts as a means of payment anything but cash, they cooperate with banks or other financial/payment organizations to open a merchant account and acquire a technological possibility to accept payments via bank cards, e-wallets, virtual money, cryptocurrency, vouchers, prepaid cards, gift cards, direct debits, or other means of payment legally allowed in their particular jurisdiction. This technological possibility is a combination of software and hardware that they use in their points of sales, online or offline.

Typically, a business entity (also frequently referred to as the seller, merchant, provider, store, etc.) has two accounts:

  1. A bank account (or its legal equivalent), where the money from all the items they sell goes.
  1. A merchant account in a system of financial transactions processing, where the money is temporarily stored before they land in a bank account after the transaction is successfully verified.

Depending on the particular legislation of a merchant, the money from the merchant account might go only to their bank account after the clearance happens or could be used in one or few alternative ways — for instance, to pay for other commodities, goods, or services, which a merchant might want to acquire thanks to the available positive balance on the merchant account. To make it clearer, here is an example.

A merchant sells goods through Shopify. There, he has 5,000 dollars accumulated thanks to the buyers who pay him for those goods. The merchant then uses this money to buy a paid plugin from the Shopify store to add it to his website. Or pays for running his Shopify account. Or buys something from other Shopify sellers. That is possible only if the legislation of this merchant’s country allows that. Otherwise, all the money periodically goes to their bank account.

How the payment processing happens

When a buyer pays for something using their bank card, account, e-wallet, or other means, where no physical cash is present, that money is not directly credited onto the seller’s account. At least, not always. Yes, some particular payment methods do the direct transaction in real-time — like e-wallets if both the seller’s and the buyer’s accounts that are enacted during the transaction are within that same wallet. Then this e-wallet debits the money from the buyer and credits it onto the seller’s account. But usually, accounts of both are in different places and organizations. The simplest way to understand that is to imagine the following situation: a buyer from Canada pays for a burger in Burger King in the US. Here, the Canadian buyer’s card is attached to an account opened in a Canadian bank and the Burger King outlet’s account is opened in an American bank.

Making a long story short, the paid money is withheld in the account of a buyer and marked as unavailable for further use although still being physically present on the account before the reconciliation procedure of financial settlements finishes. As for the time being, after a card was tapped at the bank’s POS terminal in Burger King, the transaction was approved to allow the seller to actually sell that burger to a buyer. But the money also didn’t come yet to the seller’s account. This is called the processed pending payment.

What does processed pending payment mean?

Here, we come to the point of answering the question, what does processed pending payment mean. So, the financial transaction is approved and the burger is sold. But the money is still physically in the buyer’s account. Although, it is marked as ‘pending’, which makes it literally unavailable for use by that buyer.

In one to three days, the banks of a payer and of a merchant send one another special technical messages, which contain the payment order to physically withdraw the pending money from the account of a buyer and transfer it to the account of the seller. The money is transferred thanks to an inter-bank global payment network, which is created and controlled by the central banks of countries and by international payment card organizations, such as Visa or MasterCard. This messaging is called ‘clearance’ or ‘reconciliation’ and marks the real transfer of money among the accounts globally on the planet. This might take from a day to several, usually, 3 or 5 — each country has its own clearance terms. Sometimes, it can take as long as 90 calendar days — but it is usually that long only for disputed, reversing, or canceled transactions, which require more time to complete. The same, by the way, happens when foreign exchange is involved (well, maybe, somewhat faster). But in more than 90% of all cases, given the same currency of a payer’s account and of a receiver’s account and if the transaction is domestic, not international, and as straightforward as simply selling an item, the clearance happens within 24 hours.

Conclusion on the payment processing and pending money

There are a lot more details connected to the procedure of making a payment and the involved parties but we did not show them in this article (covering those details in other blog posts), just to explain to you what the pending money on an account is.

Choosing the Optimal Payment Methods Online May Streamline a Business Model

The ability to take online payments for the goods & services that you sell is one of the ever-growing important issues that businesses around the world implement. It is as simple as that: if customers cannot pay for the merchandise a company sells using a preferred payment method, how will it earn money?  

The necessity of payment methods for online business 

Given that over 10% of purchase transactions around the world were made online in 2022, if a company can’t provide the necessary payment method for such customers, it easily loses exactly that percentage of sales by number and by volume.  

Depending on a specific country, that share varies widely. In the US, it is around 14%. In the UK, it is nearly 30%. Do you really want to lose that because you do not introduce the desirable online payment methods? Or, at least, the most popular ones: cards, e-wallets & direct debit.  

