More than a year ago TorrentFreak took a look at
a selection of the webís VPN providers to see which ones really take privacy
seriously. During the months that followed we received dozens of emails
begging us to carry out an update and today here it is.
The first installment in our list of VPN
providers that due to their setup cannot link user activity to external IP
addresses and activities.
Prompted by a
case of an individual using an Ďanonymousí VPN that turned out to offer
less than expected protection, TorrentFreak decided to ask a selection of
VPN companies some tough questions.
With our findings we compiled a
report of providers that due to their setup were unable to link their
outbound IP addresses with user accounts. Ever since we have received
countless emails demanding an update.
Itís taken a long time but today we bring the
first installment in a series of posts highlighting VPN providers that take
privacy seriously. Our first article focuses on anonymity and a later
installment will highlight file-sharing aspects and possible limitations.
We tried to ask direct questions that left
providers with little room for maneuver.
Providers who didnít answer our
questions directly, didnít answer at all, or completely failed by logging
everything, were simply left out. Sadly this meant that quite a few were
This year we also asked more questions, which
are as follows:
Do you keep ANY logs which would allow
you or a 3rd party to match an IP-address and a time stamp to a user
of your service? If so, exactly what information do you hold?
Under what jurisdictions does your
company operate and under what exact circumstances will you share
the information you hold with a 3rd party?
In the event you receive a DMCA takedown
notice or European equivalent, how are these handled?
Which payment systems do you operate and
how are these linked to individual user accounts?
The list of providers is a tiny sample of the
thousands out there today and is not comprehensive by any means. Providers
not covered this time around will be added during the coming weeks.
All responses listed below are in the words of
the providers themselves and the order of the list does not carry any
Private Internet Access (*****)
We absolutely do not maintain any VPN
logs of any kind. We utilize shared IP addresses rather than dynamic
or static IPs, so it is not possible to match a user to an external
IP. These are some of the many solutions we have implemented to
enable the strongest levels of anonymity amongst VPN services.
Our company currently operates out of
the United States with gigabit gateways in the US, Canada, Germany,
France, UK, Switzerland, Sweden, the Netherlands and Romania. We
chose the US, since it is one of the few countries without a
mandatory data retention law. We will not share any information with
third parties without a valid court order. With that said, it is
impossible to match a user to any activity on our system since we
utilize shared IPs and maintain absolutely no logs.
We are in compliance with DMCA as all
companies, world-wide, must be. We have proprietary technology and
an experienced legal team which allows us to comply without any risk
to our users.
We accept many payment methods
directly, including PayPal, CC, Google, Amazon, Bitcoin, Liberty
Reserve, OKPay, and CashU. Further, we would like to encourage our
users to use an anonymous e-mail and pay with Bitcoins to ensure
even higher levels of anonymity should it be required. We only store
the minimal information required to provide customers refunds.
Private Internet Access website
Genuine - No hypeware or marketing gimmicks. Opensource, published,
peer-reviewed fundamentals. Dedicated servers, FDE from the metal.
Strong Crypto - From algorithm choice to OpSec procedures, we've
been iteratively hardening attack surfaces for years. No encraption,
broken protocols, or slapdash administration.
Battle Tested - Our core team helped launch the VPN industry, &
we've been redefining the possible every step since. Activist
friendly? Indeed: we've directly supported info dissidentsÖ for
Structurally anonymous, token-based,
open-source, unlimited bandwidth network security/privacy service:
old-style ďVPN serviceĒ evolved to something entirely new,
Combining the technological insights of
Tor/#torsploit with production-class infrastructure & battle-tested
OpSec expertise, cryptostorm is secure darknet communications for
everyone: all protocols, all applications, all OS/platforms -
unlimited bandwidth & unlimited usage.
ephemeral sessions (discrete log function-based asymmetric re-key of
symmetric cipher suites every 20 minutes), token-based network auth,
Privacy Seppuku Pledge.
Redefining privacy service for a
post-PRISM world: cryptostorm.
Rooted in Iceland, financials via Quťbec/First Nations territories,
we're designed ground-up to embody a decentralized, flexible, crafty
approach to real-world network security. Strictly limited
subscription availability means network resources grow before new
members can join. Member security first; everything else is just
1. We do not keep any logs whatsoever.
2. The jurisdiction is Canada. Since we
do not have log files, we have no information to share. We do not
communicate with any third parties. The only event we would even
communicate with a third-party is if we received a court order. We
would then be forced to notify them we have no information. This has
not happened yet.
