Shift4 Payments (FOUR) Risk Factors

The financial services, payments and payment technology industries are highly competitive, and our payment services and solutions compete against all forms of financial services and payment systems, including cash, checks, and electronic, mobile, eCommerce and integrated payment platforms. Many of the areas in which we compete are evolving rapidly with shifting user needs and changing and disruptive technologies, products, and services. We compete against a wide range of businesses with varying roles within the payments value chain. If we are unable to differentiate ourselves from our competitors and drive value for our customers, we may not be able to compete effectively. Our competitors may introduce their own value-added or other innovative services or solutions more effectively than we do, which could adversely impact our current competitive position and prospects for growth. Our competitors also may be able to offer services that we do not offer. We also compete against new entrants that have developed alternative payment systems, eCommerce payment systems, payment systems for mobile devices and customized integrated software payment solutions. Failure to compete effectively against any of these competitive threats could adversely affect our business, financial condition or results of operations. In addition, some of our competitors are larger and/or have greater financial resources than us, enabling them to maintain a wider range of product offerings, mount extensive promotional campaigns and be more aggressive in offering products and services at lower rates, which may adversely affect our business, financial condition or results of operations. Furthermore, any negative publicity or perceptions involving the Company or our employees, brands, products, vendors, spokespersons or marketing and other partners may negatively impact our reputation and adversely impact our ability to compete effectively and could adversely affect our business, financial condition or results of operations.

We experience attrition in customer credit and debit card processing volume resulting from several factors, including transfers of merchants' accounts to our competitors, unsuccessful contract renewal negotiations and account closures that we initiate for various reasons, such as heightened credit risks, unacceptable card types or businesses, or contract breaches by customers. In addition, if a software partner switches to another payment processor, terminates our services, internalizes payment processing functions that we perform, merges with or is acquired by one of our competitors, or shuts down or becomes insolvent, we may no longer receive new merchant referrals from the software partner, and we risk losing existing merchants that were originally enrolled by the software partner. We cannot predict the level of attrition in the future and it could increase. Our software partners, most of which are not exclusive, are an important source of new business. Higher than expected attrition could adversely affect our business, financial condition or results of operations. If we are unable to renew our customer contracts on favorable terms, or at all, our business, financial condition or results of operations could be adversely affected.

We pay interchange, assessment, transaction and other fees set by the payment networks to such networks and, in some cases, to the card issuing financial institutions for each transaction we process. From time to time, the payment networks increase the interchange fees and other fees that they charge payment processors and the financial institution sponsors. At their sole discretion, our financial institution sponsors have the right to pass any increases in interchange and other fees on to us and they have consistently done so in the past. We are generally permitted under the contracts into which we enter, and in the past we have been able to, pass these fee increases along to our merchants through corresponding increases in our processing fees. However, if we are unable to pass through these and other fees in the future, it could have a material adverse effect on our business, financial condition and results of operations.

On June 14, 2024, we acquired a majority stake in Vectron. Based in Germany, Vectron is a supplier of POS systems to the restaurant and hospitality verticals, and we believe provides us with local product expertise and a European distribution network of POS resellers. Under German law, we are subject to certain restrictions in our dealings with Vectron. Until a Domination and/or Profit and Loss Transfer Agreement ("DPLTA") is established, we will not have control over the day-to-day operations of Vectron. These restrictions could delay the implementation of our strategy and may adversely impact our results of operations. There can be no assurance that a DPLTA will be established.

In the event a dispute between a cardholder and a merchant is not resolved in favor of the merchant, the transaction is normally charged back to the merchant and the purchase price is credited or otherwise refunded to the cardholder. If we are unable to collect such amounts from the merchant's account or reserve account, if applicable, or if the merchant refuses or is unable, due to closure, bankruptcy or other reasons, to reimburse us for a chargeback, we are responsible for the amount of the refund paid to the cardholder. The risk of chargebacks is typically greater with those merchants that promise future delivery of goods and services rather than delivering goods or rendering services at the time of payment (for example, in the hospitality and auto rental industries, both of which we support), as well as "card not present" transactions in which consumers do not physically present cards to merchants in connection with the purchase of goods and services, such as eCommerce, telephonic and mobile transactions. We may experience significant losses from chargebacks in the future. Any increase in chargebacks not paid by our merchants could have a material adverse effect on our business, financial condition or results of operations. We have policies and procedures to monitor and manage merchant-related credit risks and often mitigate such risks by requiring collateral, such as cash reserves, and monitoring transaction activity. Notwithstanding our policies and procedures for managing credit risk, it is possible that a default on such obligations by one or more of our merchants could adversely affect our business, financial condition or results of operations.