Which online payment method is best? & how many of them there are? 

Depending on the country of our reader, the list of payment methods that we provide below may significantly differ. Today, there exist over 200 payment methods across the world. In some countries, only a handful might be actually popular or legislatively approved. Sometimes, people refer to them as the ‘payment channels’ or ‘means of payment’.  

After having analyzed all the methods of payment, we have come to the conclusion that there are 9 general types of them in the world today. Each has a multitude of specific payment options within a method. But which one is truly the best? That’s up to you to answer based on what people in the given country prefer: cards, online money, transfers, direct debits… 

The list of payment methods includes such ones (and we’ve tried to embrace all possible options so you can consider, which one of them is applicable for a website or a mobile app): 

  1. Bank (a.k.a. wire) transfer: direct bank transfer, Interac, Sofort, InstaDebit, Giropay, iDebit, Klarna, Euteller, Boleto Bancario, Poli, iDeal, SwiffyEFT, Przelewy24, Ecobanq, Brite, Entercash, Help2Pay, Instant EFT, Quick Pay, UseMyBank & Inpay. 
  1. Bank checks. These payment methods are popular in some countries, where the banking system and/or the communication system across the country are not perfect. But the USA is also one of the countries where checks are still popular despite the fact that it seems like a country-leader in innovations. Online, checks are used rarely indeed. Yet, still, we’ve seen websites, which support them, especially online casinos, so we just can’t ignore this method. 
  1. Credit & debit cards. Although many experts online refer to them as two separate types of payment methods, there is absolutely no technical or procedural difference between them. It’s just the first type has a credit limit tied to it, while the second does not. Here they are: MasterCard, Visa, Maestro, AmEx, Diners Club, JCB, Solo, Rupay, Discover, Wirecard, UnionPay, Laser & Dankort. Actually, the number of cards may be fuller if some other cards are issued in this or that jurisdiction. 
  1. Cryptocurrencies: Bitcoin, Litecoin, Ethereum, Bitcoin Cash, Tether, Dogecoin, Cardano, USD Coin, Monero, Polkadot, EOS, or MoonPay. We’ve limited ourselves to just several most popular cryptocurrency payment methods but there areexist over 1,000 of them — no need to list them all. 
  1. E-wallets: Bancontact, BPAY, Citadel, ClickandBuy, Dotpay, ecoPayz, EntroPay, EPay, EPS, eZeeWallet, iWallet, Jeton, KoalaPays, MiFinity, Neteller, PayPal, Paytm, Piastrix, QuickTender, Skrill Moneybookers, Trustly, uPayCard, QIWI & WebMoney. If you know other e-wallets, which should be on this list, tell us in the comments.   
  1. Mobile methods of payment: MuchBetter, Zimpler, Apple Pay, Siru Mobile, Boku, Siirto, Zelle, Swish & operations via SMS. 
  1. Money transfer systems: 1st Contact Forex, AFEX, Boss Revolution, Boxypay, Bridge21, Cash App, Chase, Currencies Direct, Currency Solutions, CurrencyFair, CurrencyTransfer, DolEx, Dunbridge Financial, Exchange4Free, FairFX, Halo Financial, ING Direct, Instarem, La Nacional, Money2India, Moneycorp, MoneyGram, OFX, OrbitRemit, Pangea, Paymentearth, Payoneer, Paysend, Paysera, Payza, PingPong Global Payments, Placid Express, PNC Bank, Remit2India, Remitly, RemitMoney, Ria, Sendwave, Sharemoney, Sigue, Skrill, Small World, TorFX, Transfast, TransferGo, TransferMate Global Payments, Travelex, UAE Exchange, Unimoni, Usend, Veem Global Business Payments, Venmo, Venstar Exchange, Viamericas, Vigo Money Transfer, Walmart2World, WeChat, Western Union, WireBarley, Wise, WorldFirst, WorldRemit, Wyre, XE Money Transfer, Xendpay, Xoom, Xpress Money & Zelle. That’s the largest paragraph in the payment methods here. 
  1. Prepaid cards, gift cards & vouchers: Paysafecard, Neosurf, AstroPay Card, Flexepin, CashtoCode, Postepay, EcoVoucher, CASHlib, Revolut, Vanilla Prepaid, Ukash, Players Rewards Card, MST Gift Card, Abaqoos & Paykasa payment methods. 
  1. Other online payment methods: Venus Point, Google Pay, Money Order, Paytrail, Premier Pay, Hipay & Payr. 