3. We do not have any open incoming
ports, so itís not possible for us to ďtakedownĒ any broadcasting
4. At the moment we only accept Paypal
and Bitcoin. We have plans to accept alternative credit card
processing in the near future.
1. TorGuard doesnít store IPís or time
stamps on our VPN/proxy servers, not even for a second. Itís
impossible to match what is not there. Since some people tend to
misbehave when using a VPN , this raises the obvious question: how
do we maintain a fast, abuse-free network? If even our network
engineer canít back track the abuser by IP, then how do we stop it?
Through packet level filtering at the
firewall itís possible to apply rules to an entire shared server,
blocking the abuse immediately. For example, letís say someone
decides to use TorGuard to unlawfully promote their Ugg boots
business (spam). In order for us to block this one individual, we
simply implement new firewall rules, effectively blocking the abused
protocol for everyone on that VPN server. Since there are no user
logs to go by, we handle abuse per server, not per user.
2. TorGuard recently went through some
corporate restructuring and has now moved its parent company to
Nevis, West Indies. Our company abides by all International laws and
data regulations imposed within our legal jurisdiction. We donít
share any information with anyone regarding our network or its users
and wonít even consider communicating with a 3rd party unless
theyíve first obtained adequate representation within our legal
jurisdiction. Only in the event of an official court ordered ruling
would we be forced to hand over blank hard drives. Thereís nothing
to hand over but an operating system.
3. TorGuard complies immediately (24
hours or less) with all DMCA takedown notices. Since itís impossible
for us to locate which user on the server is actually responsible
for the violation, we block the infringing protocol in its entirety,
whatever it may be Ė Kazaa, HTTP, Jabber, Citrix, Bittorrent, FTP,
Gnucleus, eDonkey2000, etc. This ensures the content in violation is
immediately removed from that server and no longer active on our
4. We accept all forms of credit card,
Visa, Amex, Mastercard, Discover, PayPal , Google Checkout and
Bitcoins. We also accept anonymous payments through our pre-paid PIN
system. These pre-paid service PIN numbers can be purchased from one
of our participating online resellers and redeemed during checkout
on our website.
Our client billing area and VPN/Proxy
user auth servers are two completely separate systems. This is to
ensure the privacy and securities of our customerís accounts are
upheld at all times. While the customerís chosen payment method will
be linked to the client billing area login, this information is kept
completely separate from their VPN/Proxy network. In this way, itís
virtually impossible to ďconnect the dotsĒ of a paying customer with
that of someone who is using the servers. This can become a pain for
clients as they are required to remember two sets of
logins/passwords, but trust us Ė itís in the best interest of
(Use the promo / coupon code
TorrentFreak to get a 20% discount at
1. No information whatsoever is being
recorded or held in our facilities. Our services are run from RAM
and all our system services come with state-of-the-art configuration
that ensures nothing is left after usage. The only information we
have about our customers is an e-mail address and the name of the
2. We are based in Seychelles and we do
not communicate with external governments or authorities. The only
cases where we may eventually share information we hold with a 3rd
party is when our ethics tell us to do so, that is precisely when
activities such as child pornography or human rights violation are
being reported, and to such extent, we would report them to NGOs
rather than governments or corporations. But once again, there is
very little we can actually share about.
3. We do not comply with any regulation
that is not issued by the Government of Seychelles. When our
American or European servers are being reported as infringing
property rights, we shut them down and open new nodes in other
4. We offer more than 85 different
payment methods such as Bitcoins, SMS, phone calls, prepaid cards,
PayPal, WebMoney, virtual cash, credit cards, bank transfer or yet
again OTC (over-the-counter) options such as by going to your local
post office. Payments are only linked to the customerís e-mail
address while VPN access accounts are randomly and independently
1) We do not keep any logs on our
servers. Neither us nor 3rd parties are able to match IPs to a
2) Privacy IO is an Australian
Registered business. Under no circumstances will we provide any 3rd
party information about our users. We are unable to comply with DMCA
or equivalent as we have no access or power to do anything about it.
As we keep no logs we can not link it to a user to apply said
request. If the law attempts to make us do such things, we will move
our business to a location where that can not occur, and if that
fails we will close up shop before we provide any information.