We are subject to tax laws in each jurisdiction where we do business. Changes in tax laws or their interpretations or tax policy initiatives and reforms under consideration, such as those reflected in the OECD/G20 Inclusive Framework on Base Erosion and Profit Sharing or other projects, could decrease the amount of revenues we receive, the value of any tax loss carry-forwards and deferred tax balances recorded on our balance sheet, and the amount of our cash flow, and adversely affect our business, financial condition or results of operations. The Organization for Economic Co-operation and Development ("OECD") announced an accord to set a minimum global corporate tax rate of 15%, which is being or may be implemented in many jurisdictions, including the U.S. The OECD is also issuing guidelines that are different, in some respects, than current international tax principles. If countries amend their tax laws to adopt all or part of the OECD guidelines, this may increase tax uncertainty and increase taxes applicable to us or our stockholders. We cannot predict whether the U.S. Congress or any other governmental body, whether in the U.S. or in other jurisdictions, will enact new tax legislation (including increases to tax rates), whether the Internal Revenue Service or any other tax authority will issue new regulations or other guidance, whether the OECD or any other intergovernmental organization will publish any guidelines on global taxation or whether member states will implement such guidelines, nor can it predict what effect such legislation, regulations or international guidelines might have. Additionally, companies in the electronic payments industry, including us, may become subject to incremental taxation in various tax jurisdictions. Taxing jurisdictions have not yet adopted uniform positions on this topic. If we are required to pay additional taxes and are unable to pass the tax expense through to our merchants, our costs would increase and our net income would be reduced.

