Point of Sale Merchant Agreement (UAE)
POINT OF SALE MERCHANT AGREEMENT
Payment Service Provider: [PSP Name] (CBUAE Licence: [PSP Licence]), [PSP Address]
Merchant: [Merchant Name] (Trade Licence: [Merchant Licence]), [Merchant Address]
This Point of Sale Merchant Agreement (the "Agreement") governs the provision of point-of-sale payment processing services by [PSP Name] (the "PSP") to [Merchant Name] (the "Merchant"). The Agreement is governed by the laws of the United Arab Emirates, including the Central Bank of the UAE's Retail Payment Services and Card Schemes Regulation (2021), the UAE Civil Code (Federal Law No. 5 of 1985), the Commercial Transactions Law (Federal Decree-Law No. 50 of 2022), Federal Decree-Law No. 8 of 2017 (VAT), and the Anti-Money Laundering Law (Federal Decree-Law No. 20 of 2018).
1. POS SERVICES
1.1 Services provided: [POS Services Description].
1.2 POS hardware: [POS Hardware].
1.3 Merchant Category Code: [Merchant Category Code]. The MCC is assigned based on the Merchant's trade licence activities and the card scheme's classification system. Any change in the Merchant's business activity that would affect the MCC must be notified to the PSP in writing within 5 UAE business days.
1.4 The PSP is licensed by the Central Bank of the UAE to provide retail payment services. The Merchant acknowledges that the PSP's licence and the Card Scheme Rules of Visa, Mastercard, and other applicable schemes govern the services provided under this Agreement.
2. FEES AND SETTLEMENT
2.1 Merchant Discount Rate (MDR): [Merchant Discount Rate]. The MDR is subject to 5% VAT under Federal Decree-Law No. 8 of 2017, administered by the Federal Tax Authority (FTA). The PSP will issue a monthly VAT-compliant tax invoice for all service fees charged during the billing period.
2.2 Settlement: [Settlement Timeline]. Settlement is subject to: (a) successful transaction authorisation by the issuing bank; (b) the Merchant's compliance with Card Scheme Rules and this Agreement; (c) the absence of pending chargebacks, fraud investigations, or regulatory holds.
2.3 The PSP may withhold settlement amounts as a rolling reserve — typically 5–10% of monthly transaction value — for a period of up to 120 days following transaction date, to cover chargeback liability, fraud losses, and regulatory risks. The reserve will be released to the Merchant upon expiry of the reserve period.
2.4 The PSP may deduct from settlement: (a) MDR fees; (b) chargeback amounts; (c) refund amounts processed through the POS terminal; (d) any other amounts lawfully due by the Merchant under this Agreement.
3. CHARGEBACKS AND DISPUTES
3.1 Chargeback process: [Chargeback Process].
3.2 The Merchant shall maintain transaction records — signed sales receipts, delivery evidence, cardholder communications — for a minimum of 18 months from the transaction date, to support chargeback defences.
3.3 Where the Merchant's chargeback ratio exceeds the Card Scheme threshold (typically 1% of monthly transaction volume for Visa/Mastercard), the PSP may implement a chargeback mitigation programme, impose additional fees, or terminate this Agreement in accordance with Clause 7.
3.4 The Merchant is liable for all chargebacks and fraud losses arising from: (a) merchant fraud or negligence; (b) failure to follow Card Scheme security requirements; (c) transactions processed outside the scope of the Merchant's MCC; (d) transactions in violation of this Agreement.
4. MERCHANT OBLIGATIONS
4.1 The Merchant shall at all times: (a) hold a valid UAE trade licence covering the merchant activity; (b) comply with all applicable UAE laws, including Consumer Protection Federal Decree-Law No. 15 of 2020, the Anti-Money Laundering Law (Federal Decree-Law No. 20 of 2018), and Federal Decree-Law No. 34 of 2021 (Cybercrime Law); (c) maintain accurate business records consistent with Commercial Transactions Law (Federal Decree-Law No. 50 of 2022) requirements; (d) not accept payment card transactions for prohibited activities or from sanctioned persons.