Conclusion on the types of payment methods 

We hope that we have answered the question, ‘What are the payment methods?’ As our reader can see, there is a plethora of them. So simply not having several installed on a website, one would lose all those customers, who might be purchasing online.  

Today, many good payment processors are ready to integrate their payment solutions to websites & mobile apps to start earning in online retail, supporting one or more mentioned methods. Some of those processors are PayPal, Amazon Pay, Google Pay, AmEx, Apple Pay, Stripe, Square, Visa Checkout & Masterpass.  

What Is Payment Security, and Why Do You Have to Implement It in Your Business Procedures? 

Giving your clients a secure procedure of payment on your website or in a mobile app significantly contributes to the growth of your business because your customers will trust you. Not having payment security implemented on your website/app means an increasingly bigger number of people refusing to pay for your merch online. That’s why more business owners are interested in such a question as ‘how do I ensure payment security?’ 

What is payment security 

Payment security is a batch of requirements implemented in a procedural manner to the payment process on a website or mobile app, where it is possible to pay for any type of merch that a company sells, whether it be goods or services. It is a complex approach to making sure the security of financial transactions, which is designed for: 

  • preventing stealing customer and payment data 
  • avoiding frauds 
  • complying with international security standards, which today are the only way to attach card payments to a website/app 
  • improving customer experience. 

How to secure payments with PCI DSS 

To enable secure payment methods on the website or mobile app, a company has to comply with the PCI DSS standards, which are designed by the biggest international card organizations (including Visa, MasterCard, JCB, and AmEx) in order to standardize the procedures of implementation of security of payments, compliance, reporting, anti-fraud protection, and daily operations. Today, PCI DSS is elaborated and kept updated by over 600 organizations worldwide.  

This document is large and includes over 130 pages of regulations (speaking of its latest version as of March 2022). They describe everything connected to secure payment methods and their implementation in any organization. 

Specifically, PCI DSS contains:  

  • approaches to establishing a secure payment network, both wired and wireless 
  • data transfer to and from the vendors 
  • best practices 
  • requirements to networks, databases, and business processes, which are connected to payments execution or used to secure payments 
  • lists of controls, compliance demands, and reporting 
  • firewall and other methods of protection of client and payment data 
  • password and security parameters 
  • protected storage of cardholder data 
  • requirements to encryption of the transferred data in all networks 
  • protection of company’s servers and networks from spyware, malware, viruses 
  • security monitoring system implementation 
  • virtual and physical access restriction and role layering 
  • authentication measures 
  • tracking and monitoring the operations 
  • regular updates and testing of the systems involved in payment security. 

As you can see, this document is large & thorough. It can guide you fully through the entire process of building the safest way to pay online (or even several if you wish and this is within your budget). 

A procedure to secure payment methods of your company in general 

Although the process of the implementation of this card security guide is quite long and will impose various demands on your company’s processes, it can be defined as three stages at a high level: 

  1. Assessing. 

At this stage, a company has to make a review and assessment of all the procedures, which are involved in financial transactions. Merchants can be self-guided by means of the usage of the Self-Assessment Questionnaire, which contains questions to ask and risks to define. 

  1. Remediating.  

At this stage, all found faults and holes must be fixed. PCI DSS has detailed recommendations on how to do this to secure online payment processes of companies. 

  1. Reporting. 

Depending on the level of a merchant, reporting about the compliance with the requirements of PCI DSS can be voluntary or compulsory, ranging from looser to stricter requirements. There are 4 levels of merchants defined, where 4 is the loosest and 1 is the strictest, which define, how many demands merchants have to comply with in order to receive and maintain the PCI certification. Generally, level 4 is applied to those that process 0-20,000 transactions per annum; level 3 is for those processing 20,001-1,000,000 transactions; level 2 is for those between 1 and 6 million, and level 1 is for all with above 6 million annual transactions. 

The results of the implementation of all payment security measures will be such technological solutions as: 

  • SSL and HTTPS used on the website or in the app (for data transfer security and encryption) 
  • Tokenization (substituting 16-digit card number with random numbers to hide the real number) 
  • 3DS (verification that a payer is a real payer based on about 100 parameters of their payment means, device information, behavioral statistics, and payment history, which are to be approved by an issuing bank, bank of the merchant, and the payment processor) 
  • AVS (generating one-time passwords for approving that a transaction is really made by a payer, not someone else). 