In the U.S. and other jurisdictions in which our services are used, we are subject to various privacy, data protection and information security, and consumer protection laws (including laws on disputed transactions), related regulations, and industry standards (e.g., PCI-DSS). If we are found to have breached such laws, regulations, or standards in any such market, we may be subject to enforcement actions that require us to change our business practices in a manner which may negatively impact our revenue, as well as expose ourselves to litigation, fines, civil and/or criminal penalties and adverse publicity that could cause our customers to lose trust in us, negatively impacting our reputation, brand and business in a manner that harms our financial position. As part of our business, we collect personal information, as well as other potentially sensitive and/or regulated data from our consumers and the merchants we work with. As a result, we are subject to certain laws and regulations in the U.S. that restrict how personal information is collected, processed, stored, transferred, used and disclosed, as well as set standards for its security, implement notice requirements regarding privacy practices, and provide individuals with certain rights regarding the use, disclosure and sale of their protected personal information. For example, the FTC and many state attorneys general are interpreting federal and state consumer protection laws to impose standards for the online collection, use, dissemination, and security of personal information. Such standards require us to publish statements that describe how we handle personal information and choices individuals may have about the way we handle their personal information. If such statements that we publish are found to be untrue or inaccurate, we may be subject to government claims of unfair or deceptive trade practices, which could lead to regulatory investigations, significant liabilities and other consequences. Moreover, according to the FTC, violating consumers' privacy rights or failing to take appropriate steps to keep consumers' personal information secure may constitute unfair acts or practices in or affecting commerce in violation of Section 5(a) of the FTC Act. State consumer protection laws provide similar causes of action for unfair or deceptive practices. Some states, such as California and Massachusetts, have passed specific laws mandating reasonable security measures for the handling of certain personal information. Further, privacy advocates and industry groups have regularly proposed and sometimes approved, and may propose and approve in the future, self-regulatory standards with which we must legally comply or that contractually apply to us. In addition, the GLBA regulates, among other things, the use of non-public personal information of consumers that is held by financial institutions. We may be considered a service provider to "financial institutions" and therefore subject to various GLBA-related contractual obligations, including requirements relating to the physical, administrative and technological protection of non-public personal financial information. Breach of the GLBA can result in civil and/or criminal liability and sanctions by regulatory authorities and/or contractual liability. Moreover, in the U.S., both the federal and various state governments have adopted or are considering, additional laws, guidelines or rules for the collection, distribution, use and storage of information collected from or about consumers or their devices. For example, California enacted the CPRA in 2020, which requires new disclosures to California residents, imposes new rules for collecting or using information about California residents, and affords California residents new rights with respect to their personal information, including rights to opt out of certain disclosures of personal information. The CPRA provides for civil penalties for violations, as well as a private right of action for certain data breaches that is expected to increase data breach litigation. The effects of the CPRA and its implementing regulations, and uncertainties about the scope and applicability of exemptions that may apply to our business (including an exemption as to data that is subject to the GLBA), are potentially significant and may require us to modify our data collection or processing practices and policies and to incur substantial costs and expenses in an effort to comply. Additionally, the enactment of the CPRA is prompting a wave of similar legislative developments in other states in the U.S., which creates the potential for a patchwork of overlapping but different state laws. For example, since the CPRA went into to effect, comprehensive privacy statutes that share similarities with the CPRA are now in effect and enforceable in Virginia, Colorado, Connecticut, and Utah, and will soon be enforceable in several other states as well. We are also subject to data privacy and security laws in several foreign jurisdictions which have laws and regulations which are more restrictive in certain respects than the U.S. For example, in the European Economic Area ("EEA"), we are subject to the EU GDPR and in the United Kingdom, UK GDPR, in each case in relation to our collection, control, processing, sharing, disclosure and other use of data relating to an identifiable living individual (personal data). The GDPR, and national implementing legislation in EEA member states, and the UK GDPR, impose a strict data protection compliance regime including: providing detailed disclosures about how personal data is collected and processed (in a concise, intelligible and easily accessible form); demonstrating that an appropriate legal basis is in place or otherwise exists to justify data processing activities; granting rights for data subjects in regard to their personal data (including data access rights, the right to be "forgotten" and the right to data portability); introducing the obligation to notify data protection regulators or supervisory authorities (and in certain cases, affected individuals) of significant data breaches; defining pseudonymized (i.e., key-coded) data; imposing limitations on retention of personal data; maintaining a record of data processing; and complying with the principal of accountability and the obligation to demonstrate compliance through policies, procedures, training and audit. The EU GDPR and UK GDPR regulate cross-border transfers of personal data out of the EEA and the UK. Case law from the Court of Justice of the European Union ("CJEU") states that reliance on the standard contractual clauses - a standard form of contract approved by the European Commission as an adequate personal data transfer mechanism - alone may not necessarily be sufficient in all circumstances and that transfers must be assessed on a case-by-case basis. On October 7, 2022, President Biden signed an Executive Order on ‘Enhancing Safeguards for U.S. Intelligence Activities' which introduced new redress mechanisms and binding safeguards to address the concerns raised by the CJEU in relation to data transfers from the EEA to the U.S. and which formed the basis of the new EU-US Data Privacy Framework ("DPF"), as released on December 13, 2022. The European Commission adopted its Adequacy Decision in relation to the DPF on July 10, 2023, rendering the DPF effective as an EU GDPR transfer