3) See answer to question 2
4) At present we only accept PayPal and
CC (processed by PayPal), but we are looking into alternative types
of payments. We go out of our way to make sure that PayPal
transactions are not linked to the users, we generate a unique key
per transaction to verify payment for the account is made, and then
nuke that unique key.
1. We donít store any logs, itís
impossible to track usersí activity through our VPN.
2. Our company is based on Seychelles.
We do not disclose any information to 3rd parties and this can be
done only in case of a certain lawsuit filed against our company.
3. If we receive a notice about DMCA
infringement, our team of lawyers solves it immediately without any
blocking of servers or protocols. We donít store any content on our
servers, users are anonymous, so, there are no problems with it. We
promise our customers that they will not have problems with the DMCA.
4. PayPal and CommerceGate.
1. We store a users E-mail and username,
that's it. This means that we do not store, or have access to, any
traffic logs of any kind. By traffic logs we mean, any kind of data
that has the potential to, directly or indirectly, match a users
original ip or identity with one of our IPs.
2. It is important to remember that we
do not store any traffic logs, and therefore it would be physically
impossible for us to hand something like that over to a 3rd party.
This, next to the encryption, is the core of the entire anonymity
aspect of the service. This is possible by the fact that we operate
under Swedish jurisdiction and Swedish law.
3. Our no logging policy has never
really caused us any trouble since we never have received any
official requests to hand over any traffic logs.
4. We accept credit card payments
through Paypal and Payson. For Swedish users we also accept payments
through sms and phone. We do not store data from these services.
However, each of these services store various types and amounts of
data related to the payment, and the payment only, which we do have
access to. This is what allows us to perform refunds, or to provide
adequate support services etc.
1. No. As a privacy service and EFF
member, IVPNís main priority is the anonymity of its users. We use
non-persistent logs (stored in memory) on our gateway servers. The
logs are only stored for 10 minutes. That time window gives us the
ability to troubleshoot any connection problems that may appear, but
after 10 minutes no trace of activity is stored.
2. IVPN is based in Malta and is subject
to its laws. We also have servers in the UK, US, France and
Netherlands. We do not share data with 3rd parties. If law
enforcement served us with a subpoena and compelled us to log
traffic we would shut down the business before cooperating, and
relocate to a new jurisdiction.
3. We ensure that our network providers
understand the nature of our business and that we do not host any
content. As a condition of the safe harbor provisions they are
required to inform us of each infringement which includes the date,
title of the content and the IP address of the gateway through which
it was downloaded. We simply respond to each notice confirming that
we do not host the content in question.
4. We currently accept Bitcoin, Paypal
and Payza. No information relating to a customers payment account is
stored with the exception of automated Paypal subscriptions where we
are required to store the subscription ID in order to assign it to
an invoice (only for the duration of the subscription after which it
is deleted). We recommend using Bitcoin and manually paying for
subscriptions if you wish to keep the source of funding anonymous.
1. We donít keep any log that can allow
a 3rd party to do that.
2. AirVPN operates in Italy. The
applicable laws can be those of the countries where the servers are
physically located (old issue about jurisdiction vs. applicable
law). Since we donít hold any information (we donít even require a
valid e-mail address) we are unable to share anything that may
compromise privacy about VPN usage.
3. DMCAs are just ignored: no private
entity claim can be considered a proof of anything (even in light of
the paper by the
University of Washington ďTracking the trackers Ė Why My Printer
Received a DMCA Takedown NoticeĒ) and the details given in DMCA
notices (pertaining to p2p) lack any substantial proof of any
infringement. We sometimes ask for a proof of the alleged claim,
just to try to see which methods are used to make up an infringement
claim, but so far all private entities have poorly failed to respond
with any proof or even with technical details on how such claims are
4. We accept payment via Bitcoin,
Liberty Reserve, PayPal and credit cards. Bitcoin and Liberty
Reserve are not linked to accounts: we provide coupon codes (even
through independent resellers) that can be used to activate any
account. Therefore the link between a payment and an account does
With PayPal, we donít keep such
information but PayPal does, just like any bank or financial
institution. However, a PayPal payment shows that a person sent
money to use AirVPN services, but it does not show how the VPN has
been used by that person and not even IF that person has ever
connected to a VPN server. The same considerations apply to credit
cards transactions. Anyway we donít (and we donít want to) directly
process credit cards, so we donít keep any credit card database.
