Do you have a clearly defined and documented fraud & investigation policy to identify, document, and address vulnerabilities
Upon request, are you capable of providing relevant certifications for relevant 3rd parties (ISO, SSAE 16/17, PCI, etc.)?
Will you prohibit the storage, copying, and disclosure of APR information except as necessary for the performance of your obligations under the agreement?