mechanism to U.S. entities self-certified under the DPF. On October 12, 2023, the UK Extension to the DPF came into effect (as approved by the UK Government), as a UK GDPR data transfer mechanism to U.S. entities self-certified under the UK Extension to the DPF. We currently rely on the DPF to transfer certain personal data from the EEA to the U.S. and on the UK Extension to the DPF to transfer certain personal data from the UK to the U.S. We also currently rely on the EU standard contractual clauses and the UK Addendum to the EU standard contractual clauses and the UK International Data Transfer Agreement as relevant to transfer personal data outside the EEA and the UK with respect to both intragroup and third party transfers. We expect the existing legal complexity and uncertainty regarding international personal data transfers to continue. In particular, we expect the DPF Adequacy Decision to be challenged and international transfers to the U.S. and to other jurisdictions more generally to continue to be subject to enhanced scrutiny by regulators. As the regulatory guidance and enforcement landscape in relation to data transfers continue to develop, we could suffer additional costs, complaints and/or regulatory investigations or fines; we may have to stop using certain tools and vendors and make other operational changes; we may have to implement revised standard contractual clauses for existing intragroup, customer and vendor arrangements within required time frames; and/or it could otherwise affect the manner in which we provide our services, and could adversely affect our business, operations and financial condition. We are also subject to evolving EU and UK privacy laws on cookies, tracking technologies and e-marketing. In the EU and the UK under national laws derived from the ePrivacy Directive, informed consent is required for the placement of a cookie or similar technologies on a user's device and for direct electronic marketing. The GDPR also imposes conditions on obtaining valid consent for cookies, such as a prohibition on pre-checked consents and a requirement to ensure separate consents are sought for each type of cookie or similar technology. Recent European court and regulator decisions are driving increased attention to cookies and tracking technologies. If the trend of increasing enforcement by regulators of the strict approach to opt-in consent for all but essential use cases, as seen in recent guidance and decisions continues, this could lead to substantial costs, require significant systems changes, limit the effectiveness of our marketing activities, divert the attention of our technology personnel, adversely affect our margins, and subject us to additional liabilities. In light of the complex and evolving nature of EU, EU Member State and UK privacy laws on cookies and tracking technologies, there can be no assurances that we will be successful in our efforts to comply with such laws; violations of such laws could result in regulatory investigations, fines, orders to cease/change our use of such technologies, as well as civil claims including class actions, and reputational damage. Restrictions on the collection, use, sharing or disclosure of personal information or additional requirements and liability for security and data integrity could require us to modify our solutions and features, possibly in a material manner, could limit our ability to develop new services and features and could subject us to increased compliance obligations and regulatory scrutiny. Non-compliance with data protection and privacy requirements may result in regulatory fines (which for certain breaches of the GDPR are up to the greater of €20 million/£17.5 million or 4% of total global annual turnover), regulatory investigations, reputational damage, orders to cease/change our processing of our data, enforcement notices, and/ or assessment notices (for a compulsory audit). We may also face civil claims including representative actions and other class action type litigation (where individuals have suffered harm), potentially amounting to significant compensation or damages liabilities, as well as associated costs, diversion of internal resources, and reputational harm. Furthermore, our current and planned cryptocurrency offerings could subject us to additional regulations, licensing requirements, or other obligations. Compliance with any such regulations may be complex and costly. Cryptocurrencies are not considered legal tender or backed by most governments, and have experienced technological flaws and various law enforcement and regulatory interventions. The use of cryptocurrency, such as bitcoin, has been prohibited or effectively prohibited in some countries. In addition, in the U.S. and certain other jurisdictions, certain cryptocurrencies may be securities and subject to the securities laws of the relevant jurisdictions. If we fail to comply with any relevant laws, regulations or prohibitions that may be applicable to us, we could face regulatory or other enforcement actions and potential fines or other consequences. The rapidly evolving regulatory landscape with respect to cryptocurrency may subject us to inquiries or investigations from regulators and governmental authorities, require us to make product changes, restrict or discontinue product offerings, and implement additional and potentially costly controls. If we fail to comply with regulations, requirements, prohibitions or other obligations applicable to us, we could face regulatory or other enforcement actions and potential fines and other consequences. Cryptocurrencies have in the past and may in the future experience periods of extreme price volatility. Fluctuations in the value of any cryptocurrencies or other digital assets that we might hold could also lead to volatility in our financial results and could have an adverse impact on our business. For example, currently there are no specific standards under IFRS regarding the accounting for cryptocurrencies, NFTs and similar instruments. In the event that the IASB issues new standards or amendments to existing standards in respect of these instruments, the accounting treatment may differ from the market practice applied by companies under existing accounting standards and guidance. In addition, governments could choose to curtail or outlaw the acquisition, use or redemption of cryptocurrency. In such a case, ownership of, holding or trading in cryptocurrency would be considered illegal and subject to sanction. These uncertainties, as well as future accounting and tax developments, or other requirements relating to cryptocurrency could expose us to litigation, regulatory action or possible liability, and have an adverse effect on our business. In addition, financial and third party risks related to our cryptocurrency offerings, such as inappropriate access to or theft or destruction of cryptocurrency assets held by our custodian, insufficient insurance coverage by the custodian to reimburse us for all such losses, the custodian's failure to maintain effective controls over the custody and settlement services provided to us, the custodian's inability to purchase or liquidate cryptocurrency holdings, and defaults on financial or performance obligations by counterparty financial institutions, could materially and adversely affect our financial performance and significantly harm our business.