Of course, usage of Bitcoin (and if
youíre paranoid, Bitcoin over TOR) is recommended.
1. We donít keep ANY logs that allow us
or a 3rd party to match an IP address and a time stamp to a user our
service. The only thing we log are e-mails and user names but itís
not possible to bind a activity on the Internet to a user. This
applies to all our servers except our U.S. servers.
Note: Weíre logging IP addresses and
time stamp on the incoming connection for our U.S. servers. We offer
no anonymity on our U.S. servers.
2. We operate in Swedish jurisdiction.
Since we do not log any IP addresses we have nothing to disclose.
Circumstances doesnít matter in this case, we have no information
regarding our customersí IP addresses and activity on the Internet.
Therefore we have no information to share with any 3rd party.
3. This depends on the country in which
weíre receiving a DMCA takedown. For example, weíve received a DMCA
takedown for UK and Finland and our response was to close p2p traffic
on those countries.
4. No one can bind a payment to a IP
youíll get from us when you connect to our service (Paypal, Payson).
1. No logs are held or kept.
2. We operate in Swedish jurisdiction.
We do not give out any information, since we do not have any
information to give out.
3. We do not care or get scared about
4. We accept Wiretransfer, Bitcoin and
Bankgiro. We only require a working e-mail address to be a customer.
1. We do not keep any logs of VPN
activities. Itís our main policy. All of our clients activities are
2. Our company operates in Turkey. Boxpn
global network covers many major countries; USA, Canada, UK, Panama,
Argentina, Iceland, Netherlands, Spain, Sweden, Germany, France,
Switzerland, Italy, Turkey, Singapore and Australia with over 200+
servers. We are NOT in relation with any 3rd party companies or
government agencies. Hence we donít keep any logs even with a court
order itís impossible to find information to share related to our
vpn network activities.
3. Boxpn network has over 70 servers
only for Torrent traffic which are all located in countries where
there is no data retention law. We also have special agreements with
the data centers to keep our torrent network UP and running, keep
our clients safe. So we never receive DMCA complaints. Regarding to
non-torrent networks our hardware base firewalls automatically drops
the p2p traffic.
4. We accept Paypal and all forms of
credit cards; VISA, MASTERCARD, AMEX.
1. EarthVPN does NOT log any VPN usage
or user activity. Neither us nor third parties are technically
possible to match an IP address to an account.
2. Under no circumstances we will
provide any personal or private information to the third parties. We
are located in the jurisdiction of Northern Cyprus where there is no
log/data retention law.
3. EarthVPN has offshore servers on all
continents specially optimized for P2P and Torrent traffic.On our
P2P/Torrent offshore servers DMCA or any equivalent do not apply.
P2P/Torrent traffic is blocked on our NON P2P/Torrent servers so it
is impossible to receive DMCA or any equivalent notice for our NON
4. We currently accept Paypal, Credit
Cards, Bitcoins, Alipay, Unionpay and Webmoney.We make sure that
transactions are not linked to the users, we generate a unique key
per transaction to verify payment for the account is made, and then
delete that unique key. This way no one can bind a payment to one of
our IPs.We suggest to pay via bitcoins for maximum anonymity.
EarthVPN website (use TORRENTFREAKVPN as coupon
code for a 25% discount)
1. We keep no logs. This would make both
us and our users more vulnerable so we certainly donít.
2. We operate under Swedish
jurisdiction. We will not expose data to third parties. First of all
we take pains to not actually possess information that could be of
interest to third parties, to the extent possible. In the end there
is no practical way for the Swedish government to get information
about our users from us.
3. There is no Swedish law equivalent to
the DMCA that is applicable to us.
4. We accept Bitcoin, cash (in the mail)
and PayPal / credit cards. Our accounts are just numbers with no
personal information attached, not even an email address. Still,
paying through Paypal allows them to associate the account number
with the payment forever. People who do not like that should pay
with cash or Bitcoin.
1. We keep connection logs in our
system, but they contain only depersonalized data, that allows us to
optimize traffic routes and make connection more fast. These logs
are stored for 7 days, but they are not interesting for anyone. In
the event we are sued we can deliver only this information.
2. Our company based in Cyprus. Our
servers are located in Netherlands and USA and we operate under
jurisdictions of these countries [for these servers]. We donít store
any information thatís useful to 3rd parties. Any talk about this is
possible only by court order.