Now let’s look at the most typical payment and operation risks to answer the popular question, what are the risks that payment security limits? 

  1. The first risk is fraud connected to data switching or swapping — when a real transaction data are changed to a fake during the performance of the transaction in real-time.  
  1. Funds returning requests — after a customer paid, someone or (s)he themselves may require a refund for the operation, trying to keep both the money and the merch bought. 
  1. Unsanctioned attempts of writing off the funds of clients. 
  1. Stealing data from merchant servers. 

These all are normally prevented by 3DS, AVS, and tokenization measures. The IV risk is eliminated by a proper level of protection of merchant servers. 

Conclusion on the secure online payment processes 

PCI DSS is the most important document for the security of payments. Its implementation is a must for all online vendors as Internet merchandising does not show signs of decline.  

Confidentiality Agreement

A case basis for partnerships

Confidentiality agreements (also called nondisclosure agreements, confidential disclosure agreements, and secrecy agreements) are contracts that govern the disclosure of confidential information by one party (the disclosing party) to another party (the receiving party). Confidential information is exchanged for a promise of secrecy. The disclosure may be unilateral, bilateral or multilateral. Confidential information disclosed in a confidentiality agreement might pertain to scientific research results and data, chemical compositions and formulas, software development information, recipes, laboratory methodology, and manufacturing techniques trade secrets (in the form of valuable know-how and/or show-how).

The confidential information has value precisely due to the fact that is known to only a few, that is, open disclosure will be injurious to this value. Confidentiality agreements often precede licensing negotiations or the acquisition of IP (intellectual property) rights and serve to strike an appropriate balance between the needs of the disclosing and receiving parties. A confidentiality agreement can either stand alone or be included as part of a broader agreement. An appropriately drafted confidentiality agreement should contain a list of standard provisions and exceptions. In special cases, where the disclosing party wishes to carefully protect the confidential information, the agreement might also include extra strong clauses and articulated security provisions.

1. Introduction: Building Trust

Before entering into a relationship, a level of trust between the parties must be established. This trust is the basis for a confidentiality agreement, which is often the first step in developing a mutually advantageous relationship. For example, a confidentiality agreement often precedes licensing negotiations or the acquisition of intellectual property (IP) rights.

Depending on the perspective, whether a person or party is disclosing or receiving confidential information, the disclosing party will want the receiving party to maximize protection whereas the receiving party will want to minimize constraints. However, the disclosing party often wants to disclose information, for example, as a first step in licensing negotiations or other business development activities, or as required by a know-how licensing agreement. But even the receiving party may see problems in terms of future constraints imposed by the agreement and its ability to use the received information. In the end, a confidentiality agreement is intended to strike an appropriate balance between the needs of a disclosing party and the needs of a receiving party.

Confidential information is often passed from one party to another when materials are transferred, during collaborations, and in some types of licensing agreements. A confidentiality agreement is the simplest form of almost any agreement, and confidentiality clauses generally form an integral part of most other agreements. But confidentiality agreements are also entered into separately for the sole purpose of disclosing confidential information, although perhaps they are used less often for that purpose. It is important to note that obtaining third-party confidential information may not always be a good option. The knowledge could block important future research or otherwise adversely affect the business of a receiving party.

2. Confidentiality Agreements Defined

Confidentiality agreements (also called nondisclosure agreements, confidential disclosure agreements, and secrecy agreements) are contracts that govern the disclosure of confidential information by one party (the disclosing party) to another party (the receiving party). The disclosure may be unilateral, with one party disclosing confidential information to only one other party; bilateral, with two parties mutually disclosing information; or multilateral, with three or more parties disclosing information among themselves.

With regard to a confidentiality agreement, confidential information is exchanged for a promise of secrecy. Confidential information is information that is of value precisely because it is not generally known to competitors or to the public. Such information might pertain to scientific research results and data, chemical compositions and formulas, software-development information, recipes, laboratory methodology, manufacturing-techniques trade secrets (in the form of valuable know-how and/or show-how), and so on. What matters, within the context of the confidentiality agreement, is that the information is of value due to its state of being relatively unknown, and, therefore, open disclosure would be injurious to this value.

3. Key Provisions

As stated above, confidentiality agreements come in many different forms and lengths and should be adapted to the particular circumstances and legal environment. But they all have the same essential components and purpose: to ensure that a privileged communication to a third party is treated as confidential. But, along with the standard terms of any agreement, such as boilerplate contract terms, confidentiality agreements include a number of terms that are important.