The financial services, payments and payment technology industries in which we operate depend heavily upon the overall level of consumer, business and government spending. A sustained deterioration in general economic conditions, including distress in financial markets and turmoil in specific economies around the world, may adversely affect our financial performance by reducing the number or average purchase amount of transactions we process, including as a result of business closures. A reduction in the amount of consumer spending or credit card transactions could result in a decrease in our revenue and profits. Adverse economic trends may accelerate the timing, or increase the impact of, risks to our financial performance. These trends could include: - declining economies and the pace of economic recovery can change consumer spending behaviors, on which the majority of our revenue is dependent;- low levels of consumer and business confidence typically associated with recessionary environments, and those markets experiencing relatively high unemployment, may result in decreased spending by cardholders;- budgetary concerns in the U.S. and other countries around the world could affect the U.S. and other sovereign credit ratings, which could impact consumer confidence and spending;- financial institutions may restrict credit lines to cardholders or limit the issuance of new cards to mitigate cardholder credit concerns;- uncertainty and volatility in the performance of our merchants' businesses, particularly SMBs, may make estimates of our revenues and financial performance less predictable;- cardholders or merchants may decrease spending for value-added services we market and sell;- government intervention, including the effect of laws, regulations and government investments in our merchants, may have potential negative effects on our business and our relationships with our merchants or otherwise alter their strategic direction away from our products and services; and - political tensions resulting in economic instability, such as due to wars in the Middle East and Eastern Europe and the related response, including sanctions or other restrictive actions, by the U.S. and/or other countries. In addition, the banking industry remains subject to consolidation, regardless of overall economic conditions. In times of economic distress, various financial institutions in the markets we serve have been acquired or merged with and into other financial institutions, including those with which we partner. If a current referral partner of ours is acquired by another bank, the acquiring bank may seek to terminate our agreement and impose its own merchant services program on the acquired bank. We may be unable to retain our banking relationships post-acquisition, or may have to offer financial concessions to do so, which could adversely affect our results of operations or growth. A global deterioration in economic conditions, which may have an adverse impact on discretionary consumer spending, could also impact our business. For instance, consumer spending has been, and may continue to be, negatively impacted by general macroeconomic conditions. If governments are not successful in addressing and rectifying market and economic conditions, adverse economic conditions may cause a material impact on our ability to raise capital, if needed, on a timely basis and on acceptable terms or at all.