3. We donít have any mechanics to block
users, we also have no information about which user the complaint is
against but we are developing a system to alert our users in case
there is a complaint about their activities.
4. We use Plimus Payment System for all
user accounts. iPhone / iPad / iPod users can purchase a
subscription from an application that can be installed from Apple
AppStore. Payment is made through the AppStore billing system. Users
of devices based on Android can purchase a subscription from an
application that can be installed from Google Play. Payment is made
through Google Checkout.
1. IPVanish users are given dynamic and
shared IP addresses. Essentially, that mixes customer Aís traffic
with customer Bís and Cís and so on, making it impossible to single
out anyone for anything.
The only information that we do collect
from a VPN session is: Timestamp (date and server time) of the
connection to IPVanish, duration of the connection, IP address used
for the connection and bytes transferred. This helps us troubleshoot
any connectivity issues a customer may have. And of the small amount
of support info we do keep, we purge it regularly.
2. IPVanish is a global company based in
3. We do not host content of any kind
and have nothing to take down or remove.
4. We currently accept all major credit
cards, PayPal and UltimatePay (which includes 85 different payment
methods from 190 countries). UltimatePay also provides many
anonymous cash payment options like Western Union, Alipay, Skrill
1. On our Privacy servers we donít log
anything that can identify a single user, but on our US, Canada, UK,
Germany & Singapore servers where we donít allow file-sharing. We do
log the internal RFC1918 IP that is assigned to the user at a
specific time. We never log the real external IP address of the
We also hold a username and email
address of our subscribers, the times of connection and
disconnection to our services along with bandwidth consumption.
2. We now operate under the jurisdiction
of Hong Kong because we worry what the lawmakers in USA and Europe
may introduce to make things difficult for proxies and VPNs. We will
fiercely protect the privacy and rights of our users and we will not
disclose any information on our users to anyone, unless forced to by
law enforcement personnel that have produced a court order.
3. On our Privacy servers DMCA does not
apply (eg USA DMCA to our Swiss server). If we receive a DMCA on our
other servers (US, UK, Canada, Germany & Singapore) we generally
give the user one warning that they are violating our TOS and their
account may be terminated.
4. Our payments systems are PayPal,
Bitcoin & Liberty Reserve. We have an internal database linking
payment references to user accounts. Bitcoin is the most private way
to pay, for other payment systems all private billing information is
stored with them.
1. We keep connection logs for debugging
purposes, which happens encrypted and off-site. Connection logs
contain information for debugging PPTP client issues. We try to
store the least amount legally possible anywhere. IP-addresses are
encrypted and can only be decrypted by non-support staff to ensure a
proper process. For example, to work around issues where the police
ruffles up the support staff a bit to get data for an abuse report.
In the database we only store the details users give us on sign-up
and a limited backlog of payments.
3. Usually we only receive email,
therefore we drop anything that has DMCA in the subject. If they
want something they need to send us a letter or a fax or send the
police. Most of the time we get complaints for running the TPB proxy
or the TOR servers.
4. PaySafe, BitCoins, PayPal, PaySon,
1. No we do not keep logs. However as
per our policy, if we do notice any unusual activity on our servers
(high bandwidth loading, high number of connections or cpu usage) we
may turn on logs temporarily to identify abuse of our services (such
as DoS or spamming through our servers).
Once the user is identified, we will
terminate the offending user, issue him an e-mail for the reason of
termination and wipe the logs from our system.
Turning on logs for troubleshooting is a
very last resort and is necessary to ensure the integrity of our
services. It has happened very rarely (only a handful of times in
our 6 years of operation) and such information was not disclosed to
third parties but merely used to terminate the offending user. In
any case logs were usually enabled for not more than few hours and
only for the particular server that was experiencing abuse.
2. Weíre a Malaysian incorporated
company which is not subject to any mandatory data retention laws.
As we donít keep logs, there is not much information to share even
3. Servers hosted in US or categorized
as ďsurfing/streamingí have P2P disabled on them. As for other
servers, they are not subject to DMCA and we have a good working
relationship with our server providers.
In the event DMCA notices or similar are
given to us, we normally respond that we donít have such content
hosted on our networks and if the provider is adamant, we will
terminate our relationship with the server provider and find a new
one. We will not reveal the user that generated that DMCA notice
(nor can we with no logs taken). Over the years, we have identified
server providers that we can work with and understand the nature of
4. We accept BitCoin, Liberty Reserve,
Paypal and MolPay (Malaysian online bank-ins) and also direct
bank-ins for Malaysian users.