4.2 Prohibited transactions: [Prohibited Transactions].
4.3 The Merchant shall comply with PCI DSS requirements applicable to its PCI DSS Level: [PCI DSS Level]. The Merchant shall not store full primary account numbers (PAN), card verification values (CVV/CVC), or PINs in any system or records.
4.4 The Merchant shall display the card scheme acceptance marks (Visa, Mastercard, etc.) at the point of sale and on its website or app, consistent with Card Scheme Rules.
4.5 The Merchant shall not impose a surcharge on card transactions without the PSP's written consent and in compliance with Central Bank of the UAE regulations on merchant surcharging.
5. ANTI-MONEY LAUNDERING COMPLIANCE
5.1 The Merchant acknowledges that the PSP is subject to Anti-Money Laundering and Counter Terrorism Financing (AML/CTF) obligations under Federal Decree-Law No. 20 of 2018 and Cabinet Decision No. 10 of 2019, administered by the Executive Office of Anti-Money Laundering and Counter Terrorism Financing (UAE AMLCTF).
5.2 The Merchant shall cooperate with the PSP's AML/CTF due diligence requirements, including providing: (a) trade licence and Emirates ID of authorised signatories; (b) Ultimate Beneficial Owner (UBO) disclosure consistent with Federal Decree-Law No. 32 of 2021 (Commercial Companies Law); (c) business activity description and expected monthly transaction volumes.
5.3 The Merchant must promptly notify the PSP if it becomes aware of any suspicious transaction. The PSP may suspend settlement and report suspicious activity to the UAE Financial Intelligence Unit (FIU) at goaml.uae without prior notice to the Merchant where required by AML law.
6. DATA PROTECTION
6.1 Each party shall process personal data — cardholder data, transaction data, and business contact data — in accordance with the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021), administered by the UAE Data Office.
6.2 The PSP, as data controller for cardholder transaction data, will process data only as necessary to provide the payment services and will apply security measures consistent with PCI DSS and the PDPL.
6.3 The Merchant may not use cardholder data obtained through POS transactions for marketing or any purpose other than completing the transaction for which it was provided.
7. TERM AND TERMINATION
7.1 This Agreement commences on the date of the Merchant's first live POS transaction and continues until terminated by either party with 30 days written notice, unless terminated immediately for cause.
7.2 The PSP may terminate this Agreement immediately upon: (a) the Merchant's failure to maintain a valid UAE trade licence; (b) excessive chargeback rates; (c) violation of Card Scheme Rules; (d) direction from the Central Bank of the UAE or any competent authority; (e) fraud or wilful misconduct by the Merchant.
7.3 Upon termination, the Merchant must: (a) return all PSP-owned POS hardware in good working order; (b) cease processing new transactions immediately; (c) cooperate with the PSP's post-termination reconciliation and chargeback resolution for up to 120 days.
8. GOVERNING LAW AND DISPUTES
8.1 This Agreement is governed by the laws of the United Arab Emirates. Disputes shall be submitted to the jurisdiction of the competent UAE courts.
8.2 Both parties agree to attempt resolution through good-faith negotiation for 20 business days before initiating formal proceedings.
PSP Authorised Signature: [PSP Name]
Merchant Authorised Signature: [Merchant Name]
PSP Authorised Representative
________________
Signature
Merchant Authorised Representative
________________
Signature
What Is a Point of Sale Merchant Agreement (UAE)?
A Point of Sale Merchant Agreement in the United Arab Emirates is the contract between a Central Bank of the UAE-licensed payment service provider (PSP) and a merchant, governing the terms under which the PSP enables the merchant to accept electronic card payments — including credit cards, debit cards, and contactless payments — at physical retail points and through digital channels. The agreement sets out the POS hardware provision, the Merchant Discount Rate (MDR), the settlement timeline, chargeback procedures, compliance obligations, and the circumstances in which the agreement may be terminated.
POS payment services in the UAE are regulated by the Central Bank of the UAE (CBUAE) under the Retail Payment Services and Card Schemes Regulation (2021) — the RPSCS Regulation — which requires all entities providing payment acquisition services to hold a valid CBUAE licence. A PSP without a CBUAE licence cannot lawfully offer POS merchant services in the UAE. Merchants dealing with licensed PSPs indirectly benefit from this regulatory oversight through the prudential standards the CBUAE imposes on PSPs regarding capital adequacy, security, settlement timelines, and consumer protection.