A significant natural disaster could have a material and adverse effect on our business. Our business is vulnerable to damage or interruption from earthquakes, fires, floods, hurricanes, power losses, telecommunications failures, terrorist attacks, acts of war, global pandemics, human errors and similar events. The third-party systems and operations on which we and our merchants rely are subject to similar risks. A significant natural disaster, such as an earthquake, fire, flood or hurricane could have an adverse effect on our business, financial condition and results of operations, and our insurance coverage may be insufficient to compensate us for losses that may occur. Global climate change is resulting in certain types of natural disasters occurring more frequently or with more intense effects. Acts of terrorism could also cause disruptions in our businesses or those of our merchants, consumer demand or the economy as a whole. We may not have sufficient protection or recovery plans in some circumstances. Despite any precautions we may take, the occurrence of a natural disaster or other unanticipated problems at our headquarters or data centers could result in lengthy interruptions in access to or functionality of our platform or could result in related liabilities, and our business, financial condition or results of operations could be adversely affected.

Our trademarks, trade names, trade secrets, patents, know-how, proprietary technology and other intellectual property are important to our future success. We believe our trademarks and trade names are widely recognized and associated with quality and reliable service. While it is our policy to protect and defend our intellectual property rights vigorously, we cannot predict whether the steps we take to protect our intellectual property will be adequate to prevent infringement, misappropriation, dilution or other potential violations of our intellectual property rights. We also cannot guarantee that others will not independently develop technology with the same or similar functions to any proprietary technology we rely on to conduct our business and differentiate ourselves from our competitors. Unauthorized parties may also attempt to copy or obtain and use our technology to develop applications with the same functionality as our solutions, and policing unauthorized use of our technology and intellectual property rights is difficult and may not be effective. Furthermore, we may face claims of infringement of third-party intellectual property rights that could interfere with our ability to market and promote our brands, products and services. Any litigation to enforce our intellectual property rights or defend ourselves against claims of infringement of third-party intellectual property rights could be costly, divert attention of management and may not ultimately be resolved in our favor. Moreover, if we are unable to successfully defend against claims that we have infringed the intellectual property rights of others, we may be prevented from using certain intellectual property or may be liable for damages, which in turn could materially adversely affect our business, financial condition or results of operations. While software and other of our proprietary works may be protected under copyright law, we have chosen not to register any copyrights in these works, and instead, primarily rely on protecting our software as a trade secret. In order to bring a copyright infringement lawsuit in the U.S., the copyright must be registered with the U.S. Copyright Office. Accordingly, the remedies and damages available to us for unauthorized use of our software may be limited. We attempt to protect our intellectual property and proprietary information by requiring all of our employees, consultants and certain of our contractors to execute confidentiality and invention assignment agreements. However, we may not obtain these agreements in all circumstances, and individuals with whom we have these agreements may not comply with their terms. The assignment of intellectual property rights under these agreements may not be self-executing or the assignment agreements may be breached, and we may be forced to bring claims against third parties, or defend claims that they may bring against us, to determine the ownership of what we regard as our intellectual property. In addition, we may not be able to prevent the unauthorized disclosure or use of our technical know-how or other trade secrets by the parties to these agreements despite the existence generally of confidentiality agreements and other contractual restrictions. Monitoring unauthorized uses and disclosures is difficult and we do not know whether the steps we have taken to protect our proprietary technologies will be effective. In addition, we use open-source software in connection with our proprietary software and expect to continue to use open-source software in the future. Some open-source licenses require licensors to provide source code to licensees upon request, or prohibit licensors from charging a fee to licensees. While we try to insulate our proprietary code from the effects of such open-source license provisions, we cannot guarantee we will be successful. Accordingly, we may face claims from others claiming ownership of, or seeking to enforce the license terms applicable to such open-source software, including by demanding release of the open-source software, derivative works or our proprietary source code that was developed or distributed with such software. These claims could also result in litigation, require us to purchase a costly license or require us to devote additional research and development resources to change our software, any of which would have a negative effect on our business and results of operations. In addition, if the license terms for the open-source code change, we may be forced to re-engineer our software or incur additional costs.

We are dependent on the ability of our products and services to integrate with a variety of operating systems, software and devices, such as the POS terminals we provide to merchants, as well as web browsers that we do not control. Any changes in these systems that degrade the functionality of our products and services, impose additional costs or requirements on us, or give preferential treatment to competitive services, could materially and adversely affect usage of our products and services. In addition, system integrators may show insufficient appetite to enable our products and services to integrate with a variety of operating systems, software and devices. In the event that it is difficult for our merchants to access and use our products and services, our business, financial condition, results of operations and prospects may be materially and adversely affected.

We depend on third-party vendors for certain products and services, including components of our computer systems, software, data centers and telecommunications networks, to conduct our business. Any changes in these systems that degrade the functionality of our products and services, impose additional costs or requirements on it, or give preferential treatment to competitors' services, including their own services, could materially and adversely affect usage of our products and services. For example, in the U.S. and Canada we are dependent on our relationship with a single third-party processor for services such as merchant authorization, processing, risk and chargeback monitoring accounting and clearing and settlement for the transactions we service. There can be no assurance that our backup systems and alternative arrangements would successfully avoid a significant disruption of processing in the event of an unforeseen event with this third-party. In the event our agreement with our third-party processor is terminated, or if upon its expiration we are unable to renew the contract on terms favorable to us, or at all, it may be difficult for us to replace these services, which may adversely affect our operations and profitability. We also rely on third parties for specific software and devices used in providing our products and services. Some of these organizations and service providers provide similar services and technology to our competitors, and we do not have long-term or exclusive contracts with them. Our computer systems, hardware, software, technology infrastructure and online sites and networks for both internal and external operations that are critical to our business (collectively, "IT Systems") as well as IT Systems of our merchants, software partners, and any other third party we may rely on, could be exposed to damage or interruption from, among other things, fire, natural disasters, power loss, telecommunications failure, unauthorized entry, computer viruses, denial-of-service attacks, social engineering/phishing, company insiders, acts of terrorism, human or technological error, vandalism or sabotage, financial insolvency, bankruptcy and similar events. In addition, we may be unable to renew our existing contracts with our most significant merchants and software partners, or our merchants and software partners may stop providing or otherwise supporting the products and services we obtain from them, and we may not be able to obtain these or similar products or services on the same or similar terms as our existing agreements, if at all. The failure of our third-party vendors to perform their obligations and provide the products and services we obtain from them in a timely manner for any reason could adversely affect our operations and profitability due to, among other consequences: - loss of revenues;- loss of merchants and software partners;- loss of merchant and cardholder data;- fines imposed by payment networks;- harm to our business or reputation and brand resulting from negative publicity and loss of trust;- exposure to fraud losses or other liabilities;- additional operating and development costs; or - diversion of management, technical, and other resources.