3.1 Disclosing party

It should be noted that the disclosing party does not necessarily need to be the party who actually owns the confidential information. The disclosing party may instead be a party that lawfully possesses the information and is legally permitted to disclose it.

3.2 Receiving party

Receiving parties, particularly in large organizations, are parties to a confidentiality agreement. The receiving party may thus be a series of individuals, depending on the complexity of the disclosure. In such cases, confidentiality agreements, and disclosures, are made at different stages whereby, initially, one individual or a small department receives the confidential information. For example, if the receiving party is not confident that the information is really worth binding the entire large institution to an agreement, an individual may be nominated to receive the confidential information as a first step before subsequent agreements are executed. Unless otherwise articulated in the confidentiality agreement, every person within the organization that is named as a party may share the confidential information with every other person within the same organization.

3.4. Limitations on disclosure

Information received under a confidentiality agreement cannot be disclosed to a third party that is not a party to the agreement, even if such disclosure takes place under a separate agreement. There are also examples when a receiving party believes that the disclosing party has a separate confidentiality agreement with a third party. This might tempt the receiving party to disclose the confidential information to this third party, perhaps mistakenly believing that the third party might already have had access to the particular confidential information from the disclosing party. Such disclosures to third parties are not permitted (unless specifically allowed).

3.5 Important exceptions

Confidentiality agreements usually contain exceptions to the receiving party’s obligation to maintain the confidence of the confidential information. These clauses are not generally points of negotiation. Different agreements may include different exceptions, though the following five are fairly typical:

  1. The information that was in the public domain prior to the time of its disclosure.
  2. The information was already known by the receiving party.
  3. The information entered the public domain after the time of its disclosure under the agreement through means other than an unauthorized disclosure resulting from an act or omission by the receiving party.
  4. The information was independently developed or discovered by the receiving party without use of the confidential information.
  5. The information is or was disclosed to the receiving party at any time by a third party having no fiduciary relationship with the disclosing party and having no obligation of confidentiality with respect to such confidential information.
  6. The information is required to be disclosed to comply with applicable laws or regulations, or with a court or administrative order, for example, a subpoena for production of the information pursuant to a grand jury proceeding.

The fourth point is particularly important for academic research establishments. The following example serves to illustrate the point: Yuri works at a university in the biochemistry department. He has no connection with, nor knowledge of, a particular set of confidential information. Yuri independently develops an innovation that relies on the same general knowledge as that of another researcher, Irina, at the same university but in the department of physical chemistry. With that general knowledge, Yuri developed his invention that concurrently leads to valuable data. Nearly identical data had been obtained by Irina under a confidentiality agreement from the BioChem company. That confidential data has been previously obtained by Irina.

Evidently, both professors, Yuri and Irina are employed at the same university but in different departments. Yet Irina’s confidentiality agreement is between BioChem and the university as a whole since the Office of Sponsored Programs signed it on behalf of the university. Since Irina never shared the data with Yuri, Yuri may be under no obligation of confidentiality in regard to the specific data he developed himself.

Referring now to the fourth point in the list above, if a provision is included in the confidentiality agreement such that information independently developed or discovered by the receiving party (someone at the university) without the use of the confidential information will be an exception to confidentiality, then Yuri is under no obligation to keep the information secret. If this exception were not included in Irina’s confidentiality agreement with the BioChem company, then Yuri would not be able to publish information about his innovation without placing Irina at risk of breach of the confidentiality agreement with BioChem. Once Yuri made his data public, Irina likewise is no longer under an obligation to keep her data secret (providing it is identical) since the data is now public. This is perhaps the single most important exception to keep in mind when drafting confidentiality agreements for research institutions.

4. Other Possible Clauses

Nongrant of rights. In some confidentiality agreements, the disclosing party will state that there is no confusion about the intent in disclosing confidential information. This is to prevent the receiving party from later claiming that, by disclosing the confidential information, the disclosing party implied the granting of, to the receiving party, additional rights or licenses. This limitation could read:

Nothing contained in this Agreement shall be construed as an obligation to enter into any further agreement concerning the Project or Confidential Information, or as a grant of license to the Confidential Information, other than for the Project.

Limitations to disclose. Certain limitations may apply to the amount of information to be disclosed. Language such as the following can be included in specifying such a limitation:

The amount of Confidential Information to be disclosed is completely within the discretion of the discloser.