The Card Scheme Rules of Visa and Mastercard — and to a lesser extent American Express and other schemes — are incorporated by reference into UAE Merchant Agreements. These rules govern the technical and operational standards for card acceptance, including PCI DSS security requirements, chargeback procedures, MCC assignment, and transaction routing. Violation of Card Scheme Rules by a merchant can result in the PSP terminating the Merchant Agreement, imposing fines assessed by the card scheme, and in severe cases, the merchant being placed on a MATCH list (Member Alert to Control High-Risk Merchants) that prevents them from obtaining merchant accounts with other PSPs.
Anti-money laundering obligations under Federal Decree-Law No. 20 of 2018, administered by the Executive Office of Anti-Money Laundering and Counter Terrorism Financing (UAE AMLCTF), apply to PSPs and affect merchant onboarding through Know Your Customer (KYC) requirements. The Financial Intelligence Unit (FIU) at goAML portal is the reporting mechanism for suspicious transaction reports.
VAT under Federal Decree-Law No. 8 of 2017, administered by the Federal Tax Authority (FTA), applies to the PSP's service fees (MDR) as a standard-rated supply — the PSP must issue VAT-compliant tax invoices to merchants for its services. Cardholder transactions processed through the merchant's POS are not subject to separate VAT from the PSP; the merchant's own VAT obligations on its sales apply separately.
Data protection under the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021), administered by the UAE Data Office, governs the processing of cardholder data and merchant business data by the PSP. The PDPL's obligations supplement — and in UAE legal hierarchy, sit alongside — the PCI DSS requirements for cardholder data security.
When Do You Need a Point of Sale Merchant Agreement (UAE)?
A Point of Sale Merchant Agreement in UAE is needed before a merchant activates a POS terminal or integrates a payment gateway to accept card payments. The agreement with a CBUAE-licensed PSP is the contractual foundation for the payment processing relationship.
New UAE retail businesses opening a physical store — in a Dubai mall, an Abu Dhabi street-level unit, or a Sharjah commercial district — need a Merchant Agreement with a PSP before their first day of trading to accept Visa, Mastercard, and contactless payments. Operating a POS terminal without a Merchant Agreement and without a licensed PSP is a breach of the CBUAE regulatory framework.
Online retailers adding a card-present POS capability — for example, a previously online-only store opening a pop-up retail location or participating in a UAE trade event such as GITEX or Beautyworld Middle East — need a separate POS Merchant Agreement for the physical terminal in addition to any existing e-commerce payment gateway agreement.
Existing merchants whose current Merchant Agreement is expiring or who are switching PSPs need a new Merchant Agreement before the old agreement terminates. The transition should include ensuring that the new PSP can replicate the settlement timeline and MDR rates agreed under the previous arrangement.
Merchants whose existing agreement does not cover new payment methods — such as UAEPASS QR payments, Apple Pay, Samsung Pay, or the UAE Instant Payment Platform (IPP) — need an updated Merchant Agreement with their PSP that covers these additional payment channels.
Free-zone businesses — DIFC, ADGM, DMCC, JAFZA — that are expanding their physical retail presence to the UAE mainland or vice versa need a Merchant Agreement appropriate to their operating entity. A DIFC-incorporated entity operating a mainland retail point may need to consider the jurisdictional implications of its PSP agreement.
Marketplace sellers operating from platforms like Noon or Amazon.ae who wish to open standalone physical stores need an independent Merchant Agreement, as marketplace-facilitated payments are handled by the marketplace's own PSP arrangement and do not extend to standalone merchant POS operations.
What to Include in Your Point of Sale Merchant Agreement (UAE)
A UAE Point of Sale Merchant Agreement must contain the following elements. The forms-legal.com UAE POS Merchant Agreement template covers each component.
Party identification must name the PSP with its CBUAE licence number — confirming the PSP is lawfully authorised to provide payment services — and the merchant with its UAE trade licence number. The trade licence confirms the merchant is conducting a lawful commercial activity in the UAE.