For each order, there is an Order ID
that is tied to a user name which is marked as paid or not and the
method of payment. BitCoins would be the most anonymous form of
payment since all other payment processors would require some
identifying information. However to sign up to our service, all is
needed is a working e-mail and you are free to use placeholder names
etc etc. Only in the event of dispute or chargeback cases
(especially with credit cards), additional info is requested which
is to be expected when using a credit card (unless a prepaid visa is
1. No information is being held at all.
Everything runs from a RAM and service does not use HDD.
2. We operate under Panama jurisdiction.
We are unable to share any information to anyone because we do not
3. They are ignored because we do not
comply with those laws.
4. The payment methods are wire
transfers, PayPal, 2CHECKOUT. We are currently implementing Bitcoin.
Additional payment methods are available upon a contact to us. We
only require a working e-mail address to be a customer.
Mastercard and Visa Start...
Banning VPN Providers
July 3, 2013
Following the introduction of restrictions
against file-sharing services, Mastercard and Visa have reportedly started
to take action against VPN providers. This week, Swedish payment provider
Payson cut access to anonymizing services after being ordered to do so by
the credit card companies.
VPN provider iPredator is one of the affected
customers and founder Peter Sunde says that they are considering legal
action to get the service unblocked.
Payment providers are increasingly taking action
against sites and services that are linked to copyright infringement.
Thereís an unwritten rule that Mastercard and
Visa donít accept file-hosting sites that have an affiliate program and
PayPal has thrown out nearly all cyberlockers in recent months.
It now appears that these policies have carried
VPN providers and other anonymizing services.
Before the weekend customers of the popular
Swedish payment service provider
received an email stating that VPN services are no longer allowed to accept
Visa and Mastercard payments due to a recent policy change.
ďPayson has restrictions against
anonymization (including VPN services). As a result Payson can
unfortunately no longer give your customers the option to finance
payments via their cards (VISA or MasterCard),Ē the
states, adding that they still accept bank transfers as deposits.
The new policy went into effect on Monday,
leaving customers with a two-day window to find a solution.
While the email remains vague about why this
drastic decision was taken, in a telephone call Payson confirmed that it was
complying with an urgent requirement from Visa and Mastercard to stop
accepting payments for VPN services.
One of these customers is the
iPredator VPN, launched by Pirate Bay
Peter Sunde and friends.
Sunde tells TorrentFreak that he is baffled by
the decision, which he believes may be an effort to prevent the public from
covering their tracks online and preventing government spying.
ďIt means that US companies are forcing
non-American companies not to allow people to protest their privacy and
be anonymous, and thus the NSA can spy even more. Itís just INSANE,Ē
Sunde explains that iPredator will always have
plenty of other payment options, but sees it as an outrage that Mastercard
and Visa have apparently decided to ban a perfectly legal technology.
ďFor iPredator there are always other
payment methods, like Bitcoin, but itís insane to censor a totally legit
system that is there to avoid censorship and surveillance,Ē Sunde says.
Despite these alternatives, Sunde is not going
to stand idly by.
He informs TorrentFreak that Ipredator
considering taking legal action, citing the
Wikileaks win against the credit card companies as a favorable
Ipredator is far from the only VPN provider that
is affected by the policy change. Anonine, Mullvad, VPNTunnel, Privatvpn and
several others are also using Paysonís services.
At this point itís unclear why the two companies
are taking a stand against anonymizing services. It seems likely that an
industry or authority has been pushing for the policy change behind the
However, with privacy high on the agenda with
the PRISM scandal, the
move comes at an odd time.
TorrentFreak has reached out to Mastercard and
Visa but we have yet to hear back from the companies. We are not aware of
any other payment service providers who have taken action against VPN
providers, so the scope of the actions are unknown at this point.
Update July 4:
Visa Europe told us that it,
ďhas not been involved in this matter in any
way, and has not made any such stipulations to Payson or to any other
Visa believes that the issue was raised by
Paysonís acquiring bank, which acts as an intermediary between payment
processors and card associations such as Visa and MasterCard.
We have asked Payson to clarify the discrepancy
and will update the article when we hear back from them.
Mastercard has not responded yet.