Limitations on the use of the information.
Certain agreements contain a specific clause that states certain limitations on the receiving party’s use of the confidential information, for example:

The receiving Party may not use the Confidential Information for commercial or noncommercial research (or for the production of prototypes; or for obtaining regulatory approvals) without the prior written approval of the disclosing Party.

Representation. In some cases, a receiving party may demand representation. Language such as the following can be included to address this issue:

Discloser of Confidential Information represents that the disclosure of information is not in violation of any commitment or obligation to any former employer, present employer, or any other party and that discloser has the right to make such a disclosure and to make the promises and agreements expressed herein.

Such representations are sometimes used when individuals disclose information.

Requirements for documentation. There are no standards as to whether disclosed confidential information should be documented. Especially in an academic setting, where disclosing and receiving parties are scientists and converse by phone and e-mail, such a requirement would, in many cases, be ignored or forgotten. However, if included, the following clause may be used:

To the extent practical, Confidential Information shall be disclosed in documentary or tangible form marked “Proprietary” or “Confidential.” In the case of disclosures in nondocumentary form made orally or by visual inspection, the discloser shall have the right or, if requested by the recipient, the obligation to confirm in writing the fact and general nature of each disclosure within a reasonable time after it is made.

Extra strong clauses.1 Occasionally the disclosing party may want the confidentiality agreement to provide as much protection as possible. This will be the case when information to be disclosed is of great value and importance to the disclosing party. Under such circumstances, the disclosing party can include extra strong clauses in the agreement. These provisions will not alter basic obligations articulated in the agreement, but rather clarify and emphasize the gravity of said obligations. Examples of extra strong clauses could include:

  • The receiving party is forbidden to use the disclosed confidential information to make inventions or other valuable developments.
  • If the receiving party uses the disclosed confidential information to make inventions or other valuable development, then all rights to such shall be assigned to the disclosing party.
  • The receiving party will not attempt to replicate the disclosed confidential information.
  • The receiving party will not engage in detailed research for the purpose of investigating the details and aspects of the disclosed confidential information.
  • The receiving party will not use the disclosed confidential information in a manner that either confers commercial benefit on the receiving party or places the disclosing party at a commercial disadvantage.

Security.2 Security is, naturally, a critical consideration in any confidentiality agreement. Common provisions in agreements state that the receiving party must treat the disclosed confidential information with the same degree of security as it does its own confidential information, or there can be a clause that specifies reasonable and proper measures to safeguard and ensure security. However, if the disclosing party wants to make certain that a specific level of security is established and maintained, then the following types of provisions might be included in the confidentiality agreement:

  • Disclosed confidential information must be stored in designated, locked storage spaces.
  • Only designated individuals can have access to the disclosed confidential information.
  • Copying the disclosed confidential information is strictly prohibited.
  • Disclosed confidential information cannot be taken from the premises.
  • Any viewing of the disclosed confidential information must be duly recorded in a log.
  • All disclosed confidential information documents have unique identifier numbers and all are marked, in red, “CONFIDENTIAL.

5. Conclusion

There are two simple rules to keep in mind when dealing with confidentiality agreements (and, in fact, with any agreement): First, if there is no trust between the parties, then perhaps it is best not to proceed with the agreement, no matter how simple the agreement may be. On the other hand, a confidentiality agreement may be a rational first step in developing the trust needed to build a relationship that may lead to further collaboration and new opportunities. Second, by entering into a confidentiality agreement with another party to receive their confidential information, it is important to ensure that everyone in the organization who has access to the confidential information is well informed of the obligation to keep it confidential.

All references Web sites were last accessed between 1 January 2021 and 10 March 2021.

1 This section is based on UNICO. 2006. UNICO Guides: Confidentiality Agreements. UNICO; Cambridge, U.K. http://www.unico.org.uk/. The UNICO Guide provides additional and valuable discussions on confidentiality agreements, including a range of template agreements.

2 Ibid.

Kowalski SP and A Krattiger. Confidentiality Agreements: A Basis for Partnerships. In Intellectual Property Management in Health and Agricultural Innovation: A Handbook of Best Practices (eds. A Krattiger, RT Mahoney, L Nelsen, et al.). MIHR: Oxford, U.K., and PIPRA: Davis, U.S.A. Available online at www.ipHandbook.org.














Benefits of an online business with Virtual Pay

How Virtual Pay can help your business grow

Apply For A Merchant Account