POS services description must specify the exact payment methods enabled — Visa, Mastercard, American Express, contactless, Apple Pay, QR payments — the transaction types supported (card-present, card-not-present, refunds), and the settlement account details.
POS hardware terms must address whether terminals are sold or rented, the rental fee, the merchant's responsibility for hardware damage, and the return obligation on termination.
Merchant Discount Rate (MDR) must state the exact percentage fee for each card type, whether the rate is blended or interchange-plus, and confirm that the MDR is subject to 5% VAT under Federal Decree-Law No. 8 of 2017 as a standard-rated service supply.
Settlement timeline must specify the T+1 or other settlement cycle, the settlement currency (AED), the designated bank account, the rolling reserve mechanism, and the circumstances in which settlement may be withheld.
Chargeback process must describe the notification timeline, the merchant's response window, the documentation required, and the consequences of exceeding the card scheme's acceptable chargeback ratio.
PCI DSS compliance level must state the merchant's PCI DSS level and the associated compliance requirements — SAQ, quarterly network scans, or QSA audit — as required by Card Scheme Rules.
AML obligations must address the PSP's KYC requirements, the merchant's UBO disclosure obligation under the Commercial Companies Law (Federal Decree-Law No. 32 of 2021), and the suspicious transaction reporting framework under Federal Decree-Law No. 20 of 2018.
Prohibited transactions must list categories of transactions that cannot be processed through the merchant's POS, consistent with UAE law and Card Scheme Rules.
Termination provisions must address the PSP's right to terminate for regulatory direction from the CBUAE or card scheme instruction, as well as commercial and compliance-based termination rights.
How to Fill Out Your Point of Sale Merchant Agreement (UAE)
Completing this UAE Point of Sale Merchant Agreement requires the PSP to verify the merchant's business information and compliance status, and the merchant to understand the financial and regulatory obligations it is accepting.
For the PSP, enter the full legal name, CBUAE licence number (which should be verifiable on the CBUAE's licensed entities register), and registered address. The CBUAE licence number is the merchant's primary verification that the PSP is lawfully authorised to offer payment services.
For the merchant, enter the legal entity name, UAE trade licence number, and the licensed business address where POS services will be provided. For multi-location merchants, the Merchant Agreement should list all locations or provide a mechanism for adding new locations, as each location's activity affects the overall MDR and chargeback ratio assessment.
For POS services, describe all payment methods the merchant requires — including contactless NFC, QR code payments, Apple Pay/Google Pay tokenised payments, and any international card types frequently used by the merchant's customer base. International tourists in Dubai, Abu Dhabi, and Sharjah frequently use UnionPay cards; merchants in tourist-heavy locations should consider adding UnionPay acceptance.
For the MDR, negotiate rates based on the merchant's expected monthly volume and MCC. Higher-volume merchants have more negotiating leverage. Confirm whether the quoted rate is blended or interchange-plus, and check the FTA invoice treatment for MDR VAT.
For the settlement timeline, confirm the T+1 cycle applies on all UAE business days (Sunday to Thursday plus Saturday in some PSPs) and that the settlement account is in the same name as the merchant's trade licence to satisfy AML requirements.
For PCI DSS, most UAE SME merchants (Level 4) only need to complete an annual SAQ. Confirm which SAQ type applies to the merchant's processing environment — SAQ A for fully outsourced e-commerce, SAQ C-VT for merchants using a virtual terminal, SAQ B for imprinter-only merchants. The PSP's technical team can guide SAQ selection.
For AML, prepare the merchant's documents at onboarding: valid UAE trade licence, Emirates ID of beneficial owners, UBO register if applicable, and confirmation of expected monthly transaction values by product category.
Legal Requirements for Point of Sale Merchant Agreement (UAE)
A UAE Point of Sale Merchant Agreement must comply with the Central Bank of the UAE's Retail Payment Services and Card Schemes Regulation (2021), which governs the licensing and conduct of payment service providers, including acquiring PSPs. The PSP must hold a valid CBUAE licence; a Merchant Agreement with an unlicensed PSP exposes both parties to regulatory sanctions.
The Anti-Money Laundering Law (Federal Decree-Law No. 20 of 2018) and Cabinet Decision No. 10 of 2019 require the PSP to conduct KYC on merchants and to report suspicious transactions to the UAE FIU. Merchants must cooperate with KYC requirements and provide UBO disclosures consistent with the Commercial Companies Law (Federal Decree-Law No. 32 of 2021) and Cabinet Decision No. 58 of 2020 on UBO registers.
Card Scheme Rules of Visa, Mastercard, and other applicable schemes are incorporated by reference into the Merchant Agreement and impose binding obligations on merchants regarding PCI DSS compliance, MCC accuracy, prohibited transaction categories, chargeback response procedures, and proper use of card scheme marks.
Federal Decree-Law No. 8 of 2017 (UAE VAT) requires that the PSP's MDR fees be invoiced with 5% VAT as a standard-rated supply of payment services, with a VAT-compliant tax invoice issued monthly. The FTA's guidance on financial services VAT exemptions does not generally exempt PSP merchant services.
The Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) governs the processing of cardholder data by both the PSP and the merchant, requiring appropriate security measures and limiting data use to the purpose of transaction processing.
Consumer Protection Federal Decree-Law No. 15 of 2020 governs the merchant's obligations to UAE consumers in transactions processed through the POS, including refund rights, which must be operationally supported by the POS terminal's refund functionality under the Merchant Agreement.
Federal Decree-Law No. 14 of 2020 on Banking and Finance governs bounced cheque liability and electronic payment disputes, providing the framework for consumer chargeback rights that generate merchant chargebacks.
Common Mistakes to Avoid in Your Point of Sale Merchant Agreement (UAE)
UAE merchants and PSPs frequently encounter the following issues in POS Merchant Agreements.
1. Merchant operating with an unlicensed PSP. A merchant who enters a Merchant Agreement with a company that is not licensed by the Central Bank of the UAE to provide payment services is operating outside the CBUAE regulatory framework. If the PSP subsequently encounters regulatory problems, the merchant's settlement funds may be frozen or lost. Always verify PSP licence status on the CBUAE licensed institutions register.
2. MCC misclassification. A merchant assigned the wrong MCC — either through error or deliberate misclassification to attract lower interchange rates — violates Card Scheme Rules. Visa and Mastercard actively monitor MCC compliance; merchants found to be misclassified may face scheme fines, back-billing for incorrect interchange, and PSP termination.
3. Failure to comply with PCI DSS. Merchants who store card numbers or CVV codes on their own systems — in spreadsheets, paper records, or point-of-sale software logs — violate PCI DSS and are liable for the full cost of any subsequent data breach, including card scheme forensic investigation fees (typically USD 10,000–50,000), re-issuance costs for compromised cards, and chargeback losses.
4. Not reviewing the rolling reserve terms. A rolling reserve that withholds 10% of monthly transactions for 120 days effectively creates a significant float of the merchant's funds held by the PSP. Merchants must understand the reserve amount, duration, and release mechanism before signing.
5. Unaware of chargeback ratio thresholds. Merchants who do not monitor their chargeback ratio against the card scheme threshold (typically 1%) risk being placed in a card scheme chargeback monitoring programme, which imposes additional fees and may ultimately result in loss of card acceptance rights — a catastrophic outcome for any retail business.
6. VAT not addressed on MDR fees. Merchants who are VAT-registered must claim input tax credit on the VAT component of the MDR fees, which requires the PSP to issue a proper monthly tax invoice. A Merchant Agreement that does not require the PSP to issue VAT-compliant invoices leaves the merchant unable to recover input VAT, increasing the effective cost of payment acceptance.
Cite this page
Reference this free template in an article, syllabus, or research note:
Forms Legal. (2026). Point of Sale Merchant Agreement (UAE) (United Arab Emirates) [Legal document template]. Forms Legal. https://forms-legal.com/uae/business/contracts/point-of-sale-merchant-agreement-uae
"Point of Sale Merchant Agreement (UAE) (United Arab Emirates)." Forms Legal, 2026, https://forms-legal.com/uae/business/contracts/point-of-sale-merchant-agreement-uae.
@misc{formslegal-point-of-sale-merchant-agreement-uae,
author = {{Forms Legal}},
title = {Point of Sale Merchant Agreement (UAE) (United Arab Emirates)},
year = {2026},
howpublished = {\url{https://forms-legal.com/uae/business/contracts/point-of-sale-merchant-agreement-uae}},
note = {Free legal document template. Based on Central Bank of the UAE Retail Payment Services and Card Schemes Regulation (2021)}
}Frequently Asked Questions
Payment processing for merchants in the United Arab Emirates is regulated by the Central Bank of the UAE (CBUAE), which is the primary regulator for payment services in the UAE under Federal Decree-Law No. 14 of 2018 on the Central Bank of the UAE, Financial Institutions, and Monetary Policy, and the Payment Systems Regulation issued thereunder. The Central Bank of the UAE's Retail Payment Services and Card Schemes Regulation (2021) — also known as the RPSCS Regulation — is the key regulatory instrument governing payment service providers, including acquirers, payment processors, and card scheme operators in the UAE. Any entity providing payment acquisition services — enabling merchants to accept card payments — must hold a valid CBUAE licence as a payment service provider. Merchants who accept card payments through a licensed PSP are not themselves regulated by the CBUAE in their capacity as merchants, but they are subject to the Merchant Agreement's requirements, which incorporate Card Scheme Rules (Visa, Mastercard, American Express) and CBUAE regulatory requirements indirectly. The Card Schemes — Visa and Mastercard — operate through their own rules frameworks that are acknowledged in CBUAE-licensed PSP agreements and must be followed by merchants. Anti-money laundering requirements under Federal Decree-Law No. 20 of 2018 apply to PSPs and affect the merchant onboarding process — PSPs must conduct Know Your Customer (KYC) due diligence on merchants, including trade licence verification and Ultimate Beneficial Owner disclosure. The Central Bank of the UAE's Consumer Protection Regulation (2020) also applies to payment services, protecting consumers in the context of electronic payment transactions.
A Merchant Category Code (MCC) is a four-digit code assigned by the card schemes — Visa, Mastercard, and American Express — to classify a merchant's business activity for payment processing purposes. In the UAE, the MCC is assigned during the merchant onboarding process by the acquiring PSP, based on the merchant's UAE trade licence activity and the card scheme's classification list. The MCC matters for several reasons. First, interchange fees — the wholesale cost of accepting a card transaction — vary by MCC, which affects the Merchant Discount Rate the PSP charges. Government, healthcare, and supermarket MCCs typically attract lower interchange rates than luxury goods or travel MCCs. Second, fraud monitoring parameters are calibrated to MCCs: a jewellery retailer (MCC 5944) expecting high-value transactions is assessed differently from a grocery store (MCC 5411) expecting many small transactions. Third, regulated industries have specific MCC considerations — gambling (MCC 7995), alcohol (MCC 5921), and adult entertainment (MCCs 5967, 7273) are often blocked by UAE PSPs or require special approvals, because these activities are restricted or prohibited under UAE law. Fourth, incorrect MCC assignment is a Card Scheme violation — a merchant conducting gambling transactions under a clothing retailer MCC is violating Visa/Mastercard rules and may face PSP termination, fines from the card scheme, and loss of card acceptance rights. UAE merchants should review their MCC assignment at onboarding to confirm it accurately reflects their business and should notify the PSP of any material change in business activity that would warrant a different MCC.
PCI DSS (Payment Card Industry Data Security Standard) is a global security standard developed by the PCI Security Standards Council — founded by Visa, Mastercard, American Express, Discover, and JCB — that applies to any organisation that stores, processes, or transmits cardholder data. In the UAE, PCI DSS compliance is required by the Card Scheme Rules of Visa and Mastercard that are incorporated by reference into every UAE Merchant Agreement with a CBUAE-licensed PSP. The Central Bank of the UAE's regulatory framework acknowledges PCI DSS as the baseline security standard for payment card environments. UAE merchants are classified into PCI DSS levels based on their annual transaction volume: Level 4 (fewer than 20,000 e-commerce transactions or 1 million other transactions per year) requires completion of an annual Self-Assessment Questionnaire (SAQ); Level 3 (20,000 to 1 million e-commerce transactions) requires SAQ plus quarterly external network vulnerability scans; Level 2 (1 to 6 million total transactions) requires SAQ plus quarterly scans plus an annual assessment; Level 1 (more than 6 million transactions) requires an annual audit by a Qualified Security Assessor (QSA). The most critical PCI DSS requirement for all UAE merchants is never to store full card numbers (Primary Account Numbers/PAN), card security codes (CVV/CVC2), or PINs. POS terminals provided by CBUAE-licensed PSPs in the UAE are typically certified to PCI PTS (Point-of-Interaction) standards, protecting card data at the terminal level. UAE merchants processing cards through e-commerce websites should use PCI-compliant payment gateways — such as Telr, Network International, or PayFort — that take responsibility for the cardholder data environment on behalf of the merchant.
A chargeback is a transaction reversal initiated by a cardholder's bank (the issuing bank) when the cardholder disputes a transaction. In the UAE, chargebacks follow the Card Scheme Rules of Visa and Mastercard, which set the process for initiating, responding to, and resolving chargeback disputes. The typical UAE chargeback lifecycle for a merchant is: (1) the cardholder disputes a transaction with their bank, citing non-receipt of goods, non-conforming goods, fraud, or processing errors; (2) the issuing bank raises a chargeback with the acquiring PSP within the scheme's chargeback window (typically 120 days from the transaction date under Visa Rules); (3) the UAE PSP notifies the merchant of the chargeback, typically within 2 UAE business days; (4) the merchant has a defined period — typically 10 to 20 business days — to respond with evidence: proof of delivery, signed receipt, cardholder correspondence, or other documentation; (5) if the merchant's representment is accepted, the chargeback is reversed and the merchant's account is credited; if rejected, the chargeback amount is deducted from the merchant's settlement account. UAE merchants face particular chargeback exposure in: e-commerce transactions where physical delivery cannot be confirmed; card-not-present transactions where no signature is obtained; and high-dispute-rate categories such as travel, electronics, and services. The Central Bank of the UAE's Consumer Protection Regulation (2020) also gives UAE consumers a right to dispute unauthorised transactions with their bank, which may result in chargebacks for merchants who are victims of card fraud rather than their own errors. Maintaining transaction records for 18 months is essential for UAE chargeback defence.
UAE merchants accepting card payments are subject to Anti-Money Laundering and Counter Terrorism Financing (AML/CTF) obligations indirectly through their Merchant Agreement with a CBUAE-licensed PSP. The PSP is the directly regulated entity under the Anti-Money Laundering Law (Federal Decree-Law No. 20 of 2018) and Cabinet Decision No. 10 of 2019, and must comply with AML/CTF obligations set by the Executive Office of Anti-Money Laundering and Counter Terrorism Financing (UAE AMLCTF) and the Financial Intelligence Unit (FIU). As part of these obligations, the PSP must conduct Know Your Customer (KYC) due diligence on merchants before onboarding, including: verification of the merchant's trade licence from the relevant emirate DED or free-zone authority; Emirates ID of the beneficial owner; Ultimate Beneficial Owner (UBO) disclosure consistent with Cabinet Decision No. 58 of 2020 on UBO registration; and business activity description and expected transaction volumes. Merchants must cooperate with this due diligence as a condition of the Merchant Agreement. If a merchant's transaction patterns change significantly — unusual volume spikes, unusual geographies, unusual product categories — the PSP may conduct enhanced due diligence or report suspicious activity to the UAE FIU via the goAML portal. Merchants in UAE-sanctioned sectors or with connections to UAE Targeted Financial Sanctions lists — administered by the UAE AMLCTF — may not be onboarded or their accounts may be suspended. UAE merchants who knowingly process transactions for sanctioned persons or entities commit a serious criminal offence under both AML law and UAE Federal Decree-Law No. 31 of 2021 (UAE Penal Code).
The ability of UAE merchants to impose a surcharge on card payments — charging customers more for paying by card than by cash — is governed by the Central Bank of the UAE's regulations and Card Scheme Rules. The Central Bank of the UAE has not issued a blanket prohibition on merchant surcharging, but its Consumer Protection Regulation (2020) requires transparency in pricing — any card surcharge applied to UAE consumers must be disclosed clearly at the point of sale before the consumer commits to payment, and the surcharge must not exceed the merchant's actual cost of card acceptance (the MDR). Card Scheme Rules for Visa and Mastercard in the UAE have historically restricted surcharging to protect card usage, but the CBUAE has updated the regulatory position in recent years to permit limited surcharging where it is disclosed. In practice, most UAE merchants in the retail sector do not surcharge card payments because: (1) the Merchant Agreement typically prohibits surcharging without the PSP's written consent; (2) consumers resist surcharges, particularly in competitive UAE retail environments; and (3) a surcharge may result in a Card Scheme violation if not implemented according to Card Scheme Rules. UAE merchants who wish to implement card surcharging must: obtain the PSP's written consent; comply with the Card Scheme's surcharging rules for the specific card type; disclose the surcharge prominently at the point of sale and on the receipt; and ensure the surcharge does not exceed the actual MDR for the card type used. Merchants in the UAE who add undisclosed 'card fee' charges to transactions risk cardholder chargebacks, PSP sanctions, and consumer complaints under Consumer Protection Federal Decree-Law No. 15 of 2020.
The Merchant Discount Rate (MDR) in UAE point-of-sale agreements is the percentage of each transaction value that the merchant pays to the PSP for the payment processing service. The MDR structure in the UAE typically has three components: the interchange fee paid by the acquiring PSP to the cardholder's issuing bank (set by the card schemes — Visa and Mastercard publish their UAE interchange tables, which vary by card type and merchant category); the card scheme assessment fee paid to Visa or Mastercard for using their network; and the PSP's margin — the acquiring markup — which is the PSP's commercial profit on the transaction. These three components are bundled into a single blended MDR rate quoted to the merchant, such as 1.75% for Visa credit, 1.25% for Visa debit, and 2.25% for American Express. Some PSPs offer interchange-plus pricing — where the interchange cost is passed through transparently, and the PSP charges a fixed additional margin — which is more transparent but creates variability in the merchant's cost per transaction depending on the card type used. UAE MDR rates vary significantly by merchant category code (MCC) — government, utilities, and supermarkets typically attract rates of 0.5% to 1%; retail and hospitality 1.5% to 2.5%; luxury goods and international cards 2% to 3%. Under Federal Decree-Law No. 8 of 2017, the MDR service fee charged by the PSP to the merchant is subject to 5% VAT as a standard-rated financial service supply (PSP services to merchants are not VAT-exempt under UAE law, unlike certain financial intermediation services). The merchant should receive a monthly tax invoice from the PSP for the MDR fees charged during the billing period.
This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer
Found an error? Let us knowRelated Documents
You may also find these documents useful:
SaaS Subscription Agreement (UAE)
A SaaS subscription agreement for the UAE governing cloud software access, service levels, data protection, and subscription fees, compliant with the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) and Copyright Federal Decree-Law No. 38 of 2021.
Marketplace Seller Agreement (UAE)
A UAE marketplace seller agreement governing platform access, commissions, consumer protection obligations, payment settlement, and data processing for third-party sellers on UAE e-commerce platforms under Federal Decree-Law No. 46 of 2021 and Consumer Protection Law No. 15 of 2020.
Website Terms and Conditions (UAE)
Website Terms and Conditions set out the contract between a UAE website operator and its users, covering services, payment, acceptable use, liability, and data protection. They align with the Consumer Protection Law (Federal Law No. 15 of 2020), the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021), and UAE electronic commerce rules.
Online Store Privacy Policy (UAE)
A UAE online store privacy policy compliant with the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021), the E-Commerce Law (Federal Decree-Law No. 46 of 2021), and Consumer Protection Law No. 15 of 2020. Covers data collection, processing, sharing, retention, and data subject rights.
Data Processing Agreement (UAE)
A data processing agreement for the UAE governing how a data processor handles personal data on behalf of a data controller, fully compliant with the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) administered by the UAE